I have implemented the complete Splunk Enterprise Platform structure in my previous organization, implementing the platform, creating use cases, dashboard queries, creating dashboards, and onboarding different devices via Syslog and API.
Splunk Enterprise
SplunkExternal reviews
441 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Has streamlined data integration and enabled real-time dashboard visualizations through a powerful search engine
What is our primary use case?
What is most valuable?
Splunk Enterprise Platform has a vast and versatile powerful search engine with which I can handle all queries, and creating use cases and the search and dashboard is the main selling point, allowing me to visualize live dashboards.
The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. Splunk Enterprise Platform also has its own Phantom as a SOAR, which is much more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry.
Splunk Enterprise Platform serves as a time-saving solution because integrating other sources such as Syslog or router switch firewall is much easier.
What needs improvement?
The cost is the most significant area for improvement in Splunk Enterprise Platform, as it is quite expensive, causing many clients to differ due to this reason. Otherwise, I don't see that Splunk Enterprise Platform requires further improvement because it is the number one tool.
The cost remains a significant point of concern.
For how long have I used the solution?
I have 2.5 years of experience with Splunk Enterprise Platform.
What do I think about the stability of the solution?
The stability depends on how aggressively the environment changes. If I am providing network services, it can be challenging due to continuously changing firewall configurations.
Splunk Enterprise Platform is stable when not integrating or adding new devices continuously.
What do I think about the scalability of the solution?
I consider Splunk Enterprise Platform a scalable solution since it has different components, and if the server is down, I can upgrade the server resources or create a new node for performance optimization.
How are customer service and support?
I have never used their technical support because everything is available on their website and documents. It is crucial for anyone looking to deploy Splunk Enterprise Platform to first certify for their courses, such as the Splunk Administrator and the Power User Administrator certifications, which address all troubleshooting queries.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Splunk Enterprise Platform depends on the user; if set up in a Windows environment, it is much easier, requiring just clicking on the wizard and following the steps. In the Linux environment, it is quite hectic, but manageable compared to Wazuh, where I have to integrate the GPC API key alongside the installation. In Splunk Enterprise Platform, I only need to download and configure a single file, making it easy to manage.
What other advice do I have?
I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar.
We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform.
Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360.
The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution.
I rate Splunk Enterprise Platform 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Scalable and Brilliant Solutions but Expensive
What do you like best about the product?
Splunk Enterprise is a perfect choice for searching , collecting and even analyzing large datasets
The app is a brilliant visualization apps that helps us identify different patterns in a dataset
We use the app to troubleshoot challenges in our systems
The app is a brilliant visualization apps that helps us identify different patterns in a dataset
We use the app to troubleshoot challenges in our systems
What do you dislike about the product?
Splunk Enterprise is an expensive app that makes small firms fear it
The app is also resource intensive, where proper management and tuning calls for extra technical expertise
The app is also resource intensive, where proper management and tuning calls for extra technical expertise
What problems is the product solving and how is that benefiting you?
Splunk Enterprise is a software that helps us detect systems issues and monitor performance of different systems
The software strengthens the security of our data sets
In case some security anomalies are encountered, this app identifies them and eliminates them
The software strengthens the security of our data sets
In case some security anomalies are encountered, this app identifies them and eliminates them
Best SIEM tools with full flexibility
What do you like best about the product?
The tools is flexible to made configuration changes and there are multiple options of integrations
What do you dislike about the product?
splunk queries is the thing which becomes barrier for a fresher to operate this tool.
What problems is the product solving and how is that benefiting you?
we have splunk for SOC and we have integrated this with our EDR solution which make it a single source of logs and analyzer.
Delivers financial benefits and operational efficiency with impactful data analytics capabilities
What is our primary use case?
The use cases for Splunk Enterprise Platform vary depending on the specific scenario.
Splunk Enterprise Platform has different purposes, including data visualization and other applications.
