We just raised a $30M Series A: Read our story
SK
Assistant Vice President at a financial services firm with 10,001+ employees
Real User
Top 20
Easy to use with a simple setup and great integration capabilities

Pros and Cons

  • "The initial setup is pretty straightforward."
  • "On-premises scaling of the solution is a bit more limited than it is on the cloud."

What is our primary use case?

We primarily use the solution for monitoring our infrastructure.

What is most valuable?

The models that we use are pretty mature at this point, which means we can be assured we are given the best use cases right out of the box.

We can just plug into the applications and everything is set up. There's very little configuration necessary.

The integrations that are offered with different tools are all very good. They offer integrations for all levels of security and have offerings from some of the other major solutions in the space.

The initial setup is pretty straightforward.

What needs improvement?

Over the years, I know they've been doing what they can to continue to add integration capabilities to their solution. If they continue to do that, that would be ideal. However, beyond that, there really aren't any features that I find to be lacking in any part of the solution.

On-premises scaling of the solution is a bit more limited than it is on the cloud.

The pricing of the solution needs to be a bit lower.

It would be ideal if the hardware could meet more universal global regulatory requirements. It would be great it the solution better aligned with global standards.

For how long have I used the solution?

I've been working with the solution for three to four years at this point.

What do I think about the scalability of the solution?

In terms of the cloud, scalability is very straightforward. It's just about as expansive as we want to go. When it comes to an on-premise deployment, there might be some scalability limitations. We've found we just have to cut hard on the resources as it does a lot of processing. Whereas the cloud is easy and has very little limitation, I'd advise others that on-premise may have some difficulties. 

On-premises, it's definitely on the customer to ensure they have the right plates. If they're concerned and they need 100% scalability, it's best to be on the cloud.

How are customer service and technical support?

Technical support is very good. They know their product and they are responsive to requests. We're satisfied with the level of service provided to us.

How was the initial setup?

We didn't have any issues with the initial setup. It's not too complex. We found the process to be very straightforward and very simple.

What's my experience with pricing, setup cost, and licensing?

While I do understand that it is a premium tool, they could work to make it a bit less in terms of cost. It's a bit expensive.

What other advice do I have?

We use a mixture of public and private cloud deployments.

I would definitely recommend the solution, having seen it work for others so well. Its ease of usage and its man integrations make it a great product. The way you can access whatever you need on the solution is very similar to a Google bar where you can search for anything you need. It's just a super quick responsive, product.

Overall, I would rate it a perfect ten out of ten. We have no complaints.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MM
CEO at a tech services company with 11-50 employees
Real User
Top 5Leaderboard
Simple to install, with good monitoring, and correlation capabilities

Pros and Cons

  • "The scalability is good."
  • "In the next releases, I would like to see more pricing flexibility."

What is our primary use case?

We are resellers. We provide solutions to our clients.

Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development.

We are concentrating on assisting in the development of a security monitor as well as analysis.

If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.

What needs improvement?

In my opinion, it is too expensive for our projects.

It is very competitive for small and medium businesses. Perhaps some should be set aside for developing markets. To begin with, similar to the current market, there may be some special conditions for large transactions.

In the next releases, I would like to see more pricing flexibility. It's a subscription-based service, and they don't sell professional licenses.

In some cases, particularly with large projects, we are not competitive in terms of pricing when compared to IBM QRadar and other solutions; even if we offer the maximum discount available, our prices remain uncompetitive.

For how long have I used the solution?

We have been selling Splunk for approximately five years.

What do I think about the scalability of the solution?

The scalability is good. It can be added on-demand in increments of one gigabyte or ten gigabytes. It's a per-gigabyte license, and you can add whatever you need at the time.

Our projects are sized per our current IT infrastructure.

Splunk is used by 10 of our customers.

How are customer service and support?

Our team provides technical support.

I have not communicated with technical support.

Which solution did I use previously and why did I switch?

We no longer resell Checkmarks. 

We were unable to assist in establishing their business on-premises because It could have been too expensive for our clientele.

How was the initial setup?

