IT Central Station is now PeerSpot: Here's why
CSSP Manager at a tech services company with 51-200 employees
MSP
Top 5
Good at log collection and log management; not ideal for monitoring
Pros and Cons
  • "Good for log collection and log management."
  • "This is not really a monitoring solution."

What is our primary use case?

I'm the CSSP manager and we are customers of Splunk. 

What is most valuable?

Splunk is good at log collection and log management.

What needs improvement?

I'm a security manager and Splunk is not a good solution for my needs and not as good as other products I've used. I really think they just overreached and are marketing the solution as something that it really isn't. It's really not an SIEM product. It's really not a monitoring solution. If Splunk wants to get into SIEM, they need to make a totally new product. They should just leave SIEM, it's not their thing, not what they do. They're good at log collection and indexing. Stick to it. There are some things with log collection and log retention capabilities that they could actually improve instead of trying to create products for all these other different areas. I don't want their next release, I would rather just kind of scale back on some of the extras, and just really focus on log collection and log retention. I'd like to have more options on how I can perform those features with their products. I'd like to see a lot more integration with other products.

For how long have I used the solution?

I've been using this solution for three years. 

Buyer's Guide
Splunk
July 2022
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,063 professionals have used our research since 2012.

What do I think about the stability of the solution?

Once you set up the solution, you don't really have to worry about it. It's very stable. I like the fact that you can pretty much just patch the OS, and it doesn't really affect how Splunk runs. With a lot of products, you almost have to wait for that company to implement a new patch or version of the product before you can upgrade the server it's on, or anything like that. Or you can't upgrade, you just have to go with whatever they give you, because they're giving you an appliance or something. I like the fact that Splunk allows you to integrate and still run as Splunk and still be compliant with most vulnerabilities out there without affecting functionality.

What do I think about the scalability of the solution?

The solution is extremely scalable. We probably have about five or six users, so all our system administrators use it, they're the ones that implement it. Right now, just the CIO, the CTO, and there's a ISSM who has access. There are plans to add more people once we fully implement the Enterprise Security solution. We have admins responsible for maintenance.

How was the initial setup?

The initial setup is kind of complex but I think it's an issue we have and not connected to the solution. We're still deploying. The company didn't have an implementation strategy, they're kind of just flying by the seat of their pants which wasn't a great plan. We're doing it ourselves, we didn't use an integrator. 

What's my experience with pricing, setup cost, and licensing?

We have a 100 gig annual license. I'm not sure of the cost. Their licensing is based on the amount of data you collect. There is an additional cost for Enterprise Security. If there are any other kind of applications, the APIs that we created that we want to add, there are costs for most of those as well. Their pricing structure really could use a revamp. They really need to review and look at that and see if there's a better way that they can do it. Elasticsearch is a little cheaper and a better product in my view. 

What other advice do I have?

It's important to prepare. You can't just get a solution and start to implement it. A big part of that needs to be preparation, and in IT, we're not great at that. I would go with Elastic, a similar product but better. The licensing is a little different but it gives you a little more freedom to do things. It's really flexible with what you can do and versatile in how you can use it. Splunk is still top when it comes to log collection. If you wanted anything more than that, you should probably look into using several different products. There isn't really one product that you're going to find that's going to give you that coverage and I just like the versatility of using several different products. There are some other things you can use that actually do a better job at the correlation part. 

I would rate this solution a seven out of 10. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Automation Specialist, Analytics at a computer software company with 10,001+ employees
Real User
Top 20
Identifies data patterns and provides metrics and intelligence for business operations
Pros and Cons
  • "Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
  • "I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."

What is our primary use case?

I use Splunk on-and-off — I started with in-house projects, then moved up to commercial projects. 

What is most valuable?

Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data. 

The ease of deploying the agent is great in Splunk. One can easily deploy the Universal Forwarder which can extract any amount of information and put it into an indexer. The flexibility of ingesting any kind of data is good with Splunk.

In regards to action-oriented tasks, If an alert is triggered where I have to perform a certain action in the form of executing a Python script or invigorating a PowerShell script — this is easy to do with Splunk. 

The Splunkbase is great. There are thousands of apps that are already available, I can install those apps with full-connectivity and use them to extract any form of data. The community in the Splunkbase is also really strong. 

The ease of integration with third-party tools is great. In the Splunkbase, there are so many apps that are easy to integrate with. 

The user interface is really good. There is a machine learning toolkit — I like it a lot. They have use cases in place so that people with little experience in machine learning can go through these examples of use cases and gain a better understanding. 

What needs improvement?

Sometimes we experience issues when formatting and configuring files; however, this is a very technical issue that's hard to explain.

When extracting the data or structuring the data in the right format, sometimes it becomes challenging. It's up to the user to understand the regex commands. 

Our customers often complain that the price of Splunk is too high.

When Splunk is deployed on the cloud, there are certain considerations that cannot be met. Cloud-based configuration cannot be done by our Splunk admin team. It needs to be routed via a ticket. You don't have more control on the cloud from a configuration point of view, whereas, with on-premise, you are in control — you can define any configuration settings. 

When you install on-premise, many types of configurations can be done but when Splunk is on the cloud, you're dependent on their specific configurations.

For how long have I used the solution?

I started using Splunk in 2018.

What do I think about the scalability of the solution?

The scalability is good. If you have the money, you can expand — it's volume-based, not instance-based. 

How are customer service and technical support?

I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need. I've only ever raised two big support issues, and both times they haven't been about to fully resolve the issue. In the end, I had to figure it out myself.

What about the implementation team?

We have one or two engineers that take care of all maintenance-related issues. It really depends on the scale of your project. One of our projects required a huge deployment — we needed a huge team to match. If it's a small deployment, then two people are enough.

What's my experience with pricing, setup cost, and licensing?

Its cost model is dependent upon the amount of data used — how many GBs we extract in a day determines our price. The price is not dependent upon how many instances we installed in Splunk. I can install thousands of instances, but it will only charge me according to how many GBs I extract per day. 

Overall, our customers complain that the price is too high.

What other advice do I have?

I would definitely recommend using Splunk. They have free learning models available. There are models available on their learning page where you can gain a better understanding of how to use Splunk. Within one month alone, you can at least understand how to operate Splunk, whereas, with other tools, it can take a lot of time to understand.

On a scale from one to ten, I would give Splunk a rating of nine. The only downside is the cost. Price is the only factor; sometimes, companies shy away from Splunk because of the price.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Splunk
July 2022
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,063 professionals have used our research since 2012.
Kenneth Barnes - PeerSpot reviewer
CTA\Owner at UCSolutions
Real User
Top 20
Easy to use and simple to set up with reasonable pricing
Pros and Cons
  • "The SIEM is the most valuable feature of the product."
  • "The documentation is in definite need of improvement."

What is our primary use case?

I need the product for SIEM, Security Identity Event Management. I also need it for security operations, automated response, as well as mapping adjusting of security components as well. It helps us with how best to look at various events, and orchestrate between various different hyper-scalers.

How has it helped my organization?

The solution has made us more secure and has allowed for more definable mapping.

What is most valuable?

The SIEM is the most valuable feature of the product.

Having a better integration method and then ingesting and mapping the information have been somewhat easier than some of the other tools that I've used previously (other than QRadar and Rapid7).

The initial setup is pretty simple.

The solution is scalable.

Stability has been quite good. 

The pricing is pretty decent.

What needs improvement?

The documentation is in definite need of improvement. 

There are pieces of it that are somewhat just daunting and there should be better orchestration and automation. 

I've done some automation with it, with Terraform, and also with some other sources. If it wasn't so proprietary, that would be ideal.

I'd like to have it so that Splunk integrates better with Terraform and Python.

For how long have I used the solution?

I've used the solution for eight years. I've used it for quite a while. 

What do I think about the stability of the solution?