Splunk Enterprise Platform has different purposes, including data visualization and other applications.
What is most valuable?
In Splunk Enterprise Platform, the most impactful features for data analytics allow you to get into the repository.
There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.
Splunk Enterprise enhances data analytics with its AI capabilities.
There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.
Splunk Enterprise enhances data analytics with its AI capabilities.
What needs improvement?
For future updates of Splunk Enterprise Platform, I would like to see integration by GUI.
The integration should be improved with the UI.
The integration should be improved with the UI.
For how long have I used the solution?
I have been using Splunk Enterprise Platform for about two years.
What was my experience with deployment of the solution?
There are no significant challenges in deploying Splunk Enterprise Platform.
The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.
The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.
How was the initial setup?
The time it takes to deploy Splunk Enterprise Platform depends on the use cases.
It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.
It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.
What about the implementation team?
The same three people take part in the deployment of Splunk Enterprise Platform.
I do not take part in the deployment; my team does.
I do not take part in the deployment; my team does.
What other advice do I have?
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding.
Regarding maintenance, it does not require much as it is on-premises.
Overall, I would rate Splunk Enterprise Platform an eight.
Regarding maintenance, it does not require much as it is on-premises.
Overall, I would rate Splunk Enterprise Platform an eight.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
User-friendly interface accelerates task approval but update confirmations occasionally delay
What is our primary use case?
I normally use Splunk Enterprise Platform for review purposes. It is very easy and convenient. Its GUI is easy for me to review and approve all those things.
What is most valuable?
Splunk Enterprise Platform is very easy and convenient to use. The graphical user interface is easy for me to review and approve tasks. It saves time by allowing me to perform actions on a single platform instead of managing them separately. Additionally, its real-time processing capability is very good.
What needs improvement?
The only problem I have with Splunk Enterprise Platform is that sometimes when I update a review, it takes time to receive confirmation emails. This happens very rarely, maybe once or twice a month. I feel this can be improved in terms of performance.
For how long have I used the solution?
I have been using Splunk Enterprise Platform for three years.
What do I think about the stability of the solution?
Splunk Enterprise Platform is very stable.
What do I think about the scalability of the solution?
Splunk Enterprise Platform is scalable to some extent, which is acceptable. However, when I connect via VPN, it may take time to launch.
How are customer service and support?
I haven't got any support yet, so I can't comment on this as of now.
How would you rate customer service and support?
What was our ROI?
Splunk Enterprise Platform saves approximately 20 to 30 percent of my time without having to perform different actions separately.
What other advice do I have?
My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.
Which deployment model are you using for this solution?
On-premises
Great product poor customer service
What do you like best about the product?
Simple and easy to use for a product that offers a lot
What do you dislike about the product?
Cost and customer support if an issue arises
What problems is the product solving and how is that benefiting you?
It provides a framework for enterprise security
Citizen programming facilitates efficient threat detection and enhances business logic
What is our primary use case?
I focus on threat detection against stock trading systems. I am in charge of five to seven stock trading companies' B2C systems for detecting threat attacks. Our customers include several stock trading companies, banks and and large mobile careers in Japan.
How has it helped my organization?
We built a threat detection system for our client company, one of the biggest security company in Japan, using Splunk Enterprise Platform. We started a new business on this platform to provide threat detection systems to stock trading system companies and banks, expanding our customer base.
What is most valuable?
One valuable feature of Splunk Enterprise Platform is citizen programming, which allows users to manage and compute huge stream-based datasets easily using SPL language. The second feature is its ability to perform matrix-like stream calculations concurrently, improving upon traditional SIEM tools. Finally, Splunk's Machine Learning Toolkit is offered without charge, allowing users to incorporate machine learning in their business logic, aiding in procedures like threat hunting.
What needs improvement?
