Our primary use case for this solution is as a supplement to Dynatrace, so the log analytics is done in Splunk instead of Dynatrace.
Lead Infrastructure Domain Architect (Systems) at a healthcare company with 10,001+ employees
Log searching and log analytics come in handy; incredible tech support
Pros and Cons
- "The features I have found most valuable are log searching and log analytics, both of which are quick features."
- "There is a lot of room for improvement with the automation."
What is our primary use case?
How has it helped my organization?
We built a tool for firewall log monitoring and we powered all firewall logs to Splunk. In addition, we built a little dashboard that just specifies sources and the destination addresses and port numbers. It passes all the logs and tell us if there are any blocks or drops on the firewall level. This is a very useful tool for us.
What is most valuable?
The features I have found most valuable are log searching and log analytics, both of which are quick features.
What needs improvement?
There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.
Buyer's Guide
Splunk Infrastructure Monitoring
November 2023

Learn what your peers think about Splunk Infrastructure Monitoring. Get advice and tips from experienced pros sharing their opinions. Updated: November 2023.
746,635 professionals have used our research since 2012.
For how long have I used the solution?
I have been using this solution for about five years.
What do I think about the stability of the solution?
I would rate the stability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.
What do I think about the scalability of the solution?
I would rate the scalability of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.
How are customer service and support?
I would rate the technical support of this solution a 10, on a scale from one to 10, with one being the worst and 10 being the best.
How would you rate customer service and support?
Positive
How was the initial setup?
At first, we were deployed on-premises and then about one year ago we migrated to the cloud. So I would say they did most of the work around migration. There are around 1,000 users of this solution in our company.
What was our ROI?
We have seen the ROI.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing of this solution a two, on a scale from one to 10, with one being the most expensive and 10 being the best price.
What other advice do I have?
Our model of deployment is the cloud.
I would rate this solution as a whole a 10, on a scale from one to 10, with one being the worst and 10 being the best.
I would advise other people looking into this solution to do their due diligence and make sure they do their pre-work and post-work.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 25, 2023
Flag as inappropriate
Solution Architect(Splunk- Log Management) at Tata Consultancy
Good support, detailed reports, and stable
Pros and Cons
- "The alerts are the most valuable feature."
- "The implementation can be more user-friendly."
What is our primary use case?
Our use cases have not been completely sorted and executed. In that case, if this has been done and we know the way forward, the stabilization is more complete. This is not yet stabilized, and I would say at the moment, the focus is more on creating alerts and incidents, rather than how the user can view Splunk ITSI. That focus has not yet been set. Once it is done, I think that would help.
How has it helped my organization?
If there is an issue or challenge in Splunk at the product level, Splunk's internal log will call out every problem it is facing, which will help us to identify the root cause and fix it. This gives us a clue about what to do next if there is a problem we can understand the issue from the reports.
What is most valuable?
The alerts are the most valuable feature.
What needs improvement?
I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective.
The implementation can be more user-friendly.
For how long have I used the solution?
I have been using the solution for a few months.
What do I think about the stability of the solution?
The solution is stable.
How are customer service and support?
The Splunk technical support meets all the SLAs. There's a P1, P2, and P3 categories, and the support is being handled accordingly.
How would you rate customer service and support?
Positive
How was the initial setup?
It is not possible to set up the solution without the assistance of Splunk professionals. A professional services representative must be present to handle the Splunk ITSI implementation.
What about the implementation team?
The implementation requires either Splunk for PS or the hiring of a Splunk Certified Resource. We used a Splunk architect for our implementation.
What other advice do I have?
I give the solution an eight out of ten.
I suggest using Splunk Professional Services for enrollment review. Splunk has a set of recommendations for keeping our data clean and structured when logging into Splunk, which will make our application infrastructure monitoring more effective. Splunk also has best practices that need to be implemented. We can take care of this in one call, and Splunk inputs may help us make it even better.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Splunk Infrastructure Monitoring
November 2023

Learn what your peers think about Splunk Infrastructure Monitoring. Get advice and tips from experienced pros sharing their opinions. Updated: November 2023.
746,635 professionals have used our research since 2012.
Network & Systems Administrator Individual Contributor at T-Systems
Good monitoring and reporting tools with useful dashboards
Pros and Cons
- "It can monitor, get the data, and then report on the data."
- "The deployment can be quite complex."
What is our primary use case?
We primarily use the solution in order to monitor the servers as well as the VM infrastructure.
How has it helped my organization?
We are now able to monitor our infrastructure and get the information in real-time should anything happen. In terms of the hard drive hitting the threshold, then we'll get notified and the technician can attend to it. It reduces the time to attend to the incidents and allows you to be aware of our infrastructure as the status of our infrastructure is visible via dashboards.
