The most valuable feature I have found so far is the correlation rule. That seems to be very valuable for us. I can create any alert using the correlation rule, which seems to be interesting for me.

I use Splunk Enterprise Platform for advanced threat detection with the correlation rules, nothing else. We have only very few customers, just two customers. They are not interested in those higher versions of Splunk Enterprise Platform. We rely completely on the correlation rule. We highly rely on this correlation rule.

The personalized dashboards in Splunk Enterprise Platform are a good feature. We have created multiple dashboards. It is easy and understandable, and whatever we need, we can get it. It is not only with Splunk Enterprise Platform but with all the other products. I would say we can go ahead and create a customized dashboard. Since I am working for SOC, I do have an internal dashboard that I have for myself where I have all the service metrics dashboard available. I make use of that rather than going directly into Splunk Enterprise Platform creating there.

I think the machine learning toolkit is fine, but when I talk about threat intelligence, it is not that effective. Since recently, I think Splunk Enterprise Platform has acquired Cisco, which has acquired VirusTotal if I am not wrong. I think VirusTotal. Initially, what used to happen was that the threat intelligence source I used for Splunk Enterprise Platform was not regularly updated. I faced challenges there, and then finally, when I went ahead and researched, I found that VirusTotal is readily available to be used in Splunk Enterprise Platform. So I integrated it, and as of now, I am making better use of it.

The effectiveness of Splunk Enterprise Platform in detecting anomalies and preventing system outages completely depends upon the correlation rule, but when it comes to threat intelligence, I have not explored much of the source side. I am mostly on the SIEM side. Though I have some features that I have integrated, I am mainly working on the SIEM side rather than the source side.

The application management feature, which I believe refers to the interface, is not that attractive, I would say. It is a simplified version, and I am using the cloud platform of Splunk Enterprise Platform instance. It is simple, but it is okay. It is manageable.

I definitely find it problematic, and I think they could need to have more nuances and more features when it comes to the interface. It should be more extended.

From my perspective, Splunk Enterprise Platform can be improved by first making the GUI, the interface, more attractive. The second improvement should try to include all the threat intelligence into that platform, integrating all threat intelligence. The behavior monitoring is a bit of a concern because I do not see much detection. Maybe that is because I am using only the correlation ID, but still, the behavior monitoring should automatically detect. Even if it is a SIEM solution, if I create some rule, that is what I have customized it for. I am not sure if SOAR has that capability, but in case SOAR does have that capability, if not, then they have to improve their machine learning and behavior analytics. I have been in touch with different technicians from different organizations, and they have mentioned these challenges. There are a few drawbacks when it comes to Splunk Enterprise Platform.

I find the price a bit high, I would say. A bit high.

I have been working with this product for one and a half years.

I have no problem with the technical support provided by Splunk Enterprise Platform at all. I do get support whenever needed. I would rank them at an eight, with ten being the highest.

As for the initial setup and configuration for Splunk Enterprise Platform, I will not say it is easy. It is a bit complicated. But since I have support, that makes my life easier. It is a bit complicated compared to Trend Micro, compared to CrowdStrike, and compared to Microsoft Sentinel or Defender for Cloud, Defender for Endpoint. Splunk Enterprise Platform is on the complicated side.

As of now, I am pitching in for Microsoft Sentinel. I am also pitching in for CrowdStrike, which is also a bit expensive, but the only product that I pitch in is Microsoft's product, which is Microsoft Defender for Cloud for Servers, and Defender for Endpoint, Defender for Cloud Apps, Defender for Office, all those products. Defender is one of the cheaper ones. In case a customer is not okay with Microsoft, I pitch in CrowdStrike. First, I pitch in Trend Micro, and then I pitch in CrowdStrike, with CrowdStrike being at the higher price range.

One advantage these competitors have over Splunk Enterprise Platform besides lower pricing is that with one of my customers, they can fetch logs from all sources and bring them into Splunk Enterprise Platform. They can control the logs that are not required. My continuous monitoring allows me to ensure that in case there are certain logs that are no longer required, along with the architect, I can discuss that and bring down the overall log size to around 40 GB per day. I am talking about a log source that is more than 20 as of now for this customer.

The products that have this feature are CrowdStrike and Trend Micro, which have to be configured using the API. Even Microsoft has it, but Microsoft faces a lot of challenges when it comes to pulling a log from a log source that does not have an inbuilt connector. There is a challenge there. However, when it comes to Trend Micro and CrowdStrike, it is a bit easier there using APIs.

I would recommend Splunk Enterprise Platform for bigger companies.

In the future, I expect additional features such as threat intelligence, behavior analytics, log searching, and machine learning capabilities.

As for any other functionalities I would like to see from them in the future, I do not have anything to add right now. I have something in my mind, and in case I remember, I will go ahead and add it.

