Try our new research platform with insights from 80,000+ expert users
Niranjan N - PeerSpot reviewer
Sr Analyst at ATOS
MSP
Top 10
The solution has improved our operations by giving us access to more information and allowing us to deploy more use cases
Pros and Cons
  • "Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
  • "The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."

What is our primary use case?

We use Splunk for monitoring and investigation and recently integrated it with ServiceNow. It's a SOC tool, and any malicious activities on the client's side trigger an alert here. 

How has it helped my organization?

Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases. We have integrated Splunk with ServiceNow, so the information from the queries running on the back end is now directly forwarded to the analysts, reducing the manual work. We are pulling data from Splunk into ServiceNow, so the security analysts have all the user details to conduct their investigations. 

What is most valuable?

It's easy to monitor multiple environments with Splunk. The cloud model is better than the previous on-premises version. The custom dashboards are helpful. We have created multiple dashboards for user activity, logins, phishing, etc. If you miss an alert, you can check the dashboards. For example, if you need to check some user activity, we have a dashboard for Azure Active Directory, and Mimecast is integrated for monitoring email-based attacks like phishing. It throws the information up on the dashboard when we get an alert.

What needs improvement?

The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets. 

Buyer's Guide
Splunk Enterprise Security
July 2025
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
863,651 professionals have used our research since 2012.

For how long have I used the solution?

I have used Splunk for more than three years.

What do I think about the stability of the solution?

I rate Splunk 10 out of 10 for stability. 

What do I think about the scalability of the solution?

Splunk is a highly scalable product. 

How are customer service and support?

I rate Splunk support 10 out of 10.

How would you rate customer service and support?

Positive

How was the initial setup?

Deploying Splunk is somewhat complex, and it requires maintenance afterward. 

What's my experience with pricing, setup cost, and licensing?

Splunk is expensive based on our current requirements, but it's obviously worth what we pay. 

What other advice do I have?

I rate Splunk Enterprise Security nine out of 10. I see Splunk as a monitoring tool, not as a security tool. It provides alerts, and we conduct an analysis and investigation based on the information we receive. I believe having another sandbox integrated with Splunk will be helpful for the investigator.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Project Manager at Hilti
Real User
Top 5Leaderboard
Offers valuable logs, has good visibility, and accelerates our security investigations
Pros and Cons
  • "The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
  • "Some of the queries are difficult to run and have room for improvement."

What is our primary use case?

I utilize Splunk Enterprise Security to gather logs, and subsequently, I provide the team with access to the servers through a change management ticket or incident. I wasn't involved in the installation process during my tenure as a Windows server lead. I also verify whether all our actions adhere to the compliance framework.

Our deployment of Splunk Enterprise Security was all on-premises.

How has it helped my organization?

The visibility that Splunk Enterprise Security provides is beneficial and valuable.

Splunk Enterprise Security helped analyze malicious activities.

With Splunk Enterprise Security we were able to detect threats faster.

Splunk Enterprise Security contributed to a reduction in alert volume as our employees became aware of being monitored and ceased accessing the server without proper authorization.

Splunk Enterprise Security has significantly accelerated our security investigations by centralizing all log data and enabling us to quickly retrieve the necessary information through simple queries.

What is most valuable?

The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository.

What needs improvement?

Some of the queries are difficult to run and have room for improvement.

For how long have I used the solution?

I am currently using Splunk Enterprise Security. 

What do I think about the stability of the solution?

I would rate the stability of Splunk Enterprise Security ten out of ten. We have never had an issue with stability.

What do I think about the scalability of the solution?

Splunk Enterprise Security is scalable.

Splunk Enterprise Security's resilience is a valuable asset.

What's my experience with pricing, setup cost, and licensing?

Organizations seeking a more affordable solution should first carefully evaluate their specific business requirements. While cheaper alternatives exist, they may lack the necessary features to adequately address their security needs. In such cases, Splunk Enterprise Security could be a more suitable option.

Splunk Enterprise Security is a worthwhile investment given the comprehensive range of features it offers.

What other advice do I have?

I would rate Splunk Enterprise Security eight out of ten.

I recommend Splunk Enterprise Security.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Buyer's Guide
Splunk Enterprise Security
July 2025
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
863,651 professionals have used our research since 2012.
System Administrator at Nournet communications
Real User
Top 10
Helps reduce threat detection time, security investigation time, and alert volumes
Pros and Cons
  • "The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
  • "Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently."

What is our primary use case?

We use Splunk Enterprise Security to identify and resolve critical issues and errors within our environment.

How has it helped my organization?

The visibility that Splunk Enterprise Security provides is good. We can easily find the data we need using the logs.

Monitoring multiple cloud environments using Splunk Enterprise Security was not difficult.

Splunk Enterprise Security's insider threat detection capabilities enable us to effortlessly identify unknown threats and anonymous user behavior.

Splunk Enterprise Security helped us analyze malicious activities and detect breaches between 50 to 90 percent faster.

Splunk Enterprise Security has helped reduce alert volumes by up to 90 percent.

Splunk Enterprise Security has helped speed up our security investigation time by almost 90 percent.

What is most valuable?

The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides.

What needs improvement?

The price of Splunk Enterprise Security is high and can be improved.

Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently.

For how long have I used the solution?

I have been using Splunk Enterprise Security for one and a half years.

What do I think about the stability of the solution?

Splunk Enterprise Security is stable.

What do I think about the scalability of the solution?

Splunk Enterprise Security is scalable.

The resilience of Splunk allows organizations to protect their data and resolve vulnerabilities quickly.

How are customer service and support?

The technical support provides good resolution.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I had previously used Loggly, developed by SolarWinds and Elastic. However, I found it to be inaccurate and slow. Elastic offers a free version of its solution, which is more commonly used by smaller businesses.

What about the implementation team?

The implementation was completed by a third party.

What's my experience with pricing, setup cost, and licensing?

Splunk Enterprise Security is expensive. I would rate the cost an eight out of ten with ten being the most expensive.

I recommend Splunk Enterprise Security over cheaper SIEM solutions because of its offerings.

What other advice do I have?

I would rate Splunk Enterprise Security nine out of ten.

Splunk Enterprise Security does not require any maintenance. It is plug-and-play.

I recommend Splunk Enterprise Security for organizations that want to detect threats quickly.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. partner

PeerSpot user
Defense protection study manager at Ministère de la Défense
Real User
Top 5
The search feature is fast and comprehensive
Pros and Cons
  • "I like the search feature and the indexing. It's very fast and comprehensive."
  • "Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."

What is our primary use case?

We use Splunk for log analytics, blocking dangerous files, etc. It helps to shape our security policies. Splunk is managed by our service provider, but we regularly get security insights from them.

What is most valuable?

I like the search feature and the indexing. It's very fast and comprehensive. It's easily tuned by your service provider, so I can quickly find the results I'm seeking. So it's very practical. We are working with the search feature and using multiple indexes that combine devices from different environments, so it's easy to collect information across environments. 

We can relatively quickly detect some malicious activities based on attack patterns and implement use cases configured by our service provider with help from Splunk. It improves the speed of threat mitigation because you can gather information about the attack patterns from a few days of online activity to block threats and take the necessary actions. 

For how long have I used the solution?

We implemented Splunk at the end of 2020, so it's been around three years. 

What do I think about the scalability of the solution?

Splunk Enterprise Security is scalable.

How are customer service and support?

We have not been in direct contact with Splunk except for a workshop where I met a few of them. My impression was that they were skilled, experienced experts. They seemed helpful, so I had a good impression.

How was the initial setup?

The service provider deployed Splunk, so I wasn't involved. I had heard that they experienced some difficulties setting it up, but I don't think it was harder to install than other solutions.

What's my experience with pricing, setup cost, and licensing?

Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs.

What other advice do I have?

I rate Splunk Enterprise Security eight out of 10. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
Owner at Py Concepts
Real User
Top 10
Good notifications, a well-designed dashboard, and helpful logs
Pros and Cons
  • "It gives me notifications of notable events."
  • "Sometimes, there is latency in the logs."

What is our primary use case?

We use the solution for tracking successful and unsuccessful logins. We track privileged account activities and also a variety of other things, like developing use cases for data exfiltration or integration with ETRs and other security tools for data analysis. 

How has it helped my organization?

We wanted to solve the issue of unauthorized access, brute force attacks, and exfiltration. It's helped with MITRE ATT&CK frameworks. 

The organization has been able to quickly triage issues and investigate if something is a true threat or not. Most times, it helps our security posture. The level of confidence we have is high. With Splunk, you can query accounts when you see some strange activity. 

What is most valuable?

It gives me notifications of notable events. 

The default dashboard is very good. We can see our security posture from there.

On-prem and cloud data analysis are good. You can aggregate it if you need to in order to get good data.

