Splunk Overview

Splunk is the #1 ranked solution in our list of Log Management Software. It is most often compared to Dynatrace: Splunk vs Dynatrace

What is Splunk?

Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

Splunk is also known as Splunk Enterprise Security.

Splunk Buyer's Guide

Download the Splunk Buyer's Guide including reviews and more. Updated: April 2021

Splunk Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Splunk Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Architecture and Security Team Leader at Offshore North West Java (ONWJ)
Real User
It helps us uncover bottlenecks in the network, but needs better local technical support

What is our primary use case?

We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.

Pros and Cons

  • "It helps us uncover bottlenecks in the network."
  • "it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
  • "The product was difficult to back up the first time."
  • "Splunk needs local technical support."

What other advice do I have?

Splunk is great product, especially for my organization.
Project Manager at Idemitsu Oil & Gas
Real User
Centralized log monitoring is pivotal for us

What is our primary use case?

We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.

Pros and Cons

  • "The most valuable feature of Splunk is the log monitoring."
  • "If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."

What other advice do I have?

Because it was a trial version, I was the only one who used it in our company. I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
479,323 professionals have used our research since 2012.
MS
Sr. Manager Information Security at Tapal Tea (Private) Limited
Real User
The search and query feature is very fast but due to the log size limit, we did not get the full benefit

What is our primary use case?

Log collection and search.

How has it helped my organization?

The search and query feature is very fast but due to the log size limit (in trial version), we did not get the full benefit.

What is most valuable?

Selecting the relevant events and records.

What needs improvement?

Due to the size limit, we could not see the full product.

For how long have I used the solution?

Trial/evaluations only.
MH
Cyber Analyst with 501-1,000 employees
Real User
Top 10
It has the ability to correlate results

What is our primary use case?

Testing for insider threat behavior.

How has it helped my organization?

It gave management confidence in current operations.

What is most valuable?

The ability to correlate results.

What needs improvement?

A few more analysis aids might help. The next release could have more intuitive help examples.

For how long have I used the solution?

One to three years.
LF
Técnico Judiciário at a government with 1,001-5,000 employees
Real User
Has the ability to log more logs than similar solutions and is more efficient than its competitors

What is our primary use case?

We use it to do SIEM. 

How has it helped my organization?

It can log more logs than other solutions. It's a good way to troubleshoot problems.

What is most valuable?

Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.

What needs improvement?

Cybersecurity and infrastructure monitoring have room for improvement. 

For how long have I used the solution?

Less than one year.

How was the initial setup?

On a scale from one to ten I would rate the initial setup a seven for its complexity. 

Which other solutions did I evaluate?

We also looked at AlienVault.

What other advice do I have?

I would rate it an eight out of ten.  Splunk is more efficient than other solutions but…
EU
Network & Telco Lead at Mercury
Real User
Provides log collection and analysis

What is our primary use case?

Log collection and analysis Reporting for the whole enterprise environment.

How has it helped my organization?

Improved visibility.

What is most valuable?

Log search and alerting/reporting.

What needs improvement?

Code understanding requirement is complicated for most users.

For how long have I used the solution?

One to three years.
IT & Cloud Architect at AiM Services
Reseller
We use it for reporting and monitoring of all solutions in the company

What is our primary use case?

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.

Pros and Cons

  • "We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
  • "The security can be improved."

What other advice do I have?

I would rate this solution a perfect ten out of ten.
AP
Presales Manager at a tech services company with 11-50 employees
Reseller
Clients benefit from the live security monitoring of their parent IP infrastructure base but Splunk should adjust the pricing

What is our primary use case?

We use it for security incident event management and for IT service intermediates.

Pros and Cons

  • "The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
  • "Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."

What other advice do I have?

I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.
MC
Net Sec at a tech services company with 11-50 employees
Real User
The search function for splunk is like a google search, you just enter and it will quickly show you the results

What is our primary use case?

Our primary use case of this solution is as a centralized lab collection.

Pros and Cons

  • "The search function for spam is like a google search. You just enter and it will quickly show you the results."
  • "Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."

What other advice do I have?

I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors.
SD
Technical Project Manager at Altran
Real User
Enables us to pull up reports very easily, take action, and notify stakeholders

What is our primary use case?

Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.

Pros and Cons

  • "It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders."
  • "It does not give us permission to implement on-premise so we implement them on the cloud."

What other advice do I have?

I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution. I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk.
GS
Director of Information Security with 201-500 employees
Real User
Extremely scalable but they need to make purpose-built modules more robust

What is our primary use case?

* SIEM * Security information * Event management

Pros and Cons

  • "It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
  • "The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."

What other advice do I have?

