Security Consultant at a tech vendor with 5,001-10,000 employees
MSP
Top 5
Mar 4, 2026
I would recommend Splunk Enterprise Platform for bigger companies. In the future, I expect additional features such as threat intelligence, behavior analytics, log searching, and machine learning capabilities. As for any other functionalities I would like to see from them in the future, I do not have anything to add right now. I have something in my mind, and in case I remember, I will go ahead and add it. Splunk Enterprise Platform is very popular in my region. My overall review rating for this product is seven out of ten.
Technical Lead at a financial services firm with 10,001+ employees
Real User
Top 10
Mar 4, 2026
I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us. I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR. I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that. The ability to manage applications through Splunk Enterprise Platform is something I need to check. I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM, where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it. Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage. This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL. I purchased Splunk Enterprise Platform directly from the vendor. I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.
We have many use cases for using Splunk Enterprise Platform. We use Splunk to detect anomalies in our customers' IT environments, such as their network environments. We want to detect suspicious activity or anomalous activity from our customer environments. From Splunk, we utilize many applications from Splunkbase to support our deployment. Many of our services relate to the Security Operation Center, so many of our use cases are linked to SOC activities. Since the query capability in Splunk is extremely flexible, creating dashboards is also very easy. Dashboard creation depends on the SPL queries, and in the latest version of Splunk, we have two options: classic dashboards and Studio dashboards. Both options can be tailored to our needs, enabling us to create highly customized dashboards, for instance, by adding images. This flexibility makes crafting custom dashboards simple. I find deploying Splunk to be very straightforward because you can choose to install it on either Linux or Microsoft operating systems. Before deployment, we conduct sizing for the instance, including storage, CPU, memory, and network considerations. Once sizing is clear, we proceed with the installation, which offers multiple options such as Debian packages or RPMs. Overall, the deployment process is quite easy. Currently, many of our customers prefer cloud deployment for Splunk Enterprise Platform. We do not recommend specific cloud services, but we often see GCP, Google, and Microsoft Azure being used among our customers. I consider Splunk to be one of the best solutions available compared to other options. If budget is not a concern, Splunk stands out due to its extensive integrations, flexibility in scalability, and the simplicity of its deployment. I would rate this review an overall 8.
I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar. We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform. Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360. The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution. I rate Splunk Enterprise Platform 9 out of 10.
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding. Regarding maintenance, it does not require much as it is on-premises. Overall, I would rate Splunk Enterprise Platform an eight.
My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability. Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.
I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.
To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool. It is not easy for beginners to use, and for freshers, it will take time to understand the tool. From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten. In general, I rate the tool an eight out of ten.
System Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Jul 15, 2024
Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions. I rate the overall solution a nine out of ten.
Splunk Admin at a consultancy with 10,001+ employees
MSP
Top 5
May 11, 2024
Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool.
Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management. When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards. I recommend the solution. Overall, I rate the solution a nine out of ten.
Senior Software Engineer at Torry Harris Business Solutions
MSP
Top 5
Apr 25, 2024
Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end. Overall, I rate the solution a nine out of ten.
Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness. The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool. There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless. Overall, I rate the solution an eight out of ten.
The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard. Overall, I rate the solution an eight out of ten.
I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders. Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them. The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention. The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively. I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM. Overall, I would rate Splunk Enterprise Platform as a nine out of ten.
I rate the overall product a seven out of ten. I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.
I can recommend the product after considering the needs and budget of the customers, as well as the company's size. I rate the overall tool an eight out of ten.
Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs. Overall, I rate Splunk Enterprise Platform an eight out of ten.
Security Architect at a comms service provider with 10,001+ employees
Real User
Oct 12, 2023
I would recommend the product to those who plan to use it, provided the pricing of the solution is brought down. I rate the overall product an eight out of ten.
We have annual automation for our automated building and availability building. The maintenance is easy. We will do a vulnerability scan. Then, we need to ask someone from the Splunk team to confirm that upgrading to this version of Windows or applying monthly or weekly patches will not impact the Splunk application. It's not easy or feasible to reach out to Splunk directly. Splunk is an enterprise software platform that monitors storage, CPU, RAM, Windows logs, and Cisco network logs on large machine setups. I suggest Splunk to anyone with these needs. Overall, I rate the solution an eight out of ten.