Splunk Enterprise Platform is very popular in my region. My overall review rating for this product is seven out of ten.

I am working with Splunk Enterprise Platform, and I have worked with Enterprise and ITSI, both. Sometimes I have worked with ES also, Enterprise Security.

I use Splunk Enterprise Platform mostly for log monitoring. In our company and our projects, we are monitoring for log monitoring, we are using Splunk. After that, we have created some dashboards according to our requirement and alerts and reports. Sometimes for historical data, we have created summary indexing. We are managing our Splunk Enterprise Platform infrastructure like search head, indexers, deployment server, and license master. We have 1,000, you could say 10,000+ UF. Some of them we are using with apps like Splunk DB Connect. For Kafka, we are using different add-ons for sending our data to Splunk Enterprise Platform from different log paths and log sources. That is the main use for Splunk Enterprise Platform. Mostly we are using it for log monitoring.

When I talk about Splunk Enterprise Platform, I can say that Splunk Enterprise Platform is, whatever the tool I have worked from my last eight, nine years of experience in my overall corporate journey, a very powerful tool where I can customize everything as per my requirement. There is no hesitation and there is no limitation for my customization. Whatever I want, I can do that from Splunk Enterprise Platform. If I am talking about tools other than Splunk Enterprise Platform, they are not very vast, or not good enough to customize. Here I can customize. If I need to customize from backend side, I can do whatever using Python, Java. If I want to create some things, that is a different thing. In every project, the requirements differ. If I need JavaScript in my platform, in my dashboard, where I want to customize and play with the dashboard according to my requirement, I can use JavaScript. I send the data, I can use Python script to send the data to Splunk Enterprise Platform. There are very different things. Mostly the SPL, which I am using, has already covered most of the things. But for what is not covered, I can use some different things also.

In my opinion, the effectiveness of Splunk Enterprise Platform in detecting anomalies for preventing system outages is very good. It is improving day by day.

When I talk about the personalization dashboard in Splunk Enterprise Platform, I can easily customize my dashboard.

Even if people do not know about Splunk Enterprise Platform, they want to create the dashboard, they can just drag and drop. They can add a widget and choose some visualization like a bar chart. If they do not know about the XML or the backend of their dashboards, they can still do it from the UI only.

The Application Management feature in Splunk Enterprise Platform may help enhance the end-user experience, but I need to check that.

Advanced threat detection in Splunk Enterprise Platform is very good enough to detect anomalies and detect vulnerabilities. Splunk Enterprise Platform has a different product called Splunk ES, which is a very good product in cybersecurity. I can easily detect some problems, and it automatically sends alerts. The anomaly detection is very good for live production data. Whenever an anomaly comes in an application, it automatically resolves and just gives the notification. It creates incidents or whatever is needed, where I can integrate with different tools like PagerDuty, Moogsoft, or even send my data into Slack if I am not using ServiceNow.

For a potential area of improvement in Splunk Enterprise Platform, I can say to try to make it easy for the user and user-friendly.

Simplifying the UI would help, because not everybody has it in their knowledge. If you want to sell your product, you will go with the company CIO, Chief Information Technology Officer. I do not think he will be working on that project; he will be working on your tool. Their resources, their employees will be working on Splunk Enterprise Platform. If you will show them the UI where they can understand, even if they do not know about any coding, they can just play, drop, and drag. If you satisfy them, then anyone will work on their tool in their company. I just want to give you the business perspective, because if you talk to any CIO, they are looking first at the UI part. They will not look into the coding part; they will just check the UI. If the UI is user-friendly, it will attract every person.

There is very much improvement needed from Splunk vendor support side because they need to check what people are raising in the requests. They do not understand the concerns people are raising. I do not think Splunk is working on their application support, I believe they hire third-party people who do not know as much about Splunk Enterprise Platform.

Regarding deep knowledge of the product, I am talking about the technical aspects. If anyone says something is not working, it seems many cases I have raised where they do not reply to my request adequately. That is why I say there is a requirement for improvement.

I have been working with Splunk Enterprise Platform for the last six years.

From one to ten, I would rate the stability for Splunk Enterprise Platform as a nine.

I would rate the scalability as an eight.

For technical support from Splunk, I can say it is a two only.

The setup process for Splunk Enterprise Platform is very simple.

In my opinion, the main competitors for Splunk Enterprise Platform in the Enterprise Platform market are Dynatrace and DataDog. Recently, at a Dynatrace conference, they mentioned their goal to beat Splunk Enterprise Platform in the future.

DataDog is also relevant. For open-source options, ELK is available for those who need a more budget-friendly solution since Splunk Enterprise Platform is not open source and is quite costly.

I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us.

