Splunk Other Advice

Engineering Manager at a manufacturing company with 10,001+ employees
Make sure it fits your use case. Be clear about what you want to achieve, get out of the product, and how you want to integrate it. Once you tie the solution into your systems, it is not trivial or easy to walk away from. Therefore, due diligence needs to be made to understand what your requirements are before choosing a product. Some companies may not even want to host, and prefer to go the managed services route. We have it integrated with every product that I can think of. We use both the AWS and on-premise versions. The AWS hosted version typically caters to all the microservices that we run on AWS, so there is a clear segregation between on-premise and cloud. In terms of usability and experience, both of them have been similar. We have seen a few bottlenecks on the cloud, but that can probably be attributed more on the user side of the house in terms of the way we write our applications and the type of payloads that we sent this month. This is an optimization which is ongoing from our end. Other that, we have been fairly happy with Splunk and what we get out of it. View full review »
Kenn Brodhagen
DevOps Engineer at Amplify
Implement something and watch how much data you are sending to it, then have some way to shut it off without redeploying your app in case things get hairy. We use the cloud version of the product. View full review »
Tony Fabrikant
CTO at IHS Markit
Go with Splunk. A lot of people know how to use it because they have experience with it. It works well. While it has some pain points, it provides reports and data visibility. It integrates great with Opsgenie, PagerDuty and Slack. We love the Slack integration, as works great with the Slack alerts. We use the on-premise version in our data centers and we use the AWS version. We are just starting to migrate to the AWS hosted version, and I have not seen a difference. View full review »
Find out what your peers are saying about Splunk, IBM, LogRhythm and others in Security Information and Event Management (SIEM). Updated: March 2020.
406,607 professionals have used our research since 2012.
Gavan McLaughlin
Application Engineer at Expedia
It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things. User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. The on-premise version that we had was not scalable at all. It was very difficult to use. We have EC2 instances in the cloud with Splunk installed, which is more scalable and easier to use. It now works much better. View full review »
Enterprise Architect at a tech services company with 10,001+ employees
Build your environment a lot bigger than you think you will need it, because you fill it up quickly. We log somewhere in the neighborhood of two to four terabytes a day per data center. We use both AWS and SaaS versions. With the SaaS version, you don't have as much control, but it functions the same, so there is no real difference. Though, the AWS version is probably easier to scale, because it is AWS. View full review »
Gregg Woodcock
Consultant at Splunxter, Inc.
You can also get GREAT help at answers.splunk.com. View full review »
Presales Manager at a tech services company with 11-50 employees
I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions. View full review »
Director of Information Security with 201-500 employees
As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations. View full review »
Sam Osborn
Software Engineer at Tableau Software
It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign. It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. I am using the on-premise version. View full review »
Michael Kaericher
Application Engineer at Securian Financial Group
Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk. View full review »
Shaveta Datta
Technical Project Manager at Aricent
I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution. I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk. View full review »
Yosef Tavin
Devops Engineer at Moovit
We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings. View full review »
Mui Tran
Project Manager at Idemitsu Oil & Gas
Because it was a trial version, I was the only one who used it in our company. I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company. View full review »
Security Operation Center Analyst at Sadad
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best. I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor. View full review »
Jerry Castille
Chief Architect at Pathmaker Group
Do your homework and make sure it fits your needs. The product is pretty good. We are pretty satisfied with it. It does what it does. We host the product on AWS, but we did not purchase it on the AWS Marketplace. View full review »
Christopher Mooney
Incident Manager at CyberCore Technologies
Pick it up and jump into the community! It can help get you started a lot faster. View full review »
Rajesh Mandale
Splunker at freelancer
We build many of our own apps by leveraging the logic in others. View full review »
Tomi Juslin
QA Lead at a financial services firm with 11-50 employees
Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first. I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions. View full review »
Ken Orr
Security Engineer at Information Innovators Inc. (Triple-i)
It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality. View full review »
Security Architect at a comms service provider with 10,001+ employees
I would recommend trying different stuff based on your company's needs and log types. We like the product. View full review »
Director at a tech services company with 10,001+ employees
Explore Splunk. The product has a lot of depth. It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine. I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet. View full review »
Seyfallah Tagrerout
IT & Cloud Architect at AiM Services
I would rate this solution a perfect ten out of ten. View full review »
MS Alam
System Administrator at Abdullah Al-Othaim Markets
I have been using Splunk to increase my security experience. View full review »
Project Manager at a comms service provider with 10,001+ employees
When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed. But, the instance was resolved. View full review »
Engineer at a integrator with 11-50 employees
I would advise to get Splunk professional services from Splunk. View full review »
Rudi Wicaksono
Architecture and Security Team Leader at Offshore North West Java (ONWJ)
Splunk is great product, especially for my organization. View full review »
Marc Chan
Net Sec at a tech services company with 11-50 employees
I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors. View full review »
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
I love this product. View full review »
Sr. Production Support Analyst at Electric Reliability Council of Texas
The recent acquisition of Phantom makes the future seem bright with more automated responses. View full review »
Luiz Fernandes
Técnico Judiciário at a government with 1,001-5,000 employees
I would rate it an eight out of ten. Splunk is more efficient than other solutions but it's also more expensive. View full review »
Enterprise Architect and Business with 5,001-10,000 employees
It is easy to use, and easy to implement. View full review »
Find out what your peers are saying about Splunk, IBM, LogRhythm and others in Security Information and Event Management (SIEM). Updated: March 2020.
406,607 professionals have used our research since 2012.