Splunk is probably the best brand in terms of stability. I'd rate its reliability at a four out of five. There aren't bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

The scalability is great. I'd give it a score of four out of five. If a company needs to expand, it can do so. 

We have 450 people in our organization that use the product. We've also done this for clients that needed access for over 200,000 people.

We use the solution extensively and likely will increase usage.

How are customer service and support?

The support is okay, however, there are a couple of things that they couldn't figure out and they couldn't help me with automation or stuff like that. It could have been better from there, however, it's not that bad. 

Which solution did I use previously and why did I switch?

I've previously used QRadar and it wasn't ideal.

There were certain times I integrated with other solutions too.

How was the initial setup?

The initial implementation is pretty simple and straightforward. It's not too complex. I'd rate the experience at an eight out of ten.

The initial deployment took us about two weeks or so.

The amount of personnel you need for deployment and maintenance tasks depends on the size of the deployment. Typically, it's just one or two people. That said, it needs to be proportionate to certain sizes. Usually, the staff is from procurement or provisioning.

What about the implementation team?

I handled the implementation myself. I didn't need any outside assistance from any integrators. I'm a consultant myself.  

What was our ROI?

We've seen quite extensive ROI, however, it's more of a qualitative assessment and I don't have numbers to share. It works well and customers are happy. That's what counts. 

What's my experience with pricing, setup cost, and licensing?

It's a little bit more expensive than some of the other tools. It's not as expensive as QRadar. That said, it's more expensive than LogRhythm or Sentinel.

There aren't really other fees beyond the standard costs of licensing. 

Which other solutions did I evaluate?

I evaluated other things. I also integrated with other solutions too. I decided to go with Splunk due to the fact that it worked well.

What other advice do I have?

I'm a consultant. I'm also a customer and use it myself. 

We use multiple deployment models, including public and private clouds. 

We typically use the latest version of the solution. 

I'd advise potential new users to get a proper plan. They should have a good partner or someone that can help them and quickly map and orchestrate.

I'd rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Security Architect at a tech services company with 51-200 employees
Real User
Top 10Leaderboard
Cloud-ready, with forums and README tutorials that cover everything you need to know
Pros and Cons
  • "Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
  • "I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."

What is our primary use case?

Splunk just acts as an extra presentation layer, and we tried it because of the plugins they have to try and get more logs into the environment.

What is most valuable?

Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize.

What needs improvement?

Aside from the 5GB limit on the community version, I believe it is the same as ELK. It's a useful tool, and nothing comes to mind right now.

I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part.

What do I think about the stability of the solution?

Splunk is a stable solution. I am very happy with the stability of Splunk.

What do I think about the scalability of the solution?

Splunk can be scaled to any environment. The way it's designed, it's cloud-ready, and it has a lot of performance, in-built indexing, and performance tuning options. Splunk is easily scalable.

How are customer service and support?

I am happy to report that I've never needed to contact technical support. The README tutorials and the existing forums provide me with practically everything I need. So far, I haven't had to do so. This should be a testament to the solution.

Which solution did I use previously and why did I switch?

We broaden the scope of IT governance and IT security.

We look at everything from SIEM to network management to endpoint protection, server protection, database protection, and anything else that can aid in visibility, policy enforcement, and monitoring.

Our organization is using a combination of Splunk and Elasticsearch. We get most of what we need from the ELK suite. ELK Stack is usually the primary focus.

ELK has the same inbuilt reports and dashboards that you can customize, but ELK is better for central logging and log aggregation. Once they've all been aggregated, you'll be able to run any kind of queries and APIs to query the logs on ELK and then use Splunk as a presentation layer for the consumers to use.

Security tools, in my opinion, are business tools and should be used by businesses rather than security engineers. I'm experimenting with a hybrid of the two, in which ELK serves as the engine for central logging and Splunk handles the presentation layer and aggregation of additional third-party logs from tools that might be difficult to integrate into ELK.

I would rate Elasticsearch a ten out of ten.

How was the initial setup?

