If customers already have a Splunk infrastructure and are willing to invest with it to work on or to expect development to happen in the near future, they might consider it. However, if they are expecting a full ready-made product that will deliver value from day zero, this means that Splunk is not the right solution for them. For mature customers, I will not recommend Splunk User Behavior Analytics. On a scale of one to ten, I rate this solution a seven out of ten.
I am currently using Splunk User Behavior Analytics on Cloud in a SaaS model. The customer purchased the solution directly, not through AWS. We operate as a service provider managing the solution. I have rated Splunk User Behavior Analytics 9 out of 10.
I would recommend Splunk User Behavior Analytics for large companies with investment capacity for security. For small and medium-sized businesses, it might be too expensive, so I would rate it six for them. For large companies, I would say it merits a rating of eight to eight and a half. Overall, for small and medium-sized companies, I rate it six. For large companies, I would rate it eight to eight and a half.
If the solution can be improved, that would be good. However, if not, it still functions well. It is obviously a good one. I would rate the product nine out of ten.
Learn what your peers think about Splunk User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
Software Engineer IAM at Mercedes-Benz Canada Inc.
Real User
Top 10
May 10, 2024
We are using the latest version of Splunk User Behavior Analytics. Using the solution was difficult initially, but now it's okay. Users should not ship all logs because storing and manipulating the data is very expensive. Overall, I rate Splunk User Behavior Analytics a seven out of ten.
Business Transformation specialist at a tech consulting company with 10,001+ employees
Real User
Mar 10, 2023
I rate Splunk User Behavior Analytics seven out of 10. There is still some room for Splunk to incorporate new capabilities and automate workflows. It's a solid solution for protecting against external threats like bots and unauthorized access. If you've experienced cybersecurity issues in the recent past, Splunk could help you develop a predictive approach based on user behavior.
Owner at a computer software company with 11-50 employees
Real User
Oct 28, 2021
We're just end-users. We don't have a business relationship with Splunk. I'm not sure what version of the solution we are on currently. I believe it's about a year and a half or so old. This product is the easiest way to check if the work's correct. It works well. It does what we need it to. I'd rate it a ten out of ten.
Sr. CyberSecurity Solutions Architect at a security firm with 11-50 employees
Real User
Nov 4, 2020
The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell. I would rate this solution a nine out of ten.
Global Engineer at a financial services firm with 10,001+ employees
Real User
Sep 21, 2020
We're simply customers. We don't have a business relationship with Splunk. We're using the latest version of the solution. I'm not sure of the exact version number. I'd recommend the solution to other companies. On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.
Information Security Specialist at a financial services firm with 201-500 employees
Real User
Aug 19, 2019
After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product.
We use the on-premises deployment model of the solution. The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs. It's important that you start with good infrastructure when you implement Splunk, or you may run into issues. Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. I would rate the solution nine out of ten. I would recommend the solution to others.
Senior Security Engineer at a government with 1,001-5,000 employees
Real User
Aug 18, 2019
From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products are good for those purposes. The storage gets better priced with the amount you use. The storage is very expensive if you take some of the license options from the company. We won't be using unlimited storage for how much data will be imported from our bandwidth. I think the unlimited license is good because we will use a lot. On a scale from one to ten when one is the worst and ten is the best, I would rate Splunk User Behavior as a nine. I didn't give them ten because Splunk does not provide something for the professional investigation. There is something that prevents you from using data the way you want to use data for in an investigation. Sometimes with Splunk, we cannot bring the data out in a better form and some users cannot understand it exactly. What I am talking about is options for a more professional investigation, not for normal behaviors. If you want to just look at normal behavior the program will give all you need. But sometimes you need other use cases to see the action.
Security PS Supervisor at a tech services company with 1,001-5,000 employees
Real User
Aug 13, 2019
I'm a system integrator, which provides the solution to end-users and customers. We handle the on-premises deployment model. I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics. I would rate the solution seven out of ten.
Director of Technology at a insurance company with 10,001+ employees
Real User
May 9, 2019
If I had to rate Splunk from one through ten, one being the worst and ten being the best, I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. I rate it a nine because I think that the ease of use with the product, like the installation and the support that we receive. From what I hear everything goes well. There's nothing that stands out. We haven't had any vulnerabilities or compliance issues with the product, and we do with others, so those are the reasons why I'd rate it a nine. Anyone else looking for a product that can consolidate logs this product does what it says it will do.
Information Security Manager at a financial services firm with 201-500 employees
Real User
Mar 11, 2019
I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't. The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it. We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag. The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.
There is a lot of potential in the product. We have seen the product grow over time. There is potential to grow a bit more and become more proactive than it is right now. First assess the use cases. Then, assess the scale and complexity of the use cases that you are trying to solve before implementing the solution. Do not try to find a solution which fits the use case after the implementation.
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides...
If customers already have a Splunk infrastructure and are willing to invest with it to work on or to expect development to happen in the near future, they might consider it. However, if they are expecting a full ready-made product that will deliver value from day zero, this means that Splunk is not the right solution for them. For mature customers, I will not recommend Splunk User Behavior Analytics. On a scale of one to ten, I rate this solution a seven out of ten.
I am currently using Splunk User Behavior Analytics on Cloud in a SaaS model. The customer purchased the solution directly, not through AWS. We operate as a service provider managing the solution. I have rated Splunk User Behavior Analytics 9 out of 10.
I rate Splunk User Behavior Analytics an eight out of ten overall. I prefer communications to be sent to my corporate email.
I would recommend Splunk User Behavior Analytics for large companies with investment capacity for security. For small and medium-sized businesses, it might be too expensive, so I would rate it six for them. For large companies, I would say it merits a rating of eight to eight and a half. Overall, for small and medium-sized companies, I rate it six. For large companies, I would rate it eight to eight and a half.
If the solution can be improved, that would be good. However, if not, it still functions well. It is obviously a good one. I would rate the product nine out of ten.
I would rate my satisfaction with Splunk User Behavior Analytics at a seven out of ten.
The system is stable, but for the storage model that requires a large number of VMs, it will be a nightmare. I'd rate the solution seven out of ten.
We are using the latest version of Splunk User Behavior Analytics. Using the solution was difficult initially, but now it's okay. Users should not ship all logs because storing and manipulating the data is very expensive. Overall, I rate Splunk User Behavior Analytics a seven out of ten.
I would rate Splunk User Behavior Analytics a nine out of ten. Generally, due to its usefulness and benefits, we find this to be an excellent product.
I rate Splunk User Behavior Analytics seven out of 10. There is still some room for Splunk to incorporate new capabilities and automate workflows. It's a solid solution for protecting against external threats like bots and unauthorized access. If you've experienced cybersecurity issues in the recent past, Splunk could help you develop a predictive approach based on user behavior.
The solution works very well with large data sets. I rate the solution a ten out of ten.
We're just end-users. We don't have a business relationship with Splunk. I'm not sure what version of the solution we are on currently. I believe it's about a year and a half or so old. This product is the easiest way to check if the work's correct. It works well. It does what we need it to. I'd rate it a ten out of ten.
The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell. I would rate this solution a nine out of ten.
We're simply customers. We don't have a business relationship with Splunk. We're using the latest version of the solution. I'm not sure of the exact version number. I'd recommend the solution to other companies. On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.
After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product.
We use the on-premises deployment model of the solution. The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs. It's important that you start with good infrastructure when you implement Splunk, or you may run into issues. Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. I would rate the solution nine out of ten. I would recommend the solution to others.
I will rate this product a seven out of ten, and I would definitely recommend it to others.
From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products are good for those purposes. The storage gets better priced with the amount you use. The storage is very expensive if you take some of the license options from the company. We won't be using unlimited storage for how much data will be imported from our bandwidth. I think the unlimited license is good because we will use a lot. On a scale from one to ten when one is the worst and ten is the best, I would rate Splunk User Behavior as a nine. I didn't give them ten because Splunk does not provide something for the professional investigation. There is something that prevents you from using data the way you want to use data for in an investigation. Sometimes with Splunk, we cannot bring the data out in a better form and some users cannot understand it exactly. What I am talking about is options for a more professional investigation, not for normal behaviors. If you want to just look at normal behavior the program will give all you need. But sometimes you need other use cases to see the action.
I'm a system integrator, which provides the solution to end-users and customers. We handle the on-premises deployment model. I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics. I would rate the solution seven out of ten.
If I had to rate Splunk from one through ten, one being the worst and ten being the best, I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. I rate it a nine because I think that the ease of use with the product, like the installation and the support that we receive. From what I hear everything goes well. There's nothing that stands out. We haven't had any vulnerabilities or compliance issues with the product, and we do with others, so those are the reasons why I'd rate it a nine. Anyone else looking for a product that can consolidate logs this product does what it says it will do.
I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't. The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it. We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag. The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.
There is a lot of potential in the product. We have seen the product grow over time. There is potential to grow a bit more and become more proactive than it is right now. First assess the use cases. Then, assess the scale and complexity of the use cases that you are trying to solve before implementing the solution. Do not try to find a solution which fits the use case after the implementation.
It helps us make decisions faster.
It is a helpful tool, especially for customers who deal with the service industry.