Splunk Infrastructure Monitoring Reviews

Our primary use case for this solution is as a supplement to Dynatrace, so the log analytics is done in Splunk instead of Dynatrace.

We built a tool for firewall log monitoring and we powered all firewall logs to Splunk. In addition, we built a little dashboard that just specifies sources and the destination addresses and port numbers. It passes all the logs and tell us if there are any blocks or drops on the firewall level. This is a very useful tool for us.

The features I have found most valuable are log searching and log analytics, both of which are quick features.

There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.

I have been using this solution for about five years.

I would rate the stability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the scalability of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the technical support of this solution a 10, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

At first, we were deployed on-premises and then about one year ago we migrated to the cloud. So I would say they did most of the work around migration. There are around 1,000 users of this solution in our company.

We have seen the ROI.

I would rate the pricing of this solution a two, on a scale from one to 10, with one being the most expensive and 10 being the best price.

Our model of deployment is the cloud.

I would rate this solution as a whole a 10, on a scale from one to 10, with one being the worst and 10 being the best.

I would advise other people looking into this solution to do their due diligence and make sure they do their pre-work and post-work.

Our use cases have not been completely sorted and executed. In that case, if this has been done and we know the way forward, the stabilization is more complete. This is not yet stabilized, and I would say at the moment, the focus is more on creating alerts and incidents, rather than how the user can view Splunk ITSI. That focus has not yet been set. Once it is done, I think that would help.

If there is an issue or challenge in Splunk at the product level, Splunk's internal log will call out every problem it is facing, which will help us to identify the root cause and fix it. This gives us a clue about what to do next if there is a problem we can understand the issue from the reports.

The alerts are the most valuable feature.

I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective.

The implementation can be more user-friendly.

I have been using the solution for a few months.

The solution is stable.

The Splunk technical support meets all the SLAs. There's a P1, P2, and P3 categories, and the support is being handled accordingly.

Positive

It is not possible to set up the solution without the assistance of Splunk professionals. A professional services representative must be present to handle the Splunk ITSI implementation.

The implementation requires either Splunk for PS or the hiring of a Splunk Certified Resource. We used a Splunk architect for our implementation.

I give the solution an eight out of ten. 

I suggest using Splunk Professional Services for enrollment review. Splunk has a set of recommendations for keeping our data clean and structured when logging into Splunk, which will make our application infrastructure monitoring more effective. Splunk also has best practices that need to be implemented. We can take care of this in one call, and Splunk inputs may help us make it even better.

We primarily use the solution in order to monitor the servers as well as the VM infrastructure.

We are now able to monitor our infrastructure and get the information in real-time should anything happen. In terms of the hard drive hitting the threshold, then we'll get notified and the technician can attend to it. It reduces the time to attend to the incidents and allows you to be aware of our infrastructure as the status of our infrastructure is visible via dashboards.

The monitoring and the reporting tools are great. It can monitor, get the data, and then report on the data. 

You have the dashboard to see your different items. You create the dashboard to see if there was any incident as well; it creates incident reports for you. For example, if the hard drive goes beyond a certain limit, you can get notified. You can look at your CPU utilization or memory as well. You can set thresholds and monitor for all different types of information.

The solution is stable and reliable.

Technical support is helpful. 

We have witnessed an ROI while using it. 

Overall, I cannot think of any features that are missing.

The deployment can be quite complex. 

I've been using the solution for two years now. 

The solution is stable and reliable. There are no bugs or glitches. it doesn't crash or freeze. 

We have about 100 people on the solution. Some of them don't use the solution directly, however, they benefit from the solution.

Technical support is fairly good. We are satisfied with their assistance. 

I used other solutions before, which were LiveAction, and Cisco Prime. They were used to monitor.

Currently, I'm using PRTG for network monitoring, to monitor the network devices. With Splunk, we monitor servers, and with PRTG, we monitor the network devices such as routers, IPs, and switches.

The initial setup is very straightforward. That said, the configuration and all those things you need to do to make it work according to what you want, you need to deploy some apps, and some that part is what is not straightforward about the setup.

The deployment took about three months.

There are three of us that handle deployment or maintenance. 

We are an integrator team; we actually had help from Splunk themselves to implement the solution.

We have seen an ROI.

It's affordable when you compare it to HPSA - the HP Server Administration.