It's a cloud-ready package. It has the same characteristics as ELK. From a deployment standpoint, I don't have any issues with it. The material is freely accessible to anyone who wishes to use it. There is a virtual machine option. You can get a virtual machine by downloading it. The deployment options are simply numerous, and it is up to the implementer.

It wasn't that difficult for me. There are no complaints from me. The material is present, and there are numerous options for deployment. It's relatively simple to go from zero to viewing data with Splunk. ELK is the same way. It is now up to the implementers and their environment to provide you with more data about it.

What's my experience with pricing, setup cost, and licensing?

They could improve their discounts. I think it's a good solution, and it's gaining a lot of traction, maybe they are recouping their R&D costs, Further reductions would be fantastic, and I believe that more and more people would flock to it.

Which other solutions did I evaluate?

We provide IT consulting services. Our customers occasionally ask us to assist them in locating specific solutions.

What other advice do I have?

I would recommend this solution to others who are interested in using this solution.

I would say the forums and READMEs provide more than enough information about Splunk. Most people struggle because they move too quickly through the implementation process. As long as you follow the guidelines, particularly the specifications for environment requirements and implementation methodology, these solutions should work out of the box.

Splunk is a very good solution, I would rate it a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
PeerSpot user
Solutions Consultant at a tech services company with 1,001-5,000 employees
Real User
Top 20
Easy to use, provides a lot of analytics, and allows you to do pretty much whatever you want
Pros and Cons
  • "It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
  • "If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."

What is most valuable?

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

What needs improvement?

If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.

For how long have I used the solution?

I have been using this solution for about three to four months.

What do I think about the scalability of the solution?

I'm not sure. I do not really throw a lot of data in it, but it has been authenticated very nicely. It manages indexes and all of these things very nicely. I have not been privy to any production systems where you have millions of lines of log coming in every second. It works very well for the data that I have. It should be able to handle a lot of data. That's the whole purpose of it, and that's why Splunk has become so popular. It is an enterprise monitoring tool, and a lot of customers have Splunk in their ecosystem.

How are customer service and technical support?

They have pretty much good documentation and good training. Their documentation is a lot better than Qlik Sense.

Which solution did I use previously and why did I switch?

Splunk is an enterprise monitoring tool. Qlik Sense can do a little bit of log monitoring, but it is mostly used for dashboard reporting, whereas Splunk is more around monitoring and figuring out threats and all such things. They are different, but both deal with the data and allow you to create operation reports. 

Power BI is another tool that a lot of our customers use, but Splunk is quite often requested. It is also a lot more popular than Qlik Sense. We have a fair number of Qlik Sense customers.  

We usually sell Blue Prism to business users who are more concerned with the reporting aspect, which is why they would like to have easy tools like Qlik Sense in their ecosystem, but on the infrastructure side, it would be Splunk for enterprise monitoring.

How was the initial setup?

Simple environments are easier to install. Because there is a lot of data log monitoring, once you have a production system, there is some amount of work in setting it up, especially making it SSL Secure and exposing it on the internet. There are multiple components behind it, so you need to ensure that all these things are set up correctly. These kinds of things are not required on a cloud platform because you are just uploading data. You really don't have much access to the backend.

Splunk also has a cloud version, which I haven't looked at, but I have used Qlik Sense's cloud platforms. With on-premises, you are in control of pretty much how you set up all the data that you are sending out. A lot of our customers have the issue that if it is a cloud platform, they cannot really send out the data to any of these cloud platforms. So, there are data residence and other issues.

What's my experience with pricing, setup cost, and licensing?

It is economical than other solutions.

What other advice do I have?

I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises.

I would rate Splunk an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
reviewer1331706 - PeerSpot reviewer
I&T Design & Execution Reliability Engineering Leader at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Poor performance and the display options are limited, but it can parse a variety of log files
Pros and Cons
  • "Splunk works based on parsing log files."
  • "I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."

What is our primary use case?

We use Splunk to monitor our private cloud, data center, and other applications.

