External reviews
External reviews are not included in the AWS star rating for the product.
SPLUNK Enterprise
What do you like best about the product?
SPLUNK was a nice data analytic tool till the advanced SOAR function tools emerged in the market.
What do you dislike about the product?
Lacks advanced SOAR function. Not pocket friendly as other SAS products are eg Sentinel.
What problems is the product solving and how is that benefiting you?
I was using Splunk for Threat Hunting and Incident investigation. Now I have switched to Microsoft Sentinel as it offers SOAR function and better data analytics at a competitive price.
- Leave a Comment |
- Mark review as helpful
Good place to start log analytics
What do you like best about the product?
The easy-to-use interface and the community support. The product documentation is good, and therefore the learning curve is not too steep
What do you dislike about the product?
For a simple log query, the solution needs you to write a few lines of query. Smart query suggestions would be welcome
What problems is the product solving and how is that benefiting you?
Security and IT log analytics.
Recommendations to others considering the product:
Splunk is a great place to start your log exploration journey.
Data analytics is good but no product for IPv6 support
What do you like best about the product?
The cloud splunk is easy to use and data storage is amazing.This is the biggest advantage of the product.
What do you dislike about the product?
Inspite of being an amazing giant for data capturing and analysis, I dislike its capability to support IPv6 only infrastructure. Also they have no roadmap yet to go towards supporting it. SO this is the biggest limitation of the product as far as I am converned.
What problems is the product solving and how is that benefiting you?
The problem that I am trying to solve is data analysis. We are using it for monitoring our enterprise environment, hardware and doing data analysis. The biggest advantage is ease of use with various kinds of infrastructure. So that is the reason I love this product.
Recommendations to others considering the product:
If you are planning to go too IPv6 for your internal infrastructure or have roadmap towards moving in that direction, then please avoid implementing this product unless they come up with the roadmap for the same. However if that is not the case, then definitely go towards this one.
good
What do you like best about the product?
ease of use. and flexibility ............................
What do you dislike about the product?
complexity at times and technical skill needed
What problems is the product solving and how is that benefiting you?
monitoring applications, still in process of evaluation
Splunk for Data Analysis
What do you like best about the product?
Ease of doing data analysis and the features associated
What do you dislike about the product?
There is nothing in the product which I dislike
What problems is the product solving and how is that benefiting you?
data analysis, log analysis
Another monitoring and search tool
What do you like best about the product?
I've used several monitoring told and Splunk is just like every other. It works as well as it is configured.
What do you dislike about the product?
Misconfiguration can lead to complete network bandwidth saturation very quickly.
What problems is the product solving and how is that benefiting you?
Monitoring and event search
Splunk Review
What do you like best about the product?
A simple, flat process to index the data in their native format. This allows allows the platform to be highly scale-able; It can grow with the amount of data it is needed to process. The system can run in dynamic parallel to your environment.
What do you dislike about the product?
Still have to read through many documentation to find the answers and at many times I can't find it. Not highly customized, would be helpful if they can provide more customization tools.
What problems is the product solving and how is that benefiting you?
Realtime logging and alerts makes Splunk our primary notification system.
Recommendations to others considering the product:
A powerful tool, built lightly (doesn't require a DB) which will help in log collection, reporting and retention.
Worth its weight in gold
What do you like best about the product?
Ability to track trends, create alerts and notifications, share data, ingest data, and get the whole team up to speed.
What do you dislike about the product?
Cost. Learning curve (powerful, but challenging)
What problems is the product solving and how is that benefiting you?
Monitoring, support, dashboard, notifications, reporting.
The cost is really high, but we figured if we used its fully capability, we would require 1 fewer helpdesk person. It took awhile to get the various reports and dashboards set up, but we now have complete visibility into our business, with full history and analytics that anyone in the company can dive into.
The cost is really high, but we figured if we used its fully capability, we would require 1 fewer helpdesk person. It took awhile to get the various reports and dashboards set up, but we now have complete visibility into our business, with full history and analytics that anyone in the company can dive into.
Works as advertised, but not easy or simple.
What do you like best about the product?
I like the ability to create charts & alerts. Searching logs works nicely and you can find what you are looking for, assuming that you wrote your logs in a key-value manner which splunk can index efficiently.
What do you dislike about the product?
I dislike the query language. I never found it intuitive. I felt it is reinventing the wheel, in a bad way. Also it is far from realtime when there is a lot of data. We have got to as much as 30 minutes delay in seeing the service is having a major problem.
What problems is the product solving and how is that benefiting you?
CloudOn provided on-demand remote Microsoft Office to tablets and mobile phones, using a patented proprietary video compression protocol. The service was running on the cloud and logs were collected from all nodes and forwarded to Splunk.
DOV-E is enabling any speaker to engage any mobile device using ultrasonic sound waves encoded with data. DOV-E can collect and index data about message receptions including time, location, user and message content.
DOV-E is enabling any speaker to engage any mobile device using ultrasonic sound waves encoded with data. DOV-E can collect and index data about message receptions including time, location, user and message content.
Recommendations to others considering the product:
You will need to rewrite your logs in a way that Splunk likes to index, otherwise you will not be able to search it easily. We have seen it crashed a number of times under high load. You will need to have someone responsible for starting it back up and managing expiring licenses, disk-out-of-space problems etc.
Good but not ready for Production
I liked the fact that there was a splunk AMI and you can spin up splunk really fast. I was able to build an instance and be up in a matter of minutes. The issues I have with the AMI is that there is currently no support for the new C4 instances. I wanted to build a beefy splunk server with the latest CPUs since searches are CPU heavy and I'm not able to do that now. I also noticed that the AMI does not address disabling Transparent Huge Pages which splunk recommends. This can cause a 30% performance degradation. http://docs.splunk.com/Documentation/Splunk/6.2.3/ReleaseNotes/SplunkandTHP
So, because I couldn't use the instance I wanted, I can't really use this AMI for my needs. I can use it for testing no problem though. The THP issues is not that big because you can disable it easy enough but if splunk is touting this AMI as a recommended configuration I would like to see the THP addressed since it causes performance issues.
showing 1 - 10