We just raised a $30M Series A: Read our story

Splunk User Behavior Analytics OverviewUNIXBusinessApplication

Splunk User Behavior Analytics is the #2 ranked solution in our list of top Anomaly Detection Tools. It is most often compared to Darktrace: Splunk User Behavior Analytics vs Darktrace

What is Splunk User Behavior Analytics?
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics – for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.

Splunk User Behavior Analytics is also known as Caspida, Splunk UBA.

Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: October 2021

Splunk User Behavior Analytics Customers
8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia
Splunk User Behavior Analytics Video

Archived Splunk User Behavior Analytics Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
NS
Senior Security Engineer at a government with 1,001-5,000 employees
Real User
Easy to configure and easy to use solution that integrates with many applications and scripts

Pros and Cons

  • "This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
  • "The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."

What is our primary use case?

Our primary use is intrusion detection and analysis. It is a great product because it is intelligent and does everything for us.

How has it helped my organization?

It is a great product because it is intelligent and does everything for us. We have a LAN (Local Area Network) and sensitive, classified data and we have to be sure it is well-protected.

What is most valuable?

It's a component that is easy to configure and easy to use. They have familiar and friendly dashboards for the users. You can make a lot of the dashboards if you want to integrate with it. If you have the basic skills and basic codes you can just create more use cases. You can also have alert systems. You have a lot of different alerts that you can use. You can integrate with all the applications and scripts, like with Kaspersky. We integrate multiple publications with this product.

What needs improvement?

Actually, the most valuable aspect of Splunk is the data. You do not need to use your databases to perform all things from on all the servers we have. Splunk has three big things it can do with data: it can show it hot, warm and cold. The hot of it allows you to see the data as soon as things happen — maybe to the second. We have the warm, the warm will segment the data up to the hot up to three months ago. The cold will store all of the archives of all the data after the six months. After that, you can't make comparisons any further. 

In the future, we make Splunk in the SOC (Security Operations Center). In the SOC now, we use one feature, it's called the alert system. So in the future, we want to make it so we can send all the data and we can build its security and its management. It will be published in all the places as it is now. We need to do this so we can build more data centers from all the past and existing data crunch.

For how long have I used the solution?

We have been using the product for three years.

What do I think about the stability of the solution?

From the IP end and from ArchSight from HP, I think that Splunk works out very good for me. Not 100%, but 80%. IBM has a lot of features not familiar to the user and the support is very bad. ArcSight thas support, but they forget they have small issues. So, we use Splunk because it is the pinnacle of the organizations. We have specificity. We don't want any kind of application that can corrupt all our data. So we use the Splunk because we see more admirable organizations using it. So we share the knowledge with them.

What do I think about the scalability of the solution?

This solution is scalable depending on your need. The security department belongs to Splunk, so we have approximately 25 people using the system.

We have plans to increase usage soon.

How are customer service and technical support?

If you implement something with this product I think you need one-year technical support. But the first thing you need is your BUC (Business Use Case). The BUC allows you to know how much deploying the application costs and how many prerequisites you need to fulfill. After defining the BUC you will kick off the project, and after you have implemented, you have to purchase from the vendors one year of support. After that, they give you support until you are ready for the kick-off of the live project but have their support if something goes wrong.

Which solution did I use previously and why did I switch?

For SIEM (Security Information and Event Management), we used to use McAfee, and it was not good for us. And also we used ArcSight. But we also realized it could not do some things. After that, we networked and decided to use Splunk.

How was the initial setup?

It's good we are using the firewall and it's very good for Splunk. To implement the system depends in most cases your prerequisites. You have to know what you are building in the environment, how many servers you have, how many other devices, restrictions, and routing. It's a different environment depending on how many applications you have.

So the choices depend on what you need most of the time. We assigned a project manager for technical support for planning. I think it cost us six months to have it running. But it could be very different in other situations.

What's my experience with pricing, setup cost, and licensing?

There are a few things about the price. There are several packages but if you want to use it as an enterprise, you have to pay enterprise price. That is the initial price is for the basic enterprise application, but you get charges for volume use, not per user. Initially, we bought 100GB and now we bought 200GB.

Other applications you want to install for additional, integrated functionality costs more. For example, for Splunk they have two modules you need to use it optimally, I think. One is for applications. It's called Splunk Enterprise Security. After that, you will want to purchase another application called Defense. So it's more than one model for pricing. The more you use, the more you pay. It comes with unlimited users and volume discounts.

Which other solutions did I evaluate?