How has it helped my organization?

I don't like Splunk very much and find that it does not have many useful features.

What is most valuable?

Splunk works based on parsing log files.

What needs improvement?

I don't like the pipeline-organized programming interface.

I find the graphical options really limited and you don't have enough control over how to display the data that you want to see.

I find that the performance really varies. Sometimes, the platform doesn't respond in time. It takes a really long time to produce any results. For example, if you want to display a graph and put information out, it can become unresponsive. Perhaps you have a website and you want to show the data, there's a template for that, or it has a configuration to display your graphics, and sometimes it just doesn't show any data. This is because the system is unresponsive. There may be too much data that it has to look through. Sometimes, it responds with the fact that there is too much data to parse, and then it just doesn't give you anything. The basic problem is that every time you do a refresh, it tries to redo all of the queries for the full dataset.

Fixing Splunk would require a redesign. The basic way the present the graphs is pipeline-based parsing of log files, and it's more of a problem than it is helpful. Sometimes, you have to perform a lot of tricks to get the data in a format that you can parse.

You cannot really use global variables and you can't easily define a constant to use later. These things make it not as easy to use.

For how long have I used the solution?

I have been using Splunk for approximately one year.

What do I think about the stability of the solution?

I use Splunk at least a couple of times a week.

What do I think about the scalability of the solution?

I'm not sure about scalability but to my thinking, it's not very scalable. I know that it's probably expensive because it relies a lot on importing log files from all of the systems. One of the issues with respect to scalability is that there's never enough storage. Also, the more storage you have, the more systems you need to manage all the log files.

Splunk is open for all of the users in the company. We might have 1,000 IT personnel that could access it, although I'm not sure how many people actually use it. I estimate that there are perhaps 200 active users.

How are customer service and support?

I have not been in contact with technical support from Splunk.

Which solution did I use previously and why did I switch?

In this company, we did not previously use a different monitoring solution.

How was the initial setup?

I was not involved in the initial setup.

We have a DevOps team that is implementing Splunk and they are responsible for it. For example, they take care of the licensing of the product.

What about the implementation team?

We have a team at the company that completed the setup and deployment.

Which other solutions did I evaluate?

The other product that I've seen is Elastic, and I think that it would be a better choice than Splunk. This is something that I'm basing on performance, as well as the other features.

What other advice do I have?

My understanding is that as a company, we are migrating to Azure. When this happens, Splunk will be decommissioned.

Overall, I don't think that this is a very good product and I don't recommend it.

I would rate this solution a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
project manager at ManTech International Corporation
Real User
Top 20
Integrates with our VMware environment for infrastructure alerting and monitoring, and ingests logs from many different products in our environment
Pros and Cons
  • "The ability to ingest different log types from many different products in our environment is most valuable."
  • "The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."

What is our primary use case?

We are using it for information assurance, system alerting, and compliance. We are using its latest version.

How has it helped my organization?

It integrates into our VMware environment and provides infrastructure alerting and monitoring.

What is most valuable?

The ability to ingest different log types from many different products in our environment is most valuable.

It seems to have everything in terms of features. Every time I think of something, I go out to their site, and I can pretty much find it.

What needs improvement?

The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it.

For how long have I used the solution?

I have been using this solution for about five years.

What do I think about the stability of the solution?

It is excellent in terms of performance and reliability.

What do I think about the scalability of the solution?

Its scalability is excellent. Its users are mostly on the backside. I know there are a lot of opportunities to allow developers and engineers to access Splunk for doing different things, but we use it purely for information assurance and system monitoring. So, our engineers and IA professionals are the only ones who access Splunk. We have a couple of them, but it supports thousands of users.

We started with Splunk Light, and now, we're using Splunk Enterprise across most of our projects. It is being used extensively. It is our primary SIEM product. I'm sure its usage will increase, but that's managed at a much higher level. The company has an agreement with Splunk on how our licensing model is established.

How are customer service and support?

Their support is great. I've talked to them many times.

Which solution did I use previously and why did I switch?

