What is our primary use case?
Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.
How has it helped my organization?
Every tool has a drawback. Some aspects of this solution are secure but getting clean data from the cloud takes time. Looking towards the future, I'm looking for a tool that is the most secure in the cloud environment.
What is most valuable?
It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull up the reports very easily, take action, and notify stakeholders.
What needs improvement?
I would like to see them develop integration with the help of a rack rest API. Which is an API that helps to secure communication with oracle cloud and pull down records from there.
This integration is currently missing in current version of splunk. I'm looking forward to see this feature getting implemented in next version of Splunk and so that organizations can get benefit of this feature in future.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
Scalability is good. It's scalable enough. You can play around with this tool. Scalability is one of the main criteria we look for when considering solutions.
How was the initial setup?
The setup depends on the organization. It is very simple here. You can easily install all of the businesses in the company network. Previously, it was suggested that this solution is not flexible enough. It does not give us permission to implement on-premise so we implement them on the cloud.
Which other solutions did I evaluate?
We also looked at HP ArcSight and two other solutions.
What other advice do I have?
I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution.
I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk.