A lot of customers had a hard time effectively searching within the data in Splunk. There is a learning curve from searches to indexes and using all the macros that we have created. It is a little difficult for somebody who has not used it quite a bit and does not have a lot of practice with it, but the AI features that we have been hearing about through Splunk will make it a lot easier for us to use human language to search this data. That is big. That is pretty powerful, and that will help a lot with our customers. At the Splunk conference, some of the talks have been about the AI platform and more effective and easier ways to search within Splunk through indexes and other things. These features will help correct some of the things with which we are having a hard time with some of our customers.

There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.

Splunk Infrastructure Monitoring's data analytics can be improved by including suggestions for various types of continuous monitoring.

We still use Splunk Enterprise licensing. A lot of the newer features go into Splunk Cloud before Enterprise. We're not looking to switch our licensing over, so we're falling behind on the newer features. I know Splunk has plans to move their cloud features into Enterprise at some point. The only improvement we would like is to have more features put into Enterprise that focus on the cloud. Some people come from an on-prem environment and slowly move to cloud and would have to make a full jump into the Splunk Cloud licensing to get any of the cool Cloud features.

We have both on-prem and cloud, and the challenge is getting all our log data aggregated or streams aggregated so that it is real-time. We do a pretty good job of that, but our organization is not using it as a security platform when it can do a great job of that. We have other tools that we use, but we should leverage this more in our organization because we have already got the tools and the software.

Splunk could be better integrated with configuration manager solutions so we can automatically resolve issues without human interference. 

They need to offer better endpoint protection. They don't have their own platform for endpoint protection. It would be helpful if they added something that addressed that. They need more EDR functionalities. 

Support could be faster. 

It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.

I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective.

The implementation can be more user-friendly.

The clustering part of indexes can be more refined.

They can cut down a bit at the monetary level for the long-time customers. We recently had a scenario where we were in discussions to see if there was any flexibility from Splunk's side.

Overall, I cannot think of any features that are missing.

The deployment can be quite complex. 

The solution's stability is an area that has room for improvement. It needs to provide constant stability to its users. Also, the price of the license for the solution could be a bit better.

The price has room for improvement.

Without having used the solution too much, I don't really have any suggestions for feature improvement.

It would be useful if they provided some help pages. If you don't know too much about the tool, there should be more documentation readily available. It would be useful if they had a help button embedded in the solution so you could ask questions and get answers.

The solution should provide for some entry-level training.

The price of this solution is very high and can be improved.

This solution is difficult to configure and the instructions are complex.

Splunk would be better if some tools were integrated to be able to take action on security or network concerns. People in the IT field are looking for a single tool that can do everything. Not separate tools for monitoring and fixing.

In the next release, I would like to see more integration with other solutions. For example, Juniper, ManageEngine, PAM (Privileged Access Monitoring), and Wallix.

The cost needs to be re-examined. It's extremely expensive to run. It's also expensive to expand. That's the number one complaint all of my customers have when it comes to Splunk. It's way too expensive compared to other solutions.

The integration of their cloud solution, which came out a couple of years ago, and the ability to now integrate Phantom, needs to be improved. 

It would be ideal if there was a more automated process for finding and identifying data sources that a user wants to bring into the solution. Right now, it's all manual.

The solution should have more sensors regarding fiber intelligence for security measures.

What I don't like is that you are not sure all the data is recorded. Our product is better in these areas of functionality. Splunk is quite a bit different. When you transfer some logs at the end of the day you are never sure that you grab everything or not. The transport layer is not so well done and could be better.

What should be better in the solution to make Splunk a ten out of ten is a question I would rather not answer. That is an area where the products delivered by our companies compete in some ways.

I would like to see an improvement and some innovation in the customer interface, which puts something in your design. If we able to customize more parts of the user interface, it would be great. I also think the scalability should be improved.

We haven't faced any problems yet. It's working as expected. We are using the enterprise-grade, strong products and we're just paying a lot for it right now.

People intend to go for automation. We are following the works process and we are inculcating the engineers to ensure everything is automated. Whatever needs to be mitigated, has to be followed up on ticketing tools, this tool would come in. It handles the issues going on and what needs to be remediated in this single tool.

We need multiple tools in order to accomplish what we need. It's kind of a medium across multiple products. It would be better if we have a dedicated tool, that takes care of the entire work process, including automation as well.

They do not have all the features that I expect right now.