Installing Splunk is not difficult, but it can be complicated in some cases.

The issue is the integration with the customer's system, as well as the configuration of the rules for correlation, log collecting, and analysis.

It has good documentation and guides, but the main works should be focused on customer needs and customer resources for monitoring.

It can take three months to complete the installation.

We have a team of three certified engineers who will deploy and maintain this solution.

What's my experience with pricing, setup cost, and licensing?

The licensing fees and pricing models could be reduced.

It's a yearly subscription.

They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.

What other advice do I have?

We do not sell Compliance Control Limited solutions because our focus is on auditing and independent security assessments. We put an end to our selling program with Checkmarks.

I would recommend this solution to others. Splunk is appropriate for small to medium-sized projects, and it should be calculated for large projects.

It's one of the best CM solutions on the market for monitoring, and correlation, as well as IT monitoring security.

I would rate Splunk an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,382 professionals have used our research since 2012.
ID
Senior Network Engineer at a tech services company with 51-200 employees
Real User
Top 20
Useful search function, beneficial session reports, but performance could improve

Pros and Cons

  • "The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
  • "Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."

What is our primary use case?

We typically use Splunk to collect and check all the logs and events around the diverse network environment which includes, firewall, switches, and routers. For example, we have traffic that needs to go from one part of the network to another and if we think there is a firewall blocking it along the path, rather than log in to all the firewalls to see what is happening, we simply go into Splunk and the check traffic going across the parts of the network to see where it is being dropped and what is the likely reason it has been dropped.

How has it helped my organization?

Splunk has saved our organization time by resolving problems in a quicker timeframe. Before if we had networking issues we would have to log into every single device, check the firewall to see why the traffic is not going across to solve the problem. With Splunk, you only have a single pane of glass to check what is likely happening. This has enabled us to easily go to the right environment and write the necessary security policy to permit such traffic. It brings about faster resolution of problems reduced with visibility.

What is most valuable?

The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.

What needs improvement?

Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster.

For how long have I used the solution?

I have been using Splunk for approximately six months.

What do I think about the stability of the solution?

We have been satisfied with the stability of the solution.

What do I think about the scalability of the solution?

Slunk scale very well.

We have approximately 50 people in our infrastructure and applications teams using this solution in my organization.

We plan to increase usage in the future.

How are customer service and technical support?

I have not needed to open a ticket up with technical support. 

Which solution did I use previously and why did I switch?

Previously to using Splunk we only had some Syslog servers that we sent logs to. However, Syslog servers, do not analyze your logs, they only capturing them. Whereas, in Splunk, you can assess the logs and you can do other things with the log.

How was the initial setup?

I do not think the implementation is difficult.

What about the implementation team?

We have an internal team that does the maintenance of the solution.

Which other solutions did I evaluate?

I have evaluated DataDog.

What other advice do I have?

Splunk is easy to use and not having the need to log into every single network device for management is helpful.

I rate Splunk a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SJ
Engineer at a financial services firm with 201-500 employees
Real User
Top 20
Great flexibility, pretty stable, and has great technical support

Pros and Cons

  • "The flexibility of the solution is quite good."
  • "The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."

What is our primary use case?

It's the primary place where I'd go to do an investigation if I want to see what's going on within an endpoint, or on a network, or with a user.

What is most valuable?

The flexibility of the solution is quite good.

The product is stable.

It offers good scalability if you are willing to pay.

The technical support on offer is responsive.

What needs improvement?

The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do.

The solution needs a bit more functionality. For example, being able to save a search and select it when you're doing an investigation. I know you can create dashboards and things like that, however, sometimes being able to have a pre-saved search and just fill in whatever value you need would make everything so much easier.

For how long have I used the solution?

I've been using Splunk for four years so far. It's been a while.

What do I think about the stability of the solution?

I haven't had any stability issues with it. It's pretty stable. There aren't bugs or glitches. It doesn't crash or feeze.

What do I think about the scalability of the solution?

You can scale the solution, however, users need to be aware of the product increasing in cost as well.

How are customer service and technical support?

The technical support is very good. We're quite satisfied with the level of service provided. They are knowledgeable and responsive.