Splunk has proven to be great when tracking down anomalous behavior. The logs are excellent. It is the platform in the industry.  You can integrate anything. The amount of information and usability you get out of Splunk is very good.

We do use the Threat Intelligence Manager. It can be integrated with third parties. The actionable intelligence we get is useful. There is sequencing where you can gauge some actionable steps. 

I use the MITRE ATT&CK framework when I am developing a new use case. It helps us discover the overall scope of an incident. Using Splunk is essential in developing that. 

It's good for analyzing malicious activities and detecting breaches. I'd rate it highly in its capabilities. However, if you don't have the knowledge, it may be difficult. You might get a lot of false positives.

It's helped us detect threats very fast, in almost real time. 

We have reduced our alert volume. I'm not sure of the exact number, however, instead of having 100 to 200 false positives, we might get 20 to 30. 

It has helped us speed up our security investigation, although I don't handle it directly. I simply do triage, and it definitely helps there. 

What needs improvement?

There are a lot of false positives which can cause a lot of fatigue. 

Sometimes, there is latency in the logs. 

When you deploy Splunk, you need a high level of knowledge. You really need to know what you are doing. It requires a lot of things.

They need to come up with straight steps to get things done, to have a step-by-step process to achieve this or that. 

For how long have I used the solution?

I've been using the solution since 2020.

What do I think about the stability of the solution?

The stability is okay.

Splunk would tell you, especially on the different licenses they have, your storage, and your level of ingesting, it can vary. 

Splunk needs to be more clear between storage and performance. 

We worked with a client where almost immediately their storage was already in red. They didn't understand their storage needs as that wasn't clear. 

What do I think about the scalability of the solution?

The solution cuts across countries. I'm not sure how many end-users we have.

The scalability is okay. It scales well even though you have to consider your licensing and storage.

How are customer service and support?

Technical support is good. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used ELK previously. 

How was the initial setup?

I have been involved in the deployment of Splunk in the past.

The initial setup is not so straightforward for those new to it. I'm accredited and have four years of implementation. You really need that level of knowledge. It's straightforward to make a feed, make it compliant, and do field mapping, however, there are many things you need to do before deployment. 

We had six to eight people deploying Splunk. They were all mostly Splunk professionals, who understood the product and devised a plan and timeline for implementation. We integrated the relevant stakeholders into the process. We were connecting to the Splunk Cloud. 

There is a little bit of maintenance required to maintain the infrastructure. 

What about the implementation team?

We used all in-house resources to implement Splunk.

What was our ROI?

I have witnessed an ROI while using Splunk. There were some incidents previously in which the company lost millions of dollars. Bringing in Splunk has curbed that. 

What's my experience with pricing, setup cost, and licensing?

The pricing is on the high side. It's not a solution for SMEs.

Which other solutions did I evaluate?

I'm not sure if any other options were evaluated by the company. 

What other advice do I have?

Currently, we are just Splunk customers. 

We do not monitor various clouds; we only monitor one. However, they have a good solution in that we don't need to worry about maintenance if we do. 

We've never used the Mission Control feature.

If someone is looking for the cheapest SIEM solution, there are a lot of open-source options out there. However, Splunk definitely is an option. If a company is bigger, it would benefit from Splunk. They will be paying some money for it, however, it's worth it.

Resilience is important. To some extent, Splunk addresses this as we haven't had any issues. It's important to have resiliency. If your solution is not resilient, you risk security issues. 

I'd rate the solution eight out of ten. 

I would advise others to spell out what you really need and make it measurable so that you will understand if Splunk is right for you. If you are going to use Splunk, it's important to do your due diligence. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

PeerSpot user
Riaz Ahmmed - PeerSpot reviewer
Team Lead at ATSS
Reseller
Top 20
Provides actionable intelligence, continuous monitoring, and advanced threat protection
Pros and Cons
  • "Splunk Enterprise Security is able to process a huge amount of data without any issues."
  • "Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."

What is our primary use case?

We use Splunk Enterprise Security for continuous monitoring, ensuring compliance, and advanced threat protection.

How has it helped my organization?

Splunk Enterprise Security allows our customers to view their decentralized infrastructure from a single pane of glass.

Splunk Enterprise Security's insider threat detection capabilities are good.

The actionable intelligence provided by the threat intelligence management feature is effective. The solutions are integrated into the platform, and customers receive operational insights.

The MITRE ATT&CK framework's ability to help our customers discover the overall scope of an incident is high.

Splunk Enterprise Security is good for analyzing malicious activities and detecting breaches.

Splunk Enterprise Security helps our customers detect threats faster.

