Splunk Valuable Features

Engineering Manager at a manufacturing company with 10,001+ employees
We like the dashboard creation and the ease with which we can harness the APIs to create custom BI dashboards on the fly. This adds most value for us. The nature of some of our microservices that I have run on the cloud are mixed workloads, wherein with the flow of data, it can change over time. In order to adjust for this, and cater to the needs of some of our internal customers, BI dashboards need to be created, tweaked, and modified. Also, doing this by hand is next to impossible. Therefore, we have strung all of this through a programmatic pipeline, which s something which we like because it is easier for us to harness it utilizing the API. View full review »
Colt Rodgers
Infrastructure Engineer at Zirous, Inc.
The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk. View full review »
Kenn Brodhagen
DevOps Engineer at Amplify
Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc. View full review »
Tony Fabrikant
CTO at IHS Markit
The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports. The dashboards are very intuitive and similar to SQL. They are easy to set up and get running. View full review »
Gavan McLaughlin
Application Engineer at Expedia
The most valuable feature is its centralized log analytics. View full review »
david hourani
Lead Splunk Architect at a financial services firm with 10,001+ employees
Splunk can be seen as a huge box that allows the storage of all sorts of logs. This allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar. Splunk allow schema on the fly and therefore simplifies all the data onboarding process. All that leads to flexibility when it comes to defining the metadata since it is not necessary to have all the fields defined and extracted to be able to use Splunk. Another great feature is the field extractor that allows persons with little or no experience with Regex to define fields and extract valuable information from the data. Finally, the ability to connect with various sorts of databases, NoSQL solutions, makes it a very powerful tool, not only as a SIEM but also as a datalake for machine learning and data analysis. View full review »
Enterprise Architect at a tech services company with 10,001+ employees
The ability to create dashboards. You can run reports against multiple devices at the same time. You are able to troubleshoot a single application on a thousand servers. You can do this with a single query, since it is very easy to do. View full review »
Gregg Woodcock
Consultant at Splunxter, Inc.
* Core Splunk * Saved searches * Dashboards (SimpleXML) With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM. View full review »
Presales Manager at a tech services company with 11-50 employees
Splunk has many good apps and has a contribution from all security vendors. That's where Splunk wins. View full review »
Paul Gilowey
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature. View full review »
Kent Farries
Security Architect at a energy/utilities company with 1,001-5,000 employees
There are too many features to list, but here are a few: * Schema on the fly * Ease of on-boarding data * Machine learning * Apps or Splunk base. * Great list of apps to use and also build upon once you learn more about how Splunk works. * We build many of our own apps by leveraging the logic in the others. * Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort * Data Models Acceleration for super fast searches across tens of millions of events * Common Information Model * Security Essentials App * Enterprise Security * Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities * Log storage or compression is great and retention is not an issue * Dashboards are simple to create and the input options like Time Range, Text * Drop-downs are simple to create. * Integration with cloud solutions is great and keeps getting better. * Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc. View full review »
Sam Osborn
Software Engineer at Tableau Software
Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good. Out-of-the-box, it seems very powerful. View full review »
Joshua Biggley
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It does a great job at handling unstructured data. Breaking data into key/value pairs so that it can be searched is relatively painless. View full review »
Shaveta Datta
Technical Project Manager at Aricent
It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull up the reports very easily, take action, and notify stakeholders. View full review »
Michael Kaericher
Application Engineer at a financial services firm with 5,001-10,000 employees
Low barrier to start searching with the ability to normalize data on the fly. I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs. View full review »
Yosef Tavin
Devops Engineer at Controlup
* The easy automatic field parsing of logs. * Data model acceleration * The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink. View full review »
Mui Tran
Project Manager at Idemitsu Oil & Gas
The most valuable feature of Splunk is the log monitoring. View full review »
Amir Jalilzadeh
Java Developer with 201-500 employees
UBA, User Behavior Analytics. View full review »
Mark Kline
Information Architect at a financial services firm with 5,001-10,000 employees
* Splunk delivers a holistic view of an application (the big picture). * Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value. * Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours. * Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster. * Ability to monitor and resolve integration problems before they impact the business user area. * Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications. * Provides additional insights into a 360 degree view of the customer. View full review »
Robert Bailey
Owner with 1-10 employees
Splunk's capability to receive any types of logs and index them is a very good feature. To get visibility from your network devices, servers, and security devices is a great feature. View full review »
Senior IT Security Operations at a pharma/biotech company with 10,001+ employees
* The speed of the search engine * All the types of data sources that you configure can be forwarded to Splunk. * The ease-of-use View full review »
Jerry Castille
Chief Architect at Pathmaker Group
It has a big user base, so the community is useful. View full review »
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
The dashboard centralizes the daily routine. We used to do this by hand. Now, we go through daily checklists, using the dashboard and setting up the alarms. It helps us to cut down the time on this routine. I am a cybersecurity director. I manage five different business lines. Every morning, we used to have to go to different tools to get our daily routines done. With Splunk, centralized as it is, we can see everything in one place. We use it not only for monitoring events, but in case we need to do a group call. We can see what's going on, viewing all of the offenses and security events which are happening in our infrastructure. View full review »
Troy Landers
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them. View full review »
Rajesh Mandale
Splunker at a tech services company
There are too many features to list, but here are a few: * Schema on the fly * Ease of onboarding data * Machine learning * Apps or Splunkbase. * Great list of apps to use and build upon once you learn more about how Splunk works. * Ease of correlation, creating correlation searches (easy), and you can combine multiple sources with little effort. * Data Models Acceleration for super fast searches across tens of millions of events. * Common Information Model * Security Essentials App * Enterprise Security * Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities. * Log storage or compression is great and retention is not an issue. * Dashboards are simple to create and has input options, like time range and text. * Drop-downs are simple to create. * The integration with cloud solutions is great and keeps getting better. View full review »
Christopher Mooney
Incident Manager at a tech services company with 201-500 employees
The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data. Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined. View full review »
Tomi Juslin
QA Lead at a financial services firm with 11-50 employees
It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end. This is the best thing. View full review »
IT Analyst at a energy/utilities company with 1,001-5,000 employees
The user can apply for all kinds of device systems, no matter whether he/she is using Windows or Linux. It can easily collect the logs. In addition, the user can have an index which can help us to collect and analyze all kinds of logs and find the outstanding issues. View full review »
Roman Burdakov
Engineering Manager at Cengage Learning
There are a lot of plugins to integrate this. The client site login is pretty extensible and probably cost-effective. Plus, it is easy to configure. View full review »
Ken Orr
Security Engineer at a tech services company with 501-1,000 employees
The search application has been the most useful. We have also liked the reporting features and dashboard capabilities. View full review »
Security Architect at a comms service provider with 10,001+ employees
* Easy indexing. * The solution is faster. View full review »
Director at a tech services company with 10,001+ employees
* The product is adept at log mining. * It has the flexibility to do multiple analyses. * It works across heterogeneous environments in different ways. View full review »
Jorge Noguera
IT Infrastructure Architect at a tech consulting company with 10,001+ employees
* Event matching between several appliances * Correlating data from different sources * Report viewer View full review »
MS Alam
System Administrator at Abdullah Al-Othaim Markets
Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats. View full review »
Project Manager at a comms service provider with 10,001+ employees
The auto-notification abilities are a huge benefit for us. View full review »
Lead Systems Architect at a energy/utilities company with 10,001+ employees
Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform. View full review »
Madison Moss
Splunk Architect at a aerospace/defense firm with 5,001-10,000 employees
It has a low barrier to entry, but it is extremely extensible, allowing it to be tailored to highly specific use cases. It makes searching through a wider variety of logs much quicker and enables you to correlate events from one log to another. View full review »
Colin Jackson, CISSP, MMIS, GMON
Information Security Engineer/Architect at a tech services company
* Unstructured data * Linking things together * Building out stuff which is actionable. Once you learn SPL and what data you need to obtain and merge together, it is really useful. View full review »