Which solution did I use previously and why did I switch?

When I came to the company, they were already using Splunk. It's only now that we're looking to possibly move to another vendor. The cost of Splunk is much too high.

How was the initial setup?

I wasn't here when this solution was put into place, however, from looking at the documentation and things like that, the setup is pretty involved. I'd say it's a bit more complex than straightforward.

What's my experience with pricing, setup cost, and licensing?

We find the solution to be quite expensive. Therefore, we're looking for other options.

I don't know of the exact costs, as licensing is handled by another department.

What other advice do I have?

We're just users. We don't have a business relationship with Splunk.

We're on a variation of version seven. I'm not sure of the exact one. It's not quite the latest.

I'd advise new users, if they have the budget for it, to go and take the training that they offer. Or, for casual users, you just want to spend as much time watching YouTube videos as you can. It will help lessen the learning curve.

As a solution, it's still pretty much industry standard. I would give it a nine out of ten overall, even though I have my gripes with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SD
Assistant Manager System at a financial services firm with 10,001+ employees
Real User
Top 10
Stable, with easy log connection and the capability to scale

Pros and Cons

  • "Its compatibility with other SIEMS is very useful."
  • "We find that the maintenance process could be a lot better."

What is our primary use case?

We are using Splunk as a SIEM tool. We're using it for monitoring.

What is most valuable?

The ease of log connection has been great. 

Its compatibility with other SIEMS is very useful. 

They have many basic use cases that we like. 

The cloud version of the solution is especially scalable.

The product has been quite stable so far.

The initial setup is very easy.

What needs improvement?

Technical support is lacking post-sale.

The modification of firmware could be improved.

We find that the maintenance process could be a lot better. 

The solution is more expensive than other options on the market.

For how long have I used the solution?

We haven't been using the solution for too long at this point. It's been about four months or so.

What do I think about the stability of the solution?

The stability has been good. It offers good performance and doesn't seem to be buggy. There aren't glitches. It doesn't crash or freeze. It's reliable.

What do I think about the scalability of the solution?

The solution is scalable. This is especially true for the cloud deployment model. There really isn't anything holding you back if you use that version.

We have around 100 people on the solution currently. 60 to 70 of those are technical users.

We do plan to keep using Splunk

How are customer service and technical support?

Technical support services are lacking, especially after you buy the product. They aren't as helpful or responsive as we need them to be. However, when we do reach them, they are good and they help.

Which solution did I use previously and why did I switch?

I have used McAfee Nitro in the past and IBM QRadar as well.

How was the initial setup?

The initial setup is not complex. It's very straightforward. In fact, it's far easier to install than other log tools on the market. A company shouldn't have any issues with the process.

That said, I did not work on the installation myself. Other people at the company handled that aspect of the process.

The maintenance process could be better. It's a bit difficult once the deployment is done. We need about five people for maintenance tasks.

What's my experience with pricing, setup cost, and licensing?

When you compare the services and features, the pricing is reasonable. That said, if you compare Splunk to other options on the market, it is more expensive.

What other advice do I have?

As we recently purchased the solution, we are using the latest version right now.

I would recommend the solution to other users. 

I would rate the solution at an eight out of ten. If the solution offered a better price and better support services, I would likely rate it higher. However, for the most part, we have been satisfied with the product and its capabilities.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Assistant Manager ICT - Projects at a financial services firm with 1,001-5,000 employees
Real User
Good visualization, reliable, scales well, and has good support

Pros and Cons

  • "The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
  • "The configuration had a bit of a learning curve."

What is our primary use case?

We are currently using it with SIEM, and SOAR which is Security Orchestration, Automation, and Response.

Splunk is primarily used for security, incident response, and security analytics.

How has it helped my organization?

Using Splunk, give us the visualization we need, we can easily observe things such as user behavior analytics, irregular traffic, frequency, and any spikes in unusual activity inside the network.

What is most valuable?

The additional vendors we've brought on board, particularly the Elastic, have been quite beneficial.

It's a solid platform.

What needs improvement?

