Splunk Enterprise Security Initial Setup
Viney Bhardwaj
Sr Manager at Ernst & Young
It is easier than other tools.
View full review »MR
Mark Roeder
Manager, Security Engineering at a computer software company with 1,001-5,000 employees
The initial deployment was complex.
Our strategy has been to avoid clustering for searching and to build a significantly larger virtual machine for running the ES environment as a stand-alone. It's got 128 cords and 256 Giga RAM so that it can run inside itself and not have to cluster since a cluster adds too much complexity.
We only need one person, myself, to deploy the solution. I'm a Splunk certified architect and I have 15 years of experience doing nothing but Splunk.
The solution does require some maintenance. We have seven people in total handling maintenance.
View full review »
Sathish Suluguri
Splunk SOAR/Phantom at PricewaterhouseCoopers
I have worked with cloud deployments and on-prem deployments. Its initial setup depends on the environment. It is sometimes complex, and sometimes, it is very easy. We also get good support from them.
Our implementation strategy has 3 phases. We first go for development, and then we go for Pre-Prod. After that, we move to Prod.
View full review »Buyer's Guide
Splunk Enterprise Security
March 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,415 professionals have used our research since 2012.
SAURABHYADAV4
Technical Specialist at HCL Technologies Limited
I've worked on multiple deployment models for Splunk, including hybrid, cloud, and on-prem. The deployment is straightforward. We do a POC and then scale it based on our requirements.
View full review »
Rishabh Gandhi
Senior Security Analyst at Inspira Enterprise India Pvt. Ltd.
The ease of deploying Splunk Enterprise Security is very good. You can get visibility on which particular device you are receiving logs from, give them an index name, and give them a field where you want the logs to go. That is something good that we can understand directly from Splunk. We don't have to go and do that manually from different tools. That was one of the good things while implementing the solution.
View full review »TB
reviewer2239824
Sr Cybersecurity Engineer at a energy/utilities company with 10,001+ employees
I was not involved in its deployment.
View full review »SC
Shay Chouker
CSO at a manufacturing company with 1,001-5,000 employees
I participated in the planning and implementation of Splunk Enterprise Security, as well as the creation of all rulesets and alerts. I am also configuring it to align with our technical framework.
Individuals who market Splunk Enterprise Security often claim that it can be deployed within half a day, which is quite amusing. While it is conceivable to perform the installation in that timeframe, the real complexity arises when we must establish connections with numerous systems. This involves accessing each system external to our main setup, configuring it, and directing the system to send its logs to Splunk. On the Splunk side, we encounter the need to create parsing mechanisms that allow proper data reading. This entails installing applications capable of correctly parsing the data, and addressing issues where parsing is inadequate. We then proceed to work with the data. Although Splunk provides some pre-configured rules, we also need to develop our own rules to identify specific events and potential attacks. The process of rule creation demands a substantial investment in writing rule sets. Additionally, integrating a threat intelligence framework becomes essential. We aspire to leverage the micro-framework we have established. Splunk Enterprise Security undeniably possesses considerable capabilities. Nevertheless, it necessitates continuous effort to unlock its full potential and achieve ongoing enhancements.
The solution's complete implementation may require up to one year. Throughout most of the deployment, we had a team of two members, occasionally expanding to three.
View full review »RK
RajKumar25
Splunk Enginer at UnitedHealth Group
Splunk is easy to deploy if you have some basic knowledge. You need experience. It doesn't require any maintenance after deployment.
MANISH CHOUDHARY.
SOC manager at a tech vendor with 10,001+ employees
The initial deployment is straightforward. We install the solution and define the roles of each server and the data it will store. The deployment in our test environment took 13 hours.
View full review »DS
Dimitar Simidchiev
Security Analytics innovation lead at a pharma/biotech company with 10,001+ employees
Deploying Splunk was relatively complex. After deployment, it requires some maintenance and management. A team of about 10-15 people is responsible for the solution.
View full review »
Niranjan N
Sr Analyst at ATOS
Deploying Splunk is somewhat complex, and it requires maintenance afterward.
View full review »LC
reviewer953235
Security Engineer at a recreational facilities/services company with 10,001+ employees
Splunk is a complex critter to put in and it's a more complex critter to keep running. We have 10 search heads and four indexers and universal and a heavy forwarding cluster. We have clustered indexers and clustered search heads. This is definitely not a drag and drop product.
We engaged a third party Splunk integrator to help us do our Splunk deployment and they did our initial deployment. We used a different integrator to do some of our upgrades, which we probably won't use again. Our implementation strategy was we really just wanted to look at the classic security use case when we put this in 10 years ago. Then after that came in, and everybody was happy with what it was doing, we added some other use cases and universal forwarding and so on and so forth.
View full review »
Balamurali Vellalath
Practice Head-CyberSecurity at ALTEN calsoft Labs
In terms of deployment, it's not so complex compared to the competitive products, however, we will be able to manage that deployment. We don't feel there's any problem on the deployment side. In that sense, I don't think deployment is a complex one when somebody going for Splunk as a tool.
How long it takes to deploy the solution depends on the size of the deployment, basically. Even a large deployment won't take more than a week. When I say deployment, I'm considering all the log collection, log management, and the curation of the incidents, and how incidents are created and routed properly according to prioritization.
JG
Jesse Gan
IT Director at Administrative Office U.S. Courts
I was not in the deployment team, but I was involved in the early stage of evaluating all different kinds of products.
View full review »YT
reviewer2227935
Regional Sales Manager at Redington (India) Ltd
Our clients' implementations are mostly on-prem and in the cloud.
View full review »
Sagar Shubham
Senior Software Engineer at Wipro Limited
The initial deployment can be complex. It involves creating multi-site clusters for each location and configuring a cluster master for each. This is because the cluster master will replicate data across multiple sites, making the environment more complex.
