If you were talking to someone whose organization is considering Splunk User Behavior Analytics, what would you say?
How would you rate it and why? Any other tips or advice?
The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell. I would rate this solution a nine out of ten.
We're simply customers. We don't have a business relationship with Splunk. We're using the latest version of the solution. I'm not sure of the exact version number. I'd recommend the solution to other companies. On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.
After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product.
We use the on-premises deployment model of the solution. The more types of clusters you have feeding into Splunk, the better the results you have. If you have a customer environment in which you have diverse solutions and technologies, which cater to a large network of applications you are able to inject more value for the customer. One of the key lessons from using Splunk is to have adequate hardware and pre-plan the implementation. It is reasonably balanced, in terms of how much it uses a CPU and the amount of memory it needs. It's important that you start with good infrastructure when you implement Splunk, or you may run into issues. Also, make sure to have trained people working on the solution. Otherwise, it will be a waste of investment. I would rate the solution nine out of ten. I would recommend the solution to others.
I will rate this product a seven out of ten, and I would definitely recommend it to others.
From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products are good for those purposes. The storage gets better priced with the amount you use. The storage is very expensive if you take some of the license options from the company. We won't be using unlimited storage for how much data will be imported from our bandwidth. I think the unlimited license is good because we will use a lot. On a scale from one to ten when one is the worst and ten is the best, I would rate Splunk User Behavior as a nine. I didn't give them ten because Splunk does not provide something for the professional investigation. There is something that prevents you from using data the way you want to use data for in an investigation. Sometimes with Splunk, we cannot bring the data out in a better form and some users cannot understand it exactly. What I am talking about is options for a more professional investigation, not for normal behaviors. If you want to just look at normal behavior the program will give all you need. But sometimes you need other use cases to see the action.
I'm a system integrator, which provides the solution to end-users and customers. We handle the on-premises deployment model. I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics. I would rate the solution seven out of ten.
What do you like most about Splunk User Behavior Analytics?
Thanks for sharing your thoughts with the community!