Try our new research platform with insights from 80,000+ expert users
Splunk User Behavior Analytics Logo

Splunk User Behavior Analytics Reviews

Vendor: Splunk
4.1 out of 5
Badge Leader
729 followers
Start review

What is Splunk User Behavior Analytics?

Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.

Get the Splunk User Behavior Analytics Buyer's Guide and find out what your peers are saying about Splunk User Behavior Analytics, Darktrace, IBM Security QRadar and more!
Splunk User Behavior Analytics is the #4 ranked solution in top User Entity Behavior Analytics (UEBA) solutions and #11 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Splunk User Behavior Analytics an average rating of 8.2 out of 10. Splunk User Behavior Analytics is most commonly compared to Darktrace: Splunk User Behavior Analytics vs Darktrace. Splunk User Behavior Analytics is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.
Buyer's Guide
Splunk User Behavior Analytics
April 2025
Get the report
Helped 851,371 peers since 2012

Featured Splunk User Behavior Analytics reviews

Read more reviews

Splunk User Behavior Analytics mindshare

Product category:
User Entity Behavior Analytics (UEBA)
As of May 2025, the mindshare of Splunk User Behavior Analytics in the User Entity Behavior Analytics (UEBA) category stands at 9.3%, down from 11.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.
User Entity Behavior Analytics (UEBA)

PeerResearch reports based on Splunk User Behavior Analytics reviews

TypeTitleDate
CategoryUser Entity Behavior Analytics (UEBA)May 16, 2025Download
ProductReviews, tips, and advice from real usersMay 16, 2025Download
ComparisonSplunk User Behavior Analytics vs IBM Security QRadarMay 16, 2025Download
ComparisonSplunk User Behavior Analytics vs ExabeamMay 16, 2025Download
ComparisonSplunk User Behavior Analytics vs Rapid7 InsightIDRMay 16, 2025Download
Suggested products
TitleRatingMindshareRecommending
Darktrace4.1N/A94%80 interviewsAdd to research
IBM Security QRadar4.011.7%91%208 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Splunk User Behavior Analytics excels at data aggregation, large-scale searching, threat identification, and rapid decision-making. Users appreciate its customizable dashboards, ease of integration, and powerful search features. The system offers advanced analytics, anomaly detection, and risk scoring capabilities, which aid in security threat detection. Its intuitive interface and scalability support smooth data management while enhancing security postures. Automation, alerts, and auto-report generation boost efficiency and usability across various environments.
  • "Splunk User Behavior Analytics is known for its advanced analytics and data correlation capabilities, which help in detecting patterns, anomalies, and security threats."
  • "Splunk's technical support is amazing."
  • "Features like alerts and auto report generation are valuable."

Room for Improvement

Splunk User Behavior Analytics could benefit from improved integration with other tools, more flexible configuration, and enhanced dashboards. Pricing is a common concern, with calls for better licensing options. Feature enhancements like advanced reporting, user-friendly interfaces, automation for rule creation, and process mining capabilities are desirable. There are also suggestions for developing a built-in analytics engine, lowering data ingestion costs, and creating persistent correlation rules.
  • "High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed."
  • "I would like to see an enhancement in the automation of creating the rules."
  • "The dashboard part could be improved. While using it, I noticed two options: Classic, which is adequate yet only in black and white, and another one that is more advanced or smart."

ROI

Splunk User Behavior Analytics shows variable ROI. Many observe around 30-35% returns, mainly from time and cost savings, yet some only note soft returns. Staff productivity reports a 20% improvement with enhanced incident resolution and reduced security costs. Others struggle with high costs, often resorting to additional tools to manage expenses, yet remain committed due to significant infrastructure investment. ROI hinges on effective use and implementation competencies.

Pricing

Enterprise buyers evaluating Splunk User Behavior Analytics should note that pricing is complex and varies based on licensing models, platform requirements, and data volume. Costs can escalate unpredictably, with annual fees potentially increasing significantly. The licensing model includes term subscriptions with variable charges based on data usage rather than per user. While some find it relatively expensive, others suggest it aligns with market standards. Configuration and additional integrations also impact the overall cost, making exact budgeting challenging.
  • "I am not aware of the price, but it is expensive."
  • "Pricing varies based on the packages you choose and the volume of your usage."
  • "The licensing costs is around 10,000 dollars."