Splunk Enterprise Security is able to process a huge amount of data without any issues. Our customers can see the benefits two to three months after deployment.

Splunk Enterprise Security helped our customers reduce their alert volume by 40 to 50 percent.

Splunk Enterprise Security helped speed up our customer's investigation time by 60 to 70 percent.

What needs improvement?

Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform.

Splunk Enterprise Security's price is high and could be lowered.

For how long have I used the solution?

I have been using Splunk Enterprise Security for two years.

What do I think about the stability of the solution?

I would rate the stability a ten out of ten.

What do I think about the scalability of the solution?

I would rate the scalability a ten out of ten.

How are customer service and support?

The technical support response time is delayed and they can take two to three days to respond sometimes.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup can be complex for customers who require advanced configurations and customizations, but it is straightforward for basic usage.

The deployment process is simple. We first identify the platform and determine if it is a unique system. Then, we define the virtual environment. After installing Splunk's platform, we perform the necessary configurations and other tasks. Splunk Security Essentials is a premium add-on for this tool, which is installed on the Splunk Enterprise platform.

The number of people required for the deployment depends on the customer's requirements and the use case they are developing. For example, if the customer needs to gather data from their network, we will need to add network experts to the project. However, if we already have experts who are familiar with the API and application connectivity, we may not need to add any additional people. Ultimately, the number of technical resources required will depend on the specific needs of the project. On average, we require four to five technical people for deployment.

What's my experience with pricing, setup cost, and licensing?

Splunk Enterprise Security's price is high. I would rate the cost as ten out of ten, with ten being the most expensive.

What other advice do I have?

I would rate Splunk Enterprise Security an eight out of ten.

There are many cheaper solutions available on the market but Splunk Enterprise Security is worth the cost.

Two people are required for maintenance.

The value Resilience offers our customers is good.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. reseller

PeerSpot user
Solution Engineer at Sennovate Inc
Reseller
Top 5
The solution is user-friendly, and we can easily customize the monitoring script
Pros and Cons
  • "Splunk is user-friendly. We can easily customize the monitoring script."
  • "Splunk isn't appropriate for smaller companies. It's too expensive."

What is our primary use case?

We use Splunk to monitor unusual user behaviors. For example, if any user onboards from a different domain, it will trigger an alert. We also get alerts and high traffic when the ADI server is down. Splunk will monitor that behavior or when users make repeated wrong login attempts.

My full-time job is managing the IAM product. Splunk is one of our security monitoring tools. Most of my work is on IAM tools like CyberArk and SailPoint, etc. 

How has it helped my organization?

Splunk manages all of our security and maintains a hundred percent availability. It improves business while securing the entire cloud environment. In terms of business, we don't need manual monitoring. It automatically monitors and notifies an administrator, so we can easily track and identify the particular issue. It saves our employees' time, and we can manage the environment without any impact on business service.

In the UK, hackers use automated software to make repeated login attempts. Splunk immediately identified these attempts and notified the admins, so the red team suddenly took action to block them.

It's nonstop monitoring that isn't affected by business hours. You don't need a manual administrator. Splunk will monitor everything, and a single administrator can monitor the alerts. Splunk will notify us if any unusual behavior happens, allowing us to take immediate action. There's no need for any further investigation and log analysis. It provides the exact result, what happened, and where it happened. 

Splunk helps us reduce alert volume. Whenever the same type of attack occurs repeatedly, we can change the environment and improve the security so the attack won't repeat. 

It speeds up our investigations through automation. Investigating manually takes a long time, and we sometimes cannot identify the exact issue. Splunk monitors the data and events, so we configured a range. If it triggers that area, it will provide the exact result. We can immediately identify and fix it. There's no need to investigate. It reduces the mean time to resolve by 80 percent. 

What is most valuable?

Splunk is user-friendly. We can easily customize the monitoring script. We support a multi-cloud environment covering Windows Server, AWS, and Google Cloud. We also use ForgeRock to monitor Linux machines. It sends us alerts when the disk size gets full. When an employee logs in from a different region, it triggers an alert. 

What needs improvement?

Splunk isn't appropriate for smaller companies. It's too expensive.

For how long have I used the solution?

I have used Splunk for two years.

What do I think about the stability of the solution?

Splunk is a highly stable product. 

How are customer service and support?

I rate Splunk nine out of 10. When we have any questions, we raise a ticket and they respond in two or three hours. 

How would you rate customer service and support?

Positive

How was the initial setup?

