Splunk User Behavior Analytics Review

Enables us to collect data from multiple different sources to be able to use it to prevent damages proactively


What is our primary use case?

The primary use case for this solution is to collect data from multiple different sources to be able to use it to proactively prevent damages.

How has it helped my organization?

We have 81000 desktops and we could take logs off those machines and see patterns, and from those patterns, we've been able to reduce the outages going forward proactively.

What is most valuable?

The most valuable feature is being able to take data and put it into other systems so that we could see the output and see where we need to apply our focus.

What needs improvement?

I'm not that close to the actual hands-on usage to suggest improvements. One thing I would say is that they should continue to expand it on more devices. I would say continue to broaden the horizon where there are limitations now.

What do I think about the stability of the solution?

It's been very stable so far in its core. The company's been great.

What do I think about the scalability of the solution?

It's very scalable. We have it on servers, around 19000 servers, 81000 desktops. We have it on a lot of security devices, so it's been very scalable.

How are customer service and technical support?

The support's been good from what I've heard. If it weren't, it would've been escalated to me.

If you previously used a different solution, which one did you use and why did you switch?

We have logs everywhere and trying to look at those logs on an individual basis is quite cumbersome, so taking a tool like this that brings all the logs together for us to dissect and analyze is something that we knew would provide great value.

How was the initial setup?

The initial setup was straightforward. All that was required was a fundamental understanding of what needed to be installed, the virtual control, the backend database, and how you generate the reports. I would think from those aspects it was pretty straightforward.

What about the implementation team?

We implemented through a combination of a reseller and integrator. I'd say for deployment, probably more so through the integrator, and the experience was positive. One company would be DSS. 

What was our ROI?

I have seen ROI but they're soft call savings, so hard call savings are hard to pinpoint. There's nothing that I could comment on that would be hard savings. Everything's been soft.

Which other solutions did I evaluate?

Vendors on our shortlist included IBM and DSS.

What other advice do I have?

If I had to rate Splunk from one through ten, one being the worst and ten being the best, 
I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. 

I rate it a nine because I think that the ease of use with the product, like the installation and the support that we receive. From what I hear everything goes well. There's nothing that stands out. We haven't had any vulnerabilities or compliance issues with the product, and we do with others, so those are the reasons why I'd rate it a nine.

Anyone else looking for a product that can consolidate logs this product does what it says it will do.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email