Popular Use Cases

Organizations use Splunk User Behavior Analytics for threat intelligence, intrusion detection, and analyzing anomalous behavior. It assists in security, log management, and monitoring. They integrate it with products, utilizing machine learning and behavior analysis to detect threats and unusual activities. It supports operations by collecting data from various sources for threat identification, governance, and telemetry. Splunk is leveraged for indexing, streamlining network data, and providing dashboards for analytics and user experience metrics.

Service and Support

Customer support for Splunk User Behavior Analytics is largely positive. Many find technical assistance professional, responsive, and good, despite some describing it as average. Some users mention satisfaction with various support tiers, including standard to mission-critical. Issues around support quality in sanctioned regions like Iran exist, relying on forums due to restrictions. Others point to minimal need for support due to system stability or high internal expertise. Interaction and satisfaction levels vary across customer experiences.

Deployment

Many found Splunk User Behavior Analytics's initial setup complex, citing the need for custom configurations and vendor dependency, especially with multiple data centers or intricate environments. Others described it as straightforward, requiring fundamental understanding and basic configurations. Typically, deployment varied between quick processes taking hours to more extensive ones up to six months, depending on environments and prerequisites. Challenges included managing workflows and minimizing false positives.

Scalability

Splunk User Behavior Analytics offers significant scalability, accommodating diverse user needs. While some users report scalability challenges with on-premise implementations and storage restrictions, others praise its ability to support extensive server, desktop, and security device deployments. Users appreciate that it supports numerous users and enables seamless scaling as log volumes grow. Designed for enterprise environments, it facilitates expansion with ease, with many organizations planning to increase usage due to its scalable nature.

Stability

Splunk User Behavior Analytics is regarded as highly reliable, suitable for enterprise use. Users find it straightforward in configuration and monitoring compared to competitors like HP ArcSight. It performs well with minimal disruptions, offering robust performance without bugs or glitches. While some issues can arise with long-term data, these are not exclusive to Splunk. Proper deployments and maintenance are essential for its superior stability, and users rate it very positively for its stability features.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Splunk User Behavior Analytics Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
12%
Government
9%
Manufacturing Company
8%
University
7%
Educational Organization
5%
Comms Service Provider
4%
Energy/Utilities Company
4%
Insurance Company
4%
Non Profit
3%
Healthcare Company
3%
Retailer
3%
Aerospace/Defense Firm
3%
Real Estate/Law Firm
3%
Construction Company
2%
Outsourcing Company
2%
Wholesaler/Distributor
1%
Media Company
1%
Hospitality Company
1%
Legal Firm
1%
Logistics Company
1%
Engineering Company
1%
Recreational Facilities/Services Company
1%
Transportation Company
1%
Pharma/Biotech Company
1%
Recruiting/Hr Firm
1%
Agriculture
1%

Compare Splunk User Behavior Analytics with alternative products

Go!

Learn more about Splunk User Behavior Analytics

Splunk User Behavior Analytics was previously known as Caspida, Splunk UBA.

Splunk User Behavior Analytics customers

8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia

Related questions

  • 41
Which is the best UEBA solution?
  • 6
Viable, Cost-Effective Competitors to Rapid7 InsightIDK
  • 173
What is your recommended cost-effective solution to detect and prevent APT attacks?
  • 31
Looking for recommendations and a pros/cons template for software to detect insider threats
  • 373
What are the main differences between UEBA and SIEM solutions?
  • 5
Monitoring Web Hosted Servers for unwanted guests
  • 54
Why is User Entity Behavior Analytics - UEBA important for companies?
  • 1
When evaluating User Behavior Analytics, what aspect do you think is the most important to look for?
  • 7
Which is the best UEBA solution?
  • 6
What are the different types of insider threats that UEBA solutions help to detect?

Product Categories

Product Categories
User Entity Behavior Analytics (UEBA)
Intrusion Detection and Prevention Software (IDPS)

Popular Comparisons

Popular Comparisons
Darktrace vs Splunk User Behavior Analytics Logo
Darktrace vs Splunk User Behavior Analytics
IBM Security QRadar vs Splunk User Behavior Analytics Logo
IBM Security QRadar vs Splunk User Behavior Analytics
Vectra AI vs Splunk User Behavior Analytics Logo
Vectra AI vs Splunk User Behavior Analytics
Rapid7 InsightIDR vs Splunk User Behavior Analytics Logo
Rapid7 InsightIDR vs Splunk User Behavior Analytics
Cynet vs Splunk User Behavior Analytics Logo
Cynet vs Splunk User Behavior Analytics
KerioControl vs Splunk User Behavior Analytics Logo
KerioControl vs Splunk User Behavior Analytics
Palo Alto Networks Advanced Threat Prevention vs Splunk User Behavior Analytics Logo
Palo Alto Networks Advanced Threat Prevention vs Splunk User Behavior Analytics
Trend Micro Deep Discovery vs Splunk User Behavior Analytics Logo
Trend Micro Deep Discovery vs Splunk User Behavior Analytics
Exabeam vs Splunk User Behavior Analytics Logo
Exabeam vs Splunk User Behavior Analytics
Trend Micro TippingPoint Threat Protection System vs Splunk User Behavior Analytics Logo
Trend Micro TippingPoint Threat Protection System vs Splunk User Behavior Analytics
Fortinet FortiGate IPS vs Splunk User Behavior Analytics Logo
Fortinet FortiGate IPS vs Splunk User Behavior Analytics
Palo Alto Networks URL Filtering with PAN-DB vs Splunk User Behavior Analytics Logo
Palo Alto Networks URL Filtering with PAN-DB vs Splunk User Behavior Analytics
LogRhythm UEBA vs Splunk User Behavior Analytics Logo
LogRhythm UEBA vs Splunk User Behavior Analytics
Cisco Sourcefire SNORT vs Splunk User Behavior Analytics Logo
Cisco Sourcefire SNORT vs Splunk User Behavior Analytics
Lumu vs Splunk User Behavior Analytics Logo
Lumu vs Splunk User Behavior Analytics
See all alternatives
 

Splunk User Behavior Analytics reviews

Sort by:
Subhayu Chakraborty - PeerSpot user
System Engineer at Infosys
Verified user of Splunk User Behavior Analytics
Jan 26, 2025
Automatic reports streamline tasks and offers easy report gathering

Pros

"Features like alerts and auto report generation are valuable. "

Cons

"The dashboard part could be improved. "

What is our primary use case?

The focus is on applications and their behavior. For example, some edits might lead to unusual behavior. Based on these observations, I have made use of the solution.

What is most valuable?

Features like alerts and auto report generation are valuable. Reports are generated automatically, which is a significant benefit. It is very easy and quick for me to gather reports and all the data in a single table or area.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (377 words)
SivaKuppala - PeerSpot user
Enterprise Architect at Wipro Limited
Verified user of Splunk User Behavior Analytics
Mar 26, 2025
create real-time monitoring dashboards to detect patterns and anomalies in user behavior

Pros

"Splunk User Behavior Analytics is known for its advanced analytics and data correlation capabilities, which help in detecting patterns, anomalies, and security threats."

Cons

"High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed."

What is our primary use case?

We use Splunk User Behavior Analytics for log analysis, monitoring, security management, and creating dashboards. We utilize it for Citrix monitoring dashboards, where we integrate Citrix with Splunk to create performance dashboards specific to session details and resource usage. We also use it for monitoring user experience metrics.

How has it helped my organization?

Splunk User Behavior Analytics assists us in visualizing and representing data from different sources for real-time monitoring and analytics, which is useful for troubleshooting purposes.

*Disclosure: My company has a business relationship with this vendor other than being a customer: MSP
Read full review (483 words)
Buyer's Guide
Splunk User Behavior Analytics
Download free report
Find out what your peers are saying about Splunk User Behavior Analytics. Updated April 2025
851,371 professionals have used our research since 2012.
MH
Regional Director at iSecureMind
Verified user of Splunk User Behavior Analytics
Mar 25, 2025
Service providers benefit from threat detection while rule automation needs enhancement

Pros

"Splunk's technical support is amazing."

Cons

"I would like to see an enhancement in the automation of creating the rules."

