Splunk Enterprise Platform Reviews

We monitor our airtight network traffic using the Splunk Enterprise Platform. We also use the solution for port monitoring, to monitor which ports are closed, which are open, and flapping if in any port. We use it to check our server performance to see if it gets choked because of high CPU or RAM utilization.

Splunk Enterprise Platform is an easy-to-use and easy-to-configure solution.

There should be continuous customer engagement and training programs on the new features and capabilities introduced by the solution.

I have been using Splunk Enterprise Platform for four years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

Splunk Enterprise Platform is a scalable solution. Two people are using the solution in our organization to monitor data.

I rate Splunk Enterprise Platform ten out of ten for scalability.

The solution’s initial setup is easy.

One or two hours is enough to deploy the solution, but its configuration will take time, based on the users. Just one person is enough to deploy the solution.

We have seen a return on investment with Splunk Enterprise Platform for security and performance use cases.

The solution’s pricing is moderate. We have to pay a yearly licensing fee for the solution, and there is an additional cost for support.

Splunk Enterprise Platform is a good and easy-to-use solution. It has to be regularly upgraded to the changing network or customer needs.

Overall, I rate Splunk Enterprise Platform an eight out of ten.

We use Splunk to create dashboards and do analysis.

Splunk can be used primarily to port log files, allowing for easy and quick management of large amounts of logs. However, this can also be a drawback due to the configuration, parsing, and dashboard creation limitations. Communication is stream-based, which means you need to do a lot of pre-emptive setup to get a nice export. Another issue with Splunk is its streamlined nature; it reruns the query whenever you refresh a dashboard. This becomes problematic if you have a large volume of log files, as it can be slow, resource-intensive, and require significant storage space.

It is designed to process and analyze log files. You feed log files into the platform, automatically extracting different fields. This allows you to filter and manipulate the data in a stream-based manner. Essentially, you pass a log file through various filters sequentially, enhancing or reducing its size by adding or removing information. However, this stream-based approach can make it challenging to create detailed dashboards easily. The platform primarily focuses on log files and is unsuitable for real-time data analysis.

I have been using Splunk Enterprise Platform for one or two years.

The product is stable.

I rate the solution’s stability a six out of ten.

It can be very slow if you have a lot of data, and scaling it up for better performance can be quite expensive.

A thousand users use this solution. We have many systems and a lot of data.
It is centrally deployed and used extensively across various systems. I use it daily, but sometimes I only use it once a month. It depends on the data I need or the issue I'm investigating.

I rate the solution’s scalability a four out of ten.

The initial setup is straightforward.

I wouldn't recommend Splunk Enterprise Platform because it's slow and has significant limitations.

Overall, I rate the solution a six out of ten.

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions. 

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

The solution is used for basically, to monitor various logs, so it is the application logs, some kind we are monitoring databases.

Splunk is providing, like, proactive monitoring using desserts and all. So these things have improved a lot. Like, in our done day to day activities and all. So whenever we are seeing any kind of alerts and also on that basis, we are going to create alert.

For monitoring security data is the most valuable feature. 

Currently, I think things are good only. There are certain things which is not which is there in the other platform like UAE, UBA is there. Like, Splunk is having another product itself. But the thing is, like, if that can be incorporated with the Splunk Enterprise three version. So it will be helpful for the users to explore more on that one.

I have been using Splunk Enterprise Platform for five years. 

The stability is a nine out of ten meaning the solution is highly stable. 

It is a scalable solution. Around thousand plus users are using the solution.

I have been using this Splunk only from my, like, a shorting of the career. During this period, I have been using AppDynamics and NetSync as well.

Normally so for trial version, it is easy. So it depends on how much data you are ingesting. So if you are going for the Flushing environment, so that setup Could be somewhat difficult, but, normally, it will be easy only.

I have seen a Return on Investment. 

Costing depends on, like, how much data you are investing. So that will increase your cost.

I will rate the overall solution a nine out of ten. 

We use Splunk Enterprise for data visualization.

We use Splunk administration rather than Splunk development.

We provide support to users so they can access our Splunk application and use it however they want. For example, if they are not able to view some of the logs that are coming from their servers in our Splunk, then we usually check all the logs here that have been missed and forward the ones that were not forwarded. 

Also, sometimes they use their access to install some apps. We have Splunk apps and they want us to create an app for their usage. We also need to create these apps in the Splunk application. Sometimes they aren't able to download or upload files into Splunk or other websites. They aren't able to download these reports as PDF files. We usually work on this and try to resolve it as quickly as possible.

We use Splunk for cyber security. We have a lot of teams who use Splunk for different purposes. The security team uses it to authorize log-ins, so in case something happens, Splunk monitors it. Also, the development team uses it to monitor data while they're creating a new application.

In the enterprise platform, all of the clusters and indexes are under our maintenance. If required, we can make changes and see the logs manually by getting into the servers.

Things have to be managed manually in Splunk Enterprise, which is not the case in Splunk Cloud, where the client could manage it on their own.

It would be useful if Splunk Enterprise Platform could monitor the application URL, to check whether it's responsive or not.

I've been using it for a year and a half.

It is completely stable and the infrastructure is good. We have no issues with our Splunk Enterprise Platform.

We contact technical support whenever there's an issue with logs and they work through it with us.

Positive

We use both Splunk Cloud and Splunk Enterprise. We might opt for Splunk Cloud in the future since it's less expensive, but we are currently using both.

The deployment takes about a day. I would say that the initial setup is quite a complex thing to do because there are a lot of things that have to be done for clustering all the features and indexing and then forwarding data to the indexes. When it comes to applications, we have to replicate the data. The process takes time. Once everything is done, we still need to monitor the infrastructure constantly.

It is easy to maintain if you are familiar with the deployment model.

I have hands-on experience with AWS, Linux, Ansible, and Terraform and with programs like Python, Java, and SQL as well. I also use tools like Catchpoint, Nagios, and Grafana.

I would suggest using Splunk Cloud first, and then Splunk Enterprise because the maintenance and the infrastructure management are easy. I would rate it an eight out of ten.

I have a variety of use cases. My company uses it for cloud-related operations, anomaly identification, and threat detection.

It's been very useful in regard to security information and threat management (SIEM). Splunk is a valuable tool for my organization.

The timestamp indexing and the easy-to-use visualization features are the most valuable features for data analysis.

Moreover, the dashboard and visualization features have made a big difference. We can quickly identify issues within the dashboards and easily generate insightful reports. If something goes down, we can easily detect the issue.

Splunk's real-time processing capability has been pretty good for my use cases.

There is room for improvement in terms of scalability. They can enhance the ability to handle increasing volumes of data. 

I have been using it for four years now. 

There have been occasional issues, but nothing major.

I would rate the stability an eight out of ten.

I never had issues with scalability. My organization has 8,000 end users. 

I would rate the scalability an eight out of ten.

The customer service and support are good. 

Positive

In general, the initial setup is fairly easy.

Not everyone can do it. Some knowledge and experience would likely be helpful to get the most out of the setup.

Typically, the deployment would take around 16 to 20 hours.

The pricing is about average.

Overall, I would rate the solution an eight out of ten.

I would recommend using this solution. Overall, Splunk is a good tool for analysis and for representing data in a short span of time. It helps minimize unnecessary noise in the data.  

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.

I use the platform to collect data and report to the clients that need reporting from Splunk. I work on gathering big data from all over my company and exporting it into proper reports.

What I find the most valuable about the platform is its DB Connect and its versatility in general. I also like its adaptability to any use case when it comes to collecting and analyzing data.

It is hard to say in what areas the platform could be improved since it's very versatile and applies to many use cases. It already has the functioning vetted into the core architecture of the product. In my opinion, there is no need for additional features because it already has many, and I haven't used them all.

I've been using Splunk Enterprise Platform for two and a half years. I am a Splunk software architect and Splunk is the only platform I use.

It's a very stable platform. A ten out of ten.

The scalability of Splunk is ten out of ten. It's one of the best platforms on the market. Approximately 1,000-2,000 people use the platform at our company, but only two people are needed to maintain it and I'm one of them. Everything is automated and it is very easy to manage 2,000 users on my own.

I would compare Splunk Phantom with RSA NetWitness and Elasticsearch. All three solutions give the same output but in a different way. They analyze data in different ways. Each product has its scalability, versatility, and appliances in the current business needs of the company that uses it.

The initial setup is very easy. At our company, we deployed Splunk ourselves because we are a team of Splunk architects and we have done it before.

The platform is too expensive for small businesses. If you choose the free plan, it only has 15 GB of data per day, and it may not be enough to run a small business. You need to pay a subscription based on data ingestion, and that's very expensive. Splunk should focus more on delivering something for small businesses and entrepreneurs. I give the pricing a three or four out of ten. Although the product is pricey, it's truly magnificent.

Overall, I give Splunk a nine out of ten and not a solid ten just because there are new updates every day and we don't know exactly what we need to search for since it's not that viewable.