Splunk Room for Improvement

Balamurali Vellalath
Practice Head-CyberSecurity at a tech services company with 1,001-5,000 employees
There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side. The automation could be better. Typically, the issue that we face is that it has to go to the analytics engine, then goes to the automation engine, basically. Therefore, if there are no proper analytics, the SOAR module is going to be overloaded, and we are not able to get the expected result out from the SOAR module. If they improve the analytics, I think they'll be able to solve these issues very quickly. The playbooks which they create and provide to premium users can improve a lot. They have to create a common platform wherein the end-customers like us can choose the playbooks, and automation playbooks readily available. In terms of integration with the third-party tools, what we are seeing is that it's very limited compared to the competitive products. Competitive products have a lot of connectors and APIs that they have developed, and that's where the cloud integration, whether it is a public cloud or a private cloud integration comes in. There are a lot of limitations to this product compared to other products. View full review »
Steffen Klein
Senior Consultant at sectecs
I really dislike how Splunk sales and partner manager behaves. I have faced several sales model and partnership changes. Also, the last time I wanted to by a license ro built a SIEM solution, they had removed the ability to purchase a splunk subscription or license from their website. In the past, there was a web page calculator it was possible to by online, but now it instructs to contact sales. The free version is limited to 500 megabytes and there is no alerting. Due to the missing feature on the Splunk webpage, I have ask Splunk Sales to purchase a license like 1Gyte a day or a license for max 2500 Euro/year to use it as a test or development instance for myself. Asking Splunk for a quote willing to pay for Splunk license to learn and to get used to the product, Splunk didn't get it managed to offer my a license neither arranging the partnership paperwork I have ask for. Sales people from Splunk where calling, each time after I left my details on ther trial download page. I explained my experience and concerns about Splunk in the past. All excuses received and promises that someone will contact me to solve the issues faced in the past, was leading in excactly nothing. Well Done Splunk. Inflexible and expensive and I do not have much faith in the people working there because if someone is asking for a test environment and is willing to spend up to €2,500 a year, I can't understand why they are unable to provide a license. This could be a lost opportunity because they are not able to onboard a potential new partner. They definitely need to boost their sales and partner program because it changes to often, where they are dropping partners and it is difficult to get in contact with somebody. This is something that needs to be improved. I would like to see more SIEM functionality and embedded moduled such a ticket tool to make a end to end SIEM. View full review »
Audit Remideation/Financial Manager at a tech services company with 1,001-5,000 employees
We're still going through it at this time. However, there are a few changes that could be made. It could be more user friendly, in terms of the end-user experience. The end-user aspect of it could be more enhanced, whereby you could probably have a lot more people that could sign into the tool and look at the reports, and have the reports actually laid out in plain English. Usually, with tools like Audit Vault and Splunk, if you're not the IT person and you're not trained on that system and you're seeing all of the outputs, the language is something you have to convert. Therefore, the end-user experience could be improved so that when you get those alerts and notifications, you could have supervisors and different people actually knowing what those reports mean instead of having someone convert them into something more easily digestible. There should be more enhancements done to the end-user dashboards. Improved dashboards are always good. If you have an IT tech that's up there, and they're looking at the dashboards and they're seeing everything, it would help they could do events and have a dashboard that they could log into as a supervisor and see everything, and just get specific reports for specific areas. View full review »
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
456,495 professionals have used our research since 2012.
CSSP Manager at a tech services company with 51-200 employees
I'm a security manager and Splunk is not a good solution for my needs and not as good as other products I've used. I really think they just overreached and are marketing the solution as something that it really isn't. It's really not an SIEM product. It's really not a monitoring solution. If Splunk wants to get into SIEM, they need to make a totally new product. They should just leave SIEM, it's not their thing, not what they do. They're good at log collection and indexing. Stick to it. There are some things with log collection and log retention capabilities that they could actually improve instead of trying to create products for all these other different areas. I don't want their next release, I would rather just kind of scale back on some of the extras, and just really focus on log collection and log retention. I'd like to have more options on how I can perform those features with their products. I'd like to see a lot more integration with other products. View full review »
Automation Specialist, Analytics at a computer software company with 10,001+ employees
Sometimes we experience issues when formatting and configuring files; however, this is a very technical issue that's hard to explain. When extracting the data or structuring the data in the right format, sometimes it becomes challenging. It's up to the user to understand the regex commands. Our customers often complain that the price of Splunk is too high. When Splunk is deployed on the cloud, there are certain considerations that cannot be met. Cloud-based configuration cannot be done by our Splunk admin team. It needs to be routed via a ticket. You don't have more control on the cloud from a configuration point of view, whereas, with on-premise, you are in control — you can define any configuration settings. When you install on-premise, many types of configurations can be done but when Splunk is on the cloud, you're dependent on their specific configurations. View full review »
Gregg Woodcock
Consultant at Splunxter, Inc.
