Splunk Review

The logging features are useful as are the dashboards and alerts


What is our primary use case?

We use Splunk on-premise. We mostly use it for log analysis and fraud detection. We are also testing using it in machine learning and other solutions. We have 10 people managing Splunk and we have approximately 150 people using the product in total.

How has it helped my organization?

With Splunk, we got more insights out of our data as it includes machine and secure data. It also has a logging attendance system and this helps to protect our resources from any  attackers hacking system information at a granular level

What is most valuable?

The logging features are useful as are the dashboards and alerts in addition to the organization of data. It has options for creating dashboards and alerts. You can also create queries in the SQL language. Splunk is a user-friendly solution.

What needs improvement?

Index performance is a bit slow but this is partly due to the huge volumes of data for our industry within our environment This makes the index very large and inefficient in terms of performance. Performance could be improved to cater to this, however. We have also had problems with the compatibility between Splunk and other systems. We have previously been on 5.3 and migrated to 5.5. We are now planning to migrate to version 7.7. It has been difficult to find documentation about the compatibility with Linux. In terms of the interface, it could include some improvements for the look and feel.

For how long have I used the solution?

We have been using Splunk for one year in our infrastructure environment.

What do I think about the stability of the solution?

The users access the native cloud solution. So we are taking advantage of the native cloud solution provided, and by using the gentle scaling approach this has helped stability.

What do I think about the scalability of the solution?

We scaled up gradually from three processes up to five, and the performance is okay. So we used gentle scaling  but this also helped stability.

How are customer service and technical support?

We have used Splunk tech support often. If we have a critical issue such as server down or frequently occurring issues they are always reliable and provide us with solutions to our problems. Technical support for Splunk is good.

How was the initial setup?

Setup is complex. We tried to cluster five indexes. This helped us migrate our data into the Splunk environment. We are using 20 applications which make use of this indexed data. The actual deployment took us about two to three weeks because of some problems getting the data into the system.

What about the implementation team?

We worked with a Splunk consultant who shadowed us to help ensure we performed the process correctly. 

What's my experience with pricing, setup cost, and licensing?

Licencing occurs yearly. We now have a three-yearly support contract as of now.  Licensing is a yearly, one-time cost.

Which other solutions did I evaluate?

We considered a few alternative products because the logging was faster. In the end, we decided to go to Splunk.

What other advice do I have?

I would definitely recommend Splunk. We will review performance within two years of our three-year contract and then decide at that point what other aspects we need to consider. I would rate Splunk 8 out of 10.

Which deployment model are you using for this solution?

On-premises

Which version of this solution are you currently using?

5.5
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Splunk reviews from users
...who work at a Financial Services Firm
...who compared it with LogRhythm NextGen SIEM
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,817 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest