Splunk Valuable Features

The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk. View full review »

Splunk can be seen as a huge box that allows the storage of all sorts of logs. This allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar. Splunk allow schema on the fly and therefore simplifies all the data onboarding process. All that leads to flexibility when it comes to defining the metadata since it is not necessary to have all the fields defined and extracted to be able to use Splunk. Another great feature is the field extractor that allows persons with little or no experience with Regex to define fields and extract valuable information from the data. Finally, the ability to connect with various sorts of databases, NoSQL solutions, makes it a very powerful tool, not only as a SIEM but also as a datalake for machine learning and data analysis. View full review »

* Core Splunk * Saved searches * Dashboards. Then, you have your own SIEM. View full review »

The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature. View full review »

There are too many features to list, but here are a few: * Schema on the fly * Ease of on-boarding data * Machine learning * Apps or Splunk base. * Great list of apps to use and also build upon once you learn more about how Splunk works. * We build many of our own apps by leveraging the logic in the others. * Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort * Data Models Acceleration for super fast searches across tens of millions of events * Common Information Model * Security Essentials App * Enterprise Security * Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities * Log storage or compression is great and retention is not an issue * Dashboards are simple to create and the input options like Time Range, Text * Drop-downs are simple to create. * Integration with cloud solutions is great and keeps getting better. * Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc. View full review »

Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It does a great job at handling unstructured data. Breaking data into key/value pairs so that it can be searched is relatively painless. View full review »

Low barrier to start searching with the ability to normalize data on the fly. I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs. View full review »

* The easy automatic field parsing of logs. * Data model acceleration * The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink. View full review »

UBA, User Behavior Analytics. View full review »

* Splunk delivers a holistic view of an application (the big picture). * Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value. * Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours. * Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster. * Ability to monitor and resolve integration problems before they impact the business user area. * Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications. * Provides additional insights into a 360 degree view of the customer. View full review »

* The speed of the search engine * All the types of data sources that you configure can be forwarded to Splunk. * The ease-of-use View full review »

There are too many features to list, but here are a few: * Schema on the fly * Ease of onboarding data * Machine learning * Apps or Splunkbase. * Great list of apps to use and build upon once you learn more about how Splunk is easy to learn and has IDE like capabilities. * Log storage or compression is great and retention is not an issue. * Dashboards are simple to create and has input options, like time range and text. * Drop-downs are simple to create. * The integration with cloud solutions is great and keeps getting better. View full review »

Splunk's capability to receive any types of logs and index them is a very good feature. To get visibility from your network devices, servers, and security devices is a great feature. View full review »

Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them. View full review »

The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data. Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined. View full review »

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities. View full review »

The analytics and querying the indices is super easy. The data representation options in the dashboards are excellent. Multiple datasource/filetypes are supported and each can be customized in a few clicks. View full review »

Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront. Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data. View full review »

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others. View full review »

* Event matching between several appliances * Correlating data from different sources * Report viewer View full review »

Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats. View full review »

It has a low barrier to entry, but it is extremely extensible, allowing it to be tailored to highly specific use cases. It makes searching through a wider variety of logs much quicker and enables you to correlate events from one log to another. View full review »

The following are top three features that I find quite valuable: * Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning. * Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level. * Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app. View full review »

Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform. View full review »

* Collects data from any source * Powerful search, analysis, and visualization * Easy to build system on any platform * API and easily integrated search * Action script View full review »

* Can ingest data from various data sources. * Is very useful for organizations who are attempting to meet compliance requirements. * Is able to fully configure and integrate various solutions into one tool and provide actionable results. View full review »

* Unstructured data * Linking things together * Building out stuff which is actionable. Once you learn SPL and what data you need to obtain and merge together, it is really useful. View full review »

Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks. View full review »

* Flexibility when creating dashboards * Automated cron searches * Real-time and scheduled searches with alternate functionalities * User-base integration with LDAP View full review »

So many of Splunk's features are invaluable to us: * Machine and business data retention * Solid HA and distribution * Adaptability to custom data * Search, Search, Search. View full review »

Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data. They can make connections that we could not have foreseen. They dig deeper when they are searching. View full review »

The search language is easy to understand and teach to new users. The SDK is comprehensive and has incredible levels of integration with the platform and data. View full review »

The correlation searches dashboard and provide me a quick birds-eye view of my most important concerns. View full review »

Personally, I like the capability of removing sensitive data before it goes into Splunk. I also like the ease with which dashboards can be created. View full review »

Deployment server for deploying changes in one go. View full review »

They provide excellent predefined user cases. View full review »

It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver. View full review »

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents. View full review »

The best features would have to be the ability to ingest any data and display it in a way that anyone can understand. View full review »

Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed. View full review »

It is ease to integrate with other solutions, like Slack, JIRA, Remedy, etc. View full review »

Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. View full review »

* Regex for fields creation is great. * High availability * Easy to use in any environment. View full review »

The most valuable features are: * Risk analysis * Machine Learning Toolkit * dbConnect * Cisco products * eStreamer * SIEM. Visualizations are the best way to understand deviation techniques from the norm. View full review »

Integrity with many vendors: This simplifies the implementation and integration with different devices. View full review »

Search and Dashboarding: Allows us to quickly search for an error and plot the results on a chart. View full review »

* Drill down * Apps * REST API * Software development kits * Architecture * Replication capabilities View full review »