Other than the pricing modules, I have no issues with the product itself.

The configuration had a bit of a learning curve.

I would like to learn more about the Cloud solution, but I'm aware that it's lacking some core applications.

If they could bring on more vendors, you would be able to monitor a larger number of applications. We could have visualization with other applications we have with the infrastructure in our organization.

For how long have I used the solution?

I did a POC, but we have recently procured it. We did a rudimentary setup to get an understanding of how it works. We are into our sixth month of using it now.

What do I think about the stability of the solution?

Splunk is a very stable solution.

What do I think about the scalability of the solution?

This solution is quite scalable.

In our organization, we have 10 users, who use this solution but we have plans to increase our usage.

How are customer service and support?

The technical support has been quite helpful.

Which solution did I use previously and why did I switch?

The previous solution was limited in its functionality. 

We were looking at the additional controls that enterprise security may have, as well as visualization, to gain greater visibility.

Splunk offered us more visibility.

How was the initial setup?

The initial setup was complex.

We had some assistance with the actual deployment, but while I was doing the POC, I was working with a vendor. There were things I had to do myself, such as the configuration, which was a bit challenging for me, it was a big learning curve.

What about the implementation team?

For the installation, we received some assistance from the vendor.

What was our ROI?

It's too early to know if there will be a return on investment.

What's my experience with pricing, setup cost, and licensing?

The pricing modules could be improved.

The licensing fees are paid on a yearly basis.

There is a standard license with provisions for more. As we are still exploring the functionality, there may be other departments that want to use it.

What other advice do I have?

Those who are interested in implementing this solution should be prepared to dig deep into their pockets.

I would rate Splunk a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
HimanshuTejwani
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
Real User
Top 5Leaderboard
Very straightforward, easy to configure, stable and scalable.

Pros and Cons

  • "This is a straightforward solution, easy to configure."
  • "This is a costly solution."

What is our primary use case?

Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk. 

What is most valuable?

This is a straightforward solution, easy to configure and difficult to mess up. 

What needs improvement?

Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback.

For how long have I used the solution?

I've been using this solution for two years. 

What do I think about the stability of the solution?

This is a stable solution. Deployment takes one person, it can be a system admin or an engineer.

What do I think about the scalability of the solution?

This is a scalable solution. We can do the clustering of it for large applications. We have around 15 users for this product. 

How are customer service and technical support?

If I have any issues, I'll go to the community. I can generally get a response within a day. Although most of the documentation is good, some of it is unclear, particularly if you're new to the product. 

How was the initial setup?

I think it takes around 10 minutes to install it on the server. On the client side, it takes around five minutes. I do the installation myself. 

What other advice do I have?

If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product.

I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SS
Consultant at a financial services firm with 5,001-10,000 employees
Real User
Top 5
Good scalability, dashboards, and alarms, but should have a default dashboard for a firewall and better knowledge base

Pros and Cons

  • "Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
  • "Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."

What is our primary use case?

We are using Splunk for cybersecurity operations.

What is most valuable?

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

What needs improvement?

Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding.

To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this.

For how long have I used the solution?

I have been using this solution for eight months.

What do I think about the stability of the solution?

In terms of operations, it is stable, but if you don't have a proper configuration and sizing, there could be many issues. It could be more efficient on the storage part. We are still in the deployment stage to be able to say that for sure.

What do I think about the scalability of the solution?

It is very scalable. Currently, we have around 50 users. We will increase its usage if more people need access.

How are customer service and technical support?

We have raised multiple tickets. Some of them are good, and some of them can be better. Overall, their technical support is okay.

Which solution did I use previously and why did I switch?

We didn't use any other solution.

How was the initial setup?

I didn't do the initial configuration. I take care of the operations part. One of our clients did it, and it is somehow complex, and it takes time. It also depends on your knowledge. If you don't have knowledge of Splunk, it is complex.

Which other solutions did I evaluate?

We are a partner of Splunk. So, we did not evaluate other solutions.

What other advice do I have?

I would rate Splunk a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Splunk Report and get advice and tips from experienced pros sharing their opinions.