I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.
Explore data of any type and value — no matter where it lives in your data ecosystem. Drive business resilience by monitoring, alerting and reporting on your operations. Create custom dashboards and data visualizations to unlock insights from anywhere — in your operations center, on the desktop, in the field and on the go. Use data from anywhere across your entire organization so you can make meaningful decisions fast.
I would recommend Splunk Enterprise Platform for bigger companies. In the future, I expect additional features such as threat intelligence, behavior analytics, log searching, and machine learning capabilities. As for any other functionalities I would like to see from them in the future, I do not have anything to add right now. I have something in my mind, and in case I remember, I will go ahead and add it. Splunk Enterprise Platform is very popular in my region. My overall review rating for this product is seven out of ten.
I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us. I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR. I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that. The ability to manage applications through Splunk Enterprise Platform is something I need to check. I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM, where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it. Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage. This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL. I purchased Splunk Enterprise Platform directly from the vendor. I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.
We have many use cases for using Splunk Enterprise Platform. We use Splunk to detect anomalies in our customers' IT environments, such as their network environments. We want to detect suspicious activity or anomalous activity from our customer environments. From Splunk, we utilize many applications from Splunkbase to support our deployment. Many of our services relate to the Security Operation Center, so many of our use cases are linked to SOC activities. Since the query capability in Splunk is extremely flexible, creating dashboards is also very easy. Dashboard creation depends on the SPL queries, and in the latest version of Splunk, we have two options: classic dashboards and Studio dashboards. Both options can be tailored to our needs, enabling us to create highly customized dashboards, for instance, by adding images. This flexibility makes crafting custom dashboards simple. I find deploying Splunk to be very straightforward because you can choose to install it on either Linux or Microsoft operating systems. Before deployment, we conduct sizing for the instance, including storage, CPU, memory, and network considerations. Once sizing is clear, we proceed with the installation, which offers multiple options such as Debian packages or RPMs. Overall, the deployment process is quite easy. Currently, many of our customers prefer cloud deployment for Splunk Enterprise Platform. We do not recommend specific cloud services, but we often see GCP, Google, and Microsoft Azure being used among our customers. I consider Splunk to be one of the best solutions available compared to other options. If budget is not a concern, Splunk stands out due to its extensive integrations, flexibility in scalability, and the simplicity of its deployment. I would rate this review an overall 8.
I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar. We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform. Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360. The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution. I rate Splunk Enterprise Platform 9 out of 10.
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding. Regarding maintenance, it does not require much as it is on-premises. Overall, I would rate Splunk Enterprise Platform an eight.
My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability. Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.
I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.
To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool. It is not easy for beginners to use, and for freshers, it will take time to understand the tool. From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten. In general, I rate the tool an eight out of ten.
Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions. I rate the overall solution a nine out of ten.
Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool.
Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management. When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards. I recommend the solution. Overall, I rate the solution a nine out of ten.
Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end. Overall, I rate the solution a nine out of ten.
Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness. The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool. There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless. Overall, I rate the solution an eight out of ten.
The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard. Overall, I rate the solution an eight out of ten.
I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders. Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them. The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention. The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively. I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM. Overall, I would rate Splunk Enterprise Platform as a nine out of ten.
I rate the overall product a seven out of ten. I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.
There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.
I can recommend the product after considering the needs and budget of the customers, as well as the company's size. I rate the overall tool an eight out of ten.
Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs. Overall, I rate Splunk Enterprise Platform an eight out of ten.
I would recommend the product to those who plan to use it, provided the pricing of the solution is brought down. I rate the overall product an eight out of ten.
We have annual automation for our automated building and availability building. The maintenance is easy. We will do a vulnerability scan. Then, we need to ask someone from the Splunk team to confirm that upgrading to this version of Windows or applying monthly or weekly patches will not impact the Splunk application. It's not easy or feasible to reach out to Splunk directly. Splunk is an enterprise software platform that monitors storage, CPU, RAM, Windows logs, and Cisco network logs on large machine setups. I suggest Splunk to anyone with these needs. Overall, I rate the solution an eight out of ten.
I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.