Splunk Pros and Cons

The most valuable aspect of the solution is the dashboard. It's very intuitive.

What I really like is that even if you have already collected the data, you can extract fields and can build searches.

The logs on the solution are excellent.

Good for log collection and log management.

Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data.

With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM

Our clients are easily able to modify and evolve their implementations.

The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.

It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.

Splunk is a user-friendly solution.

It's the completeness of the solution that we like the most.

There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side.

I would like to see more SIEM functionality and a better ticket tool.

It could be more user friendly, in terms of the end-user experience.

This is not really a monitoring solution.

I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need.

It needs a better way to export dynamic views without requiring a ton of code and user/pw.

It needs integration with a configuration management solution.

It needs integration with a configuration management solution.

Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud.

The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.

In terms of the interface, it could include some improvements for the look and feel.

Our two main complaints are about the difficulty of the initial setup and the licensing model.