As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.
VMware Engineer at First Data Corporation
Real User
In-depth logs but downloading and uploading logs have become an issue

How has it helped my organization?

100%. VMware needs log information to troubleshoot; it's not easy finding problems. Downloading and uploading logs have become an issue.

What is most valuable?

In-depth logs Add-ons  The ability to ingest data from other tools The detailed log view It's easy to read

What needs improvement?

The amount of time it takes to troubleshoot not-easily-available data Also, hours on the phone with VMware techs.

For how long have I used the solution?

Less than one year.
BW
Senior Network & Security Architect at a insurance company with 501-1,000 employees
Real User
Central locale for our cybersecurity

What is our primary use case?

Splunk is our central locale for cybersecurity and protection.

How has it helped my organization?

Once we onboarded all of the required needs, it created a lot of visibility for us.

What is most valuable?

It is quite extensible. It is a platform that we can build our use of each case instead of each case being limited or restricted to each capability. This is probably the best feature.

What needs improvement?

I would like to see future development in terms of ML (Machine Learning). 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

It can be scaled quite easily in comparison to other products on…
KK
IT Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
Reduced our time to log

What is our primary use case?

In the beginning, we just wanted to collect the logs from the different devices, like the nano storage, Linux, Windows, and VMware. We tried to get the uniform solution to collect and analyze all of the system logs.

Pros and Cons

  • "In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset."
  • "Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
CTO at IHS Markit
Real User
Top 20
We were able to create a catalog of dashboards and have a holistic view at all levels, understanding our business better

What is our primary use case?

We use it for logging and troubleshooting.

Pros and Cons

  • "The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
  • "We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards."
  • "We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
  • "I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."

What other advice do I have?

Go with Splunk. A lot of people know how to use it because they have experience with it. It works well. While it has some pain points, it provides reports and data visibility. It integrates great with Opsgenie, PagerDuty and Slack. We love the Slack integration, as works great with the Slack alerts. We use the on-premise version in our data centers and we use the AWS version. We are just starting to migrate to the AWS hosted version, and I have not seen a difference.
JD
Enterprise Architect at a tech services company with 10,001+ employees
Real User
You can run reports against multiple devices at the same time

What is our primary use case?

We use it for log aggregation. If you have a large number of devices, you need to aggregate log data to make more sense of it for parsing, troubleshooting, and metrics. This is all we use it for. If I need to track logs for certain application, I will push all of those logs to Splunk so I can run reports on those logs. It is more about what you are trying to do with it and what you need from it.

Pros and Cons

  • "The technical support has been very good. They are very responsive and have been helpful."
  • "You can run reports against multiple devices at the same time. You are able to troubleshoot a single application on a thousand servers. You can do this with a single query, since it is very easy to do."
  • "When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
  • "I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier."

What other advice do I have?

Build your environment a lot bigger than you think you will need it, because you fill it up quickly. We log somewhere in the neighborhood of two to four terabytes a day per data center. We use both AWS and SaaS versions. With the SaaS version, you don't have as much control, but it functions the same, so there is no real difference. Though, the AWS version is probably easier to scale, because it is AWS.
Software Engineer at Tableau Software
Real User
It has reduced the time to resolution and time to investigate, but the search query is slow

What is our primary use case?

We use it for searching logs in a production environment.

Pros and Cons

  • "It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
  • "Out-of-the-box, it seems very powerful."
  • "My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."

What other advice do I have?

It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign. It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. I am using the on-premise version.
SM
Engineering Manager at a manufacturing company with 10,001+ employees
Real User
Its AMIs make it easy to spin up a Splunk cluster or add a new node to it

What is our primary use case?

It is mostly centralized logging, a whole bunch of BI metrics, and an aggregation point, which we have adulterated for some PCI data. It does meet our use case for the most part.

Pros and Cons

  • "It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
  • "On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
  • "For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."

What other advice do I have?

Make sure it fits your use case. Be clear about what you want to achieve, get out of the product, and how you want to integrate it. Once you tie the solution into your systems, it is not trivial or easy to walk away from. Therefore, due diligence needs to be made to understand what your requirements are before choosing a product. Some companies may not even want to host, and prefer to go the managed services route. We have it integrated with every product that I can think of. We use both the AWS and on-premise versions. The AWS hosted version typically caters to all the microservices that we…
DevOps Engineer at Amplify
Real User
It is easy for our developers to use if they want to search their logs. Something should be built into the product that if you're close to your license, then it shuts things down.

What is our primary use case?

We use it for application log monitoring. It is a logging product. Our application generates log files, then we upload them to Splunk. We run their agent on our EC2 instances in AWS, then we view the logs through their product, and it is all stored on their infrastructure.

