I have implemented the complete Splunk Enterprise Platform structure in my previous organization, implementing the platform, creating use cases, dashboard queries, creating dashboards, and onboarding different devices via Syslog and API.
Splunk Enterprise
SplunkExternal reviews
444 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great Log Management, but Dashboard Creation Needs Improvement
What do you like best about the product?
The main log management feature is extremely useful in our organization.
What do you dislike about the product?
Creating dashboards can sometimes be a cumbersome task.
What problems is the product solving and how is that benefiting you?
This platform serves as a one-stop shop for all logs, making it especially useful for both engineers and auditors.
A robust platform for data analysis and correlation
What do you like best about the product?
The ability to centralize, correlate, and analyze large volumes of logs in real-time, which facilitates the detection of incidents.
What do you dislike about the product?
The licensing is high, which may limit its adoption in medium or small organizations.
What problems is the product solving and how is that benefiting you?
Splunk Enterprise solves the problem of having logs scattered across multiple systems. Thanks to its centralization and correlation capabilities, we can now detect incidents faster, comply with audit regulations, and significantly reduce analysis time in investigations.
Has streamlined data integration and enabled real-time dashboard visualizations through a powerful search engine
What is our primary use case?
What is most valuable?
Splunk Enterprise Platform has a vast and versatile powerful search engine with which I can handle all queries, and creating use cases and the search and dashboard is the main selling point, allowing me to visualize live dashboards.
The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. Splunk Enterprise Platform also has its own Phantom as a SOAR, which is much more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry.
Splunk Enterprise Platform serves as a time-saving solution because integrating other sources such as Syslog or router switch firewall is much easier.
What needs improvement?
The cost is the most significant area for improvement in Splunk Enterprise Platform, as it is quite expensive, causing many clients to differ due to this reason. Otherwise, I don't see that Splunk Enterprise Platform requires further improvement because it is the number one tool.
The cost remains a significant point of concern.
For how long have I used the solution?
I have 2.5 years of experience with Splunk Enterprise Platform.
What do I think about the stability of the solution?
The stability depends on how aggressively the environment changes. If I am providing network services, it can be challenging due to continuously changing firewall configurations.
Splunk Enterprise Platform is stable when not integrating or adding new devices continuously.
What do I think about the scalability of the solution?
I consider Splunk Enterprise Platform a scalable solution since it has different components, and if the server is down, I can upgrade the server resources or create a new node for performance optimization.
How are customer service and support?
I have never used their technical support because everything is available on their website and documents. It is crucial for anyone looking to deploy Splunk Enterprise Platform to first certify for their courses, such as the Splunk Administrator and the Power User Administrator certifications, which address all troubleshooting queries.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Splunk Enterprise Platform depends on the user; if set up in a Windows environment, it is much easier, requiring just clicking on the wizard and following the steps. In the Linux environment, it is quite hectic, but manageable compared to Wazuh, where I have to integrate the GPC API key alongside the installation. In Splunk Enterprise Platform, I only need to download and configure a single file, making it easy to manage.
What other advice do I have?
I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar.
We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform.
Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360.
The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution.
I rate Splunk Enterprise Platform 9 out of 10.
Scalable and Brilliant Solutions but Expensive
What do you like best about the product?
Splunk Enterprise is a perfect choice for searching , collecting and even analyzing large datasets
The app is a brilliant visualization apps that helps us identify different patterns in a dataset
We use the app to troubleshoot challenges in our systems
The app is a brilliant visualization apps that helps us identify different patterns in a dataset
We use the app to troubleshoot challenges in our systems
What do you dislike about the product?
Splunk Enterprise is an expensive app that makes small firms fear it
The app is also resource intensive, where proper management and tuning calls for extra technical expertise
The app is also resource intensive, where proper management and tuning calls for extra technical expertise
What problems is the product solving and how is that benefiting you?
Splunk Enterprise is a software that helps us detect systems issues and monitor performance of different systems
The software strengthens the security of our data sets
In case some security anomalies are encountered, this app identifies them and eliminates them
The software strengthens the security of our data sets
In case some security anomalies are encountered, this app identifies them and eliminates them
Best SIEM tools with full flexibility
What do you like best about the product?
The tools is flexible to made configuration changes and there are multiple options of integrations
What do you dislike about the product?
splunk queries is the thing which becomes barrier for a fresher to operate this tool.
What problems is the product solving and how is that benefiting you?
we have splunk for SOC and we have integrated this with our EDR solution which make it a single source of logs and analyzer.
Delivers financial benefits and operational efficiency with impactful data analytics capabilities
What is our primary use case?
The use cases for Splunk Enterprise Platform vary depending on the specific scenario.
Splunk Enterprise Platform has different purposes, including data visualization and other applications.
Splunk Enterprise Platform has different purposes, including data visualization and other applications.
What is most valuable?
In Splunk Enterprise Platform, the most impactful features for data analytics allow you to get into the repository.
There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.
Splunk Enterprise enhances data analytics with its AI capabilities.
There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.
Splunk Enterprise enhances data analytics with its AI capabilities.
What needs improvement?
For future updates of Splunk Enterprise Platform, I would like to see integration by GUI.
The integration should be improved with the UI.
The integration should be improved with the UI.
For how long have I used the solution?
I have been using Splunk Enterprise Platform for about two years.
What was my experience with deployment of the solution?
There are no significant challenges in deploying Splunk Enterprise Platform.
The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.
The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.
How was the initial setup?
The time it takes to deploy Splunk Enterprise Platform depends on the use cases.
It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.
It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.
What about the implementation team?
The same three people take part in the deployment of Splunk Enterprise Platform.
I do not take part in the deployment; my team does.
I do not take part in the deployment; my team does.
What other advice do I have?
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding.
Regarding maintenance, it does not require much as it is on-premises.
Overall, I would rate Splunk Enterprise Platform an eight.
Regarding maintenance, it does not require much as it is on-premises.
Overall, I would rate Splunk Enterprise Platform an eight.
Best Analytic tool for dashboard, reporting and observability
What do you like best about the product?
Splunk Enterprise tool has out of the box applications available to integrate with public cloud/DC (VMWARE) to collect varioud cloud insights & metric data. It's easy to develop a customized dashboard using the data stored.
What do you dislike about the product?
Currently Splunk doesnt support Application performance monitoring and license cost is very high.
What problems is the product solving and how is that benefiting you?
We integrated with public to collect both metric data, cloud insights data to develop a customized dashboard like Executive Dashboard, Service management dashboard, cloud resources insights and cost analysis dashboard.
Splunk enterprise is powerful and reliable
What do you like best about the product?
Real-time data insights and customizable dashboards
What do you dislike about the product?
Steep learning curve for beginners to master
What problems is the product solving and how is that benefiting you?
Splunk enterprise helps centralized logs, detect security threats and monitor system performance, making troubleshooting.
Splunk Enterprise is a powerful and versatile tool for data analysis and security.
What do you like best about the product?
Robust Data Ingestion: Handles massive volumes of data from diverse sources, including logs, metrics, and security events.
What do you dislike about the product?
Complex Configuration: Requires careful configuration to optimize performance and security.
What problems is the product solving and how is that benefiting you?
Extensive App Ecosystem: Benefits from a rich ecosystem of apps for specific use cases, such as security, IT operations, and business analytics.
Seamless integration streamlines fraud detection
What is our primary use case?
The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.
How has it helped my organization?
Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.
What is most valuable?
Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.
What needs improvement?
The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.
For how long have I used the solution?
I have used the solution for approximately three years.
What do I think about the stability of the solution?
I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.
What do I think about the scalability of the solution?
Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.
How are customer service and support?
I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.
What about the implementation team?
I have not been involved in implementing it, except in integration, where I've found it easy.
What was our ROI?
We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.
What's my experience with pricing, setup cost, and licensing?
The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.
Which other solutions did I evaluate?
Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.
What other advice do I have?
Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.
I'd rate the solution eight out of ten.
showing 1 - 10