I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar. We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform. Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360. The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution. I rate Splunk Enterprise Platform 9 out of 10.
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding. Regarding maintenance, it does not require much as it is on-premises. Overall, I would rate Splunk Enterprise Platform an eight.
My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability. Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.
I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.
Learn what your peers think about Splunk Enterprise Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool. It is not easy for beginners to use, and for freshers, it will take time to understand the tool. From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten. In general, I rate the tool an eight out of ten.
System Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Jul 15, 2024
Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions. I rate the overall solution a nine out of ten.
Splunk Admin at a consultancy with 10,001+ employees
MSP
Top 10
May 11, 2024
Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool.
Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management. When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards. I recommend the solution. Overall, I rate the solution a nine out of ten.
Senior Software Engineer at Torry Harris Integration Solutions
Real User
Top 10
Apr 25, 2024
Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end. Overall, I rate the solution a nine out of ten.
Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness. The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool. There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless. Overall, I rate the solution an eight out of ten.
The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard. Overall, I rate the solution an eight out of ten.
I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders. Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them. The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention. The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively. I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM. Overall, I would rate Splunk Enterprise Platform as a nine out of ten.
I rate the overall product a seven out of ten. I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.
I can recommend the product after considering the needs and budget of the customers, as well as the company's size. I rate the overall tool an eight out of ten.
Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs. Overall, I rate Splunk Enterprise Platform an eight out of ten.
Security Architect at a comms service provider with 10,001+ employees
Real User
Oct 12, 2023
I would recommend the product to those who plan to use it, provided the pricing of the solution is brought down. I rate the overall product an eight out of ten.
We have annual automation for our automated building and availability building. The maintenance is easy. We will do a vulnerability scan. Then, we need to ask someone from the Splunk team to confirm that upgrading to this version of Windows or applying monthly or weekly patches will not impact the Splunk application. It's not easy or feasible to reach out to Splunk directly. Splunk is an enterprise software platform that monitors storage, CPU, RAM, Windows logs, and Cisco network logs on large machine setups. I suggest Splunk to anyone with these needs. Overall, I rate the solution an eight out of ten.
I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.
Explore data of any type and value — no matter where it lives in your data ecosystem. Drive business resilience by monitoring, alerting and reporting on your operations. Create custom dashboards and data visualizations to unlock insights from anywhere — in your operations center, on the desktop, in the field and on the go. Use data from anywhere across your entire organization so you can make meaningful decisions fast.
I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar. We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform. Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360. The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution. I rate Splunk Enterprise Platform 9 out of 10.
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding. Regarding maintenance, it does not require much as it is on-premises. Overall, I would rate Splunk Enterprise Platform an eight.
My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability. Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.
I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.
To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool. It is not easy for beginners to use, and for freshers, it will take time to understand the tool. From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten. In general, I rate the tool an eight out of ten.
Before using the Splunk Enterprise Platform, basic knowledge of log analytics tools like Logstash is beneficial. While it does not require specific prerequisites, having some background knowledge will help. Remember that Splunk is a paid service, unlike other log analytics tools like ELK Stack, which may offer free versions. I rate the overall solution a nine out of ten.
Currently, we are on-prem. However, we have started cloud migration in the last few months. I rate the overall solution a ten out of ten. In daily life, every IT company should use it to monitor its logs. It is an emerging tool.
Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management. When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards. I recommend the solution. Overall, I rate the solution a nine out of ten.
Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end. Overall, I rate the solution a nine out of ten.
Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness. The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool. There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless. Overall, I rate the solution an eight out of ten.
The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard. Overall, I rate the solution an eight out of ten.
I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders. Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them. The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention. The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively. I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM. Overall, I would rate Splunk Enterprise Platform as a nine out of ten.
I rate the overall product a seven out of ten. I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.
There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.
I can recommend the product after considering the needs and budget of the customers, as well as the company's size. I rate the overall tool an eight out of ten.
Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs. Overall, I rate Splunk Enterprise Platform an eight out of ten.
I would recommend the product to those who plan to use it, provided the pricing of the solution is brought down. I rate the overall product an eight out of ten.
We have annual automation for our automated building and availability building. The maintenance is easy. We will do a vulnerability scan. Then, we need to ask someone from the Splunk team to confirm that upgrading to this version of Windows or applying monthly or weekly patches will not impact the Splunk application. It's not easy or feasible to reach out to Splunk directly. Splunk is an enterprise software platform that monitors storage, CPU, RAM, Windows logs, and Cisco network logs on large machine setups. I suggest Splunk to anyone with these needs. Overall, I rate the solution an eight out of ten.
I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.