I am working with Splunk Enterprise Platform, and I have worked with Enterprise and ITSI, both. Sometimes I have worked with ES also, Enterprise Security.

I use Splunk Enterprise Platform mostly for log monitoring. In our company and our projects, we are monitoring for log monitoring, we are using Splunk. After that, we have created some dashboards according to our requirement and alerts and reports. Sometimes for historical data, we have created summary indexing. We are managing our Splunk Enterprise Platform infrastructure like search head, indexers, deployment server, and license master. We have 1,000, you could say 10,000+ UF. Some of them we are using with apps like Splunk DB Connect. For Kafka, we are using different add-ons for sending our data to Splunk Enterprise Platform from different log paths and log sources. That is the main use for Splunk Enterprise Platform. Mostly we are using it for log monitoring.

When I talk about Splunk Enterprise Platform, I can say that Splunk Enterprise Platform is, whatever the tool I have worked from my last eight, nine years of experience in my overall corporate journey, a very powerful tool where I can customize everything as per my requirement. There is no hesitation and there is no limitation for my customization. Whatever I want, I can do that from Splunk Enterprise Platform. If I am talking about tools other than Splunk Enterprise Platform, they are not very vast, or not good enough to customize. Here I can customize. If I need to customize from backend side, I can do whatever using Python, Java. If I want to create some things, that is a different thing. In every project, the requirements differ. If I need JavaScript in my platform, in my dashboard, where I want to customize and play with the dashboard according to my requirement, I can use JavaScript. I send the data, I can use Python script to send the data to Splunk Enterprise Platform. There are very different things. Mostly the SPL, which I am using, has already covered most of the things. But for what is not covered, I can use some different things also.

In my opinion, the effectiveness of Splunk Enterprise Platform in detecting anomalies for preventing system outages is very good. It is improving day by day.

When I talk about the personalization dashboard in Splunk Enterprise Platform, I can easily customize my dashboard.

Even if people do not know about Splunk Enterprise Platform, they want to create the dashboard, they can just drag and drop. They can add a widget and choose some visualization like a bar chart. If they do not know about the XML or the backend of their dashboards, they can still do it from the UI only.

The Application Management feature in Splunk Enterprise Platform may help enhance the end-user experience, but I need to check that.

Advanced threat detection in Splunk Enterprise Platform is very good enough to detect anomalies and detect vulnerabilities. Splunk Enterprise Platform has a different product called Splunk ES, which is a very good product in cybersecurity. I can easily detect some problems, and it automatically sends alerts. The anomaly detection is very good for live production data. Whenever an anomaly comes in an application, it automatically resolves and just gives the notification. It creates incidents or whatever is needed, where I can integrate with different tools like PagerDuty, Moogsoft, or even send my data into Slack if I am not using ServiceNow.

For a potential area of improvement in Splunk Enterprise Platform, I can say to try to make it easy for the user and user-friendly.

Simplifying the UI would help, because not everybody has it in their knowledge. If you want to sell your product, you will go with the company CIO, Chief Information Technology Officer. I do not think he will be working on that project; he will be working on your tool. Their resources, their employees will be working on Splunk Enterprise Platform. If you will show them the UI where they can understand, even if they do not know about any coding, they can just play, drop, and drag. If you satisfy them, then anyone will work on their tool in their company. I just want to give you the business perspective, because if you talk to any CIO, they are looking first at the UI part. They will not look into the coding part; they will just check the UI. If the UI is user-friendly, it will attract every person.

There is very much improvement needed from Splunk vendor support side because they need to check what people are raising in the requests. They do not understand the concerns people are raising. I do not think Splunk is working on their application support, I believe they hire third-party people who do not know as much about Splunk Enterprise Platform.

Regarding deep knowledge of the product, I am talking about the technical aspects. If anyone says something is not working, it seems many cases I have raised where they do not reply to my request adequately. That is why I say there is a requirement for improvement.

I have been working with Splunk Enterprise Platform for the last six years.

From one to ten, I would rate the stability for Splunk Enterprise Platform as a nine.

I would rate the scalability as an eight.

For technical support from Splunk, I can say it is a two only.

The setup process for Splunk Enterprise Platform is very simple.

In my opinion, the main competitors for Splunk Enterprise Platform in the Enterprise Platform market are Dynatrace and DataDog. Recently, at a Dynatrace conference, they mentioned their goal to beat Splunk Enterprise Platform in the future.

DataDog is also relevant. For open-source options, ELK is available for those who need a more budget-friendly solution since Splunk Enterprise Platform is not open source and is quite costly.

I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us.

I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR.

I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that.

The ability to manage applications through Splunk Enterprise Platform is something I need to check.

I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM, where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it.

Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage.

This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL.

I purchased Splunk Enterprise Platform directly from the vendor.

I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.

We have been working with Splunk Enterprise Platform for two years. Currently, we have been running Splunk in our SOC for two years, but we have not used the Machine Learning Toolkit yet. I believe it is a powerful tool, but we have not explored it.

I think the most valuable feature of Splunk Enterprise Platform is its capability to correlate all the logs that we ingest into our platform. Splunk offers many predefined analytic stories that we can implement for our customers, which act as playbooks for detecting suspicious activity, anomalous behavior, and other security-related events. This capability stands out as a key feature of Splunk.

We work with Splunk on-premise, especially with Splunk Enterprise and Splunk Enterprise Security. Splunk Enterprise refers to Splunk Enterprise Platform and also includes the Splunk Enterprise Security platform, known as Splunk or Splunk ES.

