Splunk Enterprise

The most valuable feature I have found so far is the correlation rule. That seems to be very valuable for us. I can create any alert using the correlation rule, which seems to be interesting for me.

I use Splunk Enterprise Platform  for advanced threat detection with the correlation rules, nothing else. We have only very few customers, just two customers. They are not interested in those higher versions of Splunk Enterprise Platform . We rely completely on the correlation rule. We highly rely on this correlation rule.

The personalized dashboards in Splunk Enterprise Platform are a good feature. We have created multiple dashboards. It is easy and understandable, and whatever we need, we can get it. It is not only with Splunk Enterprise Platform but with all the other products. I would say we can go ahead and create a customized dashboard. Since I am working for SOC, I do have an internal dashboard that I have for myself where I have all the service metrics dashboard available. I make use of that rather than going directly into Splunk Enterprise Platform creating there.

I think the machine learning toolkit is fine, but when I talk about threat intelligence, it is not that effective. Since recently, I think Splunk Enterprise Platform has acquired Cisco, which has acquired VirusTotal  if I am not wrong. I think VirusTotal . Initially, what used to happen was that the threat intelligence source I used for Splunk Enterprise Platform was not regularly updated. I faced challenges there, and then finally , when I went ahead and researched, I found that VirusTotal is readily available to be used in Splunk Enterprise Platform. So I integrated it, and as of now, I am making better use of it.

The effectiveness of Splunk Enterprise Platform in detecting anomalies and preventing system outages completely depends upon the correlation rule, but when it comes to threat intelligence, I have not explored much of the source side. I am mostly on the SIEM  side. Though I have some features that I have integrated, I am mainly working on the SIEM  side rather than the source side.

The application management feature, which I believe refers to the interface, is not that attractive, I would say. It is a simplified version, and I am using the cloud platform of Splunk Enterprise Platform instance. It is simple, but it is okay. It is manageable.

I definitely find it problematic, and I think they could need to have more nuances and more features when it comes to the interface. It should be more extended.

From my perspective, Splunk Enterprise Platform can be improved by first making the GUI, the interface, more attractive. The second improvement should try to include all the threat intelligence into that platform, integrating all threat intelligence. The behavior monitoring is a bit of a concern because I do not see much detection. Maybe that is because I am using only the correlation ID, but still, the behavior monitoring should automatically detect. Even if it is a SIEM solution, if I create some rule, that is what I have customized it for. I am not sure if SOAR  has that capability, but in case SOAR  does have that capability, if not, then they have to improve their machine learning and behavior analytics. I have been in touch with different technicians from different organizations, and they have mentioned these challenges. There are a few drawbacks when it comes to Splunk Enterprise Platform.

I find the price a bit high, I would say. A bit high.

I have been working with this product for one and a half years.

I have no problem with the technical support provided by Splunk Enterprise Platform at all. I do get support whenever needed. I would rank them at an eight, with ten being the highest.

As for the initial setup and configuration for Splunk Enterprise Platform, I will not say it is easy. It is a bit complicated. But since I have support, that makes my life easier. It is a bit complicated compared to Trend Micro, compared to CrowdStrike, and compared to Microsoft Sentinel  or Defender for Cloud, Defender for Endpoint. Splunk Enterprise Platform is on the complicated side.

As of now, I am pitching in for Microsoft Sentinel . I am also pitching in for CrowdStrike, which is also a bit expensive, but the only product that I pitch in is Microsoft's product, which is Microsoft Defender for Cloud  for Servers, and Defender for Endpoint, Defender for Cloud Apps, Defender for Office, all those products. Defender is one of the cheaper ones. In case a customer is not okay with Microsoft, I pitch in CrowdStrike. First, I pitch in Trend Micro, and then I pitch in CrowdStrike, with CrowdStrike being at the higher price range.

One advantage these competitors have over Splunk Enterprise Platform besides lower pricing is that with one of my customers, they can fetch logs from all sources and bring them into Splunk Enterprise Platform. They can control the logs that are not required. My continuous monitoring allows me to ensure that in case there are certain logs that are no longer required, along with the architect, I can discuss that and bring down the overall log size to around 40 GB per day. I am talking about a log source that is more than 20 as of now for this customer.

The products that have this feature are CrowdStrike and Trend Micro, which have to be configured using the API. Even Microsoft has it, but Microsoft faces a lot of challenges when it comes to pulling a log from a log source that does not have an inbuilt connector. There is a challenge there. However, when it comes to Trend Micro and CrowdStrike, it is a bit easier there using APIs.

I would recommend Splunk Enterprise Platform for bigger companies.

In the future, I expect additional features such as threat intelligence, behavior analytics, log searching, and machine learning capabilities.

As for any other functionalities I would like to see from them in the future, I do not have anything to add right now. I have something in my mind, and in case I remember, I will go ahead and add it.

