Splunk User Behavior Analytics Review

A powerful platform with straightforward configuration, but needs to be more scalable


What is our primary use case?

The solution has two main uses. The primary use is for log management and storage. The secondary use is related to solution log coordination and selection.

What is most valuable?

Splunk is a very powerful platform. It's a machine data platform, and it can provide several models that use the same appliance and on the same platform, including some business platforms. I do believe when it comes to functionality and ease of use, Splunk is one of the market leaders in this area.

When it comes to quality, I believe Splunk is the easiest platform on the market. It has a lot of subscripts, and a lot of licenses, which can provide the customer with all the requirements they need.

The solution has some predefined use cases that we count on. It's a customizable platform as well, which can be easily customizable based on the customer requirements and the environment itself. 

It provides ease of use. It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirements. It can help the customer to design or to actually plan their own roadmap. And it can be rolled out in several phases.

What needs improvement?

The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes.

I would like to see a better tracking intelligence module with lower costs fully integrated with a user behavior analytics module. It would empower this module with the keys and real-time updates in terms of security.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

It's stable. I used to deal with other vendors in the UBA such as HP ArcSight, which is a bit more sophisticated and complicated in terms of configuration and in terms of monitoring. Splunk is much easier and very straightforward in terms of configuration and monitoring and customization as well.

What do I think about the scalability of the solution?

There is a question as to how to scale up, especially in the log management area. Customers have their own predefined retention period, which means storing the logs for a long time. It's usually a minimum of six months or in some cases, up to one year. So the scalability has a little bit a limitation or restriction in storage components.

How are customer service and technical support?

I'm not an end-user, so I'm not supposed to open any end-user cases. However, the team that receives requests from customers and end-users themselves feels comfortable with the level of support they get. They're being provided with answers from a strong technical support team. So I do believe that it's going good. I haven't heard anything about them suffering from any problem of latency or shortage of resources, or a lack of knowledge and so on. I think technical support is fine.

If you previously used a different solution, which one did you use and why did you switch?

I used to deal with several solutions, like HP or Micro Focus ArcSight, IBM Curator, and LogRhythm.

What's my experience with pricing, setup cost, and licensing?

The solution is relatively expensive. There are costs above the standard licensing as well.

Pricing varies according to the customer's needs and set up. Pricing depends on the licensing model and if the normal log management licensing model or the security plus license. It also depends on the licensing model and the platform required by the customer. It can further depend on if the customer owns a Splunk hardware platform, or if they can host these licenses and subscriptions on their own platform. It can vary depending on the OPEX model and CAPEX model as well. There are a lot of variables that encompass the total cost of the solution.

I believe that Splunk is about 50% more expensive than other solutions.

What other advice do I have?

I'm a system integrator, which provides the solution to end-users and customers.

We handle the on-premises deployment model.

I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics.

I would rate the solution seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Add a Comment
Guest
Sign Up with Email