We used InTrust. We switched to Splunk because of its flexibility and capability.

How was the initial setup?

Its initial configuration is pretty straightforward. Their repository for information and help is really good, which makes it pretty straightforward. You can just go out to their site and do a search for any question. Usually, someone else would have experienced the same issue.

It took us hours. We obviously expanded it as we were building the environment because we did it from scratch, but it only took hours to get it up and running and configured to do ingestion. We then deployed more forwarders and tweaked it as we went along.

What about the implementation team?

It was implemented in-house. Its maintenance is pretty lightweight, and I take care of it. I have a couple of other team members to help make changes. We have engineers who are available for adding capacity. We have a team of six or seven people to support our Splunk Enterprise.

What's my experience with pricing, setup cost, and licensing?

It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it.

There is just the licensing fee. That's all.

What other advice do I have?

I would advise making sure that you incorporate enough storage and processing in order to properly support the environment.

I would rate it an eight out of 10. It is definitely the best tool I've ever used, but nothing is perfect. They could do a little bit better on data compression and system resource management, but outside of that, it is an excellent product.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Information Security Officer at a financial services firm with 501-1,000 employees
Real User
Top 5Leaderboard
Simple to set up with good log management and responsive technical support
Pros and Cons
  • "You can check up on security from the dashboards."
  • "There can be a bit of complexity around some fields during the initial setup."

What is our primary use case?

We primarily use the solution for log management and security purposes.

What is most valuable?

The log management is great.

It has a very good alert tool that you can create with the logs that Splunk gets.

You can check up on security from the dashboards. We use some custom applications which we have created by ourselves. It's very helpful to have custom dashboards with knowledge of the system of what we monitor.

The initial setup is simple. 

We have found the solution to be stable.

Its scalability is quite good.

What needs improvement?

Right now, everything is good. I don't really have notes for aspects of improvement. 

There can be a bit of complexity around some fields during the initial setup. There are some places where you have to use regular expressions to parse logs. The part of parsing logs correctly is the most, let's say, difficult thing, and when this is done, all of the other things are easier. Anyway, the regex part is a very good feature and in my opinion, it should stay like it is, because it gives a lot of flexibility. Customers may learn to use it or use technical support.

The cost of the solution is a little bit high.

For how long have I used the solution?

I've used the solution since 2016. I've used it for around six years at this point.

What do I think about the stability of the solution?

In terms of stability, it's reliable. There aren't bugs or glitches. it works well. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The solution is scalable. If a company needs to expand it, it can do so.

How are customer service and support?

We have a technical support contract.  

For the most part, we can do it probably ourselves. When technical support helps us, however, everything goes pretty smoothly. We are quite satisfied with them. We typically get immediate support and assistance.

How was the initial setup?

The ease or difficulty of the initial setup depends on the infrastructure of the organization. However, when we have installed it, it was pretty simple. That said, there are some fields that are complex, and for this, we have support.

What about the implementation team?

We did get support to assist us with a few complex fields.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly license. You do need to set up a contract for technical support.

While I don't have details about the exact pricing, my understanding is that it can be a bit expensive. 

What other advice do I have?

We are a customer and an end-user.

I would rate the solution at a nine out of ten. We've been very happy with its capabilities in general. 

The only downside is the pricing. If the price would be lower, you would have the possibility to buy more capacity for parsing logs per day. In Splunk, you have a daily limit of logs that will be parsed. If you place that limit several times, the Splunk license will be blocked and you have to talk with support to get a recovery license. With the capacity, you can include, let's say, 30 servers, but if you want to include another 20 servers, you have to buy an additional license, which is very costly.

That said, for medium and large enterprise businesses it's really necessary to have. Even in smaller businesses, it is good to have. It's just the price that would stop small businesses from taking it on. 

If a small business has less than 500 MB logs/day, they may use a splunk free license.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Splunk Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2022
Buyer's Guide
Download our free Splunk Report and get advice and tips from experienced pros sharing their opinions.