Four people were required for the deployment.
View full review »OO
Oluwaseun Oke
Owner at Py Concepts
I have been involved in the deployment of Splunk in the past.
The initial setup is not so straightforward for those new to it. I'm accredited and have four years of implementation. You really need that level of knowledge. It's straightforward to make a feed, make it compliant, and do field mapping, however, there are many things you need to do before deployment.
We had six to eight people deploying Splunk. They were all mostly Splunk professionals, who understood the product and devised a plan and timeline for implementation. We integrated the relevant stakeholders into the process. We were connecting to the Splunk Cloud.
There is a little bit of maintenance required to maintain the infrastructure.
View full review »BC
Bryan Castleberry
IT Specialist at a government with 10,001+ employees
I was involved in its deployment. I am the system owner of it. I am in charge of it, so I oversaw the project deployment. There is a learning curve with the hybrid setup with the cloud and on-prem, but overall, I am pretty satisfied with it.
We have an on-prem and a cloud environment depending on the platforms we are using in the system, so we have both environments. The challenging part was getting everything set up and fed into Splunk, but once it is set up, there is no difference in using it on-prem or on the cloud. We do not notice any real difference in it.
The initial setup could be improved a little bit. It depends on your local team, firewalls, and other things like that, so there was a learning curve for the teams to learn how to set it up. That part could be improved, but once you go through it, it is not an issue.
View full review »
Sneha Golhar
Senior Engineer at Wipro Limited
The initial deployment is easy. The deployment for Splunk Enterprise Security is quick.
View full review »
Kiran Kumar.
Lead Administrator at Wipro Limited
For the deployments, we scan the data to ensure that the Splunk machines can support it. If we identify anything on the machine, we ask the customer to remediate the issue by upgrading the version of Splunk. Most of our customers are using version 8.3.3.
View full review »SK
Shakti Kumar
Senior Engineering Manager at Happiest Minds Technologies
The initial deployment was complex. If we need to customize the solution, we need one to four weeks to get all the data, manage the license, and calculate the resources.
View full review »
Hari Haran.
Technical Associate at Positka
If someone is doing the deployment for the first time, it will be a little complex. The installation is straightforward, but for the configuration, you need to follow the documentation and understand it. That is a little difficult the first time if you are doing it on your own. If you have anyone with experience who can explain the configuration, the second time it will be straightforward.
The solution requires maintenance but not much, mostly when there are upgrades
View full review »
Vikas Dusa
Cyber Security Trainer and Programmer at Freelancer
The initial setup is straightforward. Splunk provides wonderful documentation to help with the deployment.
View full review »
Nagendra Nekkala.
Senior Manager ICT & Innovations at Bangalore International Airport Limited
The initial deployment was straightforward. We wanted to cover all of our endpoints. Two people were required for the deployment.
View full review »JB
Reviewer343335
Security Engineer at State of Nevada
I was not involved in the initial deployment of Splunk.
View full review »SN
reviewer1260045
Senior Analyst at a computer software company with 11-50 employees
One person can deploy Splunk Enterprise Security in 15 to 20 days, depending on the architecture. It takes less time to deploy on the cloud. The solution requires some maintenance. We need someone there to monitor it in case there are issues. Three people are responsible for maintaining Splunk.
View full review »
Riaz Ahmmed
Team Lead at ATSS
The initial setup can be complex for customers who require advanced configurations and customizations, but it is straightforward for basic usage.
The deployment process is simple. We first identify the platform and determine if it is a unique system. Then, we define the virtual environment. After installing Splunk's platform, we perform the necessary configurations and other tasks. Splunk Security Essentials is a premium add-on for this tool, which is installed on the Splunk Enterprise platform.
The number of people required for the deployment depends on the customer's requirements and the use case they are developing. For example, if the customer needs to gather data from their network, we will need to add network experts to the project. However, if we already have experts who are familiar with the API and application connectivity, we may not need to add any additional people. Ultimately, the number of technical resources required will depend on the specific needs of the project. On average, we require four to five technical people for deployment.
View full review »
Chetankumar Savalagimath
Delivery Manager at a tech services company with 1,001-5,000 employees
It can be deployed on-prem or in the cloud. With the latter, it is Splunk's own cloud.
The deployment of the solution is straightforward, but there is a lot of engineering activity involved in designing the architecture. Architecture-wise, it is fine, and bringing things together is not that tough, but maintaining and managing it is a tough job because we don't work in a normal environment. We work on something that is very defined to the network. That means we have to build everything from scratch and deploy it.
The implementation strategy depends on how the customer wants things done. But in general, I go through research and then develop and design. I ask the client what sort of environment is flexible or cost-effective for them. It's done in stages. It's a matter of understanding the infrastructure and then implementing, or designing and handing it over to them.
If there are 1,000 log sources, it takes six months to a year to deploy, depending on how the customer is supporting the process.
Every on-prem solution involves maintenance, including keeping things upgraded, whereas Splunk Cloud is managed by the vendor. The number of people involved in on-prem maintenance depends on the size of the environment and how long our update window is. For example, if we have a green zone at midnight for three hours, and we want to upgrade at least 20 to 30 servers, it will take eight to 10 people working in parallel. But for a very small environment of 10 servers, it will take four people to manage it, or if we have a large window, even three people can do it.
View full review »
SaravanaKumar1
Principal Consulting - Cloud & Infrastructure Services at Fourth Dimension Technologies
Deploying Splunk is straightforward. We had no issues.
View full review »
Alex Adamovici
Head of Knowledge Capture Cloud at Integritie
The initial setup was straightforward. It was done by Splunk entirely. After that, the configuration took a bit of time, however, we bought professional service days from them to help us build the configuration.
The full deployment took about five months due to the fact that we have quite a lot of servers.
