Splunk Enterprise Security Reviews

We typically use Splunk to collect and check all the logs and events around the diverse network environment which includes, firewall, switches, and routers. For example, we have traffic that needs to go from one part of the network to another and if we think there is a firewall blocking it along the path, rather than log in to all the firewalls to see what is happening, we simply go into Splunk and the check traffic going across the parts of the network to see where it is being dropped and what is the likely reason it has been dropped.

Splunk has saved our organization time by resolving problems in a quicker timeframe. Before if we had networking issues we would have to log into every single device, check the firewall to see why the traffic is not going across to solve the problem. With Splunk, you only have a single pane of glass to check what is likely happening. This has enabled us to easily go to the right environment and write the necessary security policy to permit such traffic. It brings about faster resolution of problems reduced with visibility.

The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.

Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster.

I have been using Splunk for approximately six months.

We have been satisfied with the stability of the solution.

Slunk scale very well.

We have approximately 50 people in our infrastructure and applications teams using this solution in my organization.

We plan to increase usage in the future.

I have not needed to open a ticket up with technical support. 

Previously to using Splunk we only had some Syslog servers that we sent logs to. However, Syslog servers, do not analyze your logs, they only capturing them. Whereas, in Splunk, you can assess the logs and you can do other things with the log.

I do not think the implementation is difficult.

We have an internal team that does the maintenance of the solution.

I have evaluated DataDog.

Splunk is easy to use and not having the need to log into every single network device for management is helpful.

I rate Splunk a seven out of ten.

We use Splunk for analyzing data.

The solution allows easy gathering and ingestion of the data.

The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.

I have been using Splunk within the past 12 months.

The solution has been stable.

Our customers are mostly enterprise-sized companies using this solution. 

Splunk has many partners that provide customer support that can be used.

The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.

You will need a Splunk implementation specialist for the deployment.

My customers have found the price of the solution to be high.

I rate Splunk a five out of ten.

Typically, we use the solution for critical infrastructure companies. 

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

The complexity could be worked on so that it's even easier and faster. However, I understand that, if some complexity was removed, there might be slightly more limitations.

Occasionally there are data sizing and data-related issues that need to be overcome.

I've been using the solution for a couple of years.

The performance is very good. It's something that customers are always looking for. The product offers good stability. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

We have about five to ten partners that use Splunk.

I'm a fan of QRadar. I use them as well.

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with. 

For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

I'd rate the solution at an eight out of ten.

We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.

Splunk can quickly be deployed and it's not difficult to learn the solution. 

The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution. 

I've been using this solution for a couple of months. 

The solution is stable. 

Scalability is good with Splunk. 

The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users. 

I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.

We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.

I think this is a good solution and rate it a seven out of 10. 

I use this solution for data visualization.

The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.

The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers.

I have been using Splunk for two weeks.

The solution is stable, I have not experienced any bugs or glitches.

The solution is scalable and it is a requirement of my company to have scalable solutions.

I have used previously Qlik Sense and Kibana.

I did the training with Slunk and once I had the training the installation was easy.

I have evaluated Tableau.

My advice to others is not to be intimidated by the solution and to give it a try. It will become easier over time.

I rate Splunk an eight out of ten.

Because I'm security focused, I prefer the security features such as Splunk Phantom and Splunk Enterprise Security.

We need to get a Splunk Cloud instance inside South Africa's borders. At this stage, we are pushing Splunk Cloud, but it is not yet within South Africa's borders. So we've got data sovereignty issues, especially with government organizations.

Technical support could be improved as well.

Splunk can be an expensive solution. I think that they need to change their pricing model. At present, it is based on the number of gigabytes that you ingest into the Splunk system. Their competitors are now starting with a pricing model where you pay per device talking back. If Splunk could have a similar alternative, it would then allow people to choose the data model they want such as set data or a set number of devices.

I have been using Splunk for three years.

The technical support here in South Africa hasn't been great, but I understand why as we make up less than 3% of Splunk's total revenue in the world.

The initial setup isn't overly complex, but it's not easy either.

The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution.

Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time.

On a scale from one to ten, I would rate Splunk at six.

Its integration is most valuable. Its UI is also pretty much easy.

Its setup is a little bit complex for a distributed environment. 

Their support can also be better. If we raise a case with Splunk support and by any chance we missed to respond for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply. In that case What they can do is they can send a followup mail before closing.

I have been using this solution for a year now.

It is very stable haven't encounter any glitches or bugs till now.

It is very much scalable. I am acting as an admin, and we have more than a hundred users of this solution in our company. We use it on a regular basis. We currently don't have any plan to increase its usage.

I would rate them an eight out of ten. Their response speed is okay, but if, by any chance, we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply.

This is the only solution that we have been using.

Its setup is pretty much easy for standalone, but for a distributed environment, it is a little bit complex.

I would recommend this solution to others, but it should meet their needs and architecture.

I would rate Splunk a nine out of ten.

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.

I have been using this solution for about three to four months.

I'm not sure. I do not really throw a lot of data in it, but it has been authenticated very nicely. It manages indexes and all of these things very nicely. I have not been privy to any production systems where you have millions of lines of log coming in every second. It works very well for the data that I have. It should be able to handle a lot of data. That's the whole purpose of it, and that's why Splunk has become so popular. It is an enterprise monitoring tool, and a lot of customers have Splunk in their ecosystem.

They have pretty much good documentation and good training. Their documentation is a lot better than Qlik Sense.

Splunk is an enterprise monitoring tool. Qlik Sense can do a little bit of log monitoring, but it is mostly used for dashboard reporting, whereas Splunk is more around monitoring and figuring out threats and all such things. They are different, but both deal with the data and allow you to create operation reports. 

Power BI is another tool that a lot of our customers use, but Splunk is quite often requested. It is also a lot more popular than Qlik Sense. We have a fair number of Qlik Sense customers.  

We usually sell Blue Prism to business users who are more concerned with the reporting aspect, which is why they would like to have easy tools like Qlik Sense in their ecosystem, but on the infrastructure side, it would be Splunk for enterprise monitoring.

Simple environments are easier to install. Because there is a lot of data log monitoring, once you have a production system, there is some amount of work in setting it up, especially making it SSL Secure and exposing it on the internet. There are multiple components behind it, so you need to ensure that all these things are set up correctly. These kinds of things are not required on a cloud platform because you are just uploading data. You really don't have much access to the backend.

Splunk also has a cloud version, which I haven't looked at, but I have used Qlik Sense's cloud platforms. With on-premises, you are in control of pretty much how you set up all the data that you are sending out. A lot of our customers have the issue that if it is a cloud platform, they cannot really send out the data to any of these cloud platforms. So, there are data residence and other issues.

It is economical than other solutions.

I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises.

I would rate Splunk an eight out of ten.