Splunk Review

Good scalability, dashboards, and alarms, but should have a default dashboard for a firewall and better knowledge base

What is our primary use case?

We are using Splunk for cybersecurity operations.

What is most valuable?

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

What needs improvement?

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.

To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

For how long have I used the solution?

I have been using this solution for eight months.

What do I think about the stability of the solution?

In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.

What do I think about the scalability of the solution?

It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.

How are customer service and technical support?

We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.

Which solution did I use previously and why did I switch?

We didn't use any other solution.

How was the initial setup?

I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.

Which other solutions did I evaluate?

We are a partner of Splunk. So, we did not evaluate other solutions.

What other advice do I have?

I would rate Splunk a seven out of ten.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Splunk reviews from users
...who work at a Financial Services Firm
...who compared it with LogRhythm NextGen SIEM
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
509,570 professionals have used our research since 2012.
Add a Comment