I'd rate the experience a five out of five in terms of ease of execution.
The amount of people you require for deployment and maintenance depends on the complexity of the environment. It can be run and managed by a single person if the environment is not highly complex. If you're talking about probably less than 200 servers, and a couple of network endpoints, one person can manage it easily after it's been configured. Otherwise, I wouldn't be able to say. In more complex environments where you've got several geographical locations, several data centers in geographical locations, and so on, you'd probably need more than one.
RV
reviewer1519419
CEO at a retailer with 51-200 employees
Monitoring multiple cloud environments using Splunk Enterprise Security dashboards is moderately easy, around a six out of ten. Setting it up requires a fair amount of engineering effort, especially for non-Splunk Cloud environments like Azure and GCP. Once configured, monitoring becomes straightforward, allowing easy creation of use cases and efficient log monitoring for improved cloud security.
The initial deployment of Splunk Enterprise Security was complex, involving significant engineering effort and tuning. It took anywhere from three to twelve months, which is considered a relatively long time. In comparison, deploying Microsoft solutions typically takes around six weeks on average, which is a significant difference in deployment efficiency.
The implementation strategy for Splunk Enterprise Security involved workshops, high-level design approval, and phased deployment covering physical deployment, log collection, testing, and tuning. Typically, three people from my team (project manager, lead engineer, and lead analyst) and around half a person from the customer's side are involved. Maintenance is substantial, requiring a team of 13 engineers for 60 customers, ensuring not everything breaks simultaneously.
PP
reviewer2309169
Senior Security Engineer at a tech services company with 201-500 employees
The initial deployment is straightforward. We only require the name and the value, and the process is very quick. We were already using GitHub, GitLab, and GitPass, so integration with Splunk was seamless. Splunk is compatible with all of these applications, which makes it a good fit for our needs. We are also using ServiceNow, and Splunk communicates seamlessly with it to raise tickets. The overall deployment time is minimal. One person can manage the deployment process, and I have completed 18 deployments myself. Each deployment takes one day to finish.
View full review »
Yash-Gupta
Analyst, TSG Information Security Cyber Operations at a consultancy with 5,001-10,000 employees
I wasn't involved in the deployment; the solution was set up when I arrived.
That said, I did go through some setup videos, and the process does not look difficult. They provide the steps for every aspect. There's also always support you can reach out to if you have questions.
There may be some maintenance required in terms of upgrading. When you upgrade the version, you may need to upgrade your sensors on the endpoints. However, Splunk is quite compatible with other devices, so it's not difficult. In our company, the administrators handle maintenance.
View full review »AD
reviewer1911549
IT Manager at a aerospace/defense firm with 10,001+ employees
The service provider deployed Splunk, so I wasn't involved. I had heard that they experienced some difficulties setting it up, but I don't think it was harder to install than other solutions.
AG
Anat Garty
Chief Cybersecurity Architect at a security firm with 201-500 employees
The experience that I had a few years ago was for on-prem, but now, I do have an implementation that is cloud-based. We are implementing it cloud-based for one of our customers. It is deployed on AWS.
The initial deployment is very fast. It is very quick. The on-prem can take a few days, and it is up and running. If it is on the cloud, it is already installed. You only need to connect all the source logs. The duration depends on the number of source logs. It differs. I had a project where I connected all my source logs in one week, and I had a project that took about four months, but the number of logs was different. The complexity was different. We had to create our own connectors and our own parsers.
View full review »
SoheylNorozi
IT Consultant at a tech services company with 51-200 employees
The initial setup is straightforward, but we need to make some configurations afterward that can be a bit complex. The deployment time depends on the size, but it usually takes several months to ensure stability and requires two SIEM engineers.
View full review »
Kenny Corbett
Associate Director of IT at Rigel Pharmaceuticals Inc
We are still evaluating it. We have not deployed it yet, but I was involved with the deployment of Splunk.
It was very easy to set it up for evaluation. It is just an installer file. It is an add-on app for Splunk, and if you know how to install Splunk and add-ons, it is easy.
View full review »VK
Venkatesh
Security Analyst at a tech services company with 1-10 employees
The initial setup was easy. It was not complex. I didn't do the implementation on my own. The deployment times vary. There are many moving parts, such as approvals that need to be taken into consideration.
We get logs from various sources from various clients.
It does require a bit of maintenance. It requires, for example, server upgrades and patching.
View full review »VA
reviewer2238936
Tech Director at a government with 10,001+ employees
I was not involved in its deployment. I adopted it after I took this role.
View full review »SH
reviewer2205072
Cyber Security Engineer at a university with 5,001-10,000 employees
Deploying Splunk is straightforward, but it requires some preparation. After you get your platform ready, the onboarding is easy. It isn't rocket science. Configuring visualization is also simple. It doesn't require much maintenance on our end because we have an SLA.
View full review »VN
reviewer2333616
Owner at a computer software company with 1-10 employees
Setting up Splunk is quite straightforward, especially for basic configurations. The process is not overly complicated. While a cluster implementation may require more advanced steps, the basic setup is generally easy to handle.
View full review »AZ
Azita Zoughi
System Engineer at Tara
I've done one implementation. I installed it across several servers. How long it takes depends on the project. It also depends on how many resources you have. If it's just a small setup it might take two hours.
The product is easy to maintain.
View full review »JC
reviewer2239902
Cyber Security at a financial services firm with 5,001-10,000 employees
I joined after it was implemented. What I am working on now is the technical depth. I am spending a lot of time with the teams there for direction strategy. Splunk has done a great job there, specifically in pulling the right resources to bear. I had executive briefings directly with executives today where we had an opportunity to talk about different components of our solutions and our stacks, and it has been very good.
