We have been working with Splunk Enterprise Platform for two years. Currently, we have been running Splunk in our SOC for two years, but we have not used the Machine Learning Toolkit yet. I believe it is a powerful tool, but we have not explored it.
Splunk Enterprise
SplunkExternal reviews
447 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Essential, Feature-Rich SIEM Tool for IT Security
What do you like best about the product?
Easy to use SIEM tool with lots of features that is necessary in the IT security sector.
What do you dislike about the product?
Splunk has met all my requirements so far.
What problems is the product solving and how is that benefiting you?
Helps with detecting and identifying security events.
Flexible analytics have unified our security monitoring and improved threat detection workflows
What is our primary use case?
What is most valuable?
I think the most valuable feature of Splunk Enterprise Platform is its capability to correlate all the logs that we ingest into our platform. Splunk offers many predefined analytic stories that we can implement for our customers, which act as playbooks for detecting suspicious activity, anomalous behavior, and other security-related events. This capability stands out as a key feature of Splunk.
We work with Splunk on-premise, especially with Splunk Enterprise and Splunk Enterprise Security. Splunk Enterprise refers to Splunk Enterprise Platform and also includes the Splunk Enterprise Security platform, known as Splunk or Splunk ES.
We implement detection rules similarly across multiple platforms, including Microsoft Sentinel, Elastic Security, and IBM QRadar, and I can say that Splunk is one of the powerful SIEM tools. It offers us the flexibility to define our correlation rules and detection rules, which is a significant strength. Compared to other platforms, Splunk is more user-friendly regarding querying, making it easier to create detection rules and correlate various log sources.
What needs improvement?
From what I have noticed across all SIEM platforms, they are beginning to incorporate AI capabilities, which is an aspect that I think Splunk could enhance. Microsoft Sentinel, for example, features a Security Copilot, but it requires an additional license for use. Other platforms such as Google SecOps and Palo Alto's Cortex XSIAM integrate agentic AI capabilities that I believe will become standard features for all SIEM solutions in the future.
For generative AI, it would be beneficial for Splunk to add features allowing users to define queries using prompts. For example, being able to ask for the top 10 malicious IPs could simplify tasks significantly. Additionally, Splunk could consider an AI response feature where triggered alerts can prompt recommendations for users on corrective actions. A noise cancellation AI might also help security analysts reduce alert clutter. There are many agentic AI improvements that can be made in Splunk Enterprise Platform.
What do I think about the scalability of the solution?
In terms of scalability, many SIEM brands, including Splunk, provide options that adapt to a growing organization. As companies expand, the ability to scale their SIEM is crucial. Splunk allows for scalability, as you can start with an all-in-one instance and, as your deployment grows, split it into distributed deployment, such as separating the search head and indexers. I believe all SIEM solutions provide reliability, and Splunk is no exception as it also offers strong scalability.
How are customer service and support?
We sometimes communicate with Splunk's technical support, but it is not often, especially regarding technical issues. When we encounter issues, we utilize the Splunk community, which I believe showcases a big advantage of Splunk due to its strong community support. Many of our technical problems are resolved by this community.
How would you rate customer service and support?
How was the initial setup?
I usually participate in the initial setup and deployment of Splunk Enterprise Platform.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, I remember that Splunk is generally more expensive than SIEMs such as Microsoft Sentinel and Securonix, while it is also pricier than Elastic Security. From my perspective, Splunk tends to be too expensive for smaller customers. This leads us not to recommend it for small companies due to the high cost and often pushes us to suggest alternatives such as Elastic Security, which has more volume-based licensing options.
Which other solutions did I evaluate?
I have experience delivering SIEM platforms to our customers, including Elastic Security, Microsoft Sentinel, Splunk, and IBM QRadar.
What other advice do I have?
We have many use cases for using Splunk Enterprise Platform. We use Splunk to detect anomalies in our customers' IT environments, such as their network environments. We want to detect suspicious activity or anomalous activity from our customer environments. From Splunk, we utilize many applications from Splunkbase to support our deployment. Many of our services relate to the Security Operation Center, so many of our use cases are linked to SOC activities.
Since the query capability in Splunk is extremely flexible, creating dashboards is also very easy. Dashboard creation depends on the SPL queries, and in the latest version of Splunk, we have two options: classic dashboards and Studio dashboards. Both options can be tailored to our needs, enabling us to create highly customized dashboards, for instance, by adding images. This flexibility makes crafting custom dashboards simple.
I find deploying Splunk to be very straightforward because you can choose to install it on either Linux or Microsoft operating systems. Before deployment, we conduct sizing for the instance, including storage, CPU, memory, and network considerations. Once sizing is clear, we proceed with the installation, which offers multiple options such as Debian packages or RPMs. Overall, the deployment process is quite easy.
Currently, many of our customers prefer cloud deployment for Splunk Enterprise Platform. We do not recommend specific cloud services, but we often see GCP, Google, and Microsoft Azure being used among our customers.
I consider Splunk to be one of the best solutions available compared to other options. If budget is not a concern, Splunk stands out due to its extensive integrations, flexibility in scalability, and the simplicity of its deployment. I would rate this review an overall 8.
Outstanding Observability and Log Management Across All Platforms
What do you like best about the product?
Splunk Enterprise is an excellent end-to-end observability tool for log management, metrics, and traces, as well as for performing AIOps to manage IT infrastructure. It supports all major cloud platforms, including Azure, GCP, AWS, and VMware, along with legacy infrastructure hosting platforms such as Linux, on-premises VMware, and Hyper-V.
What do you dislike about the product?
Daily Log Data size cap is bit low for the Enteprise Organizations running thousands of workloads. Renewal costs are high. Need formal training to support and manage the Platform.
What problems is the product solving and how is that benefiting you?
Log management, E2E Observability Platform , URL monitoring, Digital User experience monitoring, SLO,SLA improvement. Root Cause Analysis during incidents.
Effortless Setup and Configuration
What do you like best about the product?
Easy of use and setting up configurations
What do you dislike about the product?
License cost is heavy and which required most of the storage and when dealing with large data, performance will be degraded
What problems is the product solving and how is that benefiting you?
Monitoring
Great Log Management, but Dashboard Creation Needs Improvement
What do you like best about the product?
The main log management feature is extremely useful in our organization.
What do you dislike about the product?
Creating dashboards can sometimes be a cumbersome task.
What problems is the product solving and how is that benefiting you?
This platform serves as a one-stop shop for all logs, making it especially useful for both engineers and auditors.
A robust platform for data analysis and correlation
What do you like best about the product?
The ability to centralize, correlate, and analyze large volumes of logs in real-time, which facilitates the detection of incidents.
What do you dislike about the product?
The licensing is high, which may limit its adoption in medium or small organizations.
What problems is the product solving and how is that benefiting you?
Splunk Enterprise solves the problem of having logs scattered across multiple systems. Thanks to its centralization and correlation capabilities, we can now detect incidents faster, comply with audit regulations, and significantly reduce analysis time in investigations.
Has streamlined data integration and enabled real-time dashboard visualizations through a powerful search engine
What is our primary use case?
I have implemented the complete Splunk Enterprise Platform structure in my previous organization, implementing the platform, creating use cases, dashboard queries, creating dashboards, and onboarding different devices via Syslog and API.
What is most valuable?
Splunk Enterprise Platform has a vast and versatile powerful search engine with which I can handle all queries, and creating use cases and the search and dashboard is the main selling point, allowing me to visualize live dashboards.
The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. Splunk Enterprise Platform also has its own Phantom as a SOAR, which is much more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry.
Splunk Enterprise Platform serves as a time-saving solution because integrating other sources such as Syslog or router switch firewall is much easier.
What needs improvement?
The cost is the most significant area for improvement in Splunk Enterprise Platform, as it is quite expensive, causing many clients to differ due to this reason. Otherwise, I don't see that Splunk Enterprise Platform requires further improvement because it is the number one tool.
The cost remains a significant point of concern.
For how long have I used the solution?
I have 2.5 years of experience with Splunk Enterprise Platform.
What do I think about the stability of the solution?
The stability depends on how aggressively the environment changes. If I am providing network services, it can be challenging due to continuously changing firewall configurations.
Splunk Enterprise Platform is stable when not integrating or adding new devices continuously.
What do I think about the scalability of the solution?
I consider Splunk Enterprise Platform a scalable solution since it has different components, and if the server is down, I can upgrade the server resources or create a new node for performance optimization.
How are customer service and support?
