Splunk Room for Improvement

Engineering Manager at Apple
For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster. With the AWS hosted version, we have not hit this bottleneck yet, simply because we are not yet at the multiple terabyte scale. We have hit with the on-premise enterprise version. This is a problem that we run into every so often. We don't run into this problem day in and day out. Only during the month of August through October do we contend with this issue. Also, there is a fair bit of lag. We have our ways to work around it. Between those few months, we are pumping in a lot of data. It is between 8 to 10 terabytes of data easily, so it is at a massive scale. There are also limitations from the hardware perspective, which is why it is an optimizing problem. View full review »
Kenn Brodhagen
DevOps Engineer at Amplify
A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down. This sort of thing would help out a lot. It would help them out too, because then they wouldn't be hollering at us for going over our license. View full review »
Tony Fabrikant
CTO at IHS Markit
The query language is pretty slick and easy, but it is not consistent in parts. Some of it feels a little esoteric. Personally, some of my engineers are coming from SQL or other languages. Some things are a little bit surprising in Splunk and a little bit inconsistent in their querying, but once you get use to it and once you get use to the field names and function names, you can get the hang of it. However, if it was a bit more standardized, it might be quicker to get it up and running. I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions. I would also like a better UI tool for enhancements of advanced visual query editors. View full review »
Find out what your peers are saying about Splunk, IBM, LogRhythm and others in Security Information and Event Management (SIEM). Updated: February 2020.
399,230 professionals have used our research since 2012.
Gavan McLaughlin
Application Engineer at Expedia
The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer. Splunk is good about viewing data within the last seven or 14 days, but if you want to see a year-over-year trend, you have to do a lot of work to get to that point. If there was a better way to extract the data point and put it into a long-term viewing ability for a year-over-year analysis, then compare that to your other business metrics. That is what I am looking for, as an example, for a call center you want to see the time it takes for your customer to be handled on their need comparatively to the system performance that is happening, then overlay that data. View full review »
Enterprise Architect at a tech services company with 10,001+ employees
When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved. I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier. View full review »
Gregg Woodcock
Consultant at Splunxter, Inc.
* It needs integration with a configuration management solution. * It could use better password management for forwarders. * It needs a better way to export dynamic views without requiring a ton of code and user/pw. View full review »
Presales Manager at a tech services company with 11-50 employees
Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market. Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud. Its costs are too high and it should be more cost effective because it's going to be a cloud offering. View full review »
Director of Information Security with 201-500 employees
The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication. What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time. View full review »
Sam Osborn
Software Engineer at Tableau Software
The search query seems slow, but I am not sure if that is just because it is searching millions upon millions of lines of text. Also, I just started using it, so I might have no idea what I am doing. I could probably speed up the queries by improving my search skills. My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it. It is possible that we have already done this and I haven't participate, but this type of training would be helpful. View full review »
Michael Kaericher
Application Engineer at a financial services firm with 5,001-10,000 employees
I would like to see Splunk improve its posture as a production operations tool. This means that searches, alerts, dashboards, and additional configurations that I use should have a production migration process. Therefore, I can know if my important detects have been tampered with and I can restore them if they have. I would also like it to be easier to understand what I can influence from the UI versus the command line. Splunk is making great strides to all configuration being possible from the UI, but it can still be confusing for a non-system administrator to track down an issue only to find that it requires command line access to fully interpret. View full review »
Shaveta Datta
Technical Project Manager at Aricent
I would like to see them develop integration with the help of a rack rest API. Which is an API that helps to secure communication with oracle cloud and pull down records from there. This integration is currently missing in current version of splunk. I'm looking forward to see this feature getting implemented in next version of Splunk and so that organizations can get benefit of this feature in future. View full review »
Yosef Tavin
Devops Engineer at Moovit
It needs to improve the way to install third-party apps and enable installation without logging into splunk.com. View full review »
Mui Tran
Project Manager at Idemitsu Oil & Gas
If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well. View full review »
Security Operation Center Analyst at Sadad
In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features. View full review »
Jerry Castille
Chief Architect at Pathmaker Group
The community surrounding the product is okay, but I would like more material supplied by Splunk around some more common integration stuff. I wish there was a bigger library, because we are building stuff. Where I often feel like other people have done things before, we are reinventing the wheel. While it is not a core piece of our organization and it is not a priority, it does inform our SIEM platform. It would be nice if there was a little more cookie cutter solutioning inside of it, and that they would take a little more time to shake it out. The first year and a half was a little wacky with its usefulness, but now it is a solid piece of our infrastructure. View full review »
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall. View full review »
Christopher Mooney
Incident Manager at a tech services company with 201-500 employees
There is a definite learning curve to starting out. However, there is quite a bit of documentation out there to help you get started. View full review »
Rajesh Mandale
Splunker at a tech services company
The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this will become a non-issue. Also, AngularJS/ReactJS inclusion could be made easier in GUI. View full review »
IT Analyst at a energy/utilities company with 1,001-5,000 employees
Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market. View full review »
