Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (381 reviews)

Sr. Security Engineer at a university with 1,001-5,000 employees

Jun 10, 2014

In additon to search and analytic capabilities, Splunk has under-the-cover capabilities for timestamp data.

Splunk is a pretty powerful piece of software. There is the obvious search and analytic capabilities it has but there is some robustness under the covers as well. One of those under-the-cover capabilities is detecting and understanding timestamp data. Its the sort of thing that as users of the software we simply accept and generally speaking don't spend a whole lot of time thinking about.

From an admin perspective as you start to put some effort into understanding your deployment and making sure things are working correctly one of the items to look at is the DateParserVerbose logs. Why you ask? I've recently had to deal with some timstamp issues. These internal logs generally document problems related to timestamp extraction and can tell you if, for example, there are logs being dropped for a variety of timestamp related reasons.

Dropped events are certainly worthy of some of your time! What about logs that aren't being dropped but for one reason or another Splunk is assigning a timestamp that isn't correct?

Continue reading this post on my blog here.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user126636

Senior Manager of Network with 1,001-5,000 employees

Jun 10, 2014

Splunk is great for Syslog capabilites. For normal device management, you can't go wrong with SolarWinds.

I'd go with Splunk for logging. For Syslog capabilities, Splunk wins outright from my experience. It's quick, very customizable, and there are many different modules some specific for vendors and devices. (Cisco Security Suite for one).

If you are really into SolarWinds and want to use them for Syslog then I would go with Kiwi. SolarWinds NPM has a syslog collector but under heavy load (a few hundred devices) it will get bogged down real quick in my experience.

If you are looking for normal device management then NPM, NCM, NTA are the way to go. You can't go wrong with SolarWinds.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user167895Project Manager and consultant enterprise IT tooling at a consultancy with 51-200 employees

Report as inappropriate

Jun 10, 2018

Kiwi syslog for SolarWinds must be seen as a patch for SolarWinds Orion NPM. SolarWinds will release a LOG management module for the Orion NPM platform but this product is in an early state of log collecting, searching and filtering. Splunk can be a good tactical solution to filter out and forward important events to SolarWinds Orion NPM

See all 2 comments

Buyer's Guide

Splunk Enterprise Security

March 2026

Free Report: Splunk Enterprise Security Reviews and More

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.

DOWNLOAD NOW

885,880 professionals have used our research since 2012.

it_user121728

Head of Service Integrity with 1,001-5,000 employees

Jun 5, 2014

It can probably do anything if you tweak it enough but it's not cheap.

Splunk is really good at log parsing events over time. It is quick to drill in and analyze and it is quick to build a presentation layer and automate reporting. I love it for problem analysis and event management however it is not a capacity management tool.

It can be a cm tool but not a good tool for projections etc. There are many tools that claim to be cm tools but they are usually expensive and miss the basic day to day challenges of capacity management. Eg: excluding backups from day peaks, removing outliers, forward trending, accepting data from any source. Start by getting your key data extracted from reliable sources and other tools.

The charting and presentation layer is impressive and quick. It can probably do anything if you tweak it enough. I would call it a very handy tool but probably not the tool. It is not that cheap either. I have used it personally to analyze big data as well as creating knowledge from some ordinary logging. I then created some pretty cool dashboards but they were more operational dashboards.

I don't think we could afford it as a capacity tool but we can use the data it simplified.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

reviewer1591122

Technical Architect, Cloud Operations at a computer software company with 5,001-10,000 employees

Jun 6, 2021

Download

Stable, good integrations, and works well

Pros and Cons

"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"It has quite extensive support in terms of integration, and if you want to do anything, there are tools for that."

"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"Its reporting can be improved."

What is most valuable?

I am just a user, and from a user's perspective, it does the job.

It has quite extensive support in terms of integration. If you want to do anything, there are tools for that.

What needs improvement?

Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it.

In terms of new features, I got everything that I needed from the tool. If they want to expand the capabilities to different things, they can cover topics besides log aggregation, etc.

For how long have I used the solution?

I have been using this solution for two years. I am not using it on a daily basis.

What do I think about the stability of the solution?

It is stable. We don't seem to have any problems related to bugs. We are very happy with it.

What about the implementation team?

We have our own internal team for its maintenance.

What other advice do I have?

I would recommend this solution. If you are a technical person, it does what you need. If you are not a technical person and you require graphs, that's a different story.

I would rate Splunk a ten out of ten because I have no problems with it.

Which deployment model are you using for this solution?

On-premises

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

reviewer1584621

Cyber Security Consultant at a computer software company with 11-50 employees

May 26, 2021

Download

Customizable and has average installation difficulty

Pros and Cons

"I have found the installation can be of medium difficulty to very complex depending on the use case."
"When using this solution for Security Information Management (SIM), I highly recommend importing data sources from the whole cycle for the service security chain."

"There is improvement needed when importing from some types of data sources."
"There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should."

What needs improvement?

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

For how long have I used the solution?

I have been using this solution for approximately three years.

Which solution did I use previously and why did I switch?

I have previously used Curator and it was much easier to use than this solution.

How was the initial setup?

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

What other advice do I have?

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data.

I rate Splunk an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.