We implement detection rules similarly across multiple platforms, including Microsoft Sentinel, Elastic Security, and IBM QRadar, and I can say that Splunk is one of the powerful SIEM tools. It offers us the flexibility to define our correlation rules and detection rules, which is a significant strength. Compared to other platforms, Splunk is more user-friendly regarding querying, making it easier to create detection rules and correlate various log sources.

From what I have noticed across all SIEM platforms, they are beginning to incorporate AI capabilities, which is an aspect that I think Splunk could enhance. Microsoft Sentinel, for example, features a Security Copilot, but it requires an additional license for use. Other platforms such as Google SecOps and Palo Alto's Cortex XSIAM integrate agentic AI capabilities that I believe will become standard features for all SIEM solutions in the future.

For generative AI, it would be beneficial for Splunk to add features allowing users to define queries using prompts. For example, being able to ask for the top 10 malicious IPs could simplify tasks significantly. Additionally, Splunk could consider an AI response feature where triggered alerts can prompt recommendations for users on corrective actions. A noise cancellation AI might also help security analysts reduce alert clutter. There are many agentic AI improvements that can be made in Splunk Enterprise Platform.

In terms of scalability, many SIEM brands, including Splunk, provide options that adapt to a growing organization. As companies expand, the ability to scale their SIEM is crucial. Splunk allows for scalability, as you can start with an all-in-one instance and, as your deployment grows, split it into distributed deployment, such as separating the search head and indexers. I believe all SIEM solutions provide reliability, and Splunk is no exception as it also offers strong scalability.

We sometimes communicate with Splunk's technical support, but it is not often, especially regarding technical issues. When we encounter issues, we utilize the Splunk community, which I believe showcases a big advantage of Splunk due to its strong community support. Many of our technical problems are resolved by this community.

I usually participate in the initial setup and deployment of Splunk Enterprise Platform.

Regarding pricing, I remember that Splunk is generally more expensive than SIEMs such as Microsoft Sentinel and Securonix, while it is also pricier than Elastic Security. From my perspective, Splunk tends to be too expensive for smaller customers. This leads us not to recommend it for small companies due to the high cost and often pushes us to suggest alternatives such as Elastic Security, which has more volume-based licensing options.

I have experience delivering SIEM platforms to our customers, including Elastic Security, Microsoft Sentinel, Splunk, and IBM QRadar.

We have many use cases for using Splunk Enterprise Platform. We use Splunk to detect anomalies in our customers' IT environments, such as their network environments. We want to detect suspicious activity or anomalous activity from our customer environments. From Splunk, we utilize many applications from Splunkbase to support our deployment. Many of our services relate to the Security Operation Center, so many of our use cases are linked to SOC activities.

Since the query capability in Splunk is extremely flexible, creating dashboards is also very easy. Dashboard creation depends on the SPL queries, and in the latest version of Splunk, we have two options: classic dashboards and Studio dashboards. Both options can be tailored to our needs, enabling us to create highly customized dashboards, for instance, by adding images. This flexibility makes crafting custom dashboards simple.

I find deploying Splunk to be very straightforward because you can choose to install it on either Linux or Microsoft operating systems. Before deployment, we conduct sizing for the instance, including storage, CPU, memory, and network considerations. Once sizing is clear, we proceed with the installation, which offers multiple options such as Debian packages or RPMs. Overall, the deployment process is quite easy.

Currently, many of our customers prefer cloud deployment for Splunk Enterprise Platform. We do not recommend specific cloud services, but we often see GCP, Google, and Microsoft Azure being used among our customers.

I consider Splunk to be one of the best solutions available compared to other options. If budget is not a concern, Splunk stands out due to its extensive integrations, flexibility in scalability, and the simplicity of its deployment. I would rate this review an overall 8.

I have implemented the complete Splunk Enterprise Platform structure in my previous organization, implementing the platform, creating use cases, dashboard queries, creating dashboards, and onboarding different devices via Syslog and API.

Splunk Enterprise Platform has a vast and versatile powerful search engine with which I can handle all queries, and creating use cases and the search and dashboard is the main selling point, allowing me to visualize live dashboards.

The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. Splunk Enterprise Platform also has its own Phantom as a SOAR, which is much more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry.

Splunk Enterprise Platform serves as a time-saving solution because integrating other sources such as Syslog or router switch firewall is much easier.

The cost is the most significant area for improvement in Splunk Enterprise Platform, as it is quite expensive, causing many clients to differ due to this reason. Otherwise, I don't see that Splunk Enterprise Platform requires further improvement because it is the number one tool.

The cost remains a significant point of concern.

I have 2.5 years of experience with Splunk Enterprise Platform.

The stability depends on how aggressively the environment changes. If I am providing network services, it can be challenging due to continuously changing firewall configurations.

Splunk Enterprise Platform is stable when not integrating or adding new devices continuously.

I consider Splunk Enterprise Platform a scalable solution since it has different components, and if the server is down, I can upgrade the server resources or create a new node for performance optimization.

I have never used their technical support because everything is available on their website and documents. It is crucial for anyone looking to deploy Splunk Enterprise Platform to first certify for their courses, such as the Splunk Administrator and the Power User Administrator certifications, which address all troubleshooting queries.

The initial setup of Splunk Enterprise Platform depends on the user; if set up in a Windows environment, it is much easier, requiring just clicking on the wizard and following the steps. In the Linux environment, it is quite hectic, but manageable compared to Wazuh, where I have to integrate the GPC API key alongside the installation. In Splunk Enterprise Platform, I only need to download and configure a single file, making it easy to manage.

I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar.

We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform.

Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360.

The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution.

I rate Splunk Enterprise Platform 9 out of 10.