View full review »OF
reviewer2239911
SOAR Developer at a media company with 10,001+ employees
It was already implemented when I got here.
View full review »MM
reviewer2238918
SOC Analyst at a tech services company with 10,001+ employees
My engineer had a little bit of an issue with it but it was because of his own lack of training. We were pushed to hurry up and get a SIEM. He did the best he could. I let him know what wasn't working, and then he would try to fix what he could on the backend so it could work. He was in talks with Splunk to fix those issues. The results are coming back a bit better, but I think that there is still room for improvement.
I was not involved with the setup. I came in afterward. One of our guys here was the one that was in the initial integration of Splunk. We ended up with Splunk as our main SIEM. I've never had any issues with it and I enjoyed it.
View full review »AB
reviewer2238942
Cloud Cybersecurity Engineer at a tech services company with 10,001+ employees
I was involved in the initial setup with the help of their professional services. It was complex at first because my colleagues and I did not know the application that well. There was definitely a learning curve but once we started to understand how to design it the proper way and how to manage it the proper way which made things a lot easier.
View full review »CF
reviewer2238939
Lead Solutions Architect at a government with 10,001+ employees
My role was to support a lot of the backend and the configuration of the platform as it was being established.
The level of difficulty was on par with the Splunk Enterprise core. My team was involved with a lot of the provisioning from the virtual environment and on-prem to support it. It wasn't overly complicated. Once it was up it took a lot of resources. Evaluating and seeing whether or not we could actually move it to the cloud when the core functionality still existed on-prem, we weren't willing to split them at this stage.
We would almost always have Splunk support through the deployment and configuration stages of it. It was always solid. Once we had the platform up and running, we had to consider general operations and maintenance. While the Splunk team was great and the resources are available, there is a finite amount of resources on-site.
View full review »
reviewer1331706
I&T Design & Execution Reliability Engineering Leader at a financial services firm with 10,001+ employees
I was not involved in the initial setup.
We have a DevOps team that is implementing Splunk and they are responsible for it. For example, they take care of the licensing of the product.
View full review »CD
Chris Danshaw
project manager at ManTech International Corporation
Its initial configuration is pretty straightforward. Their repository for information and help is really good, which makes it pretty straightforward. You can just go out to their site and do a search for any question. Usually, someone else would have experienced the same issue.
It took us hours. We obviously expanded it as we were building the environment because we did it from scratch, but it only took hours to get it up and running and configured to do ingestion. We then deployed more forwarders and tweaked it as we went along.
View full review »
Santhosh Kandadi
Assistant Vice President at Synchrony
We didn't have any issues with the initial setup. It's not too complex. We found the process to be very straightforward and very simple.
View full review »OS
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
It was pretty straightforward. I even did a couple of logs myself.
View full review »RA
Raheel Asim
Security Operation Centre (SOC) Analyst at Nera Philippines Inc.
I was not involved in the deployment of the solution.
There is some maintenance required. Users need to do some administration around storage and monitoring.
View full review »AS
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
The initial setup is fairly complex. There's a certain architecture that Splunk utilizes to handle its indexing and it also depends on the size of your deployment. If you have a relatively low amount of gigabytes per day, deployment is simple. And of course it scales to terabyte, so if you have a terabytes installation, there are a lot of additional services that need to be implemented such as licensing servers and clustering. We sometimes configure syslog NG servers to front end the date before it ends up at an indexer. If it's a large terabyte installation, you definitely want to use professional services.
AG
Austin Greenbaum
Information Technology Specialist at a healthcare company with 10,001+ employees
We saw some of the basics for deploying it within an environment, but it was very minimal.
It isn't complex, but there is a little bit of a learning curve. Once you get the hang of it, it is very easy to get in and do things, but there is definitely a learning curve. I am not speaking just for myself; other 20 or more students that were in that class at the time also had a difficult time getting the hang of it, but once you get the hang of it, it is smooth sailing. You can fly through the program. Making it a little bit more simplified would help.
AB
Amine Besrour.
Risk Manager at Samapartners
The initial deployment was straightforward for me, likely due to my extensive experience using Splunk. When implementing the solution, we begin by defining customer needs and requirements to optimize Splunk. This involves identifying the systems necessary for daily use and ensuring the protection of the integrated licenses and external apps in the Splunk environment. This protection encompasses program security, cloud-based security, and data analysis for specific apps. Additionally, we configure personal authentication for private applications.
The deployment time is dependent on the specific requirements and can range from two to ten days.
View full review »DL
reviewer2303580
Head of Cybersecurity at a computer software company with 51-200 employees
The initial setup is very easy. It's quite straightforward. The process is similar to IBM. The deployment takes less than one day. It is done by a different team. I don't handle the initial implementation process.
The maintenance needed is very minimal. We have at least ten people that can handle deployment and maintenance.
View full review »NS
Nadine S.
Security Engineer
The initial setup was easy because I had done it many times before.
View full review »RC
reviewer2088153
Security Compliance Program Manager at a educational organization with 5,001-10,000 employees
The initial setup process for Splunk was simple. The language used in Splunk is very easy to pick up and you can rely on any person using it to be able to learn it quickly. The language and picking up logs are easier with Splunk.
View full review »
AKHIL Kumar Guttapalli
Product Sales Specialist(Asst.Manager) at Redington India Limited
The total time of the implementation depends upon the customer's requirement. The factors that affect the implementation time are the type of use case, the environment of deployment, one location or multiple locations, number of devices, and applications. The requirements play a large role in the time it might take for implementation. You cannot simply explain in one week or one month.
View full review »
Robert Cheruiyot
IT Security Consultant at Microlan Kenya Limited
Out of the three platforms I have been dealing with, I feel the initial setup of Splunk to be the easiest. I found it a bit difficult to set up a new environment with RSA Netwitness. Splunk, on the other hand, I have found to be very straightforward and an uncomplex platform.