We worked with McAfee and ArcSight, but Splunk turned out to be better.

What other advice do I have?

From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products are good for those purposes.

The storage gets better priced with the amount you use. The storage is very expensive if you take some of the license options from the company. We won't be using unlimited storage for how much data will be imported from our bandwidth. I think the unlimited license is good because we will use a lot.

On a scale from one to ten when one is the worst and ten is the best, I would rate Splunk User Behavior as a nine. I didn't give them ten because Splunk does not provide something for the professional investigation. There is something that prevents you from using data the way you want to use data for in an investigation. Sometimes with Splunk, we cannot bring the data out in a better form and some users cannot understand it exactly. What I am talking about is options for a more professional investigation, not for normal behaviors. If you want to just look at normal behavior the program will give all you need. But sometimes you need other use cases to see the action.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AK
CISO at a financial services firm with 201-500 employees
Real User
Professional technical team but I would like to see a more user-friendly interface

What is our primary use case?

Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation. 

What needs improvement?

In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.

For how long have I used the solution?

I have been using Splunk User Behaviour Analytics for two years now.

What do I think about the stability of the solution?

I think the solution is very stable.

What do I think about the scalability of the solution?

The solution is definitely scalable, because we currently have 1000 users in our company and we plan to increase.

How are customer service and technical support?

I am really satisfied with their…

What is our primary use case?

Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation. 

What needs improvement?

In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.

For how long have I used the solution?

I have been using Splunk User Behaviour Analytics for two years now.

What do I think about the stability of the solution?

I think the solution is very stable.

What do I think about the scalability of the solution?

The solution is definitely scalable, because we currently have 1000 users in our company and we plan to increase.

How are customer service and technical support?

I am really satisfied with their technical support. The technicians are very professional.

What's my experience with pricing, setup cost, and licensing?

The licensing costs is around 10,000 dollars.

What other advice do I have?

I will rate this product a seven out of ten, and I would definitely recommend it to others.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Splunk, Darktrace, Cisco and others in Intrusion Detection and Prevention Software (IDPS). Updated: October 2021.
543,089 professionals have used our research since 2012.
MH
Information Security Specialist at a financial services firm with 201-500 employees
Real User
Top 20
Has powerful search, indexing, and scalability features

Pros and Cons

  • "The most valuable features are the indexing and powerful search features."
  • "The correlation engine should have persistent and definable rules."

What is our primary use case?

Splunk has features that no other solutions have. We work in organizations that have a big volume of data. Our primary use case of this solution is for indexing. The best solution that we found that could fit our needs was Splunk.

What is most valuable?

The most valuable features are the indexing and powerful search features. 

What needs improvement?

The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules.  

Correlation capabilities in ArcSight are better than in Splunk. 

For how long have I used the solution?

I have been using Splunk for more than three years.

What do I think about the stability of the solution?

The stability is good. It's reliable and can be used in enterprise environments. 

What do I think about the scalability of the solution?

It is a scalable solution and can support many users. The scalability is another powerful feature of this solution.

We have around ten users using this solution in our company. We also provide this solution to our subsidiary companies so there are more than twenty users.

How are customer service and technical support?

We are in Iran and are under U.S. sanctions so we can only use online forums for support. We can't use their technical support. 

How was the initial setup?

The initial setup was easy. 

What about the implementation team?

We did the implementation in-house. 

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are on a yearly basis. 

Which other solutions did I evaluate?

We researched many solutions before choosing Splunk like LogRhythm, ELK, and FortiSIEM.

What other advice do I have?

After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ali Tamimi
Managing Director at Hayyan Horizons
Real User
Top 20
An intuitive solution with excellent integration capabilities

Pros and Cons

  • "The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
  • "They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."

What is our primary use case?

We primarily use this solution for security.

What is most valuable?

The solution offers good searching and allows for easy creation of dashboards and reports. It's intuitive and not very difficult. You just need to learn the SPL, Search Processing Language, in Splunk. This also helps you to clear more advanced use cases. 

Integration is very easy as well. It's quite good. If you want to add more devices and solutions, or other technologies for monitoring, it's easily done in Splunk, with all its firewalls, its switches, and network devices. 

What needs improvement?

They can improve the licensing scheme. They are moving from perpetual to term licensing, which is not good. That is an area they need to improve.

On the network monitoring side, if they can have additional features, similar to other solutions like QRadar. They need to add a feature similar to network behavior analytics.

If Splunk is able to add some of those features then the solution will be like perfect.

I think they could have a built-in user behavior analytics engine, and more advanced artificial intelligence features as well. One bad feature on the solution is the network and the behavior of anomaly detection. Their machine learning is good, but I think they can improve on that as well. 

They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases.

For how long have I used the solution?

I've been using the solution for four years.

What do I think about the stability of the solution?

The solution is very stable; it's very good.

What do I think about the scalability of the solution?

The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk.

How are customer service and technical support?

Technical support is average. It's not bad, but it's not excellent either.

How was the initial setup?

The initial Setup is straightforward. It's pretty simple to set it up. You just have to configure it.

Deployment took about a month, including forming configurations and customizations. For just the setup, it's only about five days of implementation.

What's my experience with pricing, setup cost, and licensing?

Right now, they have two licensing models, a perpetual license and a term license with an annual subscription. Splunk decided that they would stop the perpetual licensing model, which means that customers will need to buy a subscription going forward.

What other advice do I have?

We use the on-premises deployment model of the solution.

The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs.

It's important that you start with good infrastructure when you implement Splunk, or you may run into issues.

Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. 

I would rate the solution nine out of ten. I would recommend the solution to others.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AE
Security PS Supervisor at a tech services company with 1,001-5,000 employees
Real User
A powerful platform with straightforward configuration, but needs to be more scalable

Pros and Cons

  • "It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
  • "The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes."

What is our primary use case?

The solution has two main uses. The primary use is for log management and storage. The secondary use is related to solution log coordination and selection.

What is most valuable?

Splunk is a very powerful platform. It's a machine data platform, and it can provide several models that use the same appliance and on the same platform, including some business platforms. I do believe when it comes to functionality and ease of use, Splunk is one of the market leaders in this area.

When it comes to quality, I believe Splunk is the easiest platform on the market. It has a lot of subscripts, and a lot of licenses, which can provide the customer with all the requirements they need.

The solution has some predefined use cases that we count on. It's a customizable platform as well, which can be easily customizable based on the customer requirements and the environment itself. 

It provides ease of use. It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirements. It can help the customer to design or to actually plan their own roadmap. And it can be rolled out in several phases.

What needs improvement?

The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes.

I would like to see a better tracking intelligence module with lower costs fully integrated with a user behavior analytics module. It would empower this module with the keys and real-time updates in terms of security.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

It's stable. I used to deal with other vendors in the UBA such as HP ArcSight, which is a bit more sophisticated and complicated in terms of configuration and in terms of monitoring. Splunk is much easier and very straightforward in terms of configuration and monitoring and customization as well.

What do I think about the scalability of the solution?

There is a question as to how to scale up, especially in the log management area. Customers have their own predefined retention period, which means storing the logs for a long time. It's usually a minimum of six months or in some cases, up to one year. So the scalability has a little bit a limitation or restriction in storage components.

How are customer service and technical support?

I'm not an end-user, so I'm not supposed to open any end-user cases. However, the team that receives requests from customers and end-users themselves feels comfortable with the level of support they get. They're being provided with answers from a strong technical support team. So I do believe that it's going good. I haven't heard anything about them suffering from any problem of latency or shortage of resources, or a lack of knowledge and so on. I think technical support is fine.

Which solution did I use previously and why did I switch?

I used to deal with several solutions, like HP or Micro Focus ArcSight, IBM Curator, and LogRhythm.

What's my experience with pricing, setup cost, and licensing?

The solution is relatively expensive. There are costs above the standard licensing as well.

Pricing varies according to the customer's needs and set up. Pricing depends on the licensing model and if the normal log management licensing model or the security plus license. It also depends on the licensing model and the platform required by the customer. It can further depend on if the customer owns a Splunk hardware platform, or if they can host these licenses and subscriptions on their own platform. It can vary depending on the OPEX model and CAPEX model as well. There are a lot of variables that encompass the total cost of the solution.

I believe that Splunk is about 50% more expensive than other solutions.

What other advice do I have?

I'm a system integrator, which provides the solution to end-users and customers.

We handle the on-premises deployment model.

I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics.

I would rate the solution seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
MA
Director of Technology at a insurance company with 10,001+ employees
Real User
Enables us to collect data from multiple different sources to be able to use it to prevent damages proactively

Pros and Cons

  • "The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."

    What is our primary use case?

    The primary use case for this solution is to collect data from multiple different sources to be able to use it to proactively prevent damages.

    How has it helped my organization?

    We have 81000 desktops and we could take logs off those machines and see patterns, and from those patterns, we've been able to reduce the outages going forward proactively.

    What is most valuable?

    The most valuable feature is being able to take data and put it into other systems so that we could see the output and see where we need to apply our focus.

    What needs improvement?

    I'm not that close to the actual hands-on usage to suggest improvements. One thing I would say is that they should continue to expand it on more devices. I would say continue to broaden the horizon where there are limitations now.

    What do I think about the stability of the solution?

    It's been very stable so far in its core. The company's been great.

    What do I think about the scalability of the solution?

    It's very scalable. We have it on servers, around 19000 servers, 81000 desktops. We have it on a lot of security devices, so it's been very scalable.

    How are customer service and technical support?

    The support's been good from what I've heard. If it weren't, it would've been escalated to me.

    Which solution did I use previously and why did I switch?

    We have logs everywhere and trying to look at those logs on an individual basis is quite cumbersome, so taking a tool like this that brings all the logs together for us to dissect and analyze is something that we knew would provide great value.

    How was the initial setup?

    The initial setup was straightforward. All that was required was a fundamental understanding of what needed to be installed, the virtual control, the backend database, and how you generate the reports. I would think from those aspects it was pretty straightforward.

    What about the implementation team?

    We implemented through a combination of a reseller and integrator. I'd say for deployment, probably more so through the integrator, and the experience was positive. One company would be DSS. 

    What was our ROI?

    I have seen ROI but they're soft call savings, so hard call savings are hard to pinpoint. There's nothing that I could comment on that would be hard savings. Everything's been soft.

    Which other solutions did I evaluate?

    Vendors on our shortlist included IBM and DSS.

    What other advice do I have?

    If I had to rate Splunk from one through ten, one being the worst and ten being the best, 
    I would give it a nine. There's always room for opportunity, but I think it's been working pretty good. 

    I rate it a nine because I think that the ease of use with the product, like the installation and the support that we receive. From what I hear everything goes well. There's nothing that stands out. We haven't had any vulnerabilities or compliance issues with the product, and we do with others, so those are the reasons why I'd rate it a nine.

    Anyone else looking for a product that can consolidate logs this product does what it says it will do.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    KR
    Security Operations Center Manager
    Real User
    Enables us to look at data rapidly to make a decision

    Pros and Cons

    • "Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks."
    • "The initial setup was complex because some of the configurations that we required needed customization."

    What is our primary use case?

    We use this product to support our operations.

    How has it helped my organization?

    Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks.

    What is most valuable?

    Being able to look at data rapidly to make a decision.

    We have seen a measurable decrease in the mean time to detect and respond to threats. We are now 40 percent or more effective or faster.

    What needs improvement?

    I would like a bit more flexibility on how to configure it. It is still a little locked down, as compared to some open source offerings.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    It is pretty scalable.

    How are customer service and technical support?

    The technical support is good.

    Which solution did I use previously and why did I switch?

    We invested in this solution because our previous way of doing business was not scalable.

    How was the initial setup?

    The initial setup was complex because some of the configurations that we required needed customization.

    What about the implementation team?

    We used an integrator for the deployment. They did a pretty good job and continue to help support the product.

    Some of the customization is a bit tedious. You really need an integrator to help you out.

    What was our ROI?

    The solution has increased staff productivity by around 20 percent.

    What's my experience with pricing, setup cost, and licensing?

    There are additional costs associated with the integrator.

    Which other solutions did I evaluate?

    We currently have a blended environment of ELK, ELK Stack, Elasticsearch, and Splunk.

    What other advice do I have?

    It helps us make decisions faster.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    MF
    IT Consultant at Red Hat
    Consultant
    It has the ability to automatically identify a number of threats, then suggest recommended actions upon them

    Pros and Cons

    • "The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them."
    • "It could be easier to scale the solution if you are using it on-premise, not in the cloud."

    What is our primary use case?

    We are performing a couple of integrations with other products.

    We are using the latest version that is available.

    How has it helped my organization?

    Right now we are working with them as partners, so is more of an integration play. I am not personally using it internally. There is another team that is using it as a consumer. For me, it's more of a technical integration.

    What is most valuable?

    The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them.

    What needs improvement?

    I would love to see more integration with other solutions and the ability to perform some actions straightaway from the dashboard.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    It could be easier to scale the solution if you are using it on-premise, not in the cloud.

    What other advice do I have?

    There is a lot of potential in the product. We have seen the product grow over time. There is potential to grow a bit more and become more proactive than it is right now.

