2018-01-16 14:09:00 UTC

What is your primary use case for Splunk?


Hi Everyone,

What is your primary use case for Splunk?

Thanks for sharing your thoughts with the community!

Guest
6060 Answers

author avatar
Top 5LeaderboardReal User

#1 is InfoSec
#2 is BI
#3 is IoT

2020-02-19 13:58:48 UTC
author avatar
Top 5Real User

Focused on log collection and analysis.
IT Operations - Predict and prevent problems with log (trap/syslog/Windows Events/ AD logs/etc.) monitoring experience
Security - Assists with threat detection, investigation and response
IoT - Minimize unplanned downtime and avoid high costs by centralising logs from a variety of IoT devices/appliances.
Business Analytics - Explore and visualize business processes for increased transparency

2020-03-18 11:56:44 UTC
author avatar
Top 5Real User

Information Security Solution with Log management (Primary)
Analytics (Secondary)

2020-02-18 06:25:08 UTC
author avatar
Real User

Log collection and search.

2019-03-27 11:05:00 UTC
author avatar
LeaderboardReal User

Testing for insider threat behavior.

2019-03-26 19:17:00 UTC
author avatar
Top 20Real User

Our primary use case is for monitoring and cybersecurity.

2019-03-14 11:34:00 UTC
author avatar
Top 20Real User

We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.

2019-03-10 16:43:00 UTC
author avatar
Real User

We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.

2019-03-06 07:41:00 UTC
author avatar
Real User

* Log collection and analysis * Reporting for the whole enterprise environment.

2019-02-27 20:49:00 UTC
author avatar
Reseller

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.

2019-02-14 07:37:00 UTC
author avatar
Real User

We use it to do SIEM.

2019-02-14 07:37:00 UTC
author avatar
Real User

* SIEM * Security information * Event management

2019-02-10 10:06:00 UTC
author avatar
Reseller

We use it for security incident event management and for IT service intermediates.

2019-02-07 12:28:00 UTC
author avatar
Real User

Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.

2019-02-07 12:28:00 UTC
author avatar
Real User

Our primary use case of this solution is as a centralized lab collection.

2019-02-05 07:16:00 UTC
author avatar
Real User

Splunk is our central locale for cybersecurity and protection.

2018-12-13 11:34:00 UTC
author avatar
Real User

* Log mining * Log analysis

2018-12-11 08:31:00 UTC
author avatar
Real User

We primarily use it for SIEM.

2018-12-11 08:31:00 UTC
author avatar
Real User

We use it for logging, essentially for auditing and troubleshooting errors in production and finding out what happened. I have used the product personally for five years and at my current company for a year and a half.

2018-12-11 08:31:00 UTC
author avatar
Real User

It is mostly centralized logging, a whole bunch of BI metrics, and an aggregation point, which we have adulterated for some PCI data. It does meet our use case for the most part.

2018-12-11 08:31:00 UTC
author avatar
Real User

We use it mostly for log monitoring, and also for trying to raise alarms.

2018-12-11 08:31:00 UTC
author avatar
Real User

We use it for application log monitoring. It is a logging product. Our application generates log files, then we upload them to Splunk. We run their agent on our EC2 instances in AWS, then we view the logs through their product, and it is all stored on their infrastructure.

2018-12-11 08:31:00 UTC
author avatar
Real User

The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.

2018-12-11 08:31:00 UTC
author avatar
Real User

We use it for logging and troubleshooting.

2018-12-11 08:31:00 UTC
author avatar
Real User

We use it for log aggregation. If you have a large number of devices, you need to aggregate log data to make more sense of it for parsing, troubleshooting, and metrics. This is all we use it for. If I need to track logs for certain application, I will push all of those logs to Splunk so I can run reports on those logs. It is more about what you are trying to do with it and what you need from it.

2018-12-11 08:31:00 UTC
author avatar
Real User

We use it for log analysis and alerting, and our stock analysts use it. I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.

2018-12-11 08:30:00 UTC
author avatar
Real User

We use it for searching logs in a production environment.

2018-12-11 08:30:00 UTC
author avatar
Real User

In the beginning, we just wanted to collect the logs from the different devices, like the nano storage, Linux, Windows, and VMware. We tried to get the uniform solution to collect and analyze all of the system logs.

2018-12-10 08:57:00 UTC
author avatar
Real User

It helps increase our productivity.

2018-11-18 07:31:00 UTC
author avatar
Real User

My primary use case for Splunk is for log file visualization and monitoring alert management.