View full review »AA
reviewer1339833
Project manager at a computer software company with 10,001+ employees
The initial setup was straightforward.
View full review »
John Yuko
Assistant Manager ICT - Projects at I&M Bank Ltd
The initial setup was complex.
We had some assistance with the actual deployment, but while I was doing the POC, I was working with a vendor. There were things I had to do myself, such as the configuration, which was a bit challenging for me, it was a big learning curve.
View full review »SD
Shaveta Datta
Technical Project Manager at Altran
The setup depends on the organization. It is very simple here. You can easily install all of the businesses in the company network. Previously, it was suggested that this solution is not flexible enough. It does not give us permission to implement on-premise so we implement them on the cloud.
View full review »DA
reviewer2382567
SIEM Consultant at a educational organization with 51-200 employees
The setup is pretty straightforward. It's not overly complicated. I don't have too much experience with the setup, as I'm currently involved as a consultant and only help with support.
View full review »GG
Gatlin Gates
Security Engineer at By Light Professional IT Services
My organization had Splunk Enterprise Security before I got in.
View full review »SP
SuchismitaPriyadarsini
CHRO at a computer software company with 5,001-10,000 employees
We have not yet undertaken deployment. For the moment, we are on the EPS and discussing the proposed structure with the vendors. Our team is conducting talks with the vendors of QRadar.
We are exploring multiple avenues in search of a one-SIEM solution.
View full review »
it_user664632
Senior IT Security Operations at a pharma/biotech company with 10,001+ employees
It is very easy to set up on a standalone server. Of course, if you want a cluster, it is more complicated. In order to manage it, you need skilled people.
View full review »JJ
reviewer2354940
Lead Solution Architect at a tech vendor with 5,001-10,000 employees
While the initial deployment was simplified by the availability of Splunk connectors in the public cloud, additional effort was required. We had to write the infrastructure as code, build the connector itself, pull the logs, and push them to the Splunk endpoint. These steps, including connection and configuration integration, would equate to moderate effort for a single person.
View full review »MY
reviewer909678
Systems Engineer at a consultancy with 201-500 employees
The setup time is quite long. To this point, I haven't deployed it to all servers and devices. I'm still in the process of deploying.
View full review »MK
Md. Iqbal Karim
Technical Account Manager at Trustaira
The initial setup is not too difficult. It's not overly complex. It's straightforward. The code is very easy.
The deployment took two or three months or so.
View full review »RE
reviewer1795125
Cyber Security Consultant at a tech services company with 10,001+ employees
The initial setup was simple because there is available support and tutorials.
View full review »MS
ManojSingh
Senior security consultant at a comms service provider with 51-200 employees
The initial setup was very smooth. I think we got some support from the Splunk team. Since it's a cloud-based solution, it took us probably three or four weeks to actually start working. But deploying agents, configuration, refining, fine tuning, and other ongoing activities went on for about a month.
View full review »KB
Kenn Brodhagen
DevOps Engineer at Amplify Education, Inc.
The integration and configuration with the AWS environment was easy. They had the documentation. All we had to do was get their agent running on our EC2 instance, and their documentation was good for that. It worked, which was great.
The product is also integrated with PagerDuty, Slack, and AWS. Those integrations are good and seamless.
View full review »
ShilpeeSinha
Senior Security Engineer at Citrix
A different organization would have a different setup of Splunk. If you ask me, mostly, it is a simple setup. However, here in my current organization, it is mostly on the cloud, and a lot of things are integrated in a bit of a complex manner. I also understand that this changes from organization to organization in terms of how they will leverage it.
View full review »RU
reviewer1524594
Senior Solutions Architect at a manufacturing company with 51-200 employees
The installation for Splunk is easier than competing products QRadar and ArcSight.
We have Splunk deployed on the cloud so that we can provide the service, but some of our customers have it installed on-premises.
All the user has to do is download the Splunk server agent, install it on the laptop or endpoint, integrate 50 or 100 devices, then see what kind of reporting is available.
View full review »SD
reviewer1505082
Assistant Manager System at a financial services firm with 10,001+ employees
The initial setup is not complex. It's very straightforward. In fact, it's far easier to install than other log tools on the market. A company shouldn't have any issues with the process.
That said, I did not work on the installation myself. Other people at the company handled that aspect of the process.
The maintenance process could be better. It's a bit difficult once the deployment is done. We need about five people for maintenance tasks.
View full review »it_user340983
Infrastructure Engineer at Zirous, Inc.
The initial setup is very straightforward, unzipping a tar, creating a service, starting the service.
View full review »it_user126027
Owner with 1-10 employees
No the initial setup was fairly basic.
View full review »KB
Kenneth Barnes
CTA\Owner at UCSolutions
The initial implementation is pretty simple and straightforward. It's not too complex. I'd rate the experience at an eight out of ten.
The initial deployment took us about two weeks or so.
The amount of personnel you need for deployment and maintenance tasks depends on the size of the deployment. Typically, it's just one or two people. That said, it needs to be proportionate to certain sizes. Usually, the staff is from procurement or provisioning.
PB
Praful Bhatnagar
Principal Systems Engineer at Aricent
This is a complicated product to use and you need constant help to set it up. I really wish that it was easier to set up and use.
View full review »PB
Praful Bhatnagar
Principal Systems Engineer at Aricent
We have a team of approximately 100 people who are responsible for the development of mobile applications, DevOps, and application development.
View full review »MK
Michael Kaericher
Senior Consultant at Securian Financial Group
The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files.
View full review »it_user525171
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
That’s a hard one. The initial setup is easy but making it actually work is complex. However, the complexity is something that just comes with all top SIEM tools. Very few companies have exactly the same data and issues, so a great deal of data onboarding and normalization are always required.
View full review »it_user257376
Lead Splunk Architect at a financial services firm with 10,001+ employees
We started Splunk on a stand-alone server. Installing that was very easy, a basic RPM install for Linux and an installer for Windows. When we moved to a distributed environment, it was a bit more complicated but the documentation on Splunk Docs was clear and easy to use so we had no problem there.
View full review »it_user575310
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
The initial setup was done without any prior experience and was up and running, including ingesting data, within a few hours. Setup at scale and scalability took months of effort.
View full review »
Salma Shahin
Senior Engineer at Sony India Software Centre
It is straightforward. The deployment duration totally depends on how you are working.
We have it on-premises as well as on the cloud.
View full review »AB
Arpan Balpande
Senior Information Technology System Analyst at YASH Technologies
It is quite simple.
View full review »KK
reviewer718113
IT Analyst at a energy/utilities company with 1,001-5,000 employees
I was not involved with the initial setup.
View full review »TF
Tony Fabrikant
CTO at IHS Markit
It is early days right now to evaluate the integration and configuration of Splunk in our AWS environment. We are just starting to integrate it with regular stuff. While I think it is okay so far, I really do not have enough information.
View full review »RW
Rajiv Warrier
Regional Head at a tech services company with 51-200 employees
The initial setup is not straightforward. It depends upon the IT infrastructure that the customer has. If they have a lot of security solutions, such as DLP and other security solutions, then it is more complicated. The more you have the more complicated it gets.
The deployment of Splunk takes about three weeks.
We have six or seven team members within our organization that can handle deployment and maintenance tasks.
View full review »CS
reviewer946224
Data Center Architect at a outsourcing company with 201-500 employees
It was pretty straightforward as compared to most applications. It had the ability to auto-deploy agents to end devices. Splunk infrastructure itself wasn't difficult to deploy or set up. They package that process, and it is pretty well-rounded. They even offer a jumpstart install service to help get it off the ground when you buy in, and those components work really well together.
It was all done within a day. Some of the endpoints took a little bit longer, but the basic install was done in the day.
View full review »EG
Ermal Galo
Information Security Officer at a financial services firm with 501-1,000 employees
The ease or difficulty of the initial setup depends on the infrastructure of the organization. However, when we have installed it, it was pretty simple. That said, there are some fields that are complex, and for this, we have support.
View full review »JO
Julio Ortiz
General Manager at Intersoft S.A.
Deployment took us two weeks.
View full review »it_user865026
Lead Systems Architect at a energy/utilities company with 10,001+ employees
Splunk setup is easy and straightforward.
View full review »it_user250131
Information Architect at a financial services firm with 5,001-10,000 employees
There were no issues with the initial setup. We utilized Splunk’s partner zones for the initial setup. In retrospect, we should have utilized Splunk Professional Services.
View full review »
Sontas Jiamsripong
Account Presale at a tech services company with 1,001-5,000 employees
The initial setup of Splunk is complex. It requires a lot of equipment and uploads.
View full review »AM
Attila Mate Kovacs
Senior Cyber Security Expert at a security firm with 11-50 employees
The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issues with the process. The deployment process doesn't take too long. You can manage it with fewer people and smaller teams. This is especially true if it isn't the critical infrastructure that you are working with.
For deployment and maintenance, you only need two to three people. That can include one manager and two professionals. Since Splunk is easier to handle, more people can join in on the client-side.
View full review »
Donald Baldwin
Principal Enterprise Architect at Aurenav Sweden AB
We've been using it for a long time, therefore, I don't even remember when we set it up or how it went. We do keep it updated and use the latest versions.
I only have one or two people doing maintenance on it.
SS
reviewer1521537
Consultant at a financial services firm with 5,001-10,000 employees
I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.
View full review »JD
Enterpri4059
Enterprise Architect at a tech services company with 10,001+ employees
The integration of this product in our AWS environment was very simple. We just forwarded our logs to it, and that was about it.
It has agent-base log forwarding, so it is very simple, not complicated at all. This process is the same from on-premise and AWS.
View full review »AM
reviewer1688463
Senior Technical Lead at a financial services firm with 10,001+ employees
The initial setup is complex.
View full review »AT
Ali Tamimi
Managing Director at Hayyan Horizons
The solution is straightforward and simple to set up. It's not complex at all.
View full review »SO
reviewer1630161
Founder at a marketing services firm with 11-50 employees
The initial setup doesn't take much time especially if there's good bandwidth. In a small company deployment might take a month or two. If you have 100 devices then a technical team of three should be sufficient. They would need to be able to deal with log analysis, forensics and have general knowledge about admin systems. In time, we would expect to have thousands of users.
JB
reviewer1062186
Sr. IT Manager at a government with 10,001+ employees
The initial setup was relatively straightforward.
View full review »JB
reviewer1062186
Sr. IT Manager at a government with 10,001+ employees
The initial setup is relatively straightforward.
View full review »
Yosef Tavin
DevOps Engineer at BigPanda
The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances.
For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.
View full review »it_user399819
Security Architect at a energy/utilities company with 1,001-5,000 employees
The initial setup was straightforward. We had the POC up in minutes. Within days, we got more value out of this solution than our existing solution.
View full review »VA
reviewer1374858
Security Architect at a tech services company with 51-200 employees
It's a cloud-ready package. It has the same characteristics as ELK. From a deployment standpoint, I don't have any issues with it. The material is freely accessible to anyone who wishes to use it. There is a virtual machine option. You can get a virtual machine by downloading it. The deployment options are simply numerous, and it is up to the implementer.
It wasn't that difficult for me. There are no complaints from me. The material is present, and there are numerous options for deployment. It's relatively simple to go from zero to viewing data with Splunk. ELK is the same way. It is now up to the implementers and their environment to provide you with more data about it.