Splunk provides the tenant, and we can directly integrate it into the cloud URL. For the hosting, we can deploy it to the EC2 instance. Splunk is integrated with Cypress, CyberArk, and Fastdesk. Splunk also supports SAML integration. Splunk is a SAML application, so we can use SAML protocol to enable it. 

What other advice do I have?

I rate Splunk Enterprise Security nine out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

PeerSpot user
reviewer2499552 - PeerSpot reviewer
Architect at a tech consulting company with 10,001+ employees
Real User
Brings all of the components necessary to identify, analyze, and respond together
Pros and Cons
  • "The most valuable feature is that it brings all of the components necessary to identify, analyze, and respond together."
  • "Splunk is such a large product. Allowing it to be more easily used by people who have not had a lot of training on it would be an improvement."

What is our primary use case?

Our primary use cases are for detection and remediation.

How has it helped my organization?

The benefits we've seen from Splunk is that we can promote it to our customers. The second benefit is that it works. It does what it's purported to do, and the support is more than adequate. 

What is most valuable?

The most valuable feature is that it brings all of the components necessary to identify, analyze, and respond together.

It's pretty important that Splunk provides end-to-end visibility into your environment. As in any product that one purchases to fulfill a function, we want to recognize where it came in, who it affected, and what the challenges are that need to be met in order to resolve something, both immediately and also to make sure that it doesn't replicate in the future. Splunk does a good job of being able to do the former half. Dealing with issues requires tier-three support and above and it takes time. You can work through it with the help of your vendor team.

I would rate them an eight out of ten. It's not so much the problem of the application itself, although there are always improvements that can be done. There are a lot of moving parts that need to be added in and if you don't have the information that you need, especially within identity and inventory, then that can be an added challenge when you have to start making imprints based on what you do know.

Splunk Enterprise Security provides us with the relevant context to help guide our investigations. There are a number of different standards that can be presented, which is beneficial. Some customers like to have the information that they receive in one format. The driving factor is that when you work with federal customers, some of them want it in one format. The response will be in one format as opposed to another. 

Splunk has helped to improve my company's business resilience. It's an active component in ensuring that we are vigilant against intrusion and detecting it.

What needs improvement?

Splunk is such a large product. Allowing it to be more easily used by people who have not had a lot of training on it would be an improvement. That's something that they're accomplishing with their current version, although I haven't had an opportunity to learn much about it. With AI capabilities coming on board, a lot of that will alleviate the minutiae that people need to know in order to resolve problems as they come up.

Splunk's ability to predict, identify, and solve problems in real-time is a work in progress.

For how long have I used the solution?

I have been using Splunk Enterprise Security for the past four years.

What do I think about the stability of the solution?

Aside from the fact that it can be a resource hog, I'm satisfied with the stability. I don't have too many problems except for a few occasions when we have a threat intelligence file blow up a drive because there's not enough room. It might be because a complete configuration has not been implemented. 

What do I think about the scalability of the solution?

I like the fact that it can be tweaked, but a lot of the various configurations for how long data is held or how long particular components of investigation are held. 

How are customer service and support?

I encourage users to use the vendor management team and cultivate a relationship with them. I have worked with companies who had support that I would rate 11 out of 10. I would rate Splunk an eight out of ten because as any large growing company, they have challenges with keeping the talent necessary, who are not only educated to evaluate a problem and pass it on or solve it themselves.

How would you rate customer service and support?

Positive

How was the initial setup?

The largest challenge with the setup is that it has so many different components. The environment that we're in is a multi-tenant. Enterprise Security with all of its components is huge. If you're using something like a deployment server you can't break it up. It makes it rather unwieldy. I'm sure that there are workarounds that have not been implemented in-house.

What was our ROI?

Splunk provides more than the people who pay for it realize. I had a few exercises in presenting ROI and benefit-cost analysis and I have been able to demonstrate where it has performed superior to other options.

What's my experience with pricing, setup cost, and licensing?

I was deeply distressed when they went away from their perpetual license.

Which other solutions did I evaluate?

We evaluated Splunk's typical competitors. We went with Splunk because Splunk has the underlying capability of not only ingesting anything and storing it using their bloom filters and whatnot in order so that you can do sparse and large searches relatively quickly. It also has a wonderful presentation layer, which can basically plug into many other systems. I find Splunk to be a veritable Swiss Grey knife of capabilities.

What other advice do I have?

I would rate Splunk Enterprise Security an eight out of ten because there's always room for improvement and because it can be difficult to learn.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner

PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2025
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.