The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.
The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches. It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management. We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.
The solution has certain shortcomings when it comes to APIs, making it in an area where improvements are required. Integration is an area that can be considered as one of the challenges we face with the solution in our company. From an improvement perspective, the solution should make the integration of the product with other tools in the market possible.
Security Architect at a comms service provider with 10,001+ employees
Real User
Top 20
2023-10-12T10:33:04Z
Oct 12, 2023
Splunk Enterprise Platform is already a refined product, so I don't have any recommendations related to areas that need improvement. The cost of Splunk Enterprise Platform is an area of concern where improvements can be made by bringing down the costs. Product-related, I don't have any feedback. The support offered by Splunk Enterprise Platform has certain shortcomings that need improvement.
We have an enterprise system that we can only use up to 70% capacity. We have no Internet access. To ensure our system runs optimally, we must configure specific rules, such as RAM, CPU, and space utilization alerts. Also, it is tough for us to reach out to Splunk. We have another software called Nessus, which can be used for vulnerability scans to improve and expand our vulnerability management capabilities. We can add a vulnerability management tool and back network traffic monitoring. This would allow us to add everything into a single platform since we currently use multiple applications for eight solutions.
Things have to be managed manually in Splunk Enterprise, which is not the case in Splunk Cloud, where the client could manage it on their own. It would be useful if Splunk Enterprise Platform could monitor the application URL, to check whether it's responsive or not.
Explore data of any type and value — no matter where it lives in your data ecosystem. Drive business resilience by monitoring, alerting and reporting on your operations. Create custom dashboards and data visualizations to unlock insights from anywhere — in your operations center, on the desktop, in the field and on the go. Use data from anywhere across your entire organization so you can make meaningful decisions fast.
The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.
The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches. It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management. We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.
The solution has certain shortcomings when it comes to APIs, making it in an area where improvements are required. Integration is an area that can be considered as one of the challenges we face with the solution in our company. From an improvement perspective, the solution should make the integration of the product with other tools in the market possible.
There should be continuous customer engagement and training programs on the new features and capabilities introduced by the solution.
Splunk Enterprise Platform is already a refined product, so I don't have any recommendations related to areas that need improvement. The cost of Splunk Enterprise Platform is an area of concern where improvements can be made by bringing down the costs. Product-related, I don't have any feedback. The support offered by Splunk Enterprise Platform has certain shortcomings that need improvement.
We have an enterprise system that we can only use up to 70% capacity. We have no Internet access. To ensure our system runs optimally, we must configure specific rules, such as RAM, CPU, and space utilization alerts. Also, it is tough for us to reach out to Splunk. We have another software called Nessus, which can be used for vulnerability scans to improve and expand our vulnerability management capabilities. We can add a vulnerability management tool and back network traffic monitoring. This would allow us to add everything into a single platform since we currently use multiple applications for eight solutions.
Things have to be managed manually in Splunk Enterprise, which is not the case in Splunk Cloud, where the client could manage it on their own. It would be useful if Splunk Enterprise Platform could monitor the application URL, to check whether it's responsive or not.