What is our primary use case?

I am a service provider and reseller. We have been working with Splunk User Behavior Analytics for ten months. Our company, as a system integrator, works with customers in government, banking, fintechs, and SMBs.

What is most valuable?

Splunk User Behavior Analytics offers several beneficial features, such as Insider Threat Detection, account compromise detection, risk scoring, threat detection, and machine anomaly detection. The anomaly detection feature enhances our customers' security posture by learning from historical data. It correlates all the historical data, compares the upcoming behavior with what's already stored in the platform, and reduces false positives.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Read full review (306 words)
AnupChapalgaonkar - PeerSpot user
Cloud Solution Architect at Tech Mahindra Limited
Verified user of Splunk User Behavior Analytics
Dec 23, 2024
Efficient behavior analysis with potential for improved reporting

Pros

"Splunk is highly valuable for query purposes. "

Cons

"In terms of improvements, advanced reporting could see enhancements as there are some issues with latency."

What is our primary use case?

I use Splunk User Behavior Analytics for SAML authentication, behavior analysis, and integration purposes. Integration allows me to identify version controls in CRM systems and analyze remote users. Additionally, I use it for streaming and machine learning kit integration, focusing on behavior analysis.

What is most valuable?

Splunk is highly valuable for query purposes. I use Splunk queries and integrate regex. I primarily use it for integration on different cloud platforms, such as Azure, AWS, or GCP. I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Read full review (431 words)
NS
Senior Security Engineer at a government with 1,001-5,000 employees
Verified user of Splunk User Behavior Analytics
Aug 25, 2019
Product version discussed: Version 7.3.1 On-premises
Easy to configure and easy to use solution that integrates with many applications and scripts

Pros

"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."

Cons

"The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."

What is our primary use case?

Our primary use is intrusion detection and analysis. It is a great product because it is intelligent and does everything for us.

How has it helped my organization?

It is a great product because it is intelligent and does everything for us. We have a LAN (Local Area Network) and sensitive, classified data and we have to be sure it is well-protected.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (1183 words)
Hamada-Elewa - PeerSpot user
Cyber Security Technical Sales Manager at Raia
Verified user of Splunk User Behavior Analytics
Nov 26, 2024
Decreases the false positives but storage model complexity hampers efficiency

Pros

"The most effective one is the integration with other vendors. "

Cons

"Enhancing the storage model that they are using is necessary."

What is our primary use case?

I recommend it to my customers, but I'm a salesman. I am not implementing it myself.

How has it helped my organization?

It decreases the false positives, so it will decrease the time consumed by the operation team to work on Splunk.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Read full review (361 words)
BD
Consultant at Kienia
Verified user of Splunk User Behavior Analytics
May 6, 2023
Quick response time and can store an enormous amount of data

Pros

"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."

Cons

"If the price was lowered and the setup process was less complex, I would consider rating it higher."

What is our primary use case?

We introduced this solution to our customers and requested some dashboards, analytics, statistics, and information to be available through Splunk. However, I'm not proficient in the details and queries.

We work at the airport and operate at various levels of management to ensure the quality of products and applications. 

We monitor the transportation of suitcases, the number of errors in applications, the number of incorrect log-ins, the number of users, and other statistics. 

System management, includes monitoring system behavior, memory size, memory usage, schedules, and analyzing what happened. 

It also involves network monitoring for messages that impact systems and specific applications, including downtime and performance issues. The level of involvement and responsibility varies based on an individual's role within the company.

What is most valuable?

We are really pleased with Splunk and its features. It would be practically impossible to function without it.

To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential.

The system has a very quick response time and can store an enormous amount of data.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Read full review (612 words)
MM
Software Engineer IAM at Mercedes-Benz Canada Inc.
Verified user of Splunk User Behavior Analytics
May 15, 2024
Used for threat identification and governance, but its user interface could be improved

Pros

"The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors."

Cons

"It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries."

What is our primary use case?

The solution helps us with the governance of attacks. We use the solution for threat identification and governance. The solution's use cases depend on the logs we ship to them because we ship all the logs of different products.

What is most valuable?

The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors. Splunk User Behavior Analytics is an easy-to-use tool.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (292 words)