Pros and Cons

  • "Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
  • "A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."

What other advice do I have?

Implement something and watch how much data you are sending to it, then have some way to shut it off without redeploying your app in case things get hairy. We use the cloud version of the product.
GM
Application Engineer at Expedia
Real User
The most valuable feature is its centralized log analytics

What is our primary use case?

The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.

Pros and Cons

  • "We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
  • "The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."

What other advice do I have?

It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things. User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. The on-premise version that we had was not scalable at all. It was very difficult to use…
TJ
QA Lead at a financial services firm with 11-50 employees
Real User
It has helped with troubleshooting, making it easier

What is our primary use case?

We use it mostly for log monitoring, and also for trying to raise alarms.

Pros and Cons

  • "It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
  • "The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."

What other advice do I have?

Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first. I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions.
Chief Architect at Pathmaker Group
Real User
Top 20
It has a big user base, so the community is useful

What is our primary use case?

We primarily use it for SIEM.

Pros and Cons

  • "It has a big user base, so the community is useful."
  • "The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."

What other advice do I have?

Do your homework and make sure it fits your needs. The product is pretty good. We are pretty satisfied with it. It does what it does. We host the product on AWS, but we did not purchase it on the AWS Marketplace.
GA
Security Architect at a comms service provider with 10,001+ employees
Real User
It is a place for all our logs and everything goes in one place.

What is our primary use case?

We use it for log analysis and alerting, and our stock analysts use it. I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.

Pros and Cons

  • "The stock analysts and security people use one single dashboard (one single location) to check our logs."
  • "It scales better in the cloud than on-premise."
  • "We would like more integrations with other cloud products, not just AWS, e.g., Azure."
  • "There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."

What other advice do I have?

I would recommend trying different stuff based on your company's needs and log types. We like the product.
PN
Director at a tech services company with 10,001+ employees
Real User
It has the flexibility to do multiple analyses

What is our primary use case?

* Log mining * Log analysis

Pros and Cons

  • "It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
  • "The product is adept at log mining."
  • "If it could be made available as a service, this would be much better than as a product."

What other advice do I have?

Explore Splunk. The product has a lot of depth. It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine. I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.
Engineering Manager at Cengage Learning
Real User
Top 20
It is stable and scalable. It is also easy to configure.

What is our primary use case?

We use it for logging, essentially for auditing and troubleshooting errors in production and finding out what happened. I have used the product personally for five years and at my current company for a year and a half.

Pros and Cons

  • "The client site login is pretty extensible and probably cost-effective."
  • "It is very stable. We have not had any problems."
  • "I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
IS
Enterprise Architect and Business with 5,001-10,000 employees
Real User
It is easy to use, and easy to implement.

What is our primary use case?

It helps increase our productivity.

How has it helped my organization?

We are saving a lot of time by being in one place instead of several servers.

What is most valuable?

The most valuable features are understanding the visualization compass on the dashboard, as well as the reports on the dashboards.

What needs improvement?

I would like to have the ability to master the management of clustering.

For how long have I used the solution?

One to three years.

How was the initial setup?

It is easy to implement.

What other advice do I have?

It is easy to use, and easy to implement.
TS
Project Manager at a comms service provider with 10,001+ employees
Real User
This solution has an ability to do a quick search and immediately stop an incident from happening.

What is our primary use case?

My primary use case for Splunk is for log file visualization and monitoring alert management.

Pros and Cons

  • "It has virtual visualization, and other products do not."
  • "We had an instance when Splunk failed and it took us a couple of days to recover."

What other advice do I have?

When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed. But, the instance was resolved.
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Consultant
Top 5Leaderboard
It gives us the liberty to do more in terms of use cases.

What is our primary use case?

I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant. In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.

Pros and Cons

  • "It gives us the liberty to do more in terms of use cases."
  • "The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
AZ
Principal Consultant with 51-200 employees
User
Positive features include replication capabilities, software development kits, and its architecture

What is our primary use case?

Cybersecurity defense Web app monitoring VMware monitoring

How has it helped my organization?

Troubleshooting Cyber defense

What is most valuable?

Drill down Apps REST API Software development kits Architecture Replication capabilities

What needs improvement?

Multi-tenancy support Improved user interface Non-proprietary search language Different licensing model

For how long have I used the solution?

One to three years.
Devops Lead at Equalum
Vendor
ExpertTop 20
A full monitoring and alerting solution for operations and application analysis

What is our primary use case?

We use Splunk for a few different use cases: * We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards. * We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams. * We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

Pros and Cons

  • "It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
  • "We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
  • "It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."