Rudi Wicaksono
Architecture and Security Team Leader at Offshore North West Java (ONWJ)
All the features are valuable. It helps us uncover bottlenecks in the network. View full review »
Marc Chan
Net Sec at a tech services company with 11-50 employees
The search function for splunk is like a google search. You just enter and it will quickly show you the results. View full review »
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
So many of Splunk's features are invaluable to us: * Machine and business data retention * Solid HA and distribution * Adaptability to custom data * Search, Search, Search. View full review »
Niket Nilay
Technical Lead at a tech services company with 10,001+ employees
The following are top three features that I find quite valuable: * Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning. * Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level. * Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app. View full review »
John Hluboky
SVP, Technical Operations at a tech vendor with 201-500 employees
Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks. View full review »
Senior Network & Security Architect at a insurance company with 501-1,000 employees
It is quite extensible. It is a platform that we can build our use of each case instead of each case being limited or restricted to each capability. This is probably the best feature. View full review »
Account Manager at a tech services company with 10,001+ employees
Deployment server for deploying changes in one go. View full review »
Nathan Plamondon
Splunk Administrator at a university with 10,001+ employees
Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data. They can make connections that we could not have foreseen. They dig deeper when they are searching. View full review »
Scott Odle
Business Intelligence Developer at a university with 10,001+ employees
The search language is easy to understand and teach to new users. The SDK is comprehensive and has incredible levels of integration with the platform and data. View full review »
Michael Linde
Senior Network Security Engineer at a media company with 1,001-5,000 employees
The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns. View full review »
Christina Spires
Systems Analyst Staff - SW Eng Compute Analytics Lead at a wireless company with 10,001+ employees
It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver. View full review »
consultant at a non-profit with 1,001-5,000 employees
Personally, I like the capability of removing sensitive data before it goes into Splunk. I also like the ease with which dashboards can be created. View full review »
Sr. Production Support Analyst at a energy/utilities company with 501-1,000 employees
It is ease to integrate with other solutions, like Slack, JIRA, Remedy, etc. View full review »
User at a financial services firm with 10,001+ employees
Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents. View full review »
Clara Merriman
Business Intelligence Engineer at a hospitality company with 501-1,000 employees
Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. View full review »
Noah Woodcock
Data Scientist Intern at a tech vendor with 1-10 employees
The best features would have to be the ability to ingest any data and display it in a way that anyone can understand. View full review »
Luiz Fernandes
Technician at a government with 1,001-5,000 employees
Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason. View full review »
Java Technical Lead at a insurance company
* Regex for fields creation is great. * High availability * Easy to use in any environment. View full review »
Robert Pollard
Director of IT at a government with 1-10 employees
Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed. View full review »
Gangikunta Somanath
Principal Engineer at a retailer with 10,001+ employees
The most valuable features are: * Risk analysis * Machine Learning Toolkit * dbConnect * Cisco products * eStreamer * SIEM. Visualizations are the best way to understand deviation techniques from the norm. View full review »
Ahmed Zard
BS Systems Engineer at a tech services company with 201-500 employees
Integrity with many vendors: This simplifies the implementation and integration with different devices. View full review »
Senior Security Engineer
Search and Dashboarding: Allows us to quickly search for an error and plot the results on a chart. View full review »
Enterprise Architect and Business with 5,001-10,000 employees
The most valuable features are understanding the visualization compass on the dashboard, as well as the reports on the dashboards. View full review »
M Ghuyoor Syed
Sr. Manager Information Security with 1,001-5,000 employees
Selecting the relevant events and records. View full review »
VMware Engineer at a financial services firm with 10,001+ employees
* In-depth logs * Add-ons * The ability to ingest data from other tools * The detailed log view * It's easy to read View full review »
Principal Consultant with 51-200 employees
* Drill down * Apps * REST API * Software development kits * Architecture * Replication capabilities View full review »
Cyber Analyst with 501-1,000 employees
The ability to correlate results. View full review »
Emad Ul Haq
Network Designer with 51-200 employees
Log search and alerting/reporting. View full review »

Sign Up with Email