I have never used their technical support because everything is available on their website and documents. It is crucial for anyone looking to deploy Splunk Enterprise Platform to first certify for their courses, such as the Splunk Administrator and the Power User Administrator certifications, which address all troubleshooting queries.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Splunk Enterprise Platform depends on the user; if set up in a Windows environment, it is much easier, requiring just clicking on the wizard and following the steps. In the Linux environment, it is quite hectic, but manageable compared to Wazuh, where I have to integrate the GPC API key alongside the installation. In Splunk Enterprise Platform, I only need to download and configure a single file, making it easy to manage.
What other advice do I have?
I have expertise in Splunk Enterprise Platform tools, including Splunk Cloud, having experience working with other tools such as IBM Security QRadar.
We are a managed service provider (MSP), and we provide services using Splunk Enterprise Platform.
Splunk Enterprise Platform holds the number one position in Gartner, and integrating different types of tools and creating use cases is much more streamlined compared to other tools such as IBM QRadar and AD audit, managing the log 360.
The platform has a powerful search engine, allowing the integration of custom AI such as ChatGPT. It also has Phantom as a SOAR, which is more refined and gives more accurate results than any other AI integrated SIM tool. In anomaly detection, I can live track anomalies and change the registry. While working with Wazuh, when I integrated the Cortex XDR, there was a mismatch of events sometimes, making it tedious, but in Splunk Enterprise Platform, I just need to log into the console and everything is there, making it an all-in-one solution.
I rate Splunk Enterprise Platform 9 out of 10.
Scalable and Brilliant Solutions but Expensive
What do you like best about the product?
Splunk Enterprise is a perfect choice for searching , collecting and even analyzing large datasets
The app is a brilliant visualization apps that helps us identify different patterns in a dataset
We use the app to troubleshoot challenges in our systems
The app is a brilliant visualization apps that helps us identify different patterns in a dataset
We use the app to troubleshoot challenges in our systems
What do you dislike about the product?
Splunk Enterprise is an expensive app that makes small firms fear it
The app is also resource intensive, where proper management and tuning calls for extra technical expertise
The app is also resource intensive, where proper management and tuning calls for extra technical expertise
What problems is the product solving and how is that benefiting you?
Splunk Enterprise is a software that helps us detect systems issues and monitor performance of different systems
The software strengthens the security of our data sets
In case some security anomalies are encountered, this app identifies them and eliminates them
The software strengthens the security of our data sets
In case some security anomalies are encountered, this app identifies them and eliminates them
Best SIEM tools with full flexibility
What do you like best about the product?
The tools is flexible to made configuration changes and there are multiple options of integrations
What do you dislike about the product?
splunk queries is the thing which becomes barrier for a fresher to operate this tool.
What problems is the product solving and how is that benefiting you?
we have splunk for SOC and we have integrated this with our EDR solution which make it a single source of logs and analyzer.
Delivers financial benefits and operational efficiency with impactful data analytics capabilities
What is our primary use case?
The use cases for Splunk Enterprise Platform vary depending on the specific scenario.
Splunk Enterprise Platform has different purposes, including data visualization and other applications.
Splunk Enterprise Platform has different purposes, including data visualization and other applications.
What is most valuable?
In Splunk Enterprise Platform, the most impactful features for data analytics allow you to get into the repository.
There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.
Splunk Enterprise enhances data analytics with its AI capabilities.
There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.
Splunk Enterprise enhances data analytics with its AI capabilities.
What needs improvement?
For future updates of Splunk Enterprise Platform, I would like to see integration by GUI.
The integration should be improved with the UI.
The integration should be improved with the UI.
For how long have I used the solution?
I have been using Splunk Enterprise Platform for about two years.
What was my experience with deployment of the solution?
There are no significant challenges in deploying Splunk Enterprise Platform.
The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.
The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.
How was the initial setup?
The time it takes to deploy Splunk Enterprise Platform depends on the use cases.
It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.
It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.
What about the implementation team?
The same three people take part in the deployment of Splunk Enterprise Platform.
I do not take part in the deployment; my team does.
I do not take part in the deployment; my team does.
What other advice do I have?
My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding.
Regarding maintenance, it does not require much as it is on-premises.
Overall, I would rate Splunk Enterprise Platform an eight.
Regarding maintenance, it does not require much as it is on-premises.
Overall, I would rate Splunk Enterprise Platform an eight.
showing 1 - 10