What is our primary use case?
Splunk sends security alerts. It's being used on two levels. One for the analysis of the data by the data scientists. Two, for the engineers to troubleshoot if there are any issues happening, like any security bugs, or anything that needs to be addressed and never mediated across.
What is most valuable?
In terms of the application performance security, application performance tooling has been a key factor for me using Splunk. We are also looking into options, like other third parties or even open-source tools that help the capturing the application performance, fine-tuning, which leads to the security aspect.
What needs improvement?
We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now.
People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool.
We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well.
They do not have all the features that I expect right now.
For how long have I used the solution?
I have been using Splunk for three years.
What do I think about the stability of the solution?
We haven't really experienced any glitches or bugs. It depends on the use cases and so far I haven't seen any as of now.
What do I think about the scalability of the solution?
How are customer service and technical support?
They're good. They're quite good at providing the service for technical engineers as well.
How was the initial setup?
I would say that the setup is pretty straightforward because they have their own documentation that you can follow. It takes an associate's capability in order to accomplish it. They have good documentation and dedicated support to take care of any issues that come forward.
What other advice do I have?
As a newbie, I wouldn't prefer Splunk. The reason being that it's a completely enterprise-grade solution. As a startup, you don't implement Splunk for the first time. We'd put an open-source product. With us, we have many of the Italian products, which proves to be a good open-source solution. In the end, people intend to go for enterprise support for the vulnerability patching, report generation, and enterprise support. People go for licensing based on that. I wouldn't refer any newbies to go for a weak enterprise-grade solution as they barge into any technology.
I would rate Splunk a seven out of ten.
Which deployment model are you using for this solution?