I focus on threat detection against stock trading systems. I am in charge of five to seven stock trading companies' B2C systems for detecting threat attacks. Our customers include several stock trading companies, banks and and large mobile careers in Japan.
Splunk Enterprise
SplunkExternal reviews
447 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Citizen programming facilitates efficient threat detection and enhances business logic
What is our primary use case?
How has it helped my organization?
We built a threat detection system for our client company, one of the biggest security company in Japan, using Splunk Enterprise Platform. We started a new business on this platform to provide threat detection systems to stock trading system companies and banks, expanding our customer base.
What is most valuable?
One valuable feature of Splunk Enterprise Platform is citizen programming, which allows users to manage and compute huge stream-based datasets easily using SPL language. The second feature is its ability to perform matrix-like stream calculations concurrently, improving upon traditional SIEM tools. Finally, Splunk's Machine Learning Toolkit is offered without charge, allowing users to incorporate machine learning in their business logic, aiding in procedures like threat hunting.
What needs improvement?
Splunk could improve by enhancing its graphical view functionality. Compared to other BI tools, Splunk's graphic features are limited; part of customers desire detailed, rich visual effects, like world maps showing threat attacks as animations. Additionally, the deep learning capabilities need enhancing, especially on Splunk Cloud, where customers find it challenging to use deep learning tools without setting up backend computing resources.
For how long have I used the solution?
I have over 14 years of experience with Splunk Enterprise Platform, beginning my first evaluation in 2011.
What do I think about the stability of the solution?
I would rate the stability of Splunk Enterprise Platform as a seven. While it requires managing configuration files and processing scale-out operations manually, limiting its auto-scaling capabilities, it still performs adequately.
What do I think about the scalability of the solution?
I rate the scalability of Splunk Enterprise Platform as an eight. Some products can automatically scale, but Splunk Enterprise requires manual configuration changes to achieve scale, which is slightly outdated compared to modern technologies.
How are customer service and support?
I rate Splunk Japan's customer service as an eight. Although I generally provide support myself and do not often rely on Splunk support, this rating reflects general consultant feedback.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Elastic Search and Kibana, but switched to Splunk for ease of use and to define business entities such as branches, channels, and stock accounts.
How was the initial setup?
Standalone Installation was very easy. Designing and capacity planning for a distributed cluster environment was not easy.
What about the implementation team?
I am a Splunk consultant and implement customer solutions myself.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing of Splunk as nine out of ten. The pricing model is based on ingesting data sizes, not user count, and includes a free tier for up to 500 MB of daily data, differentiating it from user-based pricing BI-tools.
Which other solutions did I evaluate?
I evaluated ArcSight and Manage Engine and made our selection.
# After using Splunk for several years, I conducted further evaluations, but our selection remained unchanged.
# Datadog was ideal for bug traceback during APM operations.
# Exabeam was ideal for use case-centric threat detection.
What other advice do I have?
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability.
Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Quickk and easy set up and useful for simple testing
I read one review that said that THP was not supported on the instance, but I checked on mine and it was properly configured. I did have a couple of errors that showed that there may have been some files that were not verified as being Splunk installed and that the instance fell below the suggested minimums for running Splunk, but I was just using a Free EC2 instance to try things out.
The web interface came up quickly and with out problems and I was able to install apps quickly and easily. I added some data and had things working well quite quickly. I would like to try a larger AMI instance, but for the testing I did. It was quite usable.
Trying Splunk AMI for the first time
I use Splunk Enterprise Security at work.
Currently studying for my architect certification. I know Splunk AMI on AWS will be the perfect platform for my lab.
Splunk is just couple of clicks away!
I've been using Splunk Enterprise on premises for few years.
And it is hands down the best product I've come across in 15+ sysadmin years.
No, really, I've seen some really nice pieces of software but none of them comes even close. And the Splunk AMI just makes the starting the use of all Splunk Enterprise features so much faster that it is a no-brainer. New or old Splunk user: Grab it. Throw some data, any data, to it and start Splunkin' !
Excellent for trying out Splunk
I wanted to try out a few add-ons to Splunk and this worked perfectly for me. Having an AMI with a ready to go Splunk server and MongoDB combined with a recommended security group made it very easy to start using immediately. I was also able to install the Splunk Mobile Access Server on this instance and connected using the associated iOS and Android apps. If I had any recommendation for Splunk it would be to include the MAS on this AMI as well.
No complaints at all.
More time splunking. Less time installing.
Up and running with Splunk in minutes. This was so easy it was not even funny. It look me longer to set up data feeds than it did preparing Splunk to receive them.
Totally thrilled and pleased. This was a life saver.
Splunk's home for indexes is on the root partition by default. 8GB of SSD storage for the / partition will probably not be enough for you.
Add a 500GB or 1TB magnetic volume and move splunk's index home there before you get started.
One-click Splunk!
From no Splunk to Splunk in minutes. I was able to start collecting and analysing my data within the hour.
showing 1 - 7