SOC Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Plenty of features, stable, but is expensive
Pros and Cons
  • "The solution has plenty of features that are good."
  • "Deployment is not difficult but the lock sources and configurations can take time."

What is our primary use case?

We have multiple use cases, almost 200 plus use cases. An example, travel activities where you log in.

What is most valuable?

The solution has plenty of features that are good.

For how long have I used the solution?

I have been using the solution for two years.

What do I think about the stability of the solution?

It is a stable solution. 

Buyer's Guide
Splunk Enterprise Security
April 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
770,616 professionals have used our research since 2012.

What do I think about the scalability of the solution?

In my experience, it has been scalable. We have five users using the solution in our company.

How was the initial setup?

The installation is straightforward.

What about the implementation team?

Deployment is not difficult but the lock sources and configurations can take time. We have a team of 15 technicians that do the deployments.

What's my experience with pricing, setup cost, and licensing?

The solution is a little expensive.

What other advice do I have?

I would recommend this solution.

I rate Splunk a six out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1415322 - PeerSpot reviewer
Senior Consultant at sectecs
Consultant
Powerful programming language and search capability, but it is expensive and the vendor is inflexible
Pros and Cons
  • "What I really like is that even if you have already collected the data, you can extract fields and can build searches."
  • "I would like to see more SIEM functionality and a better ticket tool."

What is our primary use case?

My reason for implementing it was just to learn more about the product. I wanted to learn about the Splunk programming language, how to pipe searches, add logs, verify the logs, create fields, extract data into fields, build dashboards, and to get hands-on experience with the product.

What is most valuable?

The Splunk programming language allows you to pipe searches into another searches.

What I really like is that even if you have already collected the data, you can extract data and  add fields which improves building searches. This is not the case with Elasticsearch, where this needs to be done upfront.

What needs improvement?

I really dislike how Splunk sales and partner manager behaves. I have faced several sales model and partnership changes. Also, the last time I wanted to by a license ro built a SIEM solution, they had removed the ability to purchase a splunk subscription or license from their website. In the past, there was a web page calculator it was possible to by online, but now it instructs to contact sales.

The free version is limited to 500 megabytes and there is no alerting. Due to the missing feature on the Splunk webpage, I have ask Splunk Sales to purchase a license like 1Gyte a day or a license for max 2500 Euro/year to use it as a test or development instance for myself. Asking Splunk for a quote willing to pay for Splunk license to learn and to get used to the product, Splunk didn't get it managed to offer my a license neither arranging the partnership paperwork I have ask for. Sales people from Splunk where calling, each time after I left my details on ther trial download page. I explained my experience and concerns about Splunk in the past. All excuses received and promises that someone will contact me to solve the issues faced in the past, was leading in excactly nothing. Well Done Splunk.

Inflexible and expensive and I do not have much faith in the people working there because if someone is asking for a test environment and is willing to spend up to €2,500 a year, I can't understand why they are unable to provide a license. This could be a lost opportunity because they are not able to onboard a potential new partner.

They definitely need to boost their sales and partner program because it changes to often, where they are dropping partners and it is difficult to get in contact with somebody. This is something that needs to be improved.

I would like to see more SIEM functionality and embedded moduled such a ticket tool to make a end to end SIEM.

For how long have I used the solution?

I have been using Splunk for a few weeks.

What do I think about the scalability of the solution?

As I was using a test environment, I can't comment on scalability. It was just myself and a colleague who was using it as a test instance.

How are customer service and technical support?

I have not been in contact with technical support.

Which solution did I use previously and why did I switch?

I have worked a little bit with Elasticsearch. I also have an instance of SIEMonster running, and I'm trying to get used to it. I found that Splunk provided a good benefit compared to Elasticsearch.

With Elasticsearch, if you have already inserted the data then it's gone because you need to do the pre-filtering. Once you've inserted or ingested the raw data, using Logstash, for example, you are no longer able to build the fields such as IP address, hostname, username, and the other fields that you want to export. This unsorted, raw data that you have is really a drawback for Elasticsearch and some other products. This is something from Splunk that I consider to be a heavy feature, where you can just insert data and ingest it later on.

How was the initial setup?

really fast and easy to install a test instance.

What's my experience with pricing, setup cost, and licensing?

The pricing model is expensive and could lead into a budget nightmare based on the amount of data.

A better pricing plan would be an improvement.

Which other solutions did I evaluate?

I have done some research on LogRhythm, IBM QRadar, and ArcSight, but I don't have any hands-on experience yet.

I did a comparison for a customer two weeks ago and the outcome of my comparison was SIEMonster, effortable price model, even though it's a niche player, it's quite powerful. I also provided Splunk as a recommendation because it is a market leader, really powerful, and really good to use. I also recommended LogRhythm; it is also expensive but it's also really powerful, and the feedback of customers is really good.

With respect to Splunk, I would recommend it but when a customer is budget-driven then Splunk is not the solution. Money shouldn't be the question.

What other advice do I have?

This is a solution that I could recommend for somebody who wants a really powerful product. It is not an end to end orchestrated SIEM yet.

This is a product that I would generally recommend, although I would not do so if the customer is really budget-driven.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Enterprise Security
April 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
770,616 professionals have used our research since 2012.
it_user870792 - PeerSpot reviewer
Senior Security Engineer
User
Significantly helped with aggregation and correlation of critical logs
Pros and Cons
  • "Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
  • "DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."