What is most valuable?
The monitoring and the reporting tools are great. It can monitor, get the data, and then report on the data.
You have the dashboard to see your different items. You create the dashboard to see if there was any incident as well; it creates incident reports for you. For example, if the hard drive goes beyond a certain limit, you can get notified. You can look at your CPU utilization or memory as well. You can set thresholds and monitor for all different types of information.
The solution is stable and reliable.
Technical support is helpful.
We have witnessed an ROI while using it.
What needs improvement?
Overall, I cannot think of any features that are missing.
The deployment can be quite complex.
For how long have I used the solution?
I've been using the solution for two years now.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches. it doesn't crash or freeze.
What do I think about the scalability of the solution?
We have about 100 people on the solution. Some of them don't use the solution directly, however, they benefit from the solution.
How are customer service and support?
Technical support is fairly good. We are satisfied with their assistance.
Which solution did I use previously and why did I switch?
I used other solutions before, which were LiveAction, and Cisco Prime. They were used to monitor.
Currently, I'm using PRTG for network monitoring, to monitor the network devices. With Splunk, we monitor servers, and with PRTG, we monitor the network devices such as routers, IPs, and switches.
How was the initial setup?
The initial setup is very straightforward. That said, the configuration and all those things you need to do to make it work according to what you want, you need to deploy some apps, and some that part is what is not straightforward about the setup.
The deployment took about three months.
There are three of us that handle deployment or maintenance.
What about the implementation team?
We are an integrator team; we actually had help from Splunk themselves to implement the solution.
What was our ROI?
We have seen an ROI.
What's my experience with pricing, setup cost, and licensing?
It's affordable when you compare it to HPSA - the HP Server Administration.
You get the things according to your data - the data that you need to report on. The capacity of the data that you need to report on. Right now, it's set to 100GBs. We've got the license for 100GBs.
Which other solutions did I evaluate?
There are different companies or customers that we support within the company. Whichever product they have that's what we go with. For example, we might use AlgoSec, Cisco Prime, or LiveAction as the customer that was using it. We don't evaluate other solutions, we use what is already there.
I did not handle the choice of Splunk. I got into the stage where the system or the application was already implemented. I did not participate in the stage where we had to choose which solution to pick or how to implement it.
What other advice do I have?
We partner with Splunk. We use the product to deliver it to our customers. We're an integrator. We're just using the product to service our customers.
I'd advise new users that it is a very good product, however, you need to have some knowledge and do some training on the product in order to gather knowledge so that you can understand and implement it effectively.
I'd rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Security Engineer at a tech services company with 201-500 employees
Enables the engineers to troubleshoot any issues happening but it is lacking in features
Pros and Cons
- "We haven't really experienced any glitches or bugs."
- "They do not have all the features that I expect right now."
What is our primary use case?
Splunk sends security alerts. It's being used on two levels. One for the analysis of the data by the data scientists. Two, for the engineers to troubleshoot if there are any issues happening, like any security bugs, or anything that needs to be addressed and never mediated across.
What is most valuable?
In terms of the application performance security, application performance tooling has been a key factor for me using Splunk. We are also looking into options, like other third parties or even open-source tools that help the capturing the application performance, fine-tuning, which leads to the security aspect.
What needs improvement?
We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now.
People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool.
We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well.
They do not have all the features that I expect right now.
For how long have I used the solution?
I have been using Splunk for three years.
What do I think about the stability of the solution?
We haven't really experienced any glitches or bugs. It depends on the use cases and so far I haven't seen any as of now.
What do I think about the scalability of the solution?
It is scalable.
How are customer service and technical support?
They're good. They're quite good at providing the service for technical engineers as well.
How was the initial setup?
I would say that the setup is pretty straightforward because they have their own documentation that you can follow. It takes an associate's capability in order to accomplish it. They have good documentation and dedicated support to take care of any issues that come forward.
What other advice do I have?
As a newbie, I wouldn't prefer Splunk. The reason being that it's a completely enterprise-grade solution. As a startup, you don't implement Splunk for the first time. We'd put an open-source product. With us, we have many of the Italian products, which proves to be a good open-source solution. In the end, people intend to go for enterprise support for the vulnerability patching, report generation, and enterprise support. People go for licensing based on that. I wouldn't refer any newbies to go for a weak enterprise-grade solution as they barge into any technology.
I would rate Splunk a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Administrator at a tech services company with 501-1,000 employees
Great monitoring features but lacks good integration abilities
Pros and Cons
- "Great monitoring of network devices."
- "Splunk would be better if some tools were integrated to be able to take action on security or network concerns."
What is our primary use case?