You get the things according to your data - the data that you need to report on. The capacity of the data that you need to report on. Right now, it's set to 100GBs. We've got the license for 100GBs.

There are different companies or customers that we support within the company. Whichever product they have that's what we go with. For example, we might use AlgoSec, Cisco Prime, or LiveAction as the customer that was using it. We don't evaluate other solutions, we use what is already there.

I did not handle the choice of Splunk. I got into the stage where the system or the application was already implemented. I did not participate in the stage where we had to choose which solution to pick or how to implement it.

We partner with Splunk. We use the product to deliver it to our customers. We're an integrator. We're just using the product to service our customers.

I'd advise new users that it is a very good product, however, you need to have some knowledge and do some training on the product in order to gather knowledge so that you can understand and implement it effectively. 

I'd rate the solution a nine out of ten.

Splunk sends security alerts. It's being used on two levels. One for the analysis of the data by the data scientists. Two, for the engineers to troubleshoot if there are any issues happening, like any security bugs, or anything that needs to be addressed and never mediated across. 

In terms of the application performance security, application performance tooling has been a key factor for me using Splunk. We are also looking into options, like other third parties or even open-source tools that help the capturing the application performance, fine-tuning, which leads to the security aspect.

We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now.

People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool.

We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well.

They do not have all the features that I expect right now.

I have been using Splunk for three years. 

We haven't really experienced any glitches or bugs. It depends on the use cases and so far I haven't seen any as of now.

It is scalable.

They're good. They're quite good at providing the service for technical engineers as well.

I would say that the setup is pretty straightforward because they have their own documentation that you can follow. It takes an associate's capability in order to accomplish it. They have good documentation and dedicated support to take care of any issues that come forward.

As a newbie, I wouldn't prefer Splunk. The reason being that it's a completely enterprise-grade solution. As a startup, you don't implement Splunk for the first time. We'd put an open-source product. With us, we have many of the Italian products, which proves to be a good open-source solution. In the end, people intend to go for enterprise support for the vulnerability patching, report generation, and enterprise support. People go for licensing based on that. I wouldn't refer any newbies to go for a weak enterprise-grade solution as they barge into any technology.

I would rate Splunk a seven out of ten. 

The data from Splunk is used for network monitoring, apart from that, they are using another tool with this kind of logic as well. Splunk is not the primary tool. The database I'm using for real-time data for our client. We have only about 3-4 users on this solution.

It's only the monitoring solution that we are using. I'll find that to be a great feature.

Splunk would be better if some tools were integrated to be able to take action on security or network concerns. People in the IT field are looking for a single tool that can do everything. Not separate tools for monitoring and fixing.

We have been using Splunk Insights for infrastructure for about one year.

I have not had any problems with stability.

Nothing is straightforward in data technology. You have to know about the technology. Even when chatting about the virtual image for a window, we need to know how to do things. If you know how the technology works, it's really simple.

I need a tool that can deal with all the security solutions, that will find security monitoring compliance requirements. So, I'll stick to BigFix over Splunk, because I'm not that big a fan of Splunk, to be honest. Apart from monitoring, in BigFix you can mitigate the issues, mitigate what the vendor is doing, and continue monitoring our clients. If any machine, any hardware in the department is vulnerable to any threat, with BigFix we can go ahead and take action, and mitigate that vulnerability within a couple of minutes.

I would rate Splunk Insights for Infrastructure at a seven out of ten.

The solution is primarily used as security correlation and event correlation. It's a place for all of your logs to go so that you can have all those logs co-ordinated during security events. 

The solution brings all the events into one platform so that you don't have to hunt down multiple sources to figure out what's going on.

The ability to create custom dashboards is one of the best features and that's typically why most people deploy Splunk. Users can create dashboards for just about anything.

The solution has been improving its offering for the past year. It's in constant development.

The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions.

The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved. 

It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.

I've been selling the solution for quite a long time. I'd say I've sold it for five years. I've been involved in deployments and I've been involved in configuring it and managing it, but I don't actually use it for my company.

The solution is extremely stable. We haven't run into issues that would make us concerned.

The solution is very scalable. However, companies must be aware that expanding the solution is very expensive.

I'd rate technical support eight out of ten. They're responsive due to the fact that clients need to pay in order to access technical support.

The initial setup is not straightforward. It's quite complex. 

