Splunk Review

Powerful, flexible query language can morph difficult to understand log formats into usable data

What is our primary use case?

We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times. 

How has it helped my organization?

Log files which were previously either not reviewed or reviewed incompletely are now being used in operations daily. Security and operational events are discovered and resolved with greater efficiency than we have ever before. The way Splunk allows for data to be correlated together has given our organization a more complete picture of our system security status and how users organically move through our applications. This information has allowed us to focus development efforts which will directly benefit our customers the most. 

What is most valuable?

The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data. 

Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined.

What needs improvement?

There is a definite learning curve to starting out. However, there is quite a bit of documentation out there to help you get started. 

For how long have I used the solution?

Less than one year.

How are customer service and technical support?

The community (Splunk Answers/Slack Channel/User Groups) can help get you started. 

Which solution did I use previously and why did I switch?

We previously used ArcSight, but found Splunk to be more cloud capable.  

What's my experience with pricing, setup cost, and licensing?

Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license.  

Which other solutions did I evaluate?

Other options were evaluated, such as ELK, but Splunk was identified to be more feature rich out-of-the-box.

What other advice do I have?

Pick it up and jump into the community!  It can help get you started a lot faster.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Splunk reviews from users
...who work at a Financial Services Firm
...who compared it with LogRhythm NextGen SIEM
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
510,204 professionals have used our research since 2012.
Add a Comment