The most valuable feature I have found so far is the correlation rule. That seems to be very valuable for us. I can create any alert using the correlation rule, which seems to be interesting for me.

I use Splunk Enterprise Platform for advanced threat detection with the correlation rules, nothing else. We have only very few customers, just two customers. They are not interested in those higher versions of Splunk Enterprise Platform. We rely completely on the correlation rule. We highly rely on this correlation rule.

The personalized dashboards in Splunk Enterprise Platform are a good feature. We have created multiple dashboards. It is easy and understandable, and whatever we need, we can get it. It is not only with Splunk Enterprise Platform but with all the other products. I would say we can go ahead and create a customized dashboard. Since I am working for SOC, I do have an internal dashboard that I have for myself where I have all the service metrics dashboard available. I make use of that rather than going directly into Splunk Enterprise Platform creating there.

I think the machine learning toolkit is fine, but when I talk about threat intelligence, it is not that effective. Since recently, I think Splunk Enterprise Platform has acquired Cisco, which has acquired VirusTotal if I am not wrong. I think VirusTotal. Initially, what used to happen was that the threat intelligence source I used for Splunk Enterprise Platform was not regularly updated. I faced challenges there, and then finally, when I went ahead and researched, I found that VirusTotal is readily available to be used in Splunk Enterprise Platform. So I integrated it, and as of now, I am making better use of it.

The effectiveness of Splunk Enterprise Platform in detecting anomalies and preventing system outages completely depends upon the correlation rule, but when it comes to threat intelligence, I have not explored much of the source side. I am mostly on the SIEM side. Though I have some features that I have integrated, I am mainly working on the SIEM side rather than the source side.

The application management feature, which I believe refers to the interface, is not that attractive, I would say. It is a simplified version, and I am using the cloud platform of Splunk Enterprise Platform instance. It is simple, but it is okay. It is manageable.

I definitely find it problematic, and I think they could need to have more nuances and more features when it comes to the interface. It should be more extended.

From my perspective, Splunk Enterprise Platform can be improved by first making the GUI, the interface, more attractive. The second improvement should try to include all the threat intelligence into that platform, integrating all threat intelligence. The behavior monitoring is a bit of a concern because I do not see much detection. Maybe that is because I am using only the correlation ID, but still, the behavior monitoring should automatically detect. Even if it is a SIEM solution, if I create some rule, that is what I have customized it for. I am not sure if SOAR has that capability, but in case SOAR does have that capability, if not, then they have to improve their machine learning and behavior analytics. I have been in touch with different technicians from different organizations, and they have mentioned these challenges. There are a few drawbacks when it comes to Splunk Enterprise Platform.

I find the price a bit high, I would say. A bit high.

I have been working with this product for one and a half years.

I have no problem with the technical support provided by Splunk Enterprise Platform at all. I do get support whenever needed. I would rank them at an eight, with ten being the highest.

As for the initial setup and configuration for Splunk Enterprise Platform, I will not say it is easy. It is a bit complicated. But since I have support, that makes my life easier. It is a bit complicated compared to Trend Micro, compared to CrowdStrike, and compared to Microsoft Sentinel or Defender for Cloud, Defender for Endpoint. Splunk Enterprise Platform is on the complicated side.

As of now, I am pitching in for Microsoft Sentinel. I am also pitching in for CrowdStrike, which is also a bit expensive, but the only product that I pitch in is Microsoft's product, which is Microsoft Defender for Cloud for Servers, and Defender for Endpoint, Defender for Cloud Apps, Defender for Office, all those products. Defender is one of the cheaper ones. In case a customer is not okay with Microsoft, I pitch in CrowdStrike. First, I pitch in Trend Micro, and then I pitch in CrowdStrike, with CrowdStrike being at the higher price range.

One advantage these competitors have over Splunk Enterprise Platform besides lower pricing is that with one of my customers, they can fetch logs from all sources and bring them into Splunk Enterprise Platform. They can control the logs that are not required. My continuous monitoring allows me to ensure that in case there are certain logs that are no longer required, along with the architect, I can discuss that and bring down the overall log size to around 40 GB per day. I am talking about a log source that is more than 20 as of now for this customer.

The products that have this feature are CrowdStrike and Trend Micro, which have to be configured using the API. Even Microsoft has it, but Microsoft faces a lot of challenges when it comes to pulling a log from a log source that does not have an inbuilt connector. There is a challenge there. However, when it comes to Trend Micro and CrowdStrike, it is a bit easier there using APIs.

I would recommend Splunk Enterprise Platform for bigger companies.

In the future, I expect additional features such as threat intelligence, behavior analytics, log searching, and machine learning capabilities.

As for any other functionalities I would like to see from them in the future, I do not have anything to add right now. I have something in my mind, and in case I remember, I will go ahead and add it.

Splunk Enterprise Platform is very popular in my region. My overall review rating for this product is seven out of ten.

We are working with AppDynamics, Splunk Enterprise Platform, and other Splunk products. However, the main use case here is with Splunk Enterprise Platform.

Splunk Enterprise Platform is a good tool to have, but it is expensive. The features that have proven most effective for real-time data analysis include parts of the platform and its automation capabilities. However, I want them to enhance their automation to cover every aspect, particularly the automation of roles creation.

While Splunk Enterprise Platform is a good product, it is expensive. Additionally, it is complex for inexperienced cybersecurity engineers and requires experienced personnel to handle it effectively.

We have been providing Splunk Enterprise Platform for ten months.

Splunk's technical support is at the same level for all products, although we have not opened many tickets.

Splunk Enterprise Platform is expensive.

The main competitor of Splunk in our region is Exabeam, which is less expensive. For small and medium companies, Fortinet is a competitor. Stellar Cyber has also recently entered the market.

For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.

We use Splunk to create dashboards and do analysis.

Splunk can be used primarily to port log files, allowing for easy and quick management of large amounts of logs. However, this can also be a drawback due to the configuration, parsing, and dashboard creation limitations. Communication is stream-based, which means you need to do a lot of pre-emptive setup to get a nice export. Another issue with Splunk is its streamlined nature; it reruns the query whenever you refresh a dashboard. This becomes problematic if you have a large volume of log files, as it can be slow, resource-intensive, and require significant storage space.

It is designed to process and analyze log files. You feed log files into the platform, automatically extracting different fields. This allows you to filter and manipulate the data in a stream-based manner. Essentially, you pass a log file through various filters sequentially, enhancing or reducing its size by adding or removing information. However, this stream-based approach can make it challenging to create detailed dashboards easily. The platform primarily focuses on log files and is unsuitable for real-time data analysis.

I have been using Splunk Enterprise Platform for one or two years.

The product is stable.

I rate the solution’s stability a six out of ten.

It can be very slow if you have a lot of data, and scaling it up for better performance can be quite expensive.

A thousand users use this solution. We have many systems and a lot of data.
It is centrally deployed and used extensively across various systems. I use it daily, but sometimes I only use it once a month. It depends on the data I need or the issue I'm investigating.

I rate the solution’s scalability a four out of ten.

The initial setup is straightforward.

I wouldn't recommend Splunk Enterprise Platform because it's slow and has significant limitations.

Overall, I rate the solution a six out of ten.

We used the product for cloud-based monitoring or systems monitoring.

The key difference I noticed for my use case, which involved understanding user behaviors and responses to digital elements, was that I could obtain more detailed reporting than what was possible with Amplitude. I could download a file with very specific information, which was helpful.

I did not use it for real-time monitoring. My focus was on investigating incident reports to understand the extent of user impact. Primarily, I utilized the Splunk Enterprise Platform to analyze user behavior.

I found the incident notification to be very helpful. While Splunk Enterprise Platform provided detailed data, it didn't seem to check as many boxes for user behavior as Amplitude did. At the same time, I'm not sure if Amplitude offers features for monitoring or incident coverage.

Its ability to access granular details in Excel was beneficial. It's always helpful to transition from visualizations to detailed user reports.

The tool lacked in providing a shareable format. I had to use pivot tables and manually parse and edit the data to create a visualization-friendly format. It was helpful when we had an issue. What would make it stronger is if it were more proactive. For example, if it highlighted major incidents and their impact on users without digging through notifications, that would be better. Typically, the first question we get is, "Oh, we had an incident. How bad was it? How many customers were impacted?" So having that information pop up from the notification would be helpful.

Splunk Enterprise Platform is stable.

I saw no issues or reasons to think that the product wouldn't scale over time. Our data is growing.

I haven't contacted the tool's support.

I rate the overall product a seven out of ten.

I would recommend it for incident management reporting. I would not advise it for understanding user behavior or usage. If I had to choose between Splunk Enterprise Platform and Amplitude, I would probably go with Amplitude, but I also have no familiarity with what their incident reporting is like.