Splunk could improve by enhancing its graphical view functionality. Compared to other BI tools, Splunk's graphic features are limited; part of customers desire detailed, rich visual effects, like world maps showing threat attacks as animations. Additionally, the deep learning capabilities need enhancing, especially on Splunk Cloud, where customers find it challenging to use deep learning tools without setting up backend computing resources.
For how long have I used the solution?
I have over 14 years of experience with Splunk Enterprise Platform, beginning my first evaluation in 2011.
What do I think about the stability of the solution?
I would rate the stability of Splunk Enterprise Platform as a seven. While it requires managing configuration files and processing scale-out operations manually, limiting its auto-scaling capabilities, it still performs adequately.
What do I think about the scalability of the solution?
I rate the scalability of Splunk Enterprise Platform as an eight. Some products can automatically scale, but Splunk Enterprise requires manual configuration changes to achieve scale, which is slightly outdated compared to modern technologies.
How are customer service and support?
I rate Splunk Japan's customer service as an eight. Although I generally provide support myself and do not often rely on Splunk support, this rating reflects general consultant feedback.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Elastic Search and Kibana, but switched to Splunk for ease of use and to define business entities such as branches, channels, and stock accounts.
How was the initial setup?
Standalone Installation was very easy. Designing and capacity planning for a distributed cluster environment was not easy.
What about the implementation team?
I am a Splunk consultant and implement customer solutions myself.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing of Splunk as nine out of ten. The pricing model is based on ingesting data sizes, not user count, and includes a free tier for up to 500 MB of daily data, differentiating it from user-based pricing BI-tools.
Which other solutions did I evaluate?
I evaluated ArcSight and Manage Engine and made our selection.
# After using Splunk for several years, I conducted further evaluations, but our selection remained unchanged.
# Datadog was ideal for bug traceback during APM operations.
# Exabeam was ideal for use case-centric threat detection.
What other advice do I have?
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability.
Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Great Platform for incident correlation and management
What do you like best about the product?
Great tool for enrichment, alert correlation, automations before an analyst looks at it
What do you dislike about the product?
Price, steep learning curve for full features
What problems is the product solving and how is that benefiting you?
Protecting the assets, users and crown jewels of the company
Real-time data analysis benefits but automation in role creation needs improvement
What is our primary use case?
We are working with AppDynamics, Splunk Enterprise Platform, and other Splunk products. However, the main use case here is with Splunk Enterprise Platform.
What is most valuable?
Splunk Enterprise Platform is a good tool to have, but it is expensive. The features that have proven most effective for real-time data analysis include parts of the platform and its automation capabilities. However, I want them to enhance their automation to cover every aspect, particularly the automation of roles creation.
What needs improvement?
While Splunk Enterprise Platform is a good product, it is expensive. Additionally, it is complex for inexperienced cybersecurity engineers and requires experienced personnel to handle it effectively.
For how long have I used the solution?
We have been providing Splunk Enterprise Platform for ten months.
How are customer service and support?
Splunk's technical support is at the same level for all products, although we have not opened many tickets.
How would you rate customer service and support?
Neutral
What's my experience with pricing, setup cost, and licensing?
Splunk Enterprise Platform is expensive.
Which other solutions did I evaluate?
The main competitor of Splunk in our region is Exabeam, which is less expensive. For small and medium companies, Fortinet is a competitor. Stellar Cyber has also recently entered the market.
What other advice do I have?
For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.
Best Analytic tool for dashboard, reporting and observability
What do you like best about the product?
Splunk Enterprise tool has out of the box applications available to integrate with public cloud/DC (VMWARE) to collect varioud cloud insights & metric data. It's easy to develop a customized dashboard using the data stored.
What do you dislike about the product?
Currently Splunk doesnt support Application performance monitoring and license cost is very high.
What problems is the product solving and how is that benefiting you?
We integrated with public to collect both metric data, cloud insights data to develop a customized dashboard like Executive Dashboard, Service management dashboard, cloud resources insights and cost analysis dashboard.
showing 1 - 10