* It needs integration with a configuration management solution. * It could use better password management for forwarders. * It needs a better way to export dynamic views without requiring a ton of code and user/pw. View full review »
Presales Manager at a tech services company with 11-50 employees
Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market. Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud. Its costs are too high and it should be more cost effective because it's going to be a cloud offering. View full review »
Director of Information Security with 201-500 employees
The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication. What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time. View full review »
Senior Informatica Administrator at a computer software company with 10,001+ employees
Index performance is a bit slow but this is partly due to the huge volumes of data for our industry within our environment This makes the index very large and inefficient in terms of performance. Performance could be improved to cater to this, however. We have also had problems with the compatibility between Splunk and other systems. We have previously been on 5.3 and migrated to 5.5. We are now planning to migrate to version 7.7. It has been difficult to find documentation about the compatibility with Linux. In terms of the interface, it could include some improvements for the look and feel. View full review »
Praful Bhatnagar
Principal Systems Engineer at a computer software company with 10,001+ employees
Our two main complaints are about the difficulty of the initial setup and the licensing model. The billing model is a little bit complicated because you have to predict in advance how much data you'll have and how much storage you'll need. When you start, you don't really have those numbers but to get the licensing, you need them. It is only at that point that you'll know how much the product is going to cost you. View full review »
Assistant Vice President at a financial services firm with 10,001+ employees
Over the years, I know they've been doing what they can to continue to add integration capabilities to their solution. If they continue to do that, that would be ideal. However, beyond that, there really aren't any features that I find to be lacking in any part of the solution. On-premises scaling of the solution is a bit more limited than it is on the cloud. The pricing of the solution needs to be a bit lower. It would be ideal if the hardware could meet more universal global regulatory requirements. It would be great it the solution better aligned with global standards. View full review »
Engineer at a financial services firm with 201-500 employees
The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do. The solution needs a bit more functionality. For example, being able to save a search and select it when you're doing an investigation. I know you can create dashboards and things like that, however, sometimes being able to have a pre-saved search and just fill in whatever value you need would make everything so much easier. View full review »
Shaveta Datta
Technical Project Manager at Altran
I would like to see them develop integration with the help of a rack rest API. Which is an API that helps to secure communication with oracle cloud and pull down records from there. This integration is currently missing in current version of splunk. I'm looking forward to see this feature getting implemented in next version of Splunk and so that organizations can get benefit of this feature in future. View full review »
System Administrator at a tech services company with 51-200 employees
Splunk is a very costly solution and I think it's the most expensive in the market in terms of costing. Splunk provides an application for infrastructure monitoring. If we're monitoring the docker with containers, we can't see the container name, only the ID. That's a big drawback. View full review »
Mui Tran
Project Manager at Idemitsu Oil & Gas
If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well. View full review »
Praful Bhatnagar
Principal Systems Engineer at a computer software company with 10,001+ employees
It's difficult to set up initially, and their billing model is also a bit complicated. We have to predict in advance how much data we will have and what the storage would be that we don't have. This makes the licensing complicated because when you start you don't have these numbers. In order to know how much it will cost, you need those numbers. I really wish that it was an application that was easier to use. View full review »
Julio Ortiz
General Manager at Intersoft S.A.
They could have more dashboards done or predefined so our clients could use them directly in order to have more information ready to use. The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client. View full review »
IT System Developer/Admin at a manufacturing company with 10,001+ employees
An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times. They also need to update their documentation. View full review »
Manager-TCTSL NGN Security-Practices at a comms service provider with 10,001+ employees
The solution is quite costly, more than any other product in this market. View full review »
Seyfallah Tagrerout
IT & Cloud Architect at AiM Services
The security can be improved. View full review »
Sr. IT Manager at a government with 10,001+ employees
Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for. In the next release of this product, I would like to see it offer more recommendations as to what needs to be done. View full review »
Data Scientist at a tech vendor with 201-500 employees
Splunk needs to be able to hold more days of data. At the moment it only holds three months of data. It needs more views and colors within the dashboard and the ability to have the flexibility to create a user-defined panel. View full review »
Engineer at a integrator with 11-50 employees
The clusters are hard. It has too many moving parts. They should make data onboarding easier. View full review »
Rudi Wicaksono
Architecture and Security Team Leader at Offshore North West Java (ONWJ)
Splunk should be able to integrate with other product using the free version. The product was difficult to back up the first time. View full review »
Marc Chan
Net Sec at a tech services company with 11-50 employees
Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them. It would be best if they can incorporate all security locks with minimal incidents. View full review »
Sr. IT Manager at a government with 10,001+ employees
Splunk is very complex. The implementation and the scanning of the logs can be difficult. View full review »
Luiz Fernandes
Técnico Judiciário at a government with 1,001-5,000 employees
Cybersecurity and infrastructure monitoring have room for improvement. View full review »
M Ghuyoor Syed
Sr. Manager Information Security at Tapal Tea (Private) Limited
Due to the size limit, we could not see the full product. View full review »
VMware Engineer at First Data Corporation
* The amount of time it takes to troubleshoot not-easily-available data * Also, hours on the phone with VMware techs. View full review »
Cyber Analyst with 501-1,000 employees
A few more analysis aids might help. The next release could have more intuitive help examples. View full review »
Emad Ul Haq
Network & Telco Lead at Mercury
Code understanding requirement is complicated for most users. View full review »
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
456,495 professionals have used our research since 2012.