What other advice do I have?

We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.
Security Operation Center Analyst at Sadad
Real User
Top 5
User Behavior Analytics is key in detecting fraud and advanced persistent threats

What is our primary use case?

Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.

Pros and Cons

  • "Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
  • "UBA, User Behavior Analytics, is a key feature."
  • "I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."

What other advice do I have?

There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best. I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
Technical Lead at Wipro Technologies
Consultant
Capability to expand functionality through custom code for data inputs, commands, visualization, alerts, and machine learning

What is our primary use case?

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

Pros and Cons

  • "We can ingest and correlate data from virtually any type of system."
  • "Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
  • "Missing capability for audio/video and image processing."
  • "While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."
Senior Security Engineer
User
Significantly helped with aggregation and correlation of critical logs

What is our primary use case?

IT Ops Security Compliance Many IT groups and non-IT groups use the product to gain insights into their environments.

How has it helped my organization?

Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient.

What is most valuable?

Search and Dashboarding: Allows us to quickly search for an error and plot the results on a chart.

What needs improvement?

DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down. 

For how long have I used the solution?

Three to five years.
User at a financial services firm with 10,001+ employees
Vendor
Looks for incidents which could cause damage to a company's infrastructure

What is our primary use case?

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

How has it helped my organization?

Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.

What is most valuable?

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

What needs improvement?

Splunk can improve regex/asset analysis as we do not want to crawl until it is…
Security Engineer at Information Innovators Inc. (Triple-i)
Real User
Correlates logs throughout the enterprise for searching and use in investigations

What is our primary use case?

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

Pros and Cons

  • "We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
  • "It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
  • "The Enterprise Security app could be improved. We have had trouble with it working from the first day."

What other advice do I have?

It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.
Data Scientist Intern at Splunxter, Inc.
Real User
Can ingest any data and display it in a way that anyone can understand

What is our primary use case?

I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset. 

How has it helped my organization?

My whole organization is built around Splunk. We provide Splunk PS to many different companies. If Splunk did not have such a good presence, we could not exist.

What is most valuable?

The best features would have to be the ability to ingest any data and display it in a way that anyone can understand.

What needs improvement?

It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away.

For how long have I

Lead Systems Architect at a energy/utilities company with 10,001+ employees
Real User
Visualizations helped the organisation have a better understanding of its KPIs

What is our primary use case?

Splunk provided me a platform to analyze both infrastructure loads and application performance for quick troubleshooting saving a load of time. Versatile apps at Splunkbase helped me to better configure and enhance visualization of the KPIs in my application.

Pros and Cons

  • "Visualizations helped the organisation with a better understanding of its KPIs."
  • "Splunk setup is easy and straightforward. ​"
  • "Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
  • "Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
  • "Configuring a few apps is complex, not straightforward."
Java Technical Lead at a insurance company
Real User
The visibility is amazing with easy dashboard creation

What is our primary use case?

Log monitoring and alerts Looking up information  Dashboards for nice, fast information about various application servers.

How has it helped my organization?

It is easier to find problems and exceptions. It is used by any factor in the firm. Easy dashboards creation. The visibility is amazing.  

What is most valuable?

Regex for fields creation is great. High availability Easy to use in any environment.

What needs improvement?

Make it easier to include roles and user controls, as it is horrible now.

For how long have I used the solution?

More than five years.

How is customer service and technical support?

Not even Splunk's support guy, who came to our firm, could help with defining proper role management.

What's my experience with

Splunker at freelancer
Real User
Quickly search for almost anything across many log sources in seconds

What is our primary use case?

The primary use case is to analyse and monitor big data, creating various dashboards, alerts, etc.

Pros and Cons

  • "We can do things in minutes instead of days."
  • "We solve issues that we previously could not since we now have the data."
  • "We can quickly search for almost anything across many log sources in seconds."
  • "The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
  • "AngularJS/ReactJS inclusion could be made easier in GUI."

What other advice do I have?

We build many of our own apps by leveraging the logic in others.
Senior Network Security Engineer at Starz Entertainment
Real User
In the event of an incident, it has a rapid response search environment

What is our primary use case?

Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.

Pros and Cons

  • "It has a rapid response search environment in the event of an incident."
  • "The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
  • "The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."
Splunk Administrator at Arizona State University
Real User
Provides important insights to more efficiently make decisions and take action

What is our primary use case?

We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.

Pros and Cons

  • "My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
  • "Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
  • "While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
  • "Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
Senior Consultant at Securian Financial Group
Real User
Low barrier to start searching with the ability to normalize data on the fly

What is our primary use case?