The data from Splunk is used for network monitoring, apart from that, they are using another tool with this kind of logic as well. Splunk is not the primary tool. The database I'm using for real-time data for our client. We have only about 3-4 users on this solution.
What is most valuable?
It's only the monitoring solution that we are using. I'll find that to be a great feature.
What needs improvement?
Splunk would be better if some tools were integrated to be able to take action on security or network concerns. People in the IT field are looking for a single tool that can do everything. Not separate tools for monitoring and fixing.
For how long have I used the solution?
We have been using Splunk Insights for infrastructure for about one year.
What do I think about the stability of the solution?
I have not had any problems with stability.
How was the initial setup?
Nothing is straightforward in data technology. You have to know about the technology. Even when chatting about the virtual image for a window, we need to know how to do things. If you know how the technology works, it's really simple.
Which other solutions did I evaluate?
I need a tool that can deal with all the security solutions, that will find security monitoring compliance requirements. So, I'll stick to BigFix over Splunk, because I'm not that big a fan of Splunk, to be honest. Apart from monitoring, in BigFix you can mitigate the issues, mitigate what the vendor is doing, and continue monitoring our clients. If any machine, any hardware in the department is vulnerable to any threat, with BigFix we can go ahead and take action, and mitigate that vulnerability within a couple of minutes.
What other advice do I have?
I would rate Splunk Insights for Infrastructure at a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Prinicipal Security Sales Engineer at a computer software company with 501-1,000 employees
Brings all events into one platform so that you don't have to hunt down multiple sources to figure out what's going on
Pros and Cons
- "The ability to create custom dashboards is one of the best features and that's typically why most people deploy Splunk. Users can create dashboards for just about anything."
- "The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions."
What is our primary use case?
The solution is primarily used as security correlation and event correlation. It's a place for all of your logs to go so that you can have all those logs co-ordinated during security events.
How has it helped my organization?
The solution brings all the events into one platform so that you don't have to hunt down multiple sources to figure out what's going on.
What is most valuable?
The ability to create custom dashboards is one of the best features and that's typically why most people deploy Splunk. Users can create dashboards for just about anything.
The solution has been improving its offering for the past year. It's in constant development.
What needs improvement?
The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions.
The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved.
It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.
For how long have I used the solution?
I've been selling the solution for quite a long time. I'd say I've sold it for five years. I've been involved in deployments and I've been involved in configuring it and managing it, but I don't actually use it for my company.
What do I think about the stability of the solution?
The solution is extremely stable. We haven't run into issues that would make us concerned.
What do I think about the scalability of the solution?
The solution is very scalable. However, companies must be aware that expanding the solution is very expensive.
How are customer service and technical support?
I'd rate technical support eight out of ten. They're responsive due to the fact that clients need to pay in order to access technical support.
How was the initial setup?
The initial setup is not straightforward. It's quite complex.
The storage backend requires touching all of your events sources. It requires a lot of planning and configuration. It's not something you just put out there and deploy. You have to have someone who's an expert in it.
The deployment typically takes, from beginning to end, less than three months. However, it really depends. It depends upon how many log sources you have, if you have staff on-site that are capable of actually running it, or if you have to make network configuration changes, etc. There's a whole list of things that you have to go through to figure it out.
The number of people needed to deploy the solution varies upon the size of an organization and the use cases. You're going to want at least two dedicated people to deploy at a medium-sized organization.
These individuals have to understand searching and creating dashboards. They have to have network skills and security skills. There is a wide range of things they have to be a part of. Most people who become Splunk Engineers start off doing something else in their business and they learn about networking, and then security and programming. When they start to deploy Splunk, they become experts.
What about the implementation team?
The solution requires the assistance of a specialist. There needs to be an expert involved to help implement it.
What's my experience with pricing, setup cost, and licensing?
Licensing is paid on a yearly basis.
Which other solutions did I evaluate?
We work with a few different solutions. As a SIEM, there are many other solutions out there and which is best really depends upon what the company wants to achieve. As a logging server, there really aren't any other really good solutions that compete as well with Splunk. LogLogic might be the closest.
What other advice do I have?
We're a Splunk partner and reseller.
Typically, the solution is on-prem for the most part because it requires a very heavy lift in storage and the storage is very expensive. Most companies deploy it on-premise and then add on the cloud solution as well later on.
I'd warn other organizations that want to use the solution that they need to be prepared to spend a lot of money.
I'd rate the solution seven out of ten due to the fact that it's extremely complex to run and deploy.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Cyber Security Consultant at a manufacturing company with 10,001+ employees
Stable with a straightforward setup that's easy to implement in-house
Pros and Cons
- "The initial setup was straightforward. We didn't find it to be too complex."
- "It would be useful if they provided some help pages. If you don't know too much about the tool, there should be more documentation readily available. It would be useful if they had a help button embedded in the solution so you could ask questions and get answers."
