Splunk Review

Some of the valuable features Machine learning, Common Information Model, and Log storage.


How has it helped my organization?

  • We can do things in minutes instead of days.
  • We solve issues which we could not before since we have the data.
  • We can quickly search for almost anything across many log sources in seconds
  • Teams have the dashboards or alerts that they need

What is most valuable?

There are too many features to list, but here are a few:

  • Schema on the fly
  • Ease of on-boarding data
  • Machine learning
  • Apps or Splunk base.
  • Great list of apps to use and also build upon once you learn more about how Splunk works.
  • We build many of our own apps by leveraging the logic in the others.
  • Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort
  • Data Models Acceleration for super fast searches across tens of millions of events
  • Common Information Model
  • Security Essentials App
  • Enterprise Security
  • Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities
  • Log storage or compression is great and retention is not an issue
  • Dashboards are simple to create and the input options like Time Range, Text
  • Drop-downs are simple to create.
  • Integration with cloud solutions is great and keeps getting better.
  • Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc.

What needs improvement?

The GUI can be improved to include some of the capabilities that other BI solutions have. Basically, the layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this could become a non-issue.

What do I think about the stability of the solution?

There were no issues with stability.

What do I think about the scalability of the solution?

There were no issues with scalability.

How is customer service and technical support?

Technical support is excellent. They also have Splunk Answers, which is community driven and it great.

Which solutions did we use previously?

We were not able to get the value we needed from the previous solution. It was too difficult or complex. With Splunk, we can do things we want and things we have not even dreamed of yet.

How was the initial setup?

The initial setup was straightforward. We had the POC up in minutes. Within days, we got more value out of this solution than our existing solution.

What's my experience with pricing, setup cost, and licensing?

While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events. We have replaced many solutions with Splunk, which have more than paid for the Splunk licensing.

Which other solutions did I evaluate?

We evaluated ArcSight, QRadar, and LogRhythm.

What other advice do I have?

Do a PoC and you will be amazed. Also, check out the Splunk .conf sessions to see what is possible. If you are into security, watch Mark Russinovich’s RSA 2017 presentation about Sysmon. Check out free EDR type capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
1 Comment
MS AlamReal UserTOP 5LEADERBOARD

agree with you Mr. Kent this machine have more valuable feature.

26 March 18
Guest

Sign Up with Email