View full review »ID
reviewer1655130
Senior Network Engineer at a tech services company with 51-200 employees
I do not think the implementation is difficult.
View full review »GW
Gregg Woodcock
Consultant at Splunxter, Inc.
Use bare metal severs on Linux and you will be fine. Use Windows and you will have much trouble. Use VMs and your admins will cheat you and you will have much trouble. Do not use NAS!!!!
View full review »AV
reviewer1478619
IT System Developer/Admin at a manufacturing company with 10,001+ employees
The setup was easy, but you have to have a VPN connection depending on the security protocols in place.
View full review »AK
reviewer1463439
Senior Informatica Administrator at a computer software company with 10,001+ employees
Setup is complex. We tried to cluster five indexes. This helped us migrate our data into the Splunk environment. We are using 20 applications which make use of this indexed data. The actual deployment took us about two to three weeks because of some problems getting the data into the system.
View full review »SJ
reviewer1200885
Engineer at a financial services firm with 201-500 employees
I wasn't here when this solution was put into place, however, from looking at the documentation and things like that, the setup is pretty involved. I'd say it's a bit more complex than straightforward.
View full review »MT
Mui Tran
Project Manager at Idemitsu Oil & Gas
For me, the initial setup was not too complex. For an IT person like me, it was okay.
Our local vendor knows Splunk very well. He had already implemented Splunk for another customer. I called him to our office to have him install the Splunk. It took a couple of hours for him to finish.
GM
Gavan McLaughlin
Application Engineer at Expedia
The integration and configuration in the AWS environment was pretty good. They have a consumption method for pretty much every service. They might be able to do a little better at advertising different patterns for best practices for different service, but overall there's a method to get everything.
View full review »VS
Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Setup is simple and straight forward.
View full review »it_user129642
Systems Administrator at a energy/utilities company with 10,001+ employees
Splunk – Easy, but can get very complex depending on the type of logs to ingest. While Splunk, out of the box, handles most common types. The extraction of data from custom logs can be problematic. Although Splunk does provide tools for accomplishing this.
View full review »
AP
Presal0998
Presales Manager at a tech services company with 11-50 employees
The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.
The client has to bear that cost plus the initial infrastructure, Splunk does not come in and install it. The client, retailer or the partner has to do it. Secondly, then comes the software installation part of Splunk wherein you go and install the Splunk components. Then you have the configuration part which includes the revenue use cases on the Splunk apps on the Splunk platform which is another big phase. You can build your project the way you want to. It's a life phase. Use cases are not something which cannot be quantified. Initial set up can be done through the Splunk apps and then, later on, you can modify the use cases as per what the client needs.
View full review »HT
HimanshuTejwani
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
I think it takes around 10 minutes to install it on the server. On the client side, it takes around five minutes. I do the installation myself.
View full review »it_user867087
Security Engineer at Information Innovators Inc. (Triple-i)
We had professional services set it up, as it was quite complex.
View full review »AD
reviewer1297563
Director General de España at a cloud provider with 51-200 employees
Its setup is very easy, but we have been working with Splunk for a lot of years. We have all the certifications in Splunk, and we are a specialist in Splunk. So, for us, it is very easy to set it up and integrate it, but it might not be easy for other companies.
View full review »AA
AdityaAgrawal
Information Security Analyst at a tech services company with 1,001-5,000 employees
Its setup is pretty much easy for standalone, but for a distributed environment, it is a little bit complex.
View full review »ST
Seyfallah Tagrerout
IT & Cloud Architect at AiM Services SA
The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.
View full review »it_user782697
Security Operation Center Analyst at Sadad
The initial setup was straightforward.
View full review »it_user174663
Systems/Applications Specialist with 201-500 employees
The initial setup requires some good analysis - what would be collected, from where, how to group the incoming data in virtual folders and indexes so it make sense and ease/scope the search later on. Apart from that the initial application setup is straightforward.
View full review »VS
VolodymyrSavov
Splunk BDM in UA at a manufacturing company with 51-200 employees
We have not had any problems installing Splunk.
For a standard case, it takes between one and two weeks to install correctly and deploy. This is for situations where the client has less than 50 gigabytes of data per day.
Problems during the implementation are typically due to something on the customer's side. For example, if the client does not have somebody that is responsible for the deployment, helping to speed up the various procedures, then this is a key problem for us.
View full review »MM
reviewer971370
CEO at a tech services company with 11-50 employees
Installing Splunk is not difficult, but it can be complicated in some cases.
The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.
It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.
It can take three months to complete the installation.
We have a team of three certified engineers who will deploy and maintain this solution.
View full review »JS
reviewer1605462
Product Manager, FX Solutions at a tech services company with 10,001+ employees
I did the training with Slunk and once I had the training the installation was easy.
View full review »DG
reviewer1453023
CSSP Manager at a tech services company with 51-200 employees
The initial setup is kind of complex but I think it's an issue we have and not connected to the solution. We're still deploying. The company didn't have an implementation strategy, they're kind of just flying by the seat of their pants which wasn't a great plan. We're doing it ourselves, we didn't use an integrator.
JC
Jerry Castille
Chief Architect at PathMaker Group
The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us.
View full review »it_user664626
Business Analyst at a retailer with 10,001+ employees
We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.
View full review »MK
reviewer1720563
Technical manager at a tech services company with 11-50 employees
The initial installation is not straightforward. It needs two or three days, depending on the size of the company. But it can be done with one senior engineer.
View full review »HF
reviewer1126641
Product Manager, CyberSecurity at a tech services company with 201-500 employees
The initial setup isn't overly complex, but it's not easy either.
View full review »RK
reviewer1404306
SOC Analyst at a wholesaler/distributor with 10,001+ employees
The installation is straightforward.