Security analysis to identify issues and for use in incident handling. Correlating logs across over 1000 servers with different operating systems and applications logs to provide security insights.

Pros and Cons

  • "Low barrier to start searching with the ability to normalize data on the fly."
  • "I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
  • "The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
  • "Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."

What other advice do I have?

Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk.
Incident Manager at CyberCore Technologies
Real User
Powerful, flexible query language can morph difficult to understand log formats into usable data

What is our primary use case?

We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times.

Pros and Cons

  • "The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
  • "Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
  • "There is a definite learning curve to starting out."

What other advice do I have?

Pick it up and jump into the community! It can help get you started a lot faster.
Principal Engineer at Publix Super Markets
Real User
A more secure, robust environment, which keeps out harmful software

What is our primary use case?

Security and incident management, which is helpful when organizing the data from different systems and running analysis on all the data together.

Pros and Cons

  • "Visualizations are the best way to understand deviation techniques from the norm."
  • "We have a more secure, robust environment, which keeps the harmful software out of the zone required."
  • "More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
Business Intelligence Developer at Arizona State University
Real User
Search language is easy to understand and teach to new users

What is our primary use case?

* Monitoring IT and other processes for a large university. * Leveraging alerts and dashboards to detect and predict security breaches and other events.

Pros and Cons

  • "Support is quick and competent."
  • "Search language is easy to understand and teach to new users."
  • "Certain sections of the developer documentation could use some updating and clarification."
  • "Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
Vendor
Makes us much faster finding and addressing issues

What is our primary use case?

Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.

Pros and Cons

  • "We are much faster finding and addressing issues with Splunk."
  • "I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."

What other advice do I have?

I love this product.
Systems Analyst Staff - SW Eng Compute Analytics Lead at Qualcomm
Real User
Allows for transparency into IT metrics for insightful business analytics

What is our primary use case?

IT service analytics: * Server machine data * Monitoring data * Alerting data * ITSI KPIs * Real-time reporting * Month-over-month reporting.

Pros and Cons

  • "It allows for transparency into IT metrics for insightful business analytics."
  • "It has the ability to correlate data, analyze and review it."
  • "Free-floating panels in the dashboards are like a glass table."
  • "It needs more formatting control without having to be an admin."
Sr. Production Support Analyst at Electric Reliability Council of Texas
User
Quickly searches logs, performance data, and other inputs to assist with troubleshooting

What is our primary use case?

Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.

How has it helped my organization?

The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting. The visualizations are easy and well received by business and management users. 

What is most valuable?

It is ease to integrate with other solutions, like Slack, JIRA, Remedy, etc. 

For how long have I used the solution?

Three to five years.

How is customer service and technical support?

The user community is extremely beneficial, particularly with Splunk Answers and the Slack User Groups.

What's my experience

Business Intelligence Engineer at SONIFI Solutions, Inc.
Real User
Allows us to dig into raw events

What is our primary use case?

Primary use is business intelligence.

Pros and Cons

  • "Splunk allows us to find insights that we were not able to with traditional BI tools using ETL​. It allows us to dig into raw events."
  • "Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
  • "The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
Director of IT at Blue Lake Rancheria
Real User
Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed

What is our primary use case?

We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top.

Pros and Cons

  • "Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."
  • "Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
  • "The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
Information Security Engineer/Architect at The Church of Jesus Christ of Latter-day Saints
Real User
Helped us consolidate all our solutions into an easy tool to use for various employees

What is our primary use case?

We use Splunk for operations, application monitoring, and security. We are both cloud and on-premise based, so it has been very versatile for us.

Pros and Cons

  • "It helped us consolidate all our solutions into an easy tool to use for various employees."
  • "More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
consultant at a non-profit with 1,001-5,000 employees
User
Easily tracks problems and their status

What is our primary use case?

We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.

Pros and Cons

  • "I like the ease with which dashboards can be created."
  • "Splunk has give us the capability to easily track problems and their status."
  • "The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."
Splunk Architect at The Johns Hopkins University Applied Physics Laboratory
Real User
Speeds up root cause analysis and can help identify issues

What is our primary use case?

Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.

Pros and Cons

  • "Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
  • "It helps streamline troubleshooting and log analysis."
  • "​On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security.​"
  • "It can be tough to determine if you are getting all of the value out of your investment at times."
BS Systems Engineer at a tech services company with 501-1,000 employees
Real User
Top 20
Makes use of all logs and takes proactive actions

What is our primary use case?

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.  

How has it helped my organization?

It helps the IT staff to monitor the full structure. It also makes use of all logs and takes proactive actions.

What is most valuable?

Integrity with many vendors: This simplifies the implementation and integration with different devices. 

What needs improvement?

Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.