Tomi Juslin
QA Lead at a financial services firm with 11-50 employees
The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging. View full review »
Ken Orr
Security Engineer at a tech services company with 501-1,000 employees
The Enterprise Security app could be improved. We have had trouble with it working from the first day. View full review »
Roman Burdakov
Engineering Manager at Cengage Learning
I would like some additional AI capabilities to provide additional information about things going wrong and things going well. View full review »
Security Architect at Motorola
Every product needs improvement. If we can get a faster product, we will take it. There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good. We would like more integrations with other cloud products, not just AWS, e.g., Azure. View full review »
Director at a tech services company with 10,001+ employees
I have not tested the hybrid model yet. I don't know whether all its integrations and interfaces will work between the cloud and on-premise model. I also don't know if across multiple clouds all the products will perform properly. If it could be made available as a service, this would be much better than as a product. View full review »
Seyfallah Tagrerout
IT & Cloud Architect at AiM Services
The security can be improved. View full review »
MS Alam
System Administrator at Abdullah Al-Othaim Markets
Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk. View full review »
Project Manager at a comms service provider with 10,001+ employees
After a crash, the product takes a while to recover. View full review »
Colin Jackson, CISSP, MMIS, GMON
Information Security Engineer/Architect at a tech services company
More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it. View full review »
Lead Systems Architect at a energy/utilities company with 10,001+ employees
* Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex. * Configuring a few apps is complex, not straightforward. View full review »
Madison Moss
Splunk Architect at a aerospace/defense firm with 5,001-10,000 employees
It can be tough to determine if you are getting all of the value out of your investment at times. However, our sales seems to be flexible and will work on an organization to organization basis to negotiate license terms. View full review »
Engineer at a integrator with 11-50 employees
The clusters are hard. It has too many moving parts. They should make data onboarding easier. View full review »
Rudi Wicaksono
Architecture and Security Team Leader at Offshore North West Java (ONWJ)
Splunk should be able to integrate with other product using the free version. The product was difficult to back up the first time. View full review »
Marc Chan
Net Sec at a tech services company with 11-50 employees
Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them. It would be best if they can incorporate all security locks with minimal incidents. View full review »
Senior Cloud Operations Analyst at Skillsoft
I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications. View full review »
Niket Nilay
Technical Lead at Wipro Technologies
* Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations. * While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin. * Missing capability for audio/video and image processing. View full review »
Senior Network & Security Architect at a insurance company with 501-1,000 employees
I would like to see future development in terms of ML (Machine Learning). View full review »
Nathan Plamondon
Splunk Administrator at a university with 10,001+ employees
Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run. While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged. View full review »
Michael Linde
Senior Network Security Engineer at a media company with 1,001-5,000 employees
ES is very powerful, but it requires a mature security posture at the company to take advantage of it currently. The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment. View full review »
Scott Odle
Business Intelligence Developer at a university with 10,001+ employees
* Certain sections of the developer documentation could use some updating and clarification. * Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling. * Some terminology is vague and confusing (examples: deployer versus deployment server or search head versus search peer). View full review »
Christina Spires
Systems Analyst Staff - SW Eng Compute Analytics Lead at a wireless company with 10,001+ employees
* Free-floating panels in the dashboards are like a glass table. * It needs more formatting control without having to be an admin. View full review »
consultant at a non-profit with 1,001-5,000 employees
I like Splunk. The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it. View full review »
User at Deloitte
Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated. View full review »
Clara Merriman
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more. View full review »
Noah Woodcock
Data Scientist Intern at a tech vendor with 1-10 employees
It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away. View full review »
Luiz Fernandes
Técnico Judiciário at a government with 1,001-5,000 employees
Cybersecurity and infrastructure monitoring have room for improvement. View full review »
Java Technical Lead at a insurance company
Make it easier to include roles and user controls, as it is horrible now. View full review »
Robert Pollard
Director of IT at a government with 1-10 employees
The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement. View full review »
Gangikunta Somanath
Principal Engineer at a retailer with 10,001+ employees
More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results. View full review »
BS Systems Engineer at a tech services company with 501-1,000 employees
Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it. View full review »
Senior Security Engineer
DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down. View full review »
Enterprise Architect and Business with 5,001-10,000 employees
I would like to have the ability to master the management of clustering. View full review »
M Ghuyoor Syed
Sr. Manager Information Security with 1,001-5,000 employees
Due to the size limit, we could not see the full product. View full review »
VMware Engineer at First Data Corporation
* The amount of time it takes to troubleshoot not-easily-available data * Also, hours on the phone with VMware techs. View full review »
Principal Consultant with 51-200 employees
* Multi-tenancy support * Improved user interface * Non-proprietary search language * Different licensing model View full review »
Cyber Analyst with 501-1,000 employees
A few more analysis aids might help. The next release could have more intuitive help examples. View full review »
Emad Ul Haq
Network & Telco Lead at a energy/utilities company with 1,001-5,000 employees
Code understanding requirement is complicated for most users. View full review »
Find out what your peers are saying about Splunk, IBM, LogRhythm and others in Security Information and Event Management (SIEM). Updated: February 2020.
399,230 professionals have used our research since 2012.