Splunk Insights for Infrastructure Review

Brings all events into one platform so that you don't have to hunt down multiple sources to figure out what's going on

What is our primary use case?

The solution is primarily used as security correlation and event correlation. It's a place for all of your logs to go so that you can have all those logs co-ordinated during security events. 

How has it helped my organization?

The solution brings all the events into one platform so that you don't have to hunt down multiple sources to figure out what's going on.

What is most valuable?

The ability to create custom dashboards is one of the best features and that's typically why most people deploy Splunk. Users can create dashboards for just about anything.

The solution has been improving its offering for the past year. It's in constant development.

What needs improvement?

The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions.

The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved. 

It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.

For how long have I used the solution?

I've been selling the solution for quite a long time. I'd say I've sold it for five years. I've been involved in deployments and I've been involved in configuring it and managing it, but I don't actually use it for my company.

What do I think about the stability of the solution?

The solution is extremely stable. We haven't run into issues that would make us concerned.

What do I think about the scalability of the solution?

The solution is very scalable. However, companies must be aware that expanding the solution is very expensive.

How are customer service and technical support?

I'd rate technical support eight out of ten. They're responsive due to the fact that clients need to pay in order to access technical support.

How was the initial setup?

The initial setup is not straightforward. It's quite complex. 

The storage backend requires touching all of your events sources. It requires a lot of planning and configuration. It's not something you just put out there and deploy. You have to have someone who's an expert in it.

The deployment typically takes, from beginning to end, less than three months. However, it really depends. It depends upon how many log sources you have, if you have staff on-site that are capable of actually running it, or if you have to make network configuration changes, etc. There's a whole list of things that you have to go through to figure it out. 

The number of people needed to deploy the solution varies upon the size of an organization and the use cases. You're going to want at least two dedicated people to deploy at a medium-sized organization.

These individuals have to understand searching and creating dashboards. They have to have network skills and security skills. There is a wide range of things they have to be a part of. Most people who become Splunk Engineers start off doing something else in their business and they learn about networking, and then security and programming. When they start to deploy Splunk, they become experts.

What about the implementation team?

The solution requires the assistance of a specialist. There needs to be an expert involved to help implement it.

What's my experience with pricing, setup cost, and licensing?

Licensing is paid on a yearly basis.

Which other solutions did I evaluate?

We work with a few different solutions. As a SIEM, there are many other solutions out there and which is best really depends upon what the company wants to achieve.  As a logging server, there really aren't any other really good solutions that compete as well with Splunk. LogLogic might be the closest.

What other advice do I have?

We're a Splunk partner and reseller.

Typically, the solution is on-prem for the most part because it requires a very heavy lift in storage and the storage is very expensive. Most companies deploy it on-premise and then add on the cloud solution as well later on.

I'd warn other organizations that want to use the solution that they need to be prepared to spend a lot of money.

I'd rate the solution seven out of ten due to the fact that it's extremely complex to run and deploy.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: partner
More Splunk Insights for Infrastructure reviews from users
Add a Comment