2018-09-25 09:23:00 UTC
author avatar
Top 5LeaderboardConsultant

I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant. In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.

2018-09-09 05:40:00 UTC
author avatar
User

* Cybersecurity defense * Web app monitoring * VMware monitoring

2018-07-20 12:19:00 UTC
author avatar
ExpertReal User

We use Splunk for a few different use cases: * We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards. * We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams. * We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

2018-06-13 17:13:00 UTC
author avatar
Top 5LeaderboardReal User

Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.

2018-06-03 09:17:00 UTC
author avatar
Consultant

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

2018-05-15 08:36:00 UTC
author avatar
User

* IT Ops * Security * Compliance Many IT groups and non-IT groups use the product to gain insights into their environments.

2018-05-10 14:32:00 UTC
author avatar
Vendor

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

2018-05-04 19:57:00 UTC
author avatar
Top 20Real User

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

2018-05-03 13:55:00 UTC
author avatar
Real User

I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset.

2018-04-30 21:49:00 UTC
author avatar
Top 20Real User

Splunk provided me a platform to analyze both infrastructure loads and application performance for quick troubleshooting saving a load of time. Versatile apps at Splunkbase helped me to better configure and enhance visualization of the KPIs in my application.

2018-04-30 12:38:00 UTC
author avatar
Real User

* Log monitoring and alerts * Looking up information * Dashboards for nice, fast information about various application servers.

2018-04-25 07:36:00 UTC
author avatar
Top 20Real User

Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.

2018-04-23 21:12:00 UTC
author avatar
Top 20Real User

Primary use is business intelligence.

2018-04-22 15:34:00 UTC
author avatar
Top 20Real User

We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times.

2018-04-21 12:36:00 UTC
author avatar
Real User

Security analysis to identify issues and for use in incident handling. Correlating logs across over 1000 servers with different operating systems and applications logs to provide security insights.

2018-04-21 05:48:00 UTC
author avatar
Top 20Real User

The primary use case is to analyse and monitor big data, creating various dashboards, alerts, etc.

2018-04-21 05:15:00 UTC
author avatar
Top 20Real User

* Monitoring IT and other processes for a large university. * Leveraging alerts and dashboards to detect and predict security breaches and other events.

2018-04-21 03:20:00 UTC
author avatar
Real User

Security and incident management, which is helpful when organizing the data from different systems and running analysis on all the data together.

2018-04-21 00:21:00 UTC
author avatar
Top 5LeaderboardReal User

Security. We have built SIEM solutions three times from the ground up (not ES) using Splunk for some of the largest companies in the world.

2018-04-20 18:39:00 UTC
author avatar
Real User

We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top.

2018-04-19 21:37:00 UTC
author avatar
User

We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.

2018-04-19 21:32:00 UTC
author avatar
Top 20Real User

We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.

2018-04-19 18:45:00 UTC
author avatar
Top 20Real User

IT service analytics: * Server machine data * Monitoring data * Alerting data * ITSI KPIs * Real-time reporting * Month-over-month reporting.

2018-04-19 18:11:00 UTC
author avatar
Top 20Real User

We use Splunk for operations, application monitoring, and security. We are both cloud and on-premise based, so it has been very versatile for us.

2018-04-19 16:11:00 UTC
author avatar
User

Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.

2018-04-19 14:36:00 UTC
author avatar
Vendor

Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.

2018-04-19 13:49:00 UTC
author avatar
Real User

Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.

2018-04-19 13:05:00 UTC
author avatar
Top 5LeaderboardReal User

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.

2018-03-29 12:02:00 UTC
author avatar
Top 5LeaderboardReal User

* Searches the logs for all network devices and server. * Monitors clients' hardware, networking, and security operations. * It is good for the administrator to use it when maintaining the whole IT Infrastructure.

2018-03-26 05:49:00 UTC
author avatar
Top 5PopularReal User

Our primary use case of Splunk has been on the implementation side for clients. Splunk has proven, on multiple occasions, to be extremely useful in the proactive monitoring of clients' hardware, networking, and security operations. Some use cases that we have implemented include, but are not limited to, proactive account lockouts based on machine learning of a typical person's average number of failed login attempts, aggregation of a servers logs in order to predict downtime/maintenance/hardware failures quite accurately, as well as helping administrators of all sorts to gain a full picture of their environments under a single screen.

2018-01-16 14:09:00 UTC
Find out what your peers are saying about Splunk, IBM, LogRhythm and others in Log Management. Updated: March 2020.
407,401 professionals have used our research since 2012.