What is our primary use case?
We primarily use the solution for event management. We have a baseline that we monitor, and if anything goes wrong, we manage it.
What is most valuable?
I haven't really used the solution too much, so I'm not sure if I can speak to the best features on the solution.
What needs improvement?
Without having used the solution too much, I don't really have any suggestions for feature improvement.
It would be useful if they provided some help pages. If you don't know too much about the tool, there should be more documentation readily available. It would be useful if they had a help button embedded in the solution so you could ask questions and get answers.
The solution should provide for some entry-level training.
For how long have I used the solution?
We have a customer working on the solution. I haven't used the solution that much myself.
What do I think about the stability of the solution?
I haven't seen any issues with stability, however, I don't use it too much, so I wouldn't be able to make a very good judgement on if it was extremely stable or not.
How are customer service and technical support?
I've never been in touch with technical support. I don't know how reliable they are, and would not be able to rate them.
How was the initial setup?
The initial setup was straightforward. We didn't find it to be too complex.
What about the implementation team?
I was able to handle the implementation myself. I didn't need the assistance of an integrator or consultant.
Which other solutions did I evaluate?
I did compare a few other tools, however, we are using Splunk because that is what the customer preferred. They made the decision after I described this solution and a few other tools to them.
What other advice do I have?
I would definitely recommend the solution. I'd rate it eight out of ten.
I don't believe we have a business relationship with Splunk, but we do have a large number of licenses with them.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Information Security Manager at a comms service provider with 1,001-5,000 employees
Fits specific needs for a reasonable cost
Pros and Cons
- "The product retains a lot of log data for subsequent analysis."
- "It does not have a user-friendly interface and it is difficult to use."
What is our primary use case?
Our primary use for the product is for reporting for one of our systems. It fits a particular need for reporting so we have deployed it there.
What is most valuable?
The team that is using this product is using it for reporting. Apparently it is just to have more detailed reports about certain specific activities.
For how long have I used the solution?
In our company, the product is not actually my responsibility because it was here before me and it is not exactly in my area. But we have been using it for around five years or six years.
What do I think about the scalability of the solution?
We do not have a lot of users who are using Splunk in our company. At most, it is a little over five people. For now, that is all we need and we do not plan to increase the usage in the near future. We are happy with what we have, how it is deployed and how it serves the need we have deployed it to fill.
How was the initial setup?
I do not think the initial setup was very complex.
What's my experience with pricing, setup cost, and licensing?
I am sure the pricing is reasonable or we would not continue to use the product in such a minimal capacity. We are fine with the price of the product and we are happy that it does what we need it to do.
What other advice do I have?
On a scale from one to ten where one is the worst and ten is the best, I would rate it at around an eight. We are using it for six years now and renewing the support and the license. So you can say that we are at least reasonably happy with the product and do not have to replace it.
To make the product rate higher they would have to match some of the capabilities of other products within the same category that they lack. For example, if we want to get to a feature in QRadar, we can get to it in two clicks. But with Splunk, we need to do a lot more to navigate to the features. Sometimes when we need to accomplish a task, it may not be part of the basic system so we need to write more code and do more work to get the same result as we might if using another product.
The other point, I think, has to do with the storage. Splunk does not have appliances and storage and we have to be the ones who are responsible for taking care of the matters of requisitioning the appropriate hardware. A lot of storage is needed just for logs that it generates. So I think this hardware problem and need for storage is another issue that we might face with Splunk if we use it as a SIEM (Security Information and Event Management).
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Splunk Infrastructure Monitoring Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2023
Popular Comparisons
PRTG Network Monitor
NetApp Cloud Insights
BMC TrueSight Operations Management
ServiceNow IT Operations Management
Cisco Intersight
VMware Tanzu Observability by Wavefront
IBM SevOne Network Performance Management (NPM)
Huawei eSight
Splunk ITSI (IT Service Intelligence)
LiveAction LiveNX
Buyer's Guide
Download our free Splunk Infrastructure Monitoring Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Any experience with Event & Incident Analytic engines like Moogsoft?
- Windows 10 - what are your main concerns about upgrading?
- What advice would you give to others looking into implementing a mid-market monitoring solution?
- When evaluating IT Infrastructure Monitoring, what aspect do you think is the most important to look for?
- Zabbix vs. Groundwork vs. other IT Infrastructure Monitoring tools
- Anyone switching from SolarWinds NPM? What is a good alternative and why?
- What is the best tool for SQL monitoring in a large enterprise?
- What are the advantages of using a paid (vs open source) IT Infrastructure Monitoring solution?
- What is ITOM (IT Operations Management)?
- What is the difference between SNMP polls and SNMP traps?