Try our new research platform with insights from 80,000+ expert users
it_user126639 - PeerSpot reviewer
Sr. Security Engineer at a university with 1,001-5,000 employees
Vendor
In additon to search and analytic capabilities, Splunk has under-the-cover capabilities for timestamp data.

Splunk is a pretty powerful piece of software. There is the obvious search and analytic capabilities it has but there is some robustness under the covers as well. One of those under-the-cover capabilities is detecting and understanding timestamp data. Its the sort of thing that as users of the software we simply accept and generally speaking don't spend a whole lot of time thinking about. 

From an admin perspective as you start to put some effort into understanding your deployment and making sure things are working correctly one of the items to look at is the DateParserVerbose logs. Why you ask? I've recently had to deal with some timstamp issues. These internal logs generally document problems related to timestamp extraction and can tell you if, for example, there are logs being dropped for a variety of timestamp related reasons. 

Dropped events are certainly worthy of some of your time! What about logs that aren't being dropped but for one reason or another Splunk is assigning a timestamp that isn't correct? 

Continue reading this post on my blog here.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
PeerSpot user
Senior Manager of Network with 1,001-5,000 employees
Vendor
Splunk is great for Syslog capabilites. For normal device management, you can't go wrong with SolarWinds.

I'd go with Splunk for logging. For Syslog capabilities, Splunk wins outright from my experience. It's quick, very customizable, and there are many different modules some specific for vendors and devices. (Cisco Security Suite for one). 

If you are really into SolarWinds and want to use them for Syslog then I would go with Kiwi. SolarWinds NPM has a syslog collector but under heavy load (a few hundred devices) it will get bogged down real quick in my experience.

If you are looking for normal device management then NPM, NCM, NTA are the way to go. You can't go wrong with SolarWinds.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
it_user167895 - PeerSpot reviewer
it_user167895Project Manager and consultant enterprise IT tooling at a consultancy with 51-200 employees
Consultant
Report as inappropriate

Kiwi syslog for SolarWinds must be seen as a patch for SolarWinds Orion NPM. SolarWinds will release a LOG management module for the Orion NPM platform but this product is in an early state of log collecting, searching and filtering. Splunk can be a good tactical solution to filter out and forward important events to SolarWinds Orion NPM

Like(0)Reply
See all 2 comments
Buyer's Guide
Splunk Enterprise Security
May 2025
Free Report: Splunk Enterprise Security Reviews and More
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
DOWNLOAD NOW
857,028 professionals have used our research since 2012.
it_user121728 - PeerSpot reviewer
Head of Service Integrity with 1,001-5,000 employees
Vendor
It can probably do anything if you tweak it enough but it's not cheap.

Splunk is really good at log parsing events over time. It is quick to drill in and analyze and it is quick to build a presentation layer and automate reporting. I love it for problem analysis and event management however it is not a capacity management tool. 

It can be a cm tool but not a good tool for projections etc. There are many tools that claim to be cm tools but they are usually expensive and miss the basic day to day challenges of capacity management. Eg: excluding backups from day peaks, removing outliers, forward trending, accepting data from any source. Start by getting your key data extracted from reliable sources and other tools.

The charting and presentation layer is impressive and quick. It can probably do anything if you tweak it enough. I would call it a very handy tool but probably not the tool. It is not that cheap either. I have used it personally to analyze big data as well as creating knowledge from some ordinary logging. I then created some pretty cool dashboards but they were more operational dashboards.

I don't think we could afford it as a capacity tool but we can use the data it simplified.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
reviewer1086690 - PeerSpot reviewer
Enterprise Client Executive at a tech services company with 11-50 employees
Reseller
Download
Good user community, good support, and very powerful
Pros and Cons
  • "The Splunk user community and forum are most valuable."
  • "Its interface could be improved."

What is our primary use case?

We use it for security operations and management.

What is most valuable?

The Splunk user community and forum are most valuable.

What needs improvement?

Its interface could be improved. 

For how long have I used the solution?

We have been a reseller for three years.

What do I think about the stability of the solution?

It is stable. It is very powerful.

