IT Central Station is now PeerSpot: Here's why

What needs improvement with Splunk?

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)

Hi Everyone,

What needs improvement with Splunk?

Thanks for sharing your thoughts with the community!

PeerSpot user
102102 Answers

Shibu Babuchandran - PeerSpot reviewer
ExpertModeratorReal User

Hi @Miriam Tover ​,

Some of the few points that I feel needs improvements is below :

-Automated machine learning
-Extraction, transformation and loading
-Data modeling
-Building Splunk queries
-Dashboard creation
-Capacity data storage for Splunk data.
-Tuning Splunk analytics dashboards for performance
-User training

Jairo Willian Pereira - PeerSpot reviewer
Top 5LeaderboardReal User

New build-in use-cases for Enterprise Security, a fair price-model, improvement over SPL and index performance, adding and integrating with new connectors and market platforms (more open-source solutions too).

Salma Shahin - PeerSpot reviewer
Top 20Consultant

The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues. I would also like to be able to see all the data for internal logs. When we search for internal logs, sometimes, we are not able to find some of the data. For example, when Splunk crashes or something happens, we don't get to know what happened. We tried looking into the internal logs, but we could never figure out the reason from the logs. The information is limited, and it should be improved.

reviewer1331706 - PeerSpot reviewer
Top 5LeaderboardReal User

I don't like the pipeline-organized programming interface. I find the graphical options really limited and you don't have enough control over how to display the data that you want to see. I find that the performance really varies. Sometimes, the platform doesn't respond in time. It takes a really long time to produce any results. For example, if you want to display a graph and put information out, it can become unresponsive. Perhaps you have a website and you want to show the data, there's a template for that, or it has a configuration to display your graphics, and sometimes it just doesn't show any data. This is because the system is unresponsive. There may be too much data that it has to look through. Sometimes, it responds with the fact that there is too much data to parse, and then it just doesn't give you anything. The basic problem is that every time you do a refresh, it tries to redo all of the queries for the full dataset. Fixing Splunk would require a redesign. The basic way the present the graphs is pipeline-based parsing of log files, and it's more of a problem than it is helpful. Sometimes, you have to perform a lot of tricks to get the data in a format that you can parse. You cannot really use global variables and you can't easily define a constant to use later. These things make it not as easy to use.

reviewer1795125 - PeerSpot reviewer
Top 10Real User

As a student, I'd like to see more labs and things for students to test in order to learn. Having a trial version or more training on Splunk would be helpful. There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner. It's difficult to improve when you're just starting out with logs and SOC. As a result, we require a longer free version.

Avraham Sonenthal - PeerSpot reviewer
Top 5LeaderboardReal User

It would be nice if they had a wizard to construct searches, including more complex searches that include math or statistics.

Marcelo Canedo - PeerSpot reviewer
Top 20MSP

The price of Splunk is too high for our market.

reviewer1086690 - PeerSpot reviewer

Its interface could be improved.

Chris Danshaw - PeerSpot reviewer
Top 20Real User

The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it.

ManojSingh - PeerSpot reviewer

Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements. As for additional features, I think they need to refine their AI capability. I know that everyone is talking about artificial intelligence and threat hunting, so I guess one of the key requirements for us is for the solution to automatically provide us some kind of indication and then mitigate any risk. So automation should be a feature.

reviewer1720563 - PeerSpot reviewer
Top 5Real User

This solution could be improved by better pricing in general and by easier installation.

reviewer1052343 - PeerSpot reviewer
Top 10Real User

Other than the pricing modules, I have no issues with the product itself. The configuration had a bit of a learning curve. I would like to learn more about the Cloud solution, but I'm aware that it's lacking some core applications. If they could bring on more vendors, you would be able to monitor a larger number of applications. We could have visualization with other applications we have with the infrastructure in our organization.

DonaldBaldwin - PeerSpot reviewer
Top 10Real User

The interface or maybe some settings need to be improved a bit. It cannot be perfect, however, the issues may be related to the configuration or setup. If you monitor too much, you can lose performance on your systems. You have to be careful what you're monitoring. If you monitor everything, everything stops working. You can go overboard in monitoring. You have to plan your monitoring pretty carefully. It could be easier for beginners. As it is, right now, You have to have a good understanding of the solution in order to use it properly. That said, as the user, I'm at a higher level of management on the architecture side in dealing with resilience. My concerns are different from other user concerns. Also, most of our clients are using it way more than we're using it.

reviewer1544832 - PeerSpot reviewer
Top 5Real User

When it comes to out of the box use cases, I feel the solution to be too slow.

reviewer1688463 - PeerSpot reviewer
Real User

The solution could improve by giving more email details. In a future release, the solution could improve on the artificial intelligence features, such as if an alert comes, it could automatically do logging from the system, get the KV knowledge base, and perform other functions. This would be a benefit.

Ali Tamimi - PeerSpot reviewer
Top 20LeaderboardReal User

The TERM licensing model is still not very useful. It's not helping us. They used to have a perpetual licensing model. Now Splunk is offering annual term/subscription only. That's costly and it's more expensive and it's putting some burden on us. Technical support needs to be more responsive. We would like to see more AI. Through AI, artificial intelligence, not machine learning only. We want to see more AI-enabled kinds of functionalities just to reduce dependencies on manual interventions. We do that, however, automation and artificial intelligence-based kind of automation we would really like to see.

reviewer1655130 - PeerSpot reviewer
Top 20Real User

Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster.

reviewer1630161 - PeerSpot reviewer
Top 5Real User

The solution could be more user friendly and it's difficult to know at this stage whether our requirements will be met by the solution.

reviewer1605462 - PeerSpot reviewer

The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers.

reviewer1584621 - PeerSpot reviewer
Top 5Real User

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

reviewer1367535 - PeerSpot reviewer
Top 20Real User

It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect.

reviewer1521537 - PeerSpot reviewer
Top 5Real User

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

Md. Iqbal Karim - PeerSpot reviewer
Top 20Reseller

Sometimes it becomes very difficult to find certain results from Splunk. Not all users are developers and they are not able to write code to find specific results or specific details from Splunk. From a user perspective, the solution needs to improve the search functionality. The dashboard could be improved. If it was easier for non-developers or those working in network security, it would be ideal. It would be nice if they had a built-in dashboard for those who are less knowledgeable in coding. The product is relatively expensive.

reviewer1126641 - PeerSpot reviewer

We need to get a Splunk Cloud instance inside South Africa's borders. At this stage, we are pushing Splunk Cloud, but it is not yet within South Africa's borders. So we've got data sovereignty issues, especially with government organizations. Technical support could be improved as well. Splunk can be an expensive solution. I think that they need to change their pricing model. At present, it is based on the number of gigabytes that you ingest into the Splunk system. Their competitors are now starting with a pricing model where you pay per device talking back. If Splunk could have a similar alternative, it would then allow people to choose the data model they want such as set data or a set number of devices.

Arpan Balpande - PeerSpot reviewer
Top 20Real User

Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure.

reviewer1524594 - PeerSpot reviewer
Top 5LeaderboardReal User

Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it. It should be easy to customize dashboards. When we are monitoring something, we would like to have a more granular outlook. Splunk has a good dashboard that is easier to use than some competing products, but better customizability would be a great help for the users.

AdityaAgrawal - PeerSpot reviewer

Its setup is a little bit complex for a distributed environment. Their support can also be better. If we raise a case with Splunk support and by any chance we missed to respond for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply. In that case What they can do is they can send a followup mail before closing.

reviewer1276671 - PeerSpot reviewer
Top 20Real User

If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.

reviewer1505082 - PeerSpot reviewer
Top 10Real User

Technical support is lacking post-sale. The modification of firmware could be improved. We find that the maintenance process could be a lot better. The solution is more expensive than other options on the market.

Steffen Klein - PeerSpot reviewer
Top 5LeaderboardConsultant

I really dislike how Splunk sales and partner manager behaves. I have faced several sales model and partnership changes. Also, the last time I wanted to by a license ro built a SIEM solution, they had removed the ability to purchase a splunk subscription or license from their website. In the past, there was a web page calculator it was possible to by online, but now it instructs to contact sales. The free version is limited to 500 megabytes and there is no alerting. Due to the missing feature on the Splunk webpage, I have ask Splunk Sales to purchase a license like 1Gyte a day or a license for max 2500 Euro/year to use it as a test or development instance for myself. Asking Splunk for a quote willing to pay for Splunk license to learn and to get used to the product, Splunk didn't get it managed to offer my a license neither arranging the partnership paperwork I have ask for. Sales people from Splunk where calling, each time after I left my details on ther trial download page. I explained my experience and concerns about Splunk in the past. All excuses received and promises that someone will contact me to solve the issues faced in the past, was leading in excactly nothing. Well Done Splunk. Inflexible and expensive and I do not have much faith in the people working there because if someone is asking for a test environment and is willing to spend up to €2,500 a year, I can't understand why they are unable to provide a license. This could be a lost opportunity because they are not able to onboard a potential new partner. They definitely need to boost their sales and partner program because it changes to often, where they are dropping partners and it is difficult to get in contact with somebody. This is something that needs to be improved. I would like to see more SIEM functionality and embedded moduled such a ticket tool to make a end to end SIEM.

reviewer1478619 - PeerSpot reviewer
Real User

An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times. They also need to update their documentation.

reviewer1470723 - PeerSpot reviewer
Top 20Real User

Over the years, I know they've been doing what they can to continue to add integration capabilities to their solution. If they continue to do that, that would be ideal. However, beyond that, there really aren't any features that I find to be lacking in any part of the solution. On-premises scaling of the solution is a bit more limited than it is on the cloud. The pricing of the solution needs to be a bit lower. It would be ideal if the hardware could meet more universal global regulatory requirements. It would be great it the solution better aligned with global standards.

reviewer1453023 - PeerSpot reviewer
Top 5MSP

I'm a security manager and Splunk is not a good solution for my needs and not as good as other products I've used. I really think they just overreached and are marketing the solution as something that it really isn't. It's really not an SIEM product. It's really not a monitoring solution. If Splunk wants to get into SIEM, they need to make a totally new product. They should just leave SIEM, it's not their thing, not what they do. They're good at log collection and indexing. Stick to it. There are some things with log collection and log retention capabilities that they could actually improve instead of trying to create products for all these other different areas. I don't want their next release, I would rather just kind of scale back on some of the extras, and just really focus on log collection and log retention. I'd like to have more options on how I can perform those features with their products. I'd like to see a lot more integration with other products.

Julio Ortiz - PeerSpot reviewer
Top 20Reseller

They could have more dashboards done or predefined so our clients could use them directly in order to have more information ready to use. The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client.

reviewer1062186 - PeerSpot reviewer
Top 5LeaderboardReal User

Splunk is very complex. The implementation and the scanning of the logs can be difficult.

Matheus Nery - PeerSpot reviewer
Top 10Real User

Splunk needs to be able to hold more days of data. At the moment it only holds three months of data. It needs more views and colors within the dashboard and the ability to have the flexibility to create a user-defined panel.

reviewer1062186 - PeerSpot reviewer
Top 5LeaderboardReal User

Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for. In the next release of this product, I would like to see it offer more recommendations as to what needs to be done.

reviewer1454661 - PeerSpot reviewer
Top 20Real User

Sometimes we experience issues when formatting and configuring files; however, this is a very technical issue that's hard to explain. When extracting the data or structuring the data in the right format, sometimes it becomes challenging. It's up to the user to understand the regex commands. Our customers often complain that the price of Splunk is too high. When Splunk is deployed on the cloud, there are certain considerations that cannot be met. Cloud-based configuration cannot be done by our Splunk admin team. It needs to be routed via a ticket. You don't have more control on the cloud from a configuration point of view, whereas, with on-premise, you are in control — you can define any configuration settings. When you install on-premise, many types of configurations can be done but when Splunk is on the cloud, you're dependent on their specific configurations.

reviewer1463439 - PeerSpot reviewer
Top 20Real User

Index performance is a bit slow but this is partly due to the huge volumes of data for our industry within our environment This makes the index very large and inefficient in terms of performance. Performance could be improved to cater to this, however. We have also had problems with the compatibility between Splunk and other systems. We have previously been on 5.3 and migrated to 5.5. We are now planning to migrate to version 7.7. It has been difficult to find documentation about the compatibility with Linux. In terms of the interface, it could include some improvements for the look and feel.

reviewer1317924 - PeerSpot reviewer
Real User

We're still going through it at this time. However, there are a few changes that could be made. It could be more user friendly, in terms of the end-user experience. The end-user aspect of it could be more enhanced, whereby you could probably have a lot more people that could sign into the tool and look at the reports, and have the reports actually laid out in plain English. Usually, with tools like Audit Vault and Splunk, if you're not the IT person and you're not trained on that system and you're seeing all of the outputs, the language is something you have to convert. Therefore, the end-user experience could be improved so that when you get those alerts and notifications, you could have supervisors and different people actually knowing what those reports mean instead of having someone convert them into something more easily digestible. There should be more enhancements done to the end-user dashboards. Improved dashboards are always good. If you have an IT tech that's up there, and they're looking at the dashboards and they're seeing everything, it would help they could do events and have a dashboard that they could log into as a supervisor and see everything, and just get specific reports for specific areas.

HimanshuTejwani - PeerSpot reviewer
Top 5LeaderboardReal User

Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback.

reviewer1200885 - PeerSpot reviewer
Top 20Real User

The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do. The solution needs a bit more functionality. For example, being able to save a search and select it when you're doing an investigation. I know you can create dashboards and things like that, however, sometimes being able to have a pre-saved search and just fill in whatever value you need would make everything so much easier.

Praful Bhatnagar - PeerSpot reviewer
Top 5Real User

Our two main complaints are about the difficulty of the initial setup and the licensing model. The billing model is a little bit complicated because you have to predict in advance how much data you'll have and how much storage you'll need. When you start, you don't really have those numbers but to get the licensing, you need them. It is only at that point that you'll know how much the product is going to cost you.

Balamurali Vellalath - PeerSpot reviewer
Top 20MSP

There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side. The automation could be better. Typically, the issue that we face is that it has to go to the analytics engine, then goes to the automation engine, basically. Therefore, if there are no proper analytics, the SOAR module is going to be overloaded, and we are not able to get the expected result out from the SOAR module. If they improve the analytics, I think they'll be able to solve these issues very quickly. The playbooks which they create and provide to premium users can improve a lot. They have to create a common platform wherein the end-customers like us can choose the playbooks, and automation playbooks readily available. In terms of integration with the third-party tools, what we are seeing is that it's very limited compared to the competitive products. Competitive products have a lot of connectors and APIs that they have developed, and that's where the cloud integration, whether it is a public cloud or a private cloud integration comes in. There are a lot of limitations to this product compared to other products.

Praful Bhatnagar - PeerSpot reviewer
Top 5Real User

It's difficult to set up initially, and their billing model is also a bit complicated. We have to predict in advance how much data we will have and what the storage would be that we don't have. This makes the licensing complicated because when you start you don't have these numbers. In order to know how much it will cost, you need those numbers. I really wish that it was an application that was easier to use.

Engineer9887 - PeerSpot reviewer
Real User

The clusters are hard. It has too many moving parts. They should make data onboarding easier.

Mui Tran - PeerSpot reviewer
Real User

If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.

it_user762567 - PeerSpot reviewer
Real User

The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication. What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time.

Shaveta Datta - PeerSpot reviewer
Real User

I would like to see them develop integration with the help of a rack rest API. Which is an API that helps to secure communication with oracle cloud and pull down records from there. This integration is currently missing in current version of splunk. I'm looking forward to see this feature getting implemented in next version of Splunk and so that organizations can get benefit of this feature in future.

M Ghuyoor Syed - PeerSpot reviewer
Real User

Due to the size limit, we could not see the full product.

reviewer1048674 - PeerSpot reviewer
Real User

A few more analysis aids might help. The next release could have more intuitive help examples.

Rudi Wicaksono - PeerSpot reviewer
Real User

Splunk should be able to integrate with other product using the free version. The product was difficult to back up the first time.

Emad Ul Haq - PeerSpot reviewer
Real User

Code understanding requirement is complicated for most users.

Luiz Fernandes - PeerSpot reviewer
Real User

Cybersecurity and infrastructure monitoring have room for improvement.

Seyfallah Tagrerout - PeerSpot reviewer

The security can be improved.

Presal0998 - PeerSpot reviewer

Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market. Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud. Its costs are too high and it should be more cost effective because it's going to be a cloud offering.

Marc Chan - PeerSpot reviewer
Real User

Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them. It would be best if they can incorporate all security locks with minimal incidents.

RhondaTurner - PeerSpot reviewer
Real User

* The amount of time it takes to troubleshoot not-easily-available data * Also, hours on the phone with VMware techs.

SenNetwork4433 - PeerSpot reviewer
Real User

I would like to see future development in terms of ML (Machine Learning).

Director158d - PeerSpot reviewer
Real User

I have not tested the hybrid model yet. I don't know whether all its integrations and interfaces will work between the cloud and on-premise model. I also don't know if across multiple clouds all the products will perform properly. If it could be made available as a service, this would be much better than as a product.

Enterpri4059 - PeerSpot reviewer
Real User

When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved. I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier.

Tony Fabrikant - PeerSpot reviewer
Real User

The query language is pretty slick and easy, but it is not consistent in parts. Some of it feels a little esoteric. Personally, some of my engineers are coming from SQL or other languages. Some things are a little bit surprising in Splunk and a little bit inconsistent in their querying, but once you get use to it and once you get use to the field names and function names, you can get the hang of it. However, if it was a bit more standardized, it might be quicker to get it up and running. I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions. I would also like a better UI tool for enhancements of advanced visual query editors.

Gavan McLaughlin - PeerSpot reviewer
Real User

The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer. Splunk is good about viewing data within the last seven or 14 days, but if you want to see a year-over-year trend, you have to do a lot of work to get to that point. If there was a better way to extract the data point and put it into a long-term viewing ability for a year-over-year analysis, then compare that to your other business metrics. That is what I am looking for, as an example, for a call center you want to see the time it takes for your customer to be handled on their need comparatively to the system performance that is happening, then overlay that data.

Kenn Brodhagen - PeerSpot reviewer
Real User

A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down. This sort of thing would help out a lot. It would help them out too, because then they wouldn't be hollering at us for going over our license.

Tomi Juslin - PeerSpot reviewer
Real User

The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging.

Engineercb47 - PeerSpot reviewer
Real User

For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster. With the AWS hosted version, we have not hit this bottleneck yet, simply because we are not yet at the multiple terabyte scale. We have hit with the on-premise enterprise version. This is a problem that we run into every so often. We don't run into this problem day in and day out. Only during the month of August through October do we contend with this issue. Also, there is a fair bit of lag. We have our ways to work around it. Between those few months, we are pumping in a lot of data. It is between 8 to 10 terabytes of data easily, so it is at a massive scale. There are also limitations from the hardware perspective, which is why it is an optimizing problem.

Roman Burdakov - PeerSpot reviewer
Real User

I would like some additional AI capabilities to provide additional information about things going wrong and things going well.

Jerry Castille - PeerSpot reviewer
Real User

The community surrounding the product is okay, but I would like more material supplied by Splunk around some more common integration stuff. I wish there was a bigger library, because we are building stuff. Where I often feel like other people have done things before, we are reinventing the wheel. While it is not a core piece of our organization and it is not a priority, it does inform our SIEM platform. It would be nice if there was a little more cookie cutter solutioning inside of it, and that they would take a little more time to shake it out. The first year and a half was a little wacky with its usefulness, but now it is a solid piece of our infrastructure.

Sam Osborn - PeerSpot reviewer
Real User

The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills. My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful.

Security1747 - PeerSpot reviewer
Real User

Every product needs improvement. If we can get a faster product, we will take it. There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good. We would like more integrations with other cloud products, not just AWS, e.g., Azure.

reviewer718113 - PeerSpot reviewer
Real User

Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market.

Reviewer4612 - PeerSpot reviewer
Real User

I would like to have the ability to master the management of clustering.

Reviewer0932 - PeerSpot reviewer
Real User

After a crash, the product takes a while to recover.

Omar Sánchez (Mr.Tech) - PeerSpot reviewer

The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall.

reviewer905577 - PeerSpot reviewer

* Multi-tenancy support * Improved user interface * Non-proprietary search language * Different licensing model

Yosef Tavin - PeerSpot reviewer
Top 20Vendor

It needs to improve the way to install third-party apps and enable installation without logging into

it_user782697 - PeerSpot reviewer
Real User

In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features.

it_user872772 - PeerSpot reviewer

* Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations. * While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin. * Missing capability for audio/video and image processing.

it_user870792 - PeerSpot reviewer

DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down.

it_user867936 - PeerSpot reviewer
Real User

Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.

it_user867087 - PeerSpot reviewer
Real User

The Enterprise Security app could be improved. We have had trouble with it working from the first day.

it_user865365 - PeerSpot reviewer
Real User

It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away.

it_user865026 - PeerSpot reviewer
Real User

* Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex. * Configuring a few apps is complex, not straightforward.

reviewer860955 - PeerSpot reviewer
Real User

Make it easier to include roles and user controls, as it is horrible now.

it_user861630 - PeerSpot reviewer
Real User

ES is very powerful, but it requires a mature security posture at the company to take advantage of it currently. The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment.

Clara Merriman - PeerSpot reviewer
Real User

The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more.

Christopher Mooney - PeerSpot reviewer
Real User

There is a definite learning curve to starting out. However, there is quite a bit of documentation out there to help you get started.

Michael Kaericher - PeerSpot reviewer
Real User

I would like to see Splunk improve its posture as a production operations tool. This means that searches, alerts, dashboards, and additional configurations that I use should have a production migration process. Therefore, I can know if my important detects have been tampered with and I can restore them if they have. I would also like it to be easier to understand what I can influence from the UI versus the command line. Splunk is making great strides to all configuration being possible from the UI, but it can still be confusing for a non-system administrator to track down an issue only to find that it requires command line access to fully interpret.

Rajesh Mandale - PeerSpot reviewer
Real User

The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this will become a non-issue. Also, AngularJS/ReactJS inclusion could be made easier in GUI.

it_user860487 - PeerSpot reviewer
Real User

* Certain sections of the developer documentation could use some updating and clarification. * Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling. * Some terminology is vague and confusing (examples: deployer versus deployment server or search head versus search peer).

Gangikunta Somanath - PeerSpot reviewer
Real User

More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results.

Gregg Woodcock - PeerSpot reviewer
Top 10Real User

* It needs integration with a configuration management solution. * It could use better password management for forwarders. * It needs a better way to export dynamic views without requiring a ton of code and user/pw.

Robert Pollard - PeerSpot reviewer
Real User

The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement.

it_user859770 - PeerSpot reviewer

I like Splunk. The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it.

it_user859668 - PeerSpot reviewer
Real User

Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run. While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged.

it_user859650 - PeerSpot reviewer
Real User

* Free-floating panels in the dashboards are like a glass table. * It needs more formatting control without having to be an admin.

Colin Jackson, CISSP, MMIS, GMON - PeerSpot reviewer
Real User

More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it.

it_user859464 - PeerSpot reviewer

I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications.

it_user859446 - PeerSpot reviewer
Real User

It can be tough to determine if you are getting all of the value out of your investment at times. However, our sales seems to be flexible and will work on an organization to organization basis to negotiate license terms.

Enterprise677 - PeerSpot reviewer
Real User

Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.

MS Alam - PeerSpot reviewer
Real User

Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk.

it_user340983 - PeerSpot reviewer
Real User

Splunk has continually been increasing its features and also expanding and perfecting its core functionality. I would like to see it to continue to improve its predictive analytics and machine learning tools. It is not to be said that they are currently lacking, I don't believe it is, but given the current state and direction of the Information Technology world, I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor.

Buyer's Guide
June 2022
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.