Splunk Infrastructure Monitoring Reviews

Our primary use for the product is for reporting for one of our systems. It fits a particular need for reporting so we have deployed it there.  

The team that is using this product is using it for reporting. Apparently it is just to have more detailed reports about certain specific activities.  

In our company, the product is not actually my responsibility because it was here before me and it is not exactly in my area. But we have been using it for around five years or six years.  

We do not have a lot of users who are using Splunk in our company. At most, it is a little over five people. For now, that is all we need and we do not plan to increase the usage in the near future. We are happy with what we have, how it is deployed and how it serves the need we have deployed it to fill.  

I do not think the initial setup was very complex.  

I am sure the pricing is reasonable or we would not continue to use the product in such a minimal capacity. We are fine with the price of the product and we are happy that it does what we need it to do.  

On a scale from one to ten where one is the worst and ten is the best, I would rate it at around an eight. We are using it for six years now and renewing the support and the license. So you can say that we are at least reasonably happy with the product and do not have to replace it.  

To make the product rate higher they would have to match some of the capabilities of other products within the same category that they lack. For example, if we want to get to a feature in QRadar, we can get to it in two clicks. But with Splunk, we need to do a lot more to navigate to the features. Sometimes when we need to accomplish a task, it may not be part of the basic system so we need to write more code and do more work to get the same result as we might if using another product.  

The other point, I think, has to do with the storage. Splunk does not have appliances and storage and we have to be the ones who are responsible for taking care of the matters of requisitioning the appropriate hardware. A lot of storage is needed just for logs that it generates. So I think this hardware problem and need for storage is another issue that we might face with Splunk if we use it as a SIEM (Security Information and Event Management).  

The primary use case of this solution is for security management. We gather security logs from intrusion detection and prevention systems, such as firewalls, web application firewalls, and system logs from Linux and Windows servers, as well as anti-malware system logs.

We combine them with Splunk to analyze our security level for our company. We use this data to analyze our company security situation and to define security use cases, like attacks. When we find these attacks, we contain them and mitigate our security flaws in our business environment.

The Add data feature lets you gather any type of log and easily analyze it. This is easier than using other solutions like ArcSight or Elasticsearch for example.

We can use these logs with our data processes to explain our situation.

In the next release, I would like to see more integration with other solutions. For example, Juniper, ManageEngine, PAM (Privileged Access Monitoring), and Wallix.

We don't use technical support because we are under sanction. We use our own knowledge and team to implement and to develop Splunk.

We have used ArcSight and Elasticsearch.

The initial setup is easy.

Splunk has a good community. They have good opinions and suggestions for deployment.

It took one year to deploy and implement Splunk completely.

The implementation is easier than other solutions.

I implemented and deployed this solution by myself.

I am not certified with Splunk, but I am a system administrator. I passed the fundamentals one and two.

This is a very good solution.

I would rate this solution a nine out of ten.

The solution is primarily used as security correlation and event correlation. It's a place for all of your logs to go so that you can have all those logs co-ordinated during security events. 

The solution brings all the events into one platform so that you don't have to hunt down multiple sources to figure out what's going on.

The ability to create custom dashboards is one of the best features and that's typically why most people deploy Splunk. Users can create dashboards for just about anything.

The solution has been improving its offering for the past year. It's in constant development.

The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions.

The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved. 

It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.

I've been selling the solution for quite a long time. I'd say I've sold it for five years. I've been involved in deployments and I've been involved in configuring it and managing it, but I don't actually use it for my company.

The solution is extremely stable. We haven't run into issues that would make us concerned.

The solution is very scalable. However, companies must be aware that expanding the solution is very expensive.

I'd rate technical support eight out of ten. They're responsive due to the fact that clients need to pay in order to access technical support.

The initial setup is not straightforward. It's quite complex. 

The storage backend requires touching all of your events sources. It requires a lot of planning and configuration. It's not something you just put out there and deploy. You have to have someone who's an expert in it.

The deployment typically takes, from beginning to end, less than three months. However, it really depends. It depends upon how many log sources you have, if you have staff on-site that are capable of actually running it, or if you have to make network configuration changes, etc. There's a whole list of things that you have to go through to figure it out. 

The number of people needed to deploy the solution varies upon the size of an organization and the use cases. You're going to want at least two dedicated people to deploy at a medium-sized organization.

These individuals have to understand searching and creating dashboards. They have to have network skills and security skills. There is a wide range of things they have to be a part of. Most people who become Splunk Engineers start off doing something else in their business and they learn about networking, and then security and programming. When they start to deploy Splunk, they become experts.

The solution requires the assistance of a specialist. There needs to be an expert involved to help implement it.

Licensing is paid on a yearly basis.

We work with a few different solutions. As a SIEM, there are many other solutions out there and which is best really depends upon what the company wants to achieve.  As a logging server, there really aren't any other really good solutions that compete as well with Splunk. LogLogic might be the closest.

We're a Splunk partner and reseller.

Typically, the solution is on-prem for the most part because it requires a very heavy lift in storage and the storage is very expensive. Most companies deploy it on-premise and then add on the cloud solution as well later on.

I'd warn other organizations that want to use the solution that they need to be prepared to spend a lot of money.

I'd rate the solution seven out of ten due to the fact that it's extremely complex to run and deploy.

The solution's most valuable aspect is its ability to get information about all of the security measurements in my environment.

The solution should have more sensors regarding fiber intelligence for security measures.

