Splunk Enterprise Security Reviews

Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (315 reviews)

4.2 out of 5

315 reviews
93% willing to recommend

What is Splunk Enterprise Security?

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Get the Splunk Enterprise Security Buyer's Guide and find out what your peers are saying about Splunk Enterprise Security, CrowdStrike Falcon, Wazuh and more!

Splunk Enterprise Security is the #1 ranked solution in top Security Information and Event Management (SIEM) solutions, #1 ranked solution in top IT Operations Analytics solutions, and #2 ranked solution in Log Management Software. PeerSpot users give Splunk Enterprise Security an average rating of 8.4 out of 10. Splunk Enterprise Security is most commonly compared to CrowdStrike Falcon: Splunk Enterprise Security vs CrowdStrike Falcon. Splunk Enterprise Security is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 14% of all views.

Buyer's Guide

Splunk Enterprise Security

June 2025

Get the report

Helped 860,825 peers since 2012

Featured Splunk Enterprise Security reviews

ROBERT-CHRISTIAN

CTO at kyndryl

In our organization, we use our own tools such as Kyndryl Bridge and Elastic. We use Kyndryl Bridge which essentially has a similar function. It is based on Elastic. It indexes log files and flags log files. It helps you to very quickly search log files similar to the Splunk algorithm. Our clients use Splunk Enterprise Security. If somebody already has Splunk as a business intelligence tool, then very often, it makes sense to expand the Splunk subscription they have to include Enterprise Security as well. We base our decisions on customer requirements, not on anything else. If a customer comes to us looking for a SIEM solution, we advise them based on their infrastructure and objectives. If we deliver the service for them and they want us to do that, we mostly go with Microsoft Sentinel when they already do not have Splunk. Otherwise, we go with Splunk Enterprise Security. We have about 30 customers in Germany who have Splunk, and we run it for them. Monitoring multiple clouds with Splunk Enterprise Security is no more difficult than it is with Sentinel. I find Sentinel a bit easier. Splunk, of course, is very useful if you have AWS. Generically, because Splunk is not a cloud provider itself, it fits with anything. However, integration can be challenging at times, especially in virtualized environments. Splunk struggles a bit with speed in virtualized environments. Most importantly, Splunk can be outrageously expensive. That is the problem with both Splunk and Sentinel. Their pricing literally explodes based on the amount of data you feed in. I like Elastic SIEM. It is a tool that allows you to determine the price. It is based on the computing power you require and not on the amount of data you put in, so it is a lot more flexible than Splunk or Sentinel. If there is a cost concern, Elastic SIEM is a good idea. Elastic is also pretty good at creating on-premises data lakes to control the amount of information you put into the same tool. That is something that neither Splunk nor Sentinel offers. In our operations, we use a separate threat intelligence vendor. To the SIEM tool, we added a SOAR tool for security orchestration, automation, and response, which is very critical these days. We get threat intelligence from a third-party provider because neither Splunk nor Microsoft gives the coverage that our customers need. Splunk does not have a SOAR capability, so we add that on top. We could add that on top of any tool, so it is not specific to Splunk, but Splunk helps because going through the log files is very fast. It does help when you do the incident analysis. Elastic also provides that, and Sentinel has that to some degree, but Splunk is still the Google for log files. MITRE ATT&CK framework is integrated pretty much into any SIEM tool. It is not unique to Splunk. It is there in QRadar and other solutions. MITRE ATT&CK framework is helpful when designing incident response plans or playbooks. It is nice that they have it, but that is nothing unique to Splunk.

Read full review

Ashiq Ashraf

Specialist-Infrastructure Opertions at Allianz Technology

The most valuable features of Splunk Enterprise Security are several add-ons and TAs, while the lack of a DB requirement is a significant advantage for the business, allowing easier management without needing in-depth DB knowledge. I find that Splunk Enterprise Security's ability to import data from various sources, including looking up Excel files, is quite effective, providing a good way for management. We import data from several unique data sources into Splunk Enterprise Security, possibly more than a hundred because we have AWS and multiple servers. We have disparate security solutions that integrate data into Splunk Enterprise Security. I can still query data in Splunk Enterprise Security regardless of where it resides, and in my perspective, the query provides data quickly. Splunk Enterprise Security has improved our organization's ability to ingest and normalize data compared to before using Splunk Enterprise Security. The unified platform helps consolidate networking, security, and IT observability tools, which is very relevant to our internal needs. Using Splunk Enterprise Security, our focus was not on reducing alert volume but on properly finding and handling alerts; we've managed to capture 100% of them effectively. Splunk Enterprise Security provides the relevant context to help guide investigations by allowing us to share application logs and details with clients efficiently. We utilize out-of-the-box detections in Splunk Enterprise Security, and we have created dashboards that add value to our monitoring efforts. Customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security is easy; it has been a good experience without significant difficulties. We upgraded to Splunk Enterprise Security from version 8.0.4 to 9.0.6, and also from 8.1.4 to 9.0.6; it worked well with the support we received from the team, and it has proven to be very useful. Splunk Enterprise Security provides the foundation for unified threat detection, investigation, and response, enabling fast identification of critical issues.