What is our primary use case?

  • IT Ops
  • Security
  • Compliance

Many IT groups and non-IT groups use the product to gain insights into their environments.

How has it helped my organization?

Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient.

What is most valuable?

Search and Dashboarding: Allows us to quickly search for an error and plot the results on a chart.

What needs improvement?

DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down. 

For how long have I used the solution?

Three to five years.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner with Splunk.
PeerSpot user
PeerSpot user
Data Scientist Intern at Splunxter, Inc.
Real User
Can ingest any data and display it in a way that anyone can understand
Pros and Cons
  • "The ability to ingest any data and display it in a way that anyone can understand."
  • "It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."

What is our primary use case?

I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset. 

How has it helped my organization?

My whole organization is built around Splunk. We provide Splunk PS to many different companies. If Splunk did not have such a good presence, we could not exist.

What is most valuable?

The best features would have to be the ability to ingest any data and display it in a way that anyone can understand.

What needs improvement?

It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user859770 - PeerSpot reviewer
consultant at a non-profit with 1,001-5,000 employees
User
Easily tracks problems and their status
Pros and Cons
  • "I like the ease with which dashboards can be created."
  • "Splunk has give us the capability to easily track problems and their status."
  • "The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."

What is our primary use case?

We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.

How has it helped my organization?

Splunk has give us the capability to easily track problems and their status. Our security operations team has been able to use it to track where people login and what they do on those machines.

What is most valuable?

Personally, I like the capability of removing sensitive data before it goes into Splunk. I also like the ease with which dashboards can be created.

What needs improvement?

I like Splunk. The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user138168 - PeerSpot reviewer
Senior Software Engineer at a retailer with 10,001+ employees
Real User
Support can retrieve salient logging data from massive distributed systems in seconds but deployment is not easy.

I've been using Splunk for over 3 years now. The most valuable feature for me is alerting. Using Splunk, production support teams can retrieve salient logging data from massive distributed systems in seconds.

I'd say that some the key/value pair parsing can be a little off and has room for improvement. The deployment is not easy and I've only encountered issues with stability and scalability when on under-provisioned equipment. The initial setup was complex - need to identify source types in advance, and a large deployment with multiple indexers can be tricky. We initially implemented in-house, and then through Splunk themselves to upgrade and improve.

Before implementing Splunk we used an in-house system, but Splunk offered far more to us. Also, their customer service is good and their technical supper is excellent. Our ROI was big!

I'd advise others who are looking into implementing Splunk to get a true Splunk expert - either spunk themselves or a vendor, to do the installation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Engineer at NetScout Systems
Real User
Highly stable, built-in workflows, and good support
Pros and Cons
  • "The most valuable feature of Splunk is the management and built-in workflows."
  • "The analytics of Splunk could be improved."

What is our primary use case?

There are many use cases for Splunk, we commonly use it for log management and analytics.

What is most valuable?

The most valuable feature of Splunk is the management and built-in workflows.

What needs improvement?

The analytics of Splunk could be improved.

For how long have I used the solution?

I have been using Splunk for approximately four years.

What do I think about the stability of the solution?

Splunk is a highly stable solution.

What do I think about the scalability of the solution?

I have found Splunk to be scalable.

We have 15 members of our organization that use this solution.

How are customer service and support?

We used to support a few times and our experience was good. 

I would rate the support from Splunk a four out of five.

Which solution did I use previously and why did I switch?

I have previously used RSA and I prefer Splunk.

How was the initial setup?

The implementation of slunk is not straightforward. It is of a moderate difficulty level.

What about the implementation team?

We used an integrator to do the implementation.

What's my experience with pricing, setup cost, and licensing?

There is an annual license required to use this solution.

Which other solutions did I evaluate?

I have evaluated other solutions, such as IBM QRadar.

What other advice do I have?

This solution has good technology.

I rate Splunk an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Software Engineer at Tableau Software
Real User
It has reduced the time to resolution and time to investigate, but the search query is slow
Pros and Cons
  • "It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
  • "Out-of-the-box, it seems very powerful."
  • "My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."

What is our primary use case?

We use it for searching logs in a production environment.

How has it helped my organization?

It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues. 

What is most valuable?

Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good.

Out-of-the-box, it seems very powerful.

What needs improvement?

The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills.

My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is always up when I need to search. I am probably not using it that much. I will maybe search a couple times a day for something specific, so I am not using it too much. I know plenty of the people who are doing a lot more for debugging, and who use it a lot all day.

What do I think about the scalability of the solution?

It seems like it scales well. We have hundreds of production and development environments, and we are searching on all of them. Therefore, it seems like the scale is good. 

We have hundreds of production environments, and each production environment has ten to 20 host machines. Each production environment can manage tens of thousands of customers.

Maybe going to AWS and scaling it better would be more cost-effective for our company. However, I am not involved in those decisions.

How is customer service and technical support?

I have not used technical support.

Which other solutions did I evaluate?

We have other log searching tools, but we have standardized on Splunk. 

What other advice do I have?

It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign.

It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. 

I am using the on-premise version.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2024
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.