View full review »it_user1415322
Senior Consultant at sectecs
really fast and easy to install a test instance.
AK
Anjani Kumar
System Engineer at NetScout Systems
The implementation of slunk is not straightforward. It is of a moderate difficulty level.
View full review »GA
Security1747
Security Architect at a comms service provider with 10,001+ employees
For the few integrations that we have already made, these have been easy to do.
it_user664635
Performance Consultant at a tech services company with 10,001+ employees
The setup was quite easy and there is lot of technical documentation for handholding you through the process.
View full review »it_user594183
Security Engineer at a retailer with 10,001+ employees
I was not present during the initial setup.
View full review »RM
reviewer1317924
Audit Remideation/Financial Manager at a tech services company with 1,001-5,000 employees
The initial setup was not complex. It was pretty straightforward. It was already loaded on the environment. It's managed by a third party or service provider, therefore we just kind-of fell into the rhythm of using it pretty quickly.
View full review »it_user645663
Sr. Program Manager at a consultancy with 51-200 employees
The initial setup is straightforward, depending on the level of implementation of the tool.
View full review »RS
reviewer1804125
Tech Lead Security at a comms service provider with 51-200 employees
Its initial setup was okay.
View full review »HK
reviewer1643871
President at a non-profit with self employed
The initial setup is not easy. Customers have to learn the Splunk language and it is hard to operate it by themselves. They will need Splunk engineers to assist in their projects.
View full review »BA
reviewer1276671
Solutions Consultant at a tech services company with 1,001-5,000 employees
Simple environments are easier to install. Because there is a lot of data log monitoring, once you have a production system, there is some amount of work in setting it up, especially making it SSL Secure and exposing it on the internet. There are multiple components behind it, so you need to ensure that all these things are set up correctly. These kinds of things are not required on a cloud platform because you are just uploading data. You really don't have much access to the backend.
Splunk also has a cloud version, which I haven't looked at, but I have used Qlik Sense's cloud platforms. With on-premises, you are in control of pretty much how you set up all the data that you are sending out. A lot of our customers have the issue that if it is a cloud platform, they cannot really send out the data to any of these cloud platforms. So, there are data residence and other issues.
View full review »RW
Rudi Wicaksono
Architecture and Security Team Leader at CV Akbar Panjaya
The deployment was great and took three to four days.
View full review »it_user762567
Director of Information Security with 201-500 employees
Anything that's not out of the box requires codding. Even up until recently when they finally released their SIEM or their security add-on. Before then there was not security stuff at all. I would actually have to go in and code that within the system to able to do the necessary searches to pull that information. Where a lot of the other tools, they already have those preconfigured which means I don't have to go and recreate the wheel. Now, we finally figured that out to a certain degree, and started putting the new tool in a place that gives you some SIEM functionality.
View full review »BW
SenNetwork4433
Senior Network & Security Architect at a insurance company with 501-1,000 employees
I was not involved with the initial setup.
View full review »MC
Marcelo Canedo
Presales IT at a tech services company with 201-500 employees
The initial setup of Splunk is somewhat difficult because it was our first time implementing the solution. It was a similar situation to implementing other CM tools like FortiSIEM.
View full review »TA
reviewer1584621
Cyber Security Consultant at a tech services company with 11-50 employees
I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.
View full review »VW
reviewer1367535
Security Professional at a tech services company with 51-200 employees
It was easy to install. Its configuration and development are the critical parts, and there are a limited number of people in the market with such a skill set. It takes some time to find people with the right skill set and get it implemented properly. It took approximately three months.
View full review »LF
Luiz Fernandes
Técnico Judiciário at a government with 1,001-5,000 employees
On a scale from one to ten I would rate the initial setup a seven for its complexity.
View full review »BS
reviewer1086690
Enterprise Client Executive at a tech services company with 11-50 employees
Its initial setup is complex. You're going to need deployment services from somebody who is an expert in the product. You would need at least two users.
View full review »LK
reviewer1689987
Network Operations Center Engineer at a tech company with 51-200 employees
it_user859464
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
The initial setup is very straightforward.
it_user635271
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
Initial setup was fairly straightforward, but we used an experienced implementation partner and ensured that our team was intimately involved in the installation/configuration process on a technical level.
TB
implemen269433
Technical Director at a consultancy with 11-50 employees
The setup was very straightforward.
View full review »SA
Samer Amr
CyberSecurity Consultant at Information Technology Solutions- ITS
JN
jorgenoguerah
IT Infrastructure Architect at a tech company with 201-500 employees
The setup was easy.
View full review »DA
Engineer9887
Engineer at a integrator with 11-50 employees
The initial setup is really straightforward. It's one of the easiest installations.
This product doesn't have any kind of dependencies, it just worked from one package. Install it and boom, you have a working solution.
View full review »it_user363165
Products Manager at a tech services company with 5,001-10,000 employees
The setup can be straightforward, if use cases are well defined.
View full review »MC
Marc Chan
Net Sec at a tech services company with 11-50 employees
The initial setup was easy. It took us one to two days.
View full review »MN
Matheus Nery
Data Scientist at a tech vendor with 201-500 employees
The setup of Splunk was easy.
View full review »IS
Reviewer4612
Enterprise Architect and Business with 5,001-10,000 employees
It is easy to implement.
View full review »Buyer's Guide
Splunk Enterprise Security
March 2024
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,415 professionals have used our research since 2012.
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2024
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Power BI
SentinelOne Singularity Complete
Microsoft Sentinel
Elastic Security
IBM Security QRadar
Azure Monitor
Microsoft Defender XDR
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More:
- Primary Use Case
- Valuable Features
- Room for Improvement
- Customer Service and Support
- Initial Setup
- ROI
- Pricing
- Other Advice
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack
- What is a better choice, Splunk or Azure Sentinel?
