Splunk Review

Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed


What is our primary use case?

We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top. 

How has it helped my organization?

Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations. This has not only
increased our speed of response, but our efficiency dealing with the issue(s)
raised.

What is most valuable?

Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed.

What needs improvement?

The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email