Splunk Enterprise Platform Reviews

We use Splunk Enterprise Platform as a Security Incident and Event Management (SIEM) tool.

The most valuable feature of Splunk Enterprise Platform is that it's a customizable solution.

Splunk Enterprise Platform needs a bit of tuning, and it would be beneficial if it came with some prebuilt use cases.

Splunk Enterprise Platform should include more integrations with other security tools.

I have been using Splunk Enterprise Platform for six years.

I rate Splunk Enterprise Platform a nine out of ten for stability.

I rate Splunk Enterprise Platform an eight to nine out of ten for scalability.

The technical support team's initial response is too late.

I rate the solution's technical support a five or six out of ten.

Neutral

The solution's initial setup is average and a little bit tricky. On a scale from one to ten, where one is difficult, and ten is easy, I rate Splunk Enterprise Platform a three out of ten for the ease of its initial setup.

Splunk Enterprise Platform was deployed in a month in our organization.

Splunk Enterprise Platform is an expensive solution.

On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a nine out of ten.

I am working with the latest version of Splunk Enterprise Platform. Splunk Enterprise Platform is deployed on-cloud in our organization.

I recommend that users not expect value from Splunk Enterprise Platform immediately. It might take time to set it up and get any value out of it.

Overall, I rate Splunk Enterprise Platform a nine out of ten.

We use the solution to monitor, alert, report, and analyze.

In identity and asset management, Splunk will detect any vulnerabilities , or if any upgrade patching is improperly done, it will send an alert to the specific admin team, indicating the need to patch their servers.

The feature of Splunk Enterprise Platform is its comprehensive capabilities, consolidating various functionalities into a single tool. It excels in searching, reporting, and learning. Additionally, it offers automation and integration features for generating reports at specified business times. One prominent feature widely utilized by companies is enterprise security, crucial for cybersecurity purposes.

The solution could enhance automation capabilities. Currently, the process involves daily manual checks for potential issues, maintenance tasks, and planning for automation. Rather than relying solely on daily activities, there's a need to implement automation solutions for streamlined operations.

The main issue with the Splunk Enterprise Platform is its licensing cost, which can be high for small companies. Many businesses are migrating from Splunk to alternative tools. If Splunk were to lower its licensing fees or offer discounts, it would likely retain more customers.

I have been using Splunk Enterprise Platform for seven years. We are using 9.0.1.2 of the solution.

The solution is stable. There is no impact. I can rate it a nine out of ten.

When increasing your volume of data, high availability is crucial. With Splunk's robust clustering and enrollment features, data availability remains constant. If one site experiences downtime, the other will seamlessly take over, ensuring continuous data availability without any loss or impact. 

10,000 users are using this solution.

As part of our operations focus, we often encounter numerous ticketed issues. Our team is dedicated to addressing these concerns and ensuring the best possible service for our customers.

Positive

Deployment typically takes just a fraction of an hour or two hours. Implementation can be completed within a single day, often within 24 hours.

Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management.

When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards.

I recommend the solution.

Overall, I rate the solution a nine out of ten.

Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.

We use the product for real-time monitoring purposes.

The product's most valuable feature is the ability to explain the values and provide insights into transactions. It allows us to understand successful and failed transactions with a graphical representation easily.

Areas for improvement include enhancing dashboards, reports, alerts, and the monitoring console. With the monitoring console, users can track server performance metrics such as data ingestion, server uptime, CPU, and memory utilization. Integrations with third-party apps can provide comprehensive server monitoring capabilities. However, setting up such integrations may require significant time and effort, as experienced in the mentioned case took nearly 20 days to complete.

We have been using Splunk Enterprise Platform for four years now.

I rate the platform's stability an eight out of ten.

The product is highly scalable.

The complexity of the initial setup largely depends on the level of experience. I find it straightforward due to my proficiency in establishing connectivity, creating DNS, and performing installation configuration. I rate the process a nine and a half out of ten.

The time required for deployment varies depending on the process in place. If changes need to be made within a specific window, such as raising an instance, the window period opens only for a set duration. Deployment in such cases involves raising a change request and obtaining approval, which can take up to seven days. However, from a technical perspective, initial deployment typically takes up to one or two hours. Yet, procedural requirements, like awaiting change request approval, may prolong the process, necessitating additional days of waiting before deployment can proceed.

The product is expensive, and the cost depends on the amount of data ingestion.

When clients request specific data for a particular period, we retrieve the relevant information from our servers and generate statistics. Later, we create reports, alerts, and dashboards based on the requested data. This process involves fetching the necessary data attributes, such as service names, and displaying their corresponding values in the generated reports, alerts, and dashboards.

The platform's alerting capabilities enable the automation of alerts based on predefined conditions. When specific results exceed predefined thresholds, alerts are triggered automatically. For example, if a value exceeds a specified threshold, an email alert is generated and sent to the relevant stakeholders, prompting them to take appropriate action. This automated alerting mechanism enhances operational efficiency by promptly notifying stakeholders of critical events, allowing them to respond swiftly and effectively to potential issues or deviations from expected outcomes.

I recommend Splunk to other people. It's a very good tool, offering many features that surpass other tools like Kaspersky. Its comprehensive monitoring capabilities and insightful analytics make it a valuable user asset.

I rate it a ten out of ten.

We use Splunk for onboarding updates, dashboards, application monitoring, and insights.

We are using it for event management. We don't have that much exposure on the security side.

It is very easy to use logs and create dashboards. You can define extractions for specific exceptions. Splunk can extract historical data and process upcoming data in real-time. You can easily modify, update, or edit extraction rules as needed. Additionally, you can create custom knowledge objects at any time. The platform allows you to restrict user access based on permissions. Even regular users can create reports and dashboards for their workflows.

Splunk Enterprise Platform needs some improvement. For instance, the dashboard sizing and customization options could be enhanced. There seems to be a limitation in adjusting the size of individual panels within a dashboard. This can be frustrating when comparing data across different panels, as users are forced to scroll continuously. Additionally, while Splunk offers some new features like student dashboards, modifying these dashboards requires a level of JavaScript expertise that not all users possess. Providing more user-friendly options for customization, such as adjusting colors and fonts directly from the user interface, could greatly improve the user experience.

Moreover, for users transitioning from other monitoring tools like Dynatrace, the interface may feel less intuitive and more cumbersome. Offering more intuitive visualization options and simplifying the customization process could bridge this gap and make Splunk more accessible to a wider range of users.

I have been using Splunk Enterprise Platform for seven years. We are using V9.0.4.1 of the solution.

The product is stable. I rate the solution’s stability a nine out of ten.

I've encountered numerous issues and challenges, but I've managed to overcome them. I rely on the Splunk community to find solutions whenever I face difficulties. I want to fully engage with the platform and be active in its development, but sometimes, I struggle to find the right resources or support.

The initial setup is easy.

Splunk Enterprise Platform can seem a bit costly compared to their five-year plans. There's a need to provide options, such as offering a free license for up to ten GB of data or a limited-time test and development license at no cost. For instance, if a company purchases a one-year product license, it could receive additional test and development licenses for free, up to a certain data limit. While there would naturally be some restrictions, such as limitations on certain features or functionalities, offering these options could encourage more people to adopt Splunk for their needs. Many individuals and stakeholders hesitate due to Splunk's perceived high costs when considering the additional expenses for enterprise support, operational support, and device licenses. Introducing more flexible licensing options could alleviate these concerns and attract more users to the platform, benefiting both Splunk and its customers.

Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end.

Overall, I rate the solution a nine out of ten.

Splunk Enterprise Platform is useful as a tool for its SIEM and SOAR functionalities.

The most valuable features of the solution stem from the fact that it provides local support to users in Indonesia. The features that Splunk Enterprise Platform provides to users are the same as the ones provided by ArcSight, so I cannot compare both products.

The solution has certain shortcomings when it comes to APIs, making it in an area where improvements are required.

Integration is an area that can be considered as one of the challenges we face with the solution in our company. From an improvement perspective, the solution should make the integration of the product with other tools in the market possible.

I have been using Splunk Enterprise Platform for almost three years.

It is a stable solution. The product stays stable from the development stage to the production environment. Stability-wise, I rate the solution an eight out of ten.

It is a scalable solution.

Around 1,400 employees in our company use the solution.

My company does plan to increase the use of the solution.

I have experience with ArcSight.

The product's initial setup phase was very complex.

During the product's first time deployment, the product is dispatched to the user for assessment, after which a user can deploy it and take care of the areas from implementation to production.

The solution is deployed on a hybrid cloud.

The solution can be deployed in three to five months.

Around seven people are required to manage the deployment and maintenance of the product.

The deployment can be carried out with the help of our company's in-house team.

There are yearly payments to be made towards the licensing costs attached to the solution.

I can recommend the product after considering the needs and budget of the customers, as well as the company's size.

I rate the overall tool an eight out of ten.

We use Splunk Enterprise Platform for point-in-time security detection. It can be applied to security and IT operations scenarios, offering control and insight into user activity, registration processes, and customer data.

The solution has a status query and feed. I can reach them by phone at the residential. It is stable and has a fast response.

The product is expensive.

The product is stable.

I rate the solution’s stability a nine out of ten.

Splunk Enterprise is a powerful platform. It's a leader in its field with a large and active community. Users can access support in various ways, including forums and documentation.

Overall, I rate the solution an eight out of ten.

Splunk Enterprise Platform can be used for security, IT monitoring, and observability.

The solution’s pricing could be improved.

I have been working with Splunk Enterprise Platform for six years.

Splunk Enterprise Platform is a stable solution.

I rate the solution an eight or nine out of ten for stability.

Splunk Enterprise Platform has very high scalability.

Customers need to pay a yearly licensing fee for Splunk Enterprise Platform.

On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing around seven or eight out of ten.

I would recommend Splunk Enterprise Platform to other users.

Overall, I rate Splunk Enterprise Platform an eight out of ten.