For how long have I used the solution?

One to three years.
System Administrator at Abdullah Al-Othaim Markets
Real User
Searches logs from all devices and gives valuable information to the organisation

What is our primary use case?

* Searches the logs for all network devices and server. * Monitors clients' hardware, networking, and security operations. * It is good for the administrator to use it when maintaining the whole IT Infrastructure.

Pros and Cons

  • "Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
  • "Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."

What other advice do I have?

I have been using Splunk to increase my security experience.
Infrastructure Engineer at Zirous, Inc.
Real User
Top 20
Monitors all machine logins and actions taken on those machines under each user

What is our primary use case?

Our primary use case of Splunk has been on the implementation side for clients. Splunk has proven, on multiple occasions, to be extremely useful in the proactive monitoring of clients' hardware, networking, and security operations. Some use cases that we have implemented include, but are not limited to, proactive account lockouts based on machine learning of a typical person's average number of failed login attempts, aggregation of a servers logs in order to predict downtime/maintenance/hardware failures quite accurately, as well as helping administrators of all sorts to gain a full picture of… more »

Pros and Cons

  • "The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
  • "We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
  • "I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."

What other advice do I have?

If you have an R&D department within your company that is looking for something new to increase the efficiencies and effectiveness of your company's operations, I would highly recommend having them get the free trial to test out.
Account Manager at a tech services company with 10,001+ employees
Consultant
Proactively monitor threats and reduces threat footprint, though professional support is too expensive

Pros and Cons

  • "Deployment server for deploying changes in one go."
  • "Professional support is great, but too expensive."

What other advice do I have?

It provides a great range of plugins and one can really take great advantage of utilising inbuilt dashboards to derive the desired monitoring. Our company consults for different customers and are in a good position to recommend the best solution to our clients.
Security Architect at a energy/utilities company with 1,001-5,000 employees
Vendor
Some of the valuable features Machine learning, Common Information Model, and Log storage.

Pros and Cons

  • "Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
  • "The GUI can be improved to include some of the capabilities that other BI solutions have."

What other advice do I have?

Do a PoC and you will be amazed. Also, check out the Splunk .conf sessions to see what is possible. If you are into security, watch Mark Russinovich’s RSA 2017 presentation about Sysmon. Check out free EDR type capabilities.
SVP, Technical Operations at a tech vendor with 201-500 employees
Vendor
Splunk has great interoperability with other applications through their SplunkBase app store.
Specialist Master, Cyber Risk at a tech vendor with 10,001+ employees
Vendor
My clients have visibility into systems and activities that they never had before.

Pros and Cons

  • "Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
  • "The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."

What other advice do I have?

Plan your implementation carefully. Be sure you have someone to implement it, someone who knows what he is doing. Splunk’s inherent flexibility is a great thing, but it also provides an opportunity to really mess things up.
Owner with 1-10 employees
Real User
The ability to see logs and correlate them using Splunk has greatly improved our organization's functionality with auditing and troubleshooting.

Pros and Cons

  • "To get visibility from your network devices, servers, and security devices is a great feature."
  • "Better directions on search head clusters."

What other advice do I have?

Splunk is a good product. Pricing is a bit high however, after it's installed you can understand why and get caught up in reading the logs that are available.
Lead Splunk Architect at a financial services firm with 10,001+ employees
Real User
Enables Centralization And Correlation Of Data That Was Unattainable With Other Solutions

Pros and Cons

  • "It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
  • "Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."

What other advice do I have?

You're in for a nice surprise, Splunk is fun, easy to use, and will give you the results you are looking for and more. It's a great tool for security and business analysis, you're looking at a big data platform that will allow a lot more than what the good old SIEMs could do.
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
Vendor
Ingests machine data and helps to analyze and visualize it.

Pros and Cons

  • "The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
  • "It requires a significant amount of relatively complex architecture once you push past the single server instance."
Foundation Technology Specialist at a insurance company with 1,001-5,000 employees
Vendor
Provides the ability to diagnose problems in production and non-production.

Pros and Cons

  • "The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
  • "It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."

What other advice do I have?

Use an experienced Splunk architect to design your infrastructure configuration. Ensure that your tech leads are intimately involved and understand exactly how the product fits together. Manage your Splunk configuration in a repository (Git). Educate the end users as quickly as possible to use the tool effectively. Change practices and encourage staff to use Splunk instead of old ways of getting the data they need. Prevent, or limit, direct access to the servers or server log files if you can.
Senior IT Security Operations at a pharma/biotech company with 10,001+ employees
Vendor
Security relies on this for event correlation and alerts.

Pros and Cons

  • "The speed of the search engine"
  • "The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."

What other advice do I have?

My advice is to go ahead with it. The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that. Permissions in the other hand could be improved by adding for example the deny option to groups to see and index, etc. Also the authentication method is just LDAP or spkunk, so some more security layers could be added as second factor, etc
IT Infrastructure Architect at a tech company with 201-500 employees
Consultant
Top 20
Does event matching between several appliances and correlates data from different sources.

What other advice do I have?

Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.
Information Architect at a financial services firm with 5,001-10,000 employees
Vendor
Provides visibility into business metrics and insights that deliver value.

Pros and Cons

  • "Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
  • "We usually have to follow up with technical support on our open cases."

What other advice do I have?

Ensure you have an executive sponsors to fully deploy Splunk across your organization to maximize your ROI and lower your TCO. Make use of Splunk Professional Services.
Performance Consultant at a tech services company with 10,001+ employees
Consultant
Some of the valuable features include data representation options and the analytics and querying of the indices.

Pros and Cons

  • "The data representation options in the dashboards are excellent."
  • "The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."

What other advice do I have?

Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)
Business Analyst at a retailer with 10,001+ employees
Vendor
Provides real-time and scheduled searches with alternate functionalities.

What other advice do I have?

I would strongly recommend this product, as it would be very beneficial for service operations and management.
Security Engineer at a retailer with 10,001+ employees
Real User
They provide predefined user cases. Scalability is always a question for this product.

What is most valuable?

They provide excellent predefined user cases.

How has it helped my organization?

This helps us in the footprinting of all the incidents.

What needs improvement?

When we deep dive into the events for the triggers, we have very little information in some instances.

For how long have I used the solution?

I have used Splunk for two years.

What do I think about the stability of the solution?

We raised support cases.

What do I think about the scalability of the solution?

Scalability is always a question for this product.

How are customer service and technical support?

Response from technical support can be improved. There was always a delay and we had to chase them.

Which solution did I use previously and why did I switch?

We didn’t have a…
Vice Manager at a comms service provider with 10,001+ employees
Vendor
Collects data from many sources. Has search, analysis, and visualization capabilities.

What other advice do I have?

If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.
Products Manager at a tech services company with 5,001-10,000 employees
MSP
Valuable features include rapid search, data mining, and information propagation. The GUI should be improved.

What other advice do I have?

Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.
Sr. Program Manager at a consultancy with 51-200 employees
Consultant
It is able to configure and integrate various solutions into one tool and provide actionable results. You need a dedicated developer.
Technical Director at a tech services company with 11-50 employees
Real User
It allows us to store raw data and use it repeatedly for different domains.

What other advice do I have?

This is the right choice if you are looking for a platform that can combine all machine-generated data and use it for various use cases from different domains.
Integration Architect at a manufacturing company with 1,001-5,000 employees
Vendor
Fast availability of operational data spread across several servers is nice, but the MES is a complex system.
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Consultant
Innovative tool but it needs to be improved for day to day use.
SIEM posts have grown in number at Infosecnirvana, but the requests to write about more products keep coming in. One of the oft asked about product is Splunk Enterprise. We have posted on HP ArcSight, IBM QRadar and McAfee Nitro SIEM. However, readers have been asking us repeatedly to write on Splunk. So here it is finally after being in the works for a long time. Introduction: In 2003, One of the most interesting products rolled out and vowed to simplify Log management once and for all (and it did!!!) - Splunk. Their motto was simple – Throw logs at me and I will provide a web based console to search through it intuitively. Interestingly they are one of the few companies that have not been acquired, in spite of being a very innovative product. So let’s see what makes Splunk tick…
Systems/Applications Specialist with 201-500 employees
Vendor
It could be easier to set up but it has an innovative way of collecting and presenting data

What other advice do I have?

Go for it and be brave. Experiment, add, remove, modify. Keep what is not working until it is working how you want and then delete the rest. Make a library of useful search queries and a diagram of systems and related files included in the indexes. Do not allow access for everyone to run DB queries as per the other forms of DB access. Install 3rd party modules and play with them. Collect system events for the OS and relate it to application performance. Trap the errors you have identified, create alerts and follow name convention for email subject (e.g. priority, type, system, description).
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Consultant
Great Log Management and Investigation tool, but Operational SIEM capability needs improvement

Valuable Features

Great Log management capabilities with flexible and comprehensive search capabilities. Scalable and Easy to use.

Room for Improvement

Operational Workflow, Use Case Framework, and ticketing systems to make it suitable for SOC environments

Use of Solution

3 years

Scalability Issues

Splunk is extremely scalable with the limit being the hardware in use.

Customer Service and Technical Support

If you get the right people engaged, support can be a bliss.

