Splunk Review

Speeds up root cause analysis and can help identify issues


What is our primary use case?

Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.

How has it helped my organization?

Speeds up root cause analysis and can help identify issues that your organization never realized were occurring. It helps streamline troubleshooting and log analysis.

What is most valuable?

It has a low barrier to entry, but it is extremely extensible, allowing it to be tailored to highly specific use cases. It makes searching through a wider variety of logs much quicker and enables you to correlate events from one log to another.

What needs improvement?

It can be tough to determine if you are getting all of the value out of your investment at times. However, our sales seems to be flexible and will work on an organization to organization basis to negotiate license terms. 

For how long have I used the solution?

One to three years.

How is customer service and technical support?

On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security.

What's my experience with pricing, setup cost, and licensing?

Pricing can be a limiting factor. You have to continuously tune what you are bringing in and make sure what you bring in is of value. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email