The storage backend requires touching all of your events sources. It requires a lot of planning and configuration. It's not something you just put out there and deploy. You have to have someone who's an expert in it.

The deployment typically takes, from beginning to end, less than three months. However, it really depends. It depends upon how many log sources you have, if you have staff on-site that are capable of actually running it, or if you have to make network configuration changes, etc. There's a whole list of things that you have to go through to figure it out. 

The number of people needed to deploy the solution varies upon the size of an organization and the use cases. You're going to want at least two dedicated people to deploy at a medium-sized organization.

These individuals have to understand searching and creating dashboards. They have to have network skills and security skills. There is a wide range of things they have to be a part of. Most people who become Splunk Engineers start off doing something else in their business and they learn about networking, and then security and programming. When they start to deploy Splunk, they become experts.

The solution requires the assistance of a specialist. There needs to be an expert involved to help implement it.

Licensing is paid on a yearly basis.

We work with a few different solutions. As a SIEM, there are many other solutions out there and which is best really depends upon what the company wants to achieve.  As a logging server, there really aren't any other really good solutions that compete as well with Splunk. LogLogic might be the closest.

We're a Splunk partner and reseller.

Typically, the solution is on-prem for the most part because it requires a very heavy lift in storage and the storage is very expensive. Most companies deploy it on-premise and then add on the cloud solution as well later on.

I'd warn other organizations that want to use the solution that they need to be prepared to spend a lot of money.

I'd rate the solution seven out of ten due to the fact that it's extremely complex to run and deploy.

We primarily use the solution for event management. We have a baseline that we monitor, and if anything goes wrong, we manage it.

I haven't really used the solution too much, so I'm not sure if I can speak to the best features on the solution.

Without having used the solution too much, I don't really have any suggestions for feature improvement.

It would be useful if they provided some help pages. If you don't know too much about the tool, there should be more documentation readily available. It would be useful if they had a help button embedded in the solution so you could ask questions and get answers.

The solution should provide for some entry-level training.

We have a customer working on the solution. I haven't used the solution that much myself.

I haven't seen any issues with stability, however, I don't use it too much, so I wouldn't be able to make a very good judgement on if it was extremely stable or not.

I've never been in touch with technical support. I don't know how reliable they are, and would not be able to rate them.

The initial setup was straightforward. We didn't find it to be too complex.

I was able to handle the implementation myself. I didn't need the assistance of an integrator or consultant.

I did compare a few other tools, however, we are using Splunk because that is what the customer preferred. They made the decision after I described this solution and a few other tools to them.

I would definitely recommend the solution. I'd rate it eight out of ten.

I don't believe we have a business relationship with Splunk, but we do have a large number of licenses with them.

Our primary use for the product is for reporting for one of our systems. It fits a particular need for reporting so we have deployed it there.  

The team that is using this product is using it for reporting. Apparently it is just to have more detailed reports about certain specific activities.  

In our company, the product is not actually my responsibility because it was here before me and it is not exactly in my area. But we have been using it for around five years or six years.  

We do not have a lot of users who are using Splunk in our company. At most, it is a little over five people. For now, that is all we need and we do not plan to increase the usage in the near future. We are happy with what we have, how it is deployed and how it serves the need we have deployed it to fill.  

I do not think the initial setup was very complex.  

I am sure the pricing is reasonable or we would not continue to use the product in such a minimal capacity. We are fine with the price of the product and we are happy that it does what we need it to do.  

On a scale from one to ten where one is the worst and ten is the best, I would rate it at around an eight. We are using it for six years now and renewing the support and the license. So you can say that we are at least reasonably happy with the product and do not have to replace it.  

To make the product rate higher they would have to match some of the capabilities of other products within the same category that they lack. For example, if we want to get to a feature in QRadar, we can get to it in two clicks. But with Splunk, we need to do a lot more to navigate to the features. Sometimes when we need to accomplish a task, it may not be part of the basic system so we need to write more code and do more work to get the same result as we might if using another product.  

The other point, I think, has to do with the storage. Splunk does not have appliances and storage and we have to be the ones who are responsible for taking care of the matters of requisitioning the appropriate hardware. A lot of storage is needed just for logs that it generates. So I think this hardware problem and need for storage is another issue that we might face with Splunk if we use it as a SIEM (Security Information and Event Management).