Splunk Review

Security relies on this for event correlation and alerts.


How has it helped my organization?

The network department, for example, has improved its efficiency by 30%. Security relies on this for event correlation and alerts.

What is most valuable?

  • The speed of the search engine
  • All the types of data sources that you configure can be forwarded to Splunk.
  • The ease-of-use

What needs improvement?

Cluster management can only be done via a command line. I would like them to add some GUI options for that. Permissions are not very flexible, so it would be nice to have more granular options, such as double factor authentication.

The administration of the cluster and app deployment to indexers or search
heads can be done only using ssh access and command line, there is no GUI
tools for that.

Permissions in the other hand could be improved by adding for example the
deny option to groups to see and index, etc. Also the authentication method
is just LDAP or spkunk, so some more security layers could be added as
second factor, etc


What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It scales out horizontally.

How is customer service and technical support?

The quality of support depends on the support and license. On the average, I would give them a rating of 6/10.

Which solutions did we use previously?

We previously used ArcSight. Splunk is at another level. It is easier, more stable, and faster.

How was the initial setup?

It is very easy to set up on a standalone server. Of course, if you want a cluster, it is more complicated. In order to manage it, you need skilled people.

What's my experience with pricing, setup cost, and licensing?

It is not cheap :-)

Which other solutions did I evaluate?

We were using ArcSight before.

What other advice do I have?

My advice is to go ahead with it.

The administration of the cluster and app deployment to indexers or search
heads can be done only using ssh access and command line, there is no GUI
tools for that.

Permissions in the other hand could be improved by adding for example the
deny option to groups to see and index, etc. Also the authentication method
is just LDAP or spkunk, so some more security layers could be added as
second factor, etc


Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email