It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective.
The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed.
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization.
SOC manager at a tech vendor with 10,001+ employees
Real User
Oct 10, 2023
Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools.
If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best.
The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk.
Cyber Security at a financial services firm with 5,001-10,000 employees
Real User
Jul 20, 2023
Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us.
Splunk Developer at a tech vendor with 11-50 employees
Real User
Jul 19, 2023
It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial.
Sr. Cybersecurity Engineer Splunk Architect at Coalfire Federal
Real User
Jul 19, 2023
Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security.
Cloud Cybersecurity Engineer at a tech services company with 10,001+ employees
Consultant
Jul 19, 2023
The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace.
The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.
Security Compliance Program Manager at a educational organization with 5,001-10,000 employees
Real User
Feb 2, 2023
Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks.
Senior security consultant at a comms service provider with 51-200 employees
Consultant
Nov 29, 2021
One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us.
Senior Network Engineer at a tech services company with 51-200 employees
Real User
Aug 30, 2021
The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.
Product Manager, FX Solutions at a tech services company with 10,001+ employees
MSP
Jun 24, 2021
The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.
Consultant at a financial services firm with 5,001-10,000 employees
Real User
Apr 19, 2021
Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.
Solutions Consultant at a tech services company with 1,001-5,000 employees
Real User
Feb 17, 2021
It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.
It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.
Automation Specialist, Analytics at a computer software company with 10,001+ employees
Real User
Dec 2, 2020
Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data.
We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.
Director of Information Security with 201-500 employees
Real User
Feb 10, 2019
It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.
Presales Manager at a tech services company with 11-50 employees
Reseller
Feb 7, 2019
The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.
It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders.
Senior Network & Security Architect at a insurance company with 501-1,000 employees
Real User
Dec 13, 2018
It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature.
Engineering Manager at a manufacturing company with 10,001+ employees
Real User
Dec 11, 2018
It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product.
QA Lead at a financial services firm with 501-1,000 employees
Real User
Dec 11, 2018
It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end.
We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health.
The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports.
IT Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
Dec 10, 2018
In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset.
Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient.
Works at a financial services firm with 10,001+ employees
Real User
May 4, 2018
Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.
The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data.
With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM
My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time.
Splunk Enterprise Security delivers powerful log management, rapid searches, and intuitive dashboards, enhancing real-time analytics and security measures. Its advanced machine learning and wide system compatibility streamline threat detection and incident response across diverse IT environments.Splunk Enterprise Security stands out in security operations with robust features like comprehensive threat intelligence and seamless data integration. Its real-time analytics and customizable queries...
There are a lot of third-party applications that can be installed.
Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system.
It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective.
The most valuable feature of Splunk Enterprise Security is website activity monitoring.
One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities.
The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed.
The technical support is among the best in the market.
The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization.
There are lots of free learning materials on their website.
We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular.
I like the search feature and the indexing. It's very fast and comprehensive.
It gives me notifications of notable events.
Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools.
If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best.
Splunk has a wide range of features that customers use to find and analyze all kinds of logs.
Splunk Enterprise Security helped us with faster detection of threats.
The alerts are very effective.
The solution helped reduce our alert volume.
The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk.
The UI of Splunk makes it easier for our analysts to move around and see what they need to see.
Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us.
It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial.
Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security.
The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace.
I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features.
The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge.
The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.
It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform.
The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions.
Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs.
Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks.
I really like the user interface and how it works.
It is very scalable.
It is the best tool if you have a complex environment or if data ingestion is too huge.
Splunk works based on parsing log files.
It's better than IBM, in my opinion, because it's an independent entity.
Splunk is stable, and this is why many customers want it.
You can use it to gather syslog messages from anything.
The product is good, it satisfies our customers.
Great platform with user-friendly interface and GUI.
The Splunk user community and forum are most valuable.
The ability to ingest different log types from many different products in our environment is most valuable.
One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us.
The most valuable features are how stable and easy to use Splunk is.
The additional vendors we've brought on board, particularly the elastic, have been quite beneficial.
The reporting aspect is good and it does what I need it to do.
The solution is very fast and succinct.
We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.
The log aggregation is great.
The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.
Easy to deploy and simple to use.
The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.
I have found the installation can be of medium difficulty to very complex depending on the use case.
Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.
There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.
The integration is seamless with many devices and operating systems.
Its integration is most valuable. Its UI is also pretty much easy.
It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.
It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.
Its compatibility with other SIEMS is very useful.
The solution has plenty of features that are good.
What I really like is that even if you have already collected the data, you can extract fields and can build searches.
The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data.
The initial setup is pretty straightforward.
Good for log collection and log management.
The correlation capabilities are the first value that our clients say they like with Splunk.
The most valuable feature is that it's very good for log aggregation.
The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature.
The most valuable feature is the log aggregation, being able to scan through all of the logs.
Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data.
Splunk is a user-friendly solution.
The logs on the solution are excellent.
This is a straightforward solution, easy to configure.
The flexibility of the solution is quite good.
It's the completeness of the solution that we like the most.
The most valuable aspect of the solution is the dashboard. It's very intuitive.
The completeness of the solution is what we like the most.
The initial setup is really straightforward. It's one of the easiest installations.
It helps us uncover bottlenecks in the network.
The most valuable feature of Splunk is the log monitoring.
We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.
It can log more logs than other solutions. It's a good way to troubleshoot problems.
It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.
The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.
It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders.
The search function for spam is like a google search. You just enter and it will quickly show you the results.
It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature.
It has a big user base, so the community is useful.
The client site login is pretty extensible and probably cost-effective.
It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product.
It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end.
Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc.
We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health.
The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports.
The technical support has been very good. They are very responsive and have been helpful.
It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are.
The stock analysts and security people use one single dashboard (one single location) to check our logs.
It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues.
In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset.
This solution helps us increase our productivity.
It has virtual visualization, and other products do not.
It gives us the liberty to do more in terms of use cases.
Positive features include replication capabilities, software development kits, and the architecture.
It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.
Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats.
We can ingest and correlate data from virtually any type of system.
Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient.
Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.
We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.
The ability to ingest any data and display it in a way that anyone can understand.
Visualizations helped the organisation with a better understanding of its KPIs.
It is easy to use in any environment.
It has a rapid response search environment in the event of an incident.
Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events.
The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data.
Low barrier to start searching with the ability to normalize data on the fly.
We can do things in minutes instead of days.
Support is quick and competent.
Visualizations are the best way to understand deviation techniques from the norm.
With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM
Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations.
I like the ease with which dashboards can be created.
My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports.
It allows for transparency into IT metrics for insightful business analytics.
It helped us consolidate all our solutions into an easy tool to use for various employees.
The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting.
We are much faster finding and addressing issues with Splunk.
Speeds up root cause analysis and can help identify issues that your organization never realized were occurring.
Integrity with many vendors: This simplifies the implementation and integration with different devices
Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time.