Splunk User Behavior Analytics Review

An intuitive solution with excellent integration capabilities

What is our primary use case?

We primarily use this solution for security.

What is most valuable?

The solution offers good searching and allows for easy creation of dashboards and reports. It's intuitive and not very difficult. You just need to learn the SPL, Search Processing Language, in Splunk. This also helps you to clear more advanced use cases. 

Integration is very easy as well. It's quite good. If you want to add more devices and solutions, or other technologies for monitoring, it's easily done in Splunk, with all its firewalls, its switches, and network devices. 

What needs improvement?

They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve.

On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to network behavior analytics.

If Splunk is able to add some of those features then the solution will be like perfect.

I think they could have a built-in user behavior analytics engine, and more advanced artificial intelligence features as well. One bad feature on the solution is the network and the behavior of anomaly detection. Their machine learning is good, but I think they can improve on that as well. 

They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases.

For how long have I used the solution?

I've been using the solution for four years.

What do I think about the stability of the solution?

The solution is very stable; it's very good.

What do I think about the scalability of the solution?

The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk.

How are customer service and technical support?

Technical support is average. It's not bad, but it's not excellent either.

How was the initial setup?

The initial Setup is straightforward. It's pretty simple to set it up. You just have to configure it.

Deployment took about a month, including forming configurations and customizations. For just the setup, it's only about five days of implementation.

What's my experience with pricing, setup cost, and licensing?

Right now, they have two licensing models, a perpetual license and a term license with an annual subscription. Splunk decided that they would stop the perpetual licensing model, which means that customers will need to buy a subscription going forward.

What other advice do I have?

We use the on-premises deployment model of the solution.

The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs.

It's important that you start with good infrastructure when you implement Splunk, or you may run into issues.

Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. 

I would rate the solution nine out of ten. I would recommend the solution to others.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Splunk User Behavior Analytics reviews from users
...who work at a Financial Services Firm
...who compared it with IBM Security Network IPS
Learn what your peers think about Splunk User Behavior Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,693 professionals have used our research since 2012.
Add a Comment
ITCS user