Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions.

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.

The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.

Sometimes, queries don't give proper results, and the indexes go down.

I have been using Splunk Enterprise Platform for seven years.

I rate the solution an eight out of ten for stability.

I rate the solution’s scalability a nine out of ten.

The solution’s technical support is good.

The solution’s initial setup is easy.

I have heard from my managers that Splunk Enterprise Platform is an expensive solution.

The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.

Overall, I rate the solution an eight out of ten.

I have a variety of use cases. My company uses it for cloud-related operations, anomaly identification, and threat detection.

It's been very useful in regard to security information and threat management (SIEM). Splunk is a valuable tool for my organization.

The timestamp indexing and the easy-to-use visualization features are the most valuable features for data analysis.

Moreover, the dashboard and visualization features have made a big difference. We can quickly identify issues within the dashboards and easily generate insightful reports. If something goes down, we can easily detect the issue.

Splunk's real-time processing capability has been pretty good for my use cases.

There is room for improvement in terms of scalability. They can enhance the ability to handle increasing volumes of data.

I have been using it for four years now.

There have been occasional issues, but nothing major.

I would rate the stability an eight out of ten.

I never had issues with scalability. My organization has 8,000 end users.

I would rate the scalability an eight out of ten.

The customer service and support are good.

In general, the initial setup is fairly easy.

Not everyone can do it. Some knowledge and experience would likely be helpful to get the most out of the setup.

Typically, the deployment would take around 16 to 20 hours.

The pricing is about average.

Overall, I would rate the solution an eight out of ten.

I would recommend using this solution. Overall, Splunk is a good tool for analysis and for representing data in a short span of time. It helps minimize unnecessary noise in the data.

I use the Enterprise platform mainly to monitor infrastructure, applications, and some security logs.

The most valuable feature of Splunk for data analysis is its ability to search using SPL and SQL. With SPL commands, you can analyze both structured and unstructured data and build visualizations, dashboards, and reports. Additionally, Splunk offers alerting mechanisms for proactive monitoring.

There is room for improvement in introducing more AI capabilities onto Splunk Enterprise Platform. While they might exist in other platforms like ITSI, enhancing the Enterprise Platform with AI features would benefit many users who predominantly use it.

I have been using Splunk Enterprise Platform for almost three years.

I would rate the stability of Splunk at around a seven out of ten. While it is generally good, in complex environments, issues may arise due to the increased number of components and dependencies. However, overall, the stability is good.

I would rate Splunk's scalability as a nine out of ten. It is the best log analysis application currently available. Scalability has allowed us to handle increasing volumes of data, enabling us to onboard additional customers and share infrastructure monitoring on the same setup. We have approximately 20 people using Splunk Enterprise Platform in our company.

The technical support team could improve by providing more direct assistance rather than primarily relying on community resources for issue resolution. While they do understand the issues, they often refer to existing communities for solutions instead of directly addressing system-specific concerns. Overall, I would rate the support as a six out of ten.

The initial setup of Splunk Enterprise is relatively complex compared to other monitoring applications in the market. There is a need to focus on simplifying key components and reducing dependencies for a smoother setup process. For a large environment, the deployment of Splunk Enterprise typically takes around three months to set up completely.

Splunk Enterprise Platform is a bit expensive.

I use the Platform to monitor my IT infrastructure. There are apps for Linux and Windows servers that capture performance metrics like CPU and memory usage. These metrics are collected and sent to the blank index through forwarders.

Splunk helps with security information and event management by detecting and monitoring network equipment and firewalls. It saves searches for specific terms, like threats, in firewall logs. When a match is found, it alerts about potential security breaches, helping to detect and address them.

The real-time processing capability in Splunk enhances data monitoring by centrally collecting all data. This allows for easy searching and scheduling of searches, reducing the need for manual intervention.

The dashboard and visualization features in Splunk impact data analysis by providing a clear status of data analysis. Users can create customized views for management, helping them understand what is happening within the infrastructure more effectively.

I would recommend Splunk to others, especially from the CIM perspective. Its data analysis and visualization capabilities are unmatched, making it an excellent choice for SIM.

Overall, I would rate Splunk Enterprise Platform as a nine out of ten.

We use the product for real-time monitoring purposes.

The product's most valuable feature is the ability to explain the values and provide insights into transactions. It allows us to understand successful and failed transactions with a graphical representation easily.

Areas for improvement include enhancing dashboards, reports, alerts, and the monitoring console. With the monitoring console, users can track server performance metrics such as data ingestion, server uptime, CPU, and memory utilization. Integrations with third-party apps can provide comprehensive server monitoring capabilities. However, setting up such integrations may require significant time and effort, as experienced in the mentioned case took nearly 20 days to complete.

We have been using Splunk Enterprise Platform for four years now.

I rate the platform's stability an eight out of ten.

The product is highly scalable.

The complexity of the initial setup largely depends on the level of experience. I find it straightforward due to my proficiency in establishing connectivity, creating DNS, and performing installation configuration. I rate the process a nine and a half out of ten.

The time required for deployment varies depending on the process in place. If changes need to be made within a specific window, such as raising an instance, the window period opens only for a set duration. Deployment in such cases involves raising a change request and obtaining approval, which can take up to seven days. However, from a technical perspective, initial deployment typically takes up to one or two hours. Yet, procedural requirements, like awaiting change request approval, may prolong the process, necessitating additional days of waiting before deployment can proceed.

The product is expensive, and the cost depends on the amount of data ingestion.

When clients request specific data for a particular period, we retrieve the relevant information from our servers and generate statistics. Later, we create reports, alerts, and dashboards based on the requested data. This process involves fetching the necessary data attributes, such as service names, and displaying their corresponding values in the generated reports, alerts, and dashboards.

The platform's alerting capabilities enable the automation of alerts based on predefined conditions. When specific results exceed predefined thresholds, alerts are triggered automatically. For example, if a value exceeds a specified threshold, an email alert is generated and sent to the relevant stakeholders, prompting them to take appropriate action. This automated alerting mechanism enhances operational efficiency by promptly notifying stakeholders of critical events, allowing them to respond swiftly and effectively to potential issues or deviations from expected outcomes.

I recommend Splunk to other people. It's a very good tool, offering many features that surpass other tools like Kaspersky. Its comprehensive monitoring capabilities and insightful analytics make it a valuable user asset.

I rate it a ten out of ten.