Read full review

Hamada Elewa

System Engineer - Security Presales at Raya Integration

Splunk has a vast integration with multiple vendors, which makes it easy for our customers to integrate various cloud environments. Splunk provides complete visibility when integrated with all installed appliances and applications. The threat intelligence management feature is a good add-on for startups, especially given its affordability. Splunk allows organizations to ingest and normalize data effectively. Splunk simplifies real-time problem identification and resolution by seamlessly integrating existing customer and vendor systems. Its customizable dashboards can be tailored to map and reflect specific environmental needs precisely. The threat topology and MITRE ATT&CK framework features can help discover the full scope of a security incident, provided they are fully integrated into the customer's environment. Splunk's comprehensive log visibility enables efficient investigation of malicious activities and breaches. By generating a dashboard that collects logs from firewalls, emails, proxy endpoints, and threat intelligence, Splunk can provide access to critical information within seconds, significantly reducing investigation time compared to other vendors or solutions. This streamlined process, facilitated by Splunk's ability to gather and analyze diverse log data, ensures swift identification and resolution of security incidents. It helps our customers improve their organization's business resilience. The unified platform helps consolidate networking infrastructure and security. This single-platform approach offers the advantage of combining multiple technologies and features, streamlining operations and enhancing efficiency. Implementing Splunk with SOAR capabilities, along with machine learning and AI for alert filtering, can significantly reduce alert volume without constantly interrupting administrators. This streamlined approach ensures that only alerts requiring approval are sent to administrators, optimizing their workflow and efficiency. The analysts using Splunk, even the free edition, are very satisfied with the information it provides for their investigations. Splunk has helped customers accelerate their security investigations by integrating AI and machine learning into its platform. This integration automates many basic tasks and saves valuable time. Splunk helps reduce our customer's mean time to resolve.

Read full review

Splunk Enterprise Security mindshare

Product category:

As of July 2025, the mindshare of Splunk Enterprise Security in the Security Information and Event Management (SIEM) category stands at 9.4%, down from 12.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

PeerResearch reports based on Splunk Enterprise Security reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Jul 8, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 8, 2025	Download
Comparison	Splunk Enterprise Security vs Wazuh	Jul 8, 2025	Download
Comparison	Splunk Enterprise Security vs Microsoft Sentinel	Jul 8, 2025	Download
Comparison	Splunk Enterprise Security vs IBM Security QRadar	Jul 8, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.7%	96%	132 interviews Add to research
Wazuh	3.7	12.6%	80%	48 interviews Add to research

Valuable Features

Splunk Enterprise Security is praised for rapid search, ease of use, and scalability. Its Search Processing Language (SPL) and schema-on-demand features provide flexibility in data analysis. Users value its ability to ingest varied data sources, integrate easily, and create powerful visualizations. The dashboards offer intuitive insights, aiding in alert reduction and efficient threat detection. Known for seamless integration with cloud solutions, Splunk aids in monitoring multiple environments, enhancing security operations.

"I would definitely recommend Splunk Enterprise Security because if you are really concerned about security and want to follow compliance rules, this product is really helpful."
"Splunk Enterprise Security is fast and well-documented, and user interface and user interaction are well-designed compared to other SIEM solutions."
"Splunk Enterprise Security is a very useful application to collect all the logs and also to find out the problems."

Room for Improvement

Splunk Enterprise Security users suggest improvements in ease of setup, better GUI, integration with VMware and other devices, visualization enhancements, and more granular permissions. They prefer a more user-friendly command interface and better training resources without a high cost. Licensing costs and scalability are concerns, as is the complexity of data ingestion and onboarding. They highlight integration with third-party tools, enhanced automation, and AI capabilities, including machine learning and predictive analytics.

