Splunk Room for Improvement

Colt Rodgers
Infrastructure Engineer at Zirous, Inc.
Splunk has continually been increasing its features and also expanding and perfecting its core functionality. I would like to see it to continue to improve its predictive analytics and machine learning tools. It is not to be said that they are currently lacking, I don't believe it is, but given the current state and direction of the Information Technology world, I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor. View full review »
david hourani
Lead Splunk Architect at a financial services firm with 10,001+ employees
Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources. View full review »
Gregg Woodcock
Consultant at Splunxter, Inc.
* It needs integration with a configuration management solution. * It could use better password management for forwarders. * It needs a better way to export dynamic views without requiring a ton of code and user/pw. View full review »
Paul Gilowey
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
Official training, even CBT, is expensive so not many people are able to get certified. This leads/causes the users to make use of the most basic functionality only. It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded. Splunk has moved towards not applying hard caps in data ingestion, and this will help us in the future. However, I’d like an easier way to flag certain source log files as non-critical and have Splunk automatically disable those event sources when the license capacity exceeds an arbitrary value. View full review »
Kent Farries
Security Architect at a energy/utilities company with 1,001-5,000 employees
The GUI can be improved to include some of the capabilities that other BI solutions have. Basically, the layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this could become a non-issue. View full review »
Joshua Biggley
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
Deploying Splunk as scale is not easy. It requires a significant amount of relatively complex architecture once you push past the single server instance. Breaking out your search and indexing layer requires someone with Splunk experience. Want to add search layer replication for HA? Want to host in AWS and do cross-region index replication? Splunk expertise is in high demand today and finding talented engineers to pull off your large-scale implementation is hard. Do your homework. View full review »
Michael Kaericher
Application Engineer at a financial services firm with 5,001-10,000 employees
I would like to see Splunk improve its posture as a production operations tool. This means that searches, alerts, dashboards, and additional configurations that I use should have a production migration process. Therefore, I can know if my important detects have been tampered with and I can restore them if they have. I would also like it to be easier to understand what I can influence from the UI versus the command line. Splunk is making great strides to all configuration being possible from the UI, but it can still be confusing for a non-system administrator to track down an issue only to find that it requires command line access to fully interpret. View full review »
Yosef Tavin
Devops Engineer at Controlup
It needs to improve the way to install third-party apps and enable installation without logging into splunk.com. View full review »
Amir Jalilzadeh
Java Developer with 201-500 employees
In the next release of Splunk, I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence. Splunk would be the best if it improved these features. View full review »
Mark Kline
Information Architect at a financial services firm with 5,001-10,000 employees
We usually have to follow up with technical support on our open cases. Otherwise, Splunk listens to customers and is constantly incorporating their feedback in future releases. View full review »
Senior IT Security Operations at a pharma/biotech company with 10,001+ employees
Cluster management can only be done via a command line. I would like them to add some GUI options for that. Permissions are not very flexible, so it would be nice to have more granular options, such as double factor authentication. The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that. Permissions in the other hand could be improved by adding for example the deny option to groups to see and index, etc. Also the authentication method is just LDAP or spkunk, so some more security layers could be added as second factor, etc View full review »
Rajesh Mandale
Splunker at a tech services company
The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code. Over the years, they have really been improving in this area. I would think that will continue and this will become a non-issue. Also, AngularJS/ReactJS inclusion could be made easier in GUI. View full review »
Robert Bailey
Owner with 1-10 employees
Better directions on search head clusters. A lot of the documentation that I saw was either old or out of date. I believe I ended up doing a lot of searching and ended up not completing the feature. I opted out of creating a search head cluster. View full review »
Troy Landers
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating. View full review »
Christopher Mooney
Incident Manager at a tech services company with 201-500 employees
There is a definite learning curve to starting out. However, there is quite a bit of documentation out there to help you get started. View full review »
Ken Orr
Security Engineer at a tech services company with 501-1,000 employees
The Enterprise Security app could be improved. We have had trouble with it working from the first day. View full review »
VivekRamanath Iyer
Performance Consultant at a tech services company with 10,001+ employees
Security administration and user access control is pretty basic. This can be improved. The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc. If this is improved, with a mapping against LDAP roles, it would be excellent. View full review »
Timur Baitenov
Implementation Unit Manager at a tech services company
Visualizations can improve. There are some performance and stability issues with the visualization layer. View full review »
KH Lee
Products Manager at a tech services company with 5,001-10,000 employees
The GUI should be improved, in other words, the overall appearance. View full review »
Jorge Noguera
IT Infrastructure Architect at a tech consulting company with 10,001+ employees
It needs documentation, and "how-to-do" information. It's complicated to build reports and views. View full review »
MD Alam
System Administrator at Abdullah Al-Othaim Markets
Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk. View full review »
Madison Moss
Splunk Architect at a aerospace/defense firm with 5,001-10,000 employees
It can be tough to determine if you are getting all of the value out of your investment at times. However, our sales seems to be flexible and will work on an organization to organization basis to negotiate license terms. View full review »
Niket Nilay
Technical Lead at a tech services company with 10,001+ employees
* Scheduled PDF generation does not work well for all visualizations, and it does not work for custom visualizations. * While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin. * Missing capability for audio/video and image processing. View full review »
Lead Systems Architect at a energy/utilities company with 10,001+ employees
* Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex. * Configuring a few apps is complex, not straightforward. View full review »
Colin Jackson, CISSP, MMIS, GMON
Information Security Engineer/Architect at a tech services company
More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it. View full review »
John Hluboky
SVP, Technical Operations at a tech vendor with 201-500 employees
Unlike other cloud based analytics platforms, at the time of this writing Splunk Cloud is a dedicated instance per customer rather than a shared tenancy platform. While this is beneficial from an overall performance standpoint, the product lacks the seamless integrations one has come to expect from a cloud solution. This translates to a much stronger reliance on Splunk's support organization out of necessity, as the customer cannot make most changes in a self-service manner. View full review »
Business Analyst at a retailer with 10,001+ employees
VMware and security device integration looks a bit complex. View full review »
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications. View full review »
Nathan Plamondon
Splunk Administrator at a university with 10,001+ employees
Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run. While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged. View full review »
Scott Odle
Business Intelligence Developer at a university with 10,001+ employees
* Certain sections of the developer documentation could use some updating and clarification. * Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling. * Some terminology is vague and confusing (examples: deployer versus deployment server or search head versus search peer). View full review »
Michael Linde
Senior Network Security Engineer at a media company with 1,001-5,000 employees
ES is very powerful, but it requires a mature security posture at the company to take advantage of it currently. The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment. View full review »
consultant at a non-profit with 1,001-5,000 employees
I like Splunk. The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it. View full review »
Krishnaprasath Govindarajilu
Security Engineer at a retailer with 10,001+ employees
When we deep dive into the events for the triggers, we have very little information in some instances. View full review »
Christina Spires
Systems Analyst Staff - SW Eng Compute Analytics Lead at a wireless company with 10,001+ employees
* Free-floating panels in the dashboards are like a glass table. * It needs more formatting control without having to be an admin. View full review »
User at a financial services firm with 10,001+ employees
Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated. View full review »
Noah Woodcock
Data Scientist Intern at a tech vendor with 1-10 employees
It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away. View full review »
Robert Pollard
Director of IT at a government with 1-10 employees
The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement. View full review »
Clara Merriman
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more. View full review »
Java Technical Lead at a insurance company
Make it easier to include roles and user controls, as it is horrible now. View full review »
Gangikunta Somanath
Principal Engineer at a retailer with 10,001+ employees
More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results. View full review »
Ahmed Zard
Field Engineer at a tech services company with 501-1,000 employees
Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it. View full review »
Senior Security Engineer
DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down. View full review »
Principal Consultant with 51-200 employees
* Multi-tenancy support * Improved user interface * Non-proprietary search language * Different licensing model View full review »

Sign Up with Email