    First assess the use cases. Then, assess the scale and complexity of the use cases that you are trying to solve before implementing the solution. Do not try to find a solution which fits the use case after the implementation.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    FH
    Information Security Manager at a financial services firm with 201-500 employees
    Real User
    Enables searching through a lot of data, but pricing is problematic - you can't budget for it

    Pros and Cons

    • "The most valuable feature is the ability to search through a large amount of data."

      What is our primary use case?

      Threat hunting is our primary use case.

      How has it helped my organization?

      It hasn't really improved the way our organization functions. It has been neutral.

      We have, however, seen a decrease in the mean time to detect threats, by about 15 to 20 percent. We can do more hunting so we can find stuff quicker, but we had other tools that could also do that. It's not bad. It's fine.

      What is most valuable?

      The most valuable feature is the ability to search through a large amount of data.

      What needs improvement?

      The feature set isn't too bad as is. My biggest complaint is the way they do pricing.

      What do I think about the stability of the solution?

      It is fairly stable.

      What do I think about the scalability of the solution?

      It's scalable.

      How are customer service and technical support?

      I don't like their support.

      Which solution did I use previously and why did I switch?

      Our previous solution was a really limited version of what Splunk is. Splunk is the number-one leader in this area, so we went with it. It works. But it's the pricing model which is the problem. And you really don't understand upfront how bad the pricing model is until you get stuck with it.

      How was the initial setup?

      The initial setup was complex. There were a lot of moving pieces. It took a lot to get it going.

      What about the implementation team?

      We did not use an integrator or consultant.

      What was our ROI?

      There's a reason everyone is using other tools to reduce the cost of using Splunk. The ROI is not great, that's why. But once you already have all your data in it, if you have so much already invested in the infrastructure, it's hard to leave it, so you do other stuff to reduce the cost.

      What's my experience with pricing, setup cost, and licensing?

      Pricing is the problem with Splunk. You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly. You can plan for 2x and it will be 3x. You only find out in the long run.

      What other advice do I have?

      I wouldn't buy Splunk because of the cost, because you can't budget for it. You think you can and then you find out later you can't.

      The company is still using it, but they're adding other pieces in to reduce the cost of Splunk. They're spending money to buy another product to pre-process so then they can save money on it.

      We've been improving and the maturity's pretty great. This is just one small piece in the overall platform. And the overall platform, from a cybersecurity maturity perspective, is doing well. If you look at it from that perspective, it's had a positive impact, it has not been a drag.

      The product itself is a seven out of ten. It's somewhat efficient, if you have the right staff and if everything's working properly. You have to have at least one person do care and feeding at the backend to make sure the infrastructure's working.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      ITCS user
      BS Systems Engineer at a tech services company with 501-1,000 employees
      Real User
      Great source for measuring customer satisfaction

      Pros and Cons

      • "It is a solution that helps test and measure customer satisfaction."
      • "There are occasional bugs."

      How has it helped my organization?

      In Egypt, we have phones that provide wide internet services to the customer and the customer wants to know what the customer satisfaction and service was. Then, they post on their Facebook or Twitter page to measure the customer satisfaction and after one or two days they start to take the comments and they enter these comments to Splunk and the UBA starts to make correlations and analytics on this data. Finally, the managers or the decision maker get the results, which is wonderful, and the customer is satisfied. These results help to improve customer satisfaction.

      What needs improvement?

      Splunk can improve the UBA. There are occasional bugs, but they're not so much of an issue.

      We can definitely improve the features, but it depends on the customer's needs. We need to modify or create new dashboards that increase the customer's satisfaction and customer's needs. It depends upon the customer. Not all of the pre-defined dashboards are suitable to the customers or the customer needs on the pre-defined dashboard so we can create dashboards that meet the customer needs.

      For how long have I used the solution?

      One to three years.

      What do I think about the scalability of the solution?

      The scalability of UBA is very useful and helpful but in our country, there is no such need. The customers need UBA as latent data storage. They don't know the efficiency and the usefulness of the app but I think in the near future it will have a better use.

      How is customer service and technical support?

      The last time we needed tech support help it was in order to restore some data from frozen parts. They clarified that the data was restored and the bug didn't affect restoring the data.

      What's my experience with pricing, setup cost, and licensing?

      I hope we can increase the free license to be more than five gig a day. This would help people who want to introduce a POC or a demo license for the solution.

      What other advice do I have?

      It is a helpful tool, especially for customers who deal with the service industry.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Buyer's Guide
      Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Splunk, Darktrace, Cisco, and more!