"We can only increase the environment. For instance, with an ES server, we cannot make a cluster of ES. If you have two servers and want to make a cluster of these two servers for ES, that is not possible."
"Splunk Enterprise Security is great but can have some frustration points. It can sometimes be slower to use."
"There were only one or two issues related to the user account, but nothing major."

ROI

Organizations have experienced a substantial return on investment with Splunk Enterprise Security, noting significant time savings and increased efficiency in troubleshooting and monitoring. Automated processes save manpower, allowing analysts to focus on core tasks. Enhanced visibility streamlines operations and improves security posture. Companies manage high volumes of events with fewer resources. Splunk enables quick adaption to new requirements, revealing insights that drive strategic decisions and increase revenue through faster resolution of issues and real-time data access.

Pricing

Pricing for Splunk Enterprise Security is considered high by many users, especially for small to medium enterprises. Costs escalate with greater data ingestion volumes, and licensing is typically based on data processed daily. While expensive, it offers extensive features and strong ROI, making it valuable for larger enterprises. Some users find cheaper alternatives but note that they may lack comprehensive capabilities. Splunk's high pricing is a sticking point, yet many agree its functionality justifies the cost.

"The pricing of Splunk Enterprise Security is somewhat high, but comparing it with its benefits, it's acceptable. It depends on the type of business."
"Pricing and licensing are quite high compared to other tools or SIEM tools, but the features justify it."
"Splunk Enterprise Security is a bit expensive overall, but it provides good value."

Popular Use Cases

Organizations primarily use Splunk Enterprise Security for security purposes, including SIEM, threat detection, and incident response. It aggregates, correlates, and analyzes logs from various sources to enhance cybersecurity operations. Splunk provides centralized log collection, monitoring, and alerting capabilities, enabling teams to manage incidents, detect unauthorized access, and comply with security regulations. Users utilize it for creating custom dashboards, integrating with other tools, and automating security tasks, supporting diverse cybersecurity use cases.

Service and Support

Splunk Enterprise Security support receives mixed feedback. Customers appreciate responsive and knowledgeable staff, especially with complex issues, and commend documentation and online resources. However, delays are frequently mentioned with some users needing to rely on external experts for detailed solutions. Many express satisfaction with Splunk's community resources, while others experience challenges with timeliness and consistency in resolving cases. High satisfaction rates are noted, though some users find alternative advice necessary.

Deployment

Initial setup of Splunk Enterprise Security is generally straightforward, with basic configurations being easy for experienced users. However, advanced setups may require skilled personnel and more time. Organizations often encounter complexity with defining use cases, clustering deployments, and customizing integrations. Successful setup depends on thorough planning, defined requirements, and sometimes assistance from professional services. Documentation and expertise can significantly aid the process, making it easier to navigate initial implementation challenges.

Scalability

Splunk Enterprise Security demonstrates impressive scalability, managing large data volumes effectively and efficiently. It can be scaled horizontally or vertically, offering flexibility across various environments, including cloud and on-premise. Many users report easy scalability to accommodate their needs, although some mention the potential for high costs. Generally, it handles increasing demands well, supporting thousands of users and diverse infrastructure types, which makes it suitable for enterprise-level deployment. The scalability is frequently rated highly by users.

Stability

Splunk Enterprise Security exhibits robust stability, often praised for resilience and minimal downtime. Many users mention it is steady with high uptime, although some report minor bugs and occasional performance issues with large data volumes. The platform's adaptability and scalability contribute to its reliable performance, while capacity planning and configuration are essential to prevent potential instability. Users frequently commend its strong community support and comprehensive documentation.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk Enterprise Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

14%

Computer Software Company

14%

Manufacturing Company

Government

University

Healthcare Company

Educational Organization

Comms Service Provider

Insurance Company

Retailer

Real Estate/Law Firm

Non Profit

Energy/Utilities Company

Media Company

Construction Company

Legal Firm

Transportation Company

Performing Arts

Outsourcing Company

Hospitality Company

Wholesaler/Distributor

Aerospace/Defense Firm

Pharma/Biotech Company

Recreational Facilities/Services Company

Consumer Goods Company

Marketing Services Firm

Logistics Company

Compare Splunk Enterprise Security with alternative products

Learn more about Splunk Enterprise Security

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Splunk Enterprise Security customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.