The stability is pretty good. I'd say it's about 80% stable.

I don't consider the solution scalable.

Technical support is very helpful. They make contacting them easy.

We're also currently using IBM Pure Adarius. Although we do use both consecutively, I do prefer Splunk. It's more digital and more open.

The initial setup is very easy.

If you compare it to IBM, the solution has fairly good pricing.

We use the private cloud deployment model.

I'd rate the solution seven out of ten.

For us, we use this product to create a special kind of log. It just logs everything for what it is monitoring and does the parsing afterward based on a packet that you impose on the logs. Then you can extract the data out of the fields that the logs normally comprised of.

Typically, people just monitor applications, network infrastructure, and compliance.

It gives us another tool for monitoring our infrastructure in a different way.

I think the most valuable feature is that you easily get adapted to standard components. So, you don't need to involve the user with interface and GUI decorations. The tool just evaluates the logs in an efficient way. This enhances utility and efficiency.

What I don't like is that you are not sure all the data is recorded. Our product is better in these areas of functionality. Splunk is quite a bit different. When you transfer some logs at the end of the day you are never sure that you grab everything or not. The transport layer is not so well done and could be better.

What should be better in the solution to make Splunk a ten out of ten is a question I would rather not answer. That is an area where the products delivered by our companies compete in some ways.

This product is very stable. There is no doubt about the fact that it performs as expected when we use it as far as stability is concerned.

There is no issue with scalability at all.

The support is sufficient and responsive. We already know the product so we do not need to consult with them often. The documentation is pretty well done and covers most issues. They have some smaller issues with service, but normally you get what you need when you contact them. The technical support is okay and it is not an issue.

We use both Splunk and another solution simultaneously for somewhat different purposes.

For me, the initial setup seemed quite easy and not complicated at all. We are in the business so a little knowledge helps.

We are consultants, and we know a lot about Splunk and many other products. So one branch of our company takes care of the sizing and interviewing for new data professions and services for banks. Because of our experience, we now know these tools and the pros and cons of using any of them and why you would choose one over another. Security issues are one of our core capabilities.

As far as pricing, you can negotiate with the company, but I'd say the price is fairly high for the product. The typical price for competing products is also quite high, so it is not necessarily bad. It's a good product — that is not the problem. But there is more and more competition in the market and their prices stay high. I think that the pricing and marketing situation gets more difficult for Splunk. By comparison, with our tools in the other solution we use, you can do the same evaluation. All you need is an employee to run the product, but the pricing is way lower. So, I think that cost has become an issue for Splunk over the long run.

There are also costs in addition to the standards licensing which raises the cost even more.

The advice that I would give to companies considering this type of solution is that choosing the right solution all depends on what you want to do. I'd say Splunk makes more sense if you only want to have one tool or service to monitor. A lot of our infrastructure is not complex. I just put Splunk there, I collect the logs and I calculate what I need. I do that step-by-step, so it is a bit difficult as an approach when things are more complex. You want to reduce complexity when monitoring just one single service. Our business is focused on monitoring. We don't want monitoring to care about software distribution and additional concerns. So, if it is just straight forward monitoring of a service that you need to do, then I think then you're right to use this product. There are other potential solutions.

On a scale from one to ten where one is the worst and ten is the best, I would rate Splunk as an eight.

We are IT consultants and our primary use case for this solution is for analyzing machine data.

The feature I find most valuable is the data integration.

I would like to see an improvement and some innovation in the customer interface, which puts something in your design. If we able to customize more parts of the user interface, it would be great. I also think the scalability should be improved.

The solution is stable and I haven't seen any box glitches or crashes.

We have a hundred users. I really do not know how scalable the solution is. I couldn't find any submission for a flat fee and for expanding the installation in my last project. So perhaps this is also something that can be improved.

I am happy with the support, how they respond and help to solve issues.

The initial setup is straightforward and you can do it yourself.

My experience with this solution in analyzing machine data is really good. The interface could be simplified and I would like to have more clustering. On a scale of one to ten, I rate this solution a seven. 

Splunk sends security alerts. It's being used on two levels. One for the analysis of the data by the data scientists. Two, for the engineers to troubleshoot if there are any issues happening, like any security bugs, or anything that needs to be addressed and never mediated across. 

In terms of the application performance security, application performance tooling has been a key factor for me using Splunk. We are also looking into options, like other third parties or even open-source tools that help the capturing the application performance, fine-tuning, which leads to the security aspect.

We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now.

People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool.

We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well.

They do not have all the features that I expect right now.

I have been using Splunk for three years. 

We haven't really experienced any glitches or bugs. It depends on the use cases and so far I haven't seen any as of now.

It is scalable.

They're good. They're quite good at providing the service for technical engineers as well.

I would say that the setup is pretty straightforward because they have their own documentation that you can follow. It takes an associate's capability in order to accomplish it. They have good documentation and dedicated support to take care of any issues that come forward.

As a newbie, I wouldn't prefer Splunk. The reason being that it's a completely enterprise-grade solution. As a startup, you don't implement Splunk for the first time. We'd put an open-source product. With us, we have many of the Italian products, which proves to be a good open-source solution. In the end, people intend to go for enterprise support for the vulnerability patching, report generation, and enterprise support. People go for licensing based on that. I wouldn't refer any newbies to go for a weak enterprise-grade solution as they barge into any technology.

I would rate Splunk a seven out of ten.