Initial Setup

Setup is simple and straight forward.

Other Advice

http://infosecnirvana.com/splunk-enterprise-need-know/
CEO with 51-200 employees
Vendor
Pros and Cons of Splunk, Sumo Logic, LogStash and Others
Splunk, Sumo Logic, LogStash, GrayLog, Loggly, PaperTrails – did I miss someone? I’m pretty sure I did. Logs are like fossil fuels – we’ve been wanting to get rid of them for the past 20 years, but we’re not quite there yet. Well, if that’s the case I want a BMW! To deal with the growth of log data a host of log management & analysis tools have been built over the last few years to help developers and operations make sense of the growing data. I thought it’d be interesting to look at our options and what are each tools’ selling point, from a developer’s standpoint. Splunk As the biggest tool in this space, I decided to put Splunk in a category of its own. That’s not to say it’s the best tool for what you need, but more to give credit to a product who essentially created a new…
Senior Software Engineer at a retailer with 10,001+ employees
Vendor
Support can retrieve salient logging data from massive distributed systems in seconds but deployment is not easy.
I've been using Splunk for over 3 years now. The most valuable feature for me is alerting. Using Splunk, production support teams can retrieve salient logging data from massive distributed systems in seconds. I'd say that some the key/value pair parsing can be a little off and has room for improvement. The deployment is not easy and I've only encountered issues with stability and scalability when on under-provisioned equipment. The initial setup was complex - need to identify source types in advance, and a large deployment with multiple indexers can be tricky. We initially implemented in-house, and then through Splunk themselves to upgrade and improve. Before implementing Splunk we used an in-house system, but Splunk offered far more to us. Also, their customer service is good and their…
Systems Administrator at a energy/utilities company with 10,001+ employees
Vendor
Splunk vs LogLogic: Splunk stands out for its ability to consume almost any log type and it's ease of searching

Valuable Features:

Splunk – ease of searching large amounts of data. 

Improvements to My Organization:

Splunk – real time alerts on critical indicators, compliance reports, troubleshooting and predictive abilities using trends. 

Use of Solution:

Splunk – 3 years 

Deployment Issues:

Splunk – Had one issue requiring a support call regarding the configuration of the automated configuration deployment package. Quickly resolved. 

Stability Issues:

Splunk – None. 

Scalability Issues:

Splunk – Not needed yet. 

Customer Service:

Splunk – Splunk has a very knowledgeable support staff and the Splunk support website is outstanding. The message boards are very active and often using them will often…
Sr. Security Engineer at a university with 1,001-5,000 employees
Vendor
In additon to search and analytic capabilities, Splunk has under-the-cover capabilities for timestamp data.
Splunk is a pretty powerful piece of software. There is the obvious search and analytic capabilities it has but there is some robustness under the covers as well. One of those under-the-cover capabilities is detecting and understanding timestamp data. Its the sort of thing that as users of the software we simply accept and generally speaking don't spend a whole lot of time thinking about.  From an admin perspective as you start to put some effort into understanding your deployment and making sure things are working correctly one of the items to look at is the DateParserVerbose logs. Why you ask? I've recently had to deal with some timstamp issues. These internal logs generally document problems related to timestamp extraction and can tell you if, for example, there are logs…
Senior Manager of Network with 1,001-5,000 employees
Vendor
Splunk is great for Syslog capabilites. For normal device management, you can't go wrong with SolarWinds.
I'd go with Splunk for logging. For Syslog capabilities, Splunk wins outright from my experience. It's quick, very customizable, and there are many different modules some specific for vendors and devices. (Cisco Security Suite for one).  If you are really into SolarWinds and want to use them for Syslog then I would go with Kiwi. SolarWinds NPM has a syslog collector but under heavy load (a few hundred devices) it will get bogged down real quick in my experience. If you are looking for normal device management then NPM, NCM, NTA are the way to go. You can't go wrong with SolarWinds.
Head of Service Integrity with 1,001-5,000 employees
Vendor
It can probably do anything if you tweak it enough but it's not cheap.
Splunk is really good at log parsing events over time. It is quick to drill in and analyze and it is quick to build a presentation layer and automate reporting. I love it for problem analysis and event management however it is not a capacity management tool.  It can be a cm tool but not a good tool for projections etc. There are many tools that claim to be cm tools but they are usually expensive and miss the basic day to day challenges of capacity management. Eg: excluding backups from day peaks, removing outliers, forward trending, accepting data from any source. Start by getting your key data extracted from reliable sources and other tools. The charting and presentation layer is impressive and quick. It can probably do anything if you tweak it enough. I would call it a very handy…