I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR.

I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that.

The ability to manage applications through Splunk Enterprise Platform is something I need to check.

I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM, where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it.

Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage.

This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL.

I purchased Splunk Enterprise Platform directly from the vendor.

I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.

We have been working with Splunk Enterprise Platform for two years. Currently, we have been running Splunk in our SOC for two years, but we have not used the Machine Learning Toolkit yet. I believe it is a powerful tool, but we have not explored it.

I think the most valuable feature of Splunk Enterprise Platform is its capability to correlate all the logs that we ingest into our platform. Splunk offers many predefined analytic stories that we can implement for our customers, which act as playbooks for detecting suspicious activity, anomalous behavior, and other security-related events. This capability stands out as a key feature of Splunk.

We work with Splunk on-premise, especially with Splunk Enterprise and Splunk Enterprise Security. Splunk Enterprise refers to Splunk Enterprise Platform and also includes the Splunk Enterprise Security platform, known as Splunk or Splunk ES.

We implement detection rules similarly across multiple platforms, including Microsoft Sentinel, Elastic Security, and IBM QRadar, and I can say that Splunk is one of the powerful SIEM tools. It offers us the flexibility to define our correlation rules and detection rules, which is a significant strength. Compared to other platforms, Splunk is more user-friendly regarding querying, making it easier to create detection rules and correlate various log sources.

From what I have noticed across all SIEM platforms, they are beginning to incorporate AI capabilities, which is an aspect that I think Splunk could enhance. Microsoft Sentinel, for example, features a Security Copilot, but it requires an additional license for use. Other platforms such as Google SecOps and Palo Alto's Cortex XSIAM integrate agentic AI capabilities that I believe will become standard features for all SIEM solutions in the future.

For generative AI, it would be beneficial for Splunk to add features allowing users to define queries using prompts. For example, being able to ask for the top 10 malicious IPs could simplify tasks significantly. Additionally, Splunk could consider an AI response feature where triggered alerts can prompt recommendations for users on corrective actions. A noise cancellation AI might also help security analysts reduce alert clutter. There are many agentic AI improvements that can be made in Splunk Enterprise Platform.

In terms of scalability, many SIEM brands, including Splunk, provide options that adapt to a growing organization. As companies expand, the ability to scale their SIEM is crucial. Splunk allows for scalability, as you can start with an all-in-one instance and, as your deployment grows, split it into distributed deployment, such as separating the search head and indexers. I believe all SIEM solutions provide reliability, and Splunk is no exception as it also offers strong scalability.

We sometimes communicate with Splunk's technical support, but it is not often, especially regarding technical issues. When we encounter issues, we utilize the Splunk community, which I believe showcases a big advantage of Splunk due to its strong community support. Many of our technical problems are resolved by this community.

I usually participate in the initial setup and deployment of Splunk Enterprise Platform.

Regarding pricing, I remember that Splunk is generally more expensive than SIEMs such as Microsoft Sentinel and Securonix, while it is also pricier than Elastic Security. From my perspective, Splunk tends to be too expensive for smaller customers. This leads us not to recommend it for small companies due to the high cost and often pushes us to suggest alternatives such as Elastic Security, which has more volume-based licensing options.

I have experience delivering SIEM platforms to our customers, including Elastic Security, Microsoft Sentinel, Splunk, and IBM QRadar.

We have many use cases for using Splunk Enterprise Platform. We use Splunk to detect anomalies in our customers' IT environments, such as their network environments. We want to detect suspicious activity or anomalous activity from our customer environments. From Splunk, we utilize many applications from Splunkbase to support our deployment. Many of our services relate to the Security Operation Center, so many of our use cases are linked to SOC activities.

Since the query capability in Splunk is extremely flexible, creating dashboards is also very easy. Dashboard creation depends on the SPL queries, and in the latest version of Splunk, we have two options: classic dashboards and Studio dashboards. Both options can be tailored to our needs, enabling us to create highly customized dashboards, for instance, by adding images. This flexibility makes crafting custom dashboards simple.

I find deploying Splunk to be very straightforward because you can choose to install it on either Linux or Microsoft operating systems. Before deployment, we conduct sizing for the instance, including storage, CPU, memory, and network considerations. Once sizing is clear, we proceed with the installation, which offers multiple options such as Debian packages or RPMs. Overall, the deployment process is quite easy.

Currently, many of our customers prefer cloud deployment for Splunk Enterprise Platform. We do not recommend specific cloud services, but we often see GCP, Google, and Microsoft Azure being used among our customers.

I consider Splunk to be one of the best solutions available compared to other options. If budget is not a concern, Splunk stands out due to its extensive integrations, flexibility in scalability, and the simplicity of its deployment. I would rate this review an overall 8.