Splunk Enterprise Platform is very popular in my region. My overall review rating for this product is seven out of ten.

I am working with Splunk Enterprise Platform , and I have worked with Enterprise and ITSI, both. Sometimes I have worked with ES also, Enterprise Security.

I use Splunk Enterprise Platform  mostly for log monitoring. In our company and our projects, we are monitoring for log monitoring, we are using Splunk. After that, we have created some dashboards according to our requirement and alerts and reports. Sometimes for historical data, we have created summary indexing. We are managing our Splunk Enterprise Platform infrastructure like search head, indexers, deployment server, and license master. We have 1,000, you could say 10,000+ UF. Some of them we are using with apps like Splunk DB Connect. For Kafka, we are using different add-ons for sending our data to Splunk Enterprise Platform from different log paths and log sources. That is the main use for Splunk Enterprise Platform. Mostly we are using it for log monitoring.

When I talk about Splunk Enterprise Platform, I can say that Splunk Enterprise Platform is, whatever the tool I have worked from my last eight, nine years of experience in my overall corporate journey, a very powerful tool where I can customize everything as per my requirement. There is no hesitation and there is no limitation for my customization. Whatever I want, I can do that from Splunk Enterprise Platform. If I am talking about tools other than Splunk Enterprise Platform, they are not very vast, or not good enough to customize. Here  I can customize. If I need to customize from backend side, I can do whatever using Python, Java. If I want to create some things, that is a different thing. In every project, the requirements differ. If I need JavaScript in my platform, in my dashboard, where I want to customize and play with the dashboard according to my requirement, I can use JavaScript. I send the data, I can use Python script to send the data to Splunk Enterprise Platform. There are very different things. Mostly the SPL, which I am using, has already covered most of the things. But for what is not covered, I can use some different things also.

In my opinion, the effectiveness of Splunk Enterprise Platform in detecting anomalies for preventing system outages is very good. It is improving day by day.

When I talk about the personalization dashboard in Splunk Enterprise Platform, I can easily customize my dashboard.

Even if people do not know about Splunk Enterprise Platform, they want to create the dashboard, they can just drag and drop. They can add a widget and choose some visualization like a bar chart. If they do not know about the XML or the backend of their dashboards, they can still do it from the UI only.

The Application Management feature in Splunk Enterprise Platform may help enhance the end-user experience, but I need to check that.

Advanced threat detection in Splunk Enterprise Platform is very good enough to detect anomalies and detect vulnerabilities. Splunk Enterprise Platform has a different product called Splunk ES, which is a very good product in cybersecurity. I can easily detect some problems, and it automatically sends alerts. The anomaly detection is very good for live production data. Whenever an anomaly comes in an application, it automatically resolves and just gives the notification. It creates incidents or whatever is needed, where I can integrate with different tools like PagerDuty, Moogsoft , or even send my data into Slack if I am not using ServiceNow .

For a potential area of improvement in Splunk Enterprise Platform, I can say to try to make it easy for the user and user-friendly.

Simplifying  the UI would help, because not everybody has it in their knowledge. If you want to sell your product, you will go with the company CIO, Chief Information Technology Officer. I do not think he will be working on that project; he will be working on your tool. Their resources, their employees will be working on Splunk Enterprise Platform. If you will show them the UI where they can understand, even if they do not know about any coding, they can just play, drop, and drag. If you satisfy them, then anyone will work on their tool in their company. I just want to give you the business perspective, because if you talk to any CIO, they are looking first at the UI part. They will not look into the coding part; they will just check the UI. If the UI is user-friendly, it will attract every person.

There is very much improvement needed from Splunk vendor support side because they need to check what people are raising in the requests. They do not understand the concerns people are raising. I do not think Splunk is working on their application support, I believe they hire third-party people who do not know as much about Splunk Enterprise Platform.

Regarding deep knowledge of the product, I am talking about the technical aspects. If anyone says something is not working, it seems many cases I have raised where they do not reply to my request adequately. That is why I say there is a requirement for improvement.

I have been working with Splunk Enterprise Platform for the last six years.

From one to ten, I would rate the stability for Splunk Enterprise Platform as a nine.

I would rate the scalability as an eight.

For technical support from Splunk, I can say it is a two only.

The setup process for Splunk Enterprise Platform is very simple.

In my opinion, the main competitors for Splunk Enterprise Platform in the Enterprise Platform market are Dynatrace  and DataDog. Recently, at a Dynatrace  conference, they mentioned their goal to beat Splunk Enterprise Platform in the future.

DataDog is also relevant. For open-source options, ELK is available for those who need a more budget-friendly solution since Splunk Enterprise Platform is not open source and is quite costly.

I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us.

I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR .

I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that.

The ability to manage applications through Splunk Enterprise Platform is something I need to check.

I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM , where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it.

Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage.

This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL.

I purchased Splunk Enterprise Platform directly from the vendor.

I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.