How are customer service and support?

Their support is good.

How was the initial setup?

Its initial setup is complex. You're going to need deployment services from somebody who is an expert in the product. You would need at least two users. 

What other advice do I have?

It is hard to integrate because it can do so many things. A lot of people think it is a set-it-and-forget-it solution, but it is a full-time job for somebody. I would advise others to plan and prepare for ongoing management. It requires a dedicated person for management. 

Compared to other SIEMs, it is a 10 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
SA
CyberSecurity Consultant at Information Technology Solutions- ITS
Real User
Top 20
Download
Fast and easy to use, but could be faster
Pros and Cons
  • "The solution is very fast and succinct."
  • "I feel the solution to be too slow."

What is most valuable?

The solution is very fast and succinct. 

What needs improvement?

When it comes to out of the box use cases, I feel the solution to be too slow. 

For how long have I used the solution?

I have not been working with Splunk for long. 

How was the initial setup?

The initial setup was simple. 

It took an hour. 

Which other solutions did I evaluate?

Curator is more scalable than certain other solutions. 

What other advice do I have?

We are partners of Splunk and provide the solution to customers. 

I feel Splunk is easy to utilize. 

My company has an app. on which the solution is deployed on-premises on a single server. 

There is another team in my company that works with Splunk products. 

I rate Splunk as a seven-point-five out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
reviewer1643871 - PeerSpot reviewer
President at a non-profit with self employed
Reseller
Download
Expensive, but easy data gathering and reliable
Pros and Cons
  • "The solution allows easy gathering and ingestion of the data."
  • "The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."

What is our primary use case?

We use Splunk for analyzing data.

What is most valuable?

The solution allows easy gathering and ingestion of the data.

What needs improvement?

The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.

For how long have I used the solution?

I have been using Splunk within the past 12 months.

What do I think about the stability of the solution?

The solution has been stable.

What do I think about the scalability of the solution?

Our customers are mostly enterprise-sized companies using this solution. 

How are customer service and technical support?

Splunk has many partners that provide customer support that can be used.

How was the initial setup?

The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.

What about the implementation team?

You will need a Splunk implementation specialist for the deployment.

What's my experience with pricing, setup cost, and licensing?

My customers have found the price of the solution to be high.

What other advice do I have?

I rate Splunk a five out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
reviewer1584621 - PeerSpot reviewer
Cyber Security Consultant at a computer software company with 11-50 employees
MSP
Download
Customizable and has average installation difficulty
Pros and Cons
  • "I have found the installation can be of medium difficulty to very complex depending on the use case."
  • "There is improvement needed when importing from some types of data sources."

What needs improvement?

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

For how long have I used the solution?

I have been using this solution for approximately three years.

Which solution did I use previously and why did I switch?

I have previously used Curator and it was much easier to use than this solution.

How was the initial setup?

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

What other advice do I have?

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. 

I rate Splunk an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
reviewer1367535 - PeerSpot reviewer
Security Professional at a tech services company with 51-200 employees
Real User
Download
Good data analysis and visualizations, absolutely stable, and scalable
Pros and Cons
  • "The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
  • "It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."

What is our primary use case?

We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.

What is most valuable?

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

What needs improvement?

It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.

For how long have I used the solution?

I have been using this solution for a couple of months.

What do I think about the stability of the solution?

It is absolutely stable.

What do I think about the scalability of the solution?

It is scalable. We have approximately 25 users.

How was the initial setup?

It was easy to install. Its configuration and development are the critical parts, and there are a limited number of people in the market with such a skill set. It takes some time to find people with the right skill set and get it implemented properly. It took approximately three months.

What about the implementation team?

I have a team of a few Splunk consultants who are currently managing it for me. For a mid-sized organization, at least 15 persons are required to manage the entire Splunk instance.

What other advice do I have?

I would recommend this solution to others. I would rate Splunk an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: May 2025
DOWNLOAD NOW
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros sharing their opinions.
Buyer's Guide
Splunk Enterprise Security
May 2025
DOWNLOAD NOW
Quick Links
Learn More: Questions: