Splunk Enterprise Security Reviews

We are using it for operational intelligence. We are using Splunk as a data lake for machine data. We gather all our machine data from the IT infrastructure and monitor its health.

Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.

Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data.

Visualizations can improve. There are some performance and stability issues with the visualization layer.

There were stability issues, but only with the visualization layer.

There were no scalability issues.

The technical support is quite good.

Previously, we worked with different vendors and solutions.

The setup was very straightforward.

The price is pretty high for our region.

We did a SIEM solutions review with this and other systems for one of our customers.

This is the right choice if you are looking for a platform that can combine all machine-generated data and use it for various use cases from different domains.

The solution is very fast and succinct. 

When it comes to out of the box use cases, I feel the solution to be too slow. 

I have not been working with Splunk for long. 

The initial setup was simple. 

It took an hour. 

Curator is more scalable than certain other solutions. 

We are partners of Splunk and provide the solution to customers. 

I feel Splunk is easy to utilize. 

My company has an app. on which the solution is deployed on-premises on a single server. 

There is another team in my company that works with Splunk products. 

I rate Splunk as a seven-point-five out of ten. 

• Event matching between several appliances
• Correlating data from different sources
• Report viewer

It helps us to detect viruses and security events from our network.

It needs documentation, and "how-to-do" information. It's complicated to build reports and views.

I have used Splunk for about two years.

There were no stability issues. It was running on a VM over Hyper-V.

There were no scalability issues. It was running on a VM over Hyper-V.

I used support a little bit for some templates for formatting data from Cisco and Fortinet logs. They were very fast with their response. I didn't have any support contract, but only entry level support.

This was our first try for log analysis.

The setup was easy.

There is nothing to say. At that time, it was for GBs of data received.

We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.

Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.  

It helps the IT staff to monitor the full structure. It also makes use of all logs and takes proactive actions.

Integrity with many vendors: This simplifies the implementation and integration with different devices. 

Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide.

I have been using this solution for about three to four months.

I'm not sure. I do not really throw a lot of data in it, but it has been authenticated very nicely. It manages indexes and all of these things very nicely. I have not been privy to any production systems where you have millions of lines of log coming in every second. It works very well for the data that I have. It should be able to handle a lot of data. That's the whole purpose of it, and that's why Splunk has become so popular. It is an enterprise monitoring tool, and a lot of customers have Splunk in their ecosystem.

They have pretty much good documentation and good training. Their documentation is a lot better than Qlik Sense.

Splunk is an enterprise monitoring tool. Qlik Sense can do a little bit of log monitoring, but it is mostly used for dashboard reporting, whereas Splunk is more around monitoring and figuring out threats and all such things. They are different, but both deal with the data and allow you to create operation reports. 

Power BI is another tool that a lot of our customers use, but Splunk is quite often requested. It is also a lot more popular than Qlik Sense. We have a fair number of Qlik Sense customers.  

We usually sell Blue Prism to business users who are more concerned with the reporting aspect, which is why they would like to have easy tools like Qlik Sense in their ecosystem, but on the infrastructure side, it would be Splunk for enterprise monitoring.

Simple environments are easier to install. Because there is a lot of data log monitoring, once you have a production system, there is some amount of work in setting it up, especially making it SSL Secure and exposing it on the internet. There are multiple components behind it, so you need to ensure that all these things are set up correctly. These kinds of things are not required on a cloud platform because you are just uploading data. You really don't have much access to the backend.

Splunk also has a cloud version, which I haven't looked at, but I have used Qlik Sense's cloud platforms. With on-premises, you are in control of pretty much how you set up all the data that you are sending out. A lot of our customers have the issue that if it is a cloud platform, they cannot really send out the data to any of these cloud platforms. So, there are data residence and other issues.

It is economical than other solutions.

I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises.

I would rate Splunk an eight out of ten.

Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks.

Unlike other cloud based analytics platforms, at the time of this writing Splunk Cloud is a dedicated instance per customer rather than a shared tenancy platform. While this is beneficial from an overall performance standpoint, the product lacks the seamless integrations one has come to expect from a cloud solution. This translates to a much stronger reliance on Splunk's support organization out of necessity, as the customer cannot make most changes in a self-service manner.

We have been a Splunk customer for five years.

Our Splunk Cloud deployment was a migration from an on-premise implementation of Splunk. The migration took much longer than expected due to constraints within Splunk's cloud team, but there were no technical issues with the launch.

The customer support team at Splunk is very good.

The technical support team at Splunk is highly responsive and knowledgeable.

Our primary use case is for monitoring and cybersecurity.

The clusters are hard. It has too many moving parts. 

They should make data onboarding easier.

Its ability to scale nicely is one of Splunk's strengths. You just horizontally add another machine and you get your scalability.

Our clients switch from Nagios or other monitoring solutions because the other solutions were not as flexible as Splunk. With Splunk, you can do things very programmatically. With a help of a developer and included SDK you can add needed functionality.

The initial setup is really straightforward. It's one of the easiest installations. 

This product doesn't have any kind of dependencies, it just worked from one package. Install it and boom, you have a working solution.

Splunk is on expensive side.

There are some premium add-ons like Splunk Enterprise Security or ITSI which makes it more expensive.

I would advise to get Splunk professional services from Splunk.

Testing for insider threat behavior.

It gave management confidence in current operations.

The ability to correlate results.

A few more analysis aids might help. The next release could have more intuitive help examples.