We use the tool to monitor logs from various sources. Multiple users send their logs to the Splunk Enterprise Platform using different methods, including Universal Forwarder and AWS services like S3. Additionally, we utilize tools like AWS Genesys for log transmission.

The product helps monitor and visualize data. It allows you to handle various tasks. You can store, visualize, and analyze data with the Splunk Enterprise Platform. It offers features like virtual folders and heavy folders for filtering data. Additionally, you can create dashboards to showcase data to different teams and stakeholders. The tool also enables the creation of analytics and alerts and sends reports, making it a valuable tool for our system.

The dashboard and visualization features are good for data analysis. With features like the Studio dashboard introduced in versions 8 to 9, users find it much easier to create dashboards without knowledge of languages like XML.

Based on my experience, I've noticed areas for improvement, particularly in support. Developers typically interact with support personnel who may lack technical expertise when raising support tickets. This can result in delays as initial interactions involve sharing documents before escalation to higher support levels.

I have been using the product for four years.

I rate the tool's stability an eight out of ten.

The tool's scalability is good, and it is based on licensing. My company has more than 10,000 users.

I used Dynatrace before the Splunk Enterprise Platform.

The tool's deployment can be complex for the first time. It can become more manageable after that.

If you exceed your licensed limit, the product will issue a warning, typically a five-license warning. Additionally, they send daily email notifications informing you about the breach. This prompts you to consider options such as minimizing logs or acquiring additional licensing to address the issue.

It can be perceived as expensive, especially for organizations dealing with large volumes of data, such as in the banking sector, where numerous logs are generated every second. While other tools are available at lower costs, some teams may consider open-source or lower-cost alternatives, especially if they have funding constraints.

Regarding security and event management, the tool is handled by a different team. They utilize security enterprise tools, including SIEM, to manage security. Splunk Enterprise Platform's real-time processing capability significantly enhances our data monitoring. I would rate it an eight out of ten.

The solution is used for basically, to monitor various logs, so it is the application logs, some kind we are monitoring databases.

Splunk is providing, like, proactive monitoring using desserts and all. So these things have improved a lot. Like, in our done day to day activities and all. So whenever we are seeing any kind of alerts and also on that basis, we are going to create alert.

For monitoring security data is the most valuable feature.

Currently, I think things are good only. There are certain things which is not which is there in the other platform like UAE, UBA is there. Like, Splunk is having another product itself. But the thing is, like, if that can be incorporated with the Splunk Enterprise three version. So it will be helpful for the users to explore more on that one.

I have been using Splunk Enterprise Platform for five years.

The stability is a nine out of ten meaning the solution is highly stable.

It is a scalable solution. Around thousand plus users are using the solution.

I have been using this Splunk only from my, like, a shorting of the career. During this period, I have been using AppDynamics and NetSync as well.

Normally so for trial version, it is easy. So it depends on how much data you are ingesting. So if you are going for the Flushing environment, so that setup Could be somewhat difficult, but, normally, it will be easy only.

I have seen a Return on Investment.

Costing depends on, like, how much data you are investing. So that will increase your cost.

I will rate the overall solution a nine out of ten.

We used the product for cloud-based monitoring or systems monitoring.

The key difference I noticed for my use case, which involved understanding user behaviors and responses to digital elements, was that I could obtain more detailed reporting than what was possible with Amplitude. I could download a file with very specific information, which was helpful.

I did not use it for real-time monitoring. My focus was on investigating incident reports to understand the extent of user impact. Primarily, I utilized the Splunk Enterprise Platform to analyze user behavior.

I found the incident notification to be very helpful. While Splunk Enterprise Platform provided detailed data, it didn't seem to check as many boxes for user behavior as Amplitude did. At the same time, I'm not sure if Amplitude offers features for monitoring or incident coverage.

Its ability to access granular details in Excel was beneficial. It's always helpful to transition from visualizations to detailed user reports.

The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.

Splunk Enterprise Platform is stable.

I saw no issues or reasons to think that the product wouldn't scale over time. Our data is growing.

I haven't contacted the tool's support.

I rate the overall product a seven out of ten.

I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.

We use the solution mainly for security operations. We receive logs from different log sources.

The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.

The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.

We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.

The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.

It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.

We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.

I have been using the solution for two years. I am using the latest version of the solution.

The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.

Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.

Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.

This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.

The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.

I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.

The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.

Our customers pay for the licenses. It’s bundled together in a yearly subscription.

There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.