Listing Thumbnail

    Splunk Enterprise

     Info
    Sold by: Splunk 
    Deployed on AWS
    AWS Free Tier
    The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS..
    4.3

    Overview

    The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS. Splunk Enterprise is the leading platform for Operational Intelligence, delivering an easy, fast, and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems and technology infrastructure - physical, virtual and in the cloud. Use this AMI to take Splunk for a test drive, or as the basis for your Enterprise-level deployment. The Splunk Enterprise AMI ships with a fully-featured trial license that is valid for 60 days after launch. After the trial expires, your deployment will default to Splunk Free.

    Highlights

    • Collect and index any machine-generated data from virtually any source or location in real time. Just point Splunk Enterprise at your data, and it immediately starts collecting and indexing--so you can start searching and analyzing.
    • With Splunk Enterprise, you can correlate complex events spanning many diverse data sources across your environment. Types of correlations include time-based correlations, transaction-based correlations, sub-searches, lookups, and joins.
    • Splunk Enterprise scales to collect and index tens of terabytes of data per day. And because the insights from your data are mission critical, Splunk Enterprise's clustering technology provides the availability you need, even as you scale out your low-cost, distributed computing environment.

    Details

    Sold by

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    AmazonLinux 2023

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Splunk Enterprise

     Info
    Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Vendor refund policy

    Refunds are not available

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    To learn what's new in Enterprise 10.4.1, please visit https://docs.splunk.com/Documentation/Splunk/10.4.1/ReleaseNotes/MeetSplunk 

    Additional details

    Usage instructions

    Get started with Splunk Web:

    • In your EC2 Management Console, find your instance running Splunk Enterprise.
    • Copy its public IP.
    • Paste the public IP into a new browser tab (do not hit enter yet).
    • Append :8000 to the end of the IP.
    • Hit enter.
    • Log into Splunk for the first time with the following credentials: ** username: admin ** password for Enterprise 7.2.5 and above: SPLUNK-$instance-id$ ** password for Enterprise 7.2.0 and below: $instance-id$

    Please modify the security groups to allow and disallow certain IP addresses per your requirements. The default is open to all IP addresses.

    Read more about the Splunk Enterprise AMI here: https://docs.splunk.com/Documentation/Splunk/latest/Admin/AbouttheSplunkAMI 

    Upgrade Instructions: http://docs.splunk.com/Documentation/Splunk/latest/Installation/HowtoupgradeSplunk 

    Resources

    Support

    Vendor support

    Options available

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Migration
    Top
    10
    In Data Anonymization, Data Security and Governance

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    0 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    0 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Complex Event Correlation
    Correlates complex events spanning multiple diverse data sources using time-based correlations, transaction-based correlations, sub-searches, lookups, and joins
    High-Volume Data Processing
    Scales to collect and index tens of terabytes of data per day
    Clustering and High Availability
    Provides clustering technology for availability and fault tolerance across distributed computing environments
    Machine Data Search and Analysis
    Enables searching, analyzing, and visualizing massive streams of machine data generated by IT systems and technology infrastructure
    Real-time Data Collection and Indexing
    Collects and indexes machine-generated data from virtually any source or location in real time with automatic indexing upon data ingestion.
    Complex Event Correlation
    Correlates complex events spanning multiple diverse data sources using time-based correlations, transaction-based correlations, sub-searches, lookups, and joins.
    Scalable Data Processing
    Scales to collect and index tens of terabytes of data per day with distributed computing architecture.
    High Availability Clustering
    Provides clustering technology for availability and fault tolerance across distributed computing environments.
    Machine Data Search and Analysis
    Enables searching, analyzing, and visualization of machine data generated by IT systems and technology infrastructure across physical, virtual, and cloud environments.
    Data Routing and Destination Management
    Routes data to multiple destinations with capability to deliver specific data to targeted tools while archiving full fidelity data to cost-effective storage
    Data Optimization and Reduction
    Reduces data streams by up to 50% through removal of unused log and metric data
    Event Processing and Transformation
    Processes event data through centralized parsing with capabilities to route, optimize, reformat, and enrich data in flight
    Role-Based Access Control
    Implements role-based access control with support for external authentication via LDAP, Splunk, and OpenID Connect identity providers
    Real-Time Monitoring and Configuration
    Provides GUI-based configuration and testing interface with live data capture and real-time observability pipeline monitoring

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.3
    493 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    57%
    36%
    5%
    1%
    1%
    26 AWS reviews
    |
    467 external reviews
    External reviews are from G2  and PeerSpot .
    Chirag Singhtalwar

    Centralized logging has transformed security monitoring and incident response efficiency

    Reviewed on Jul 10, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Splunk Enterprise Platform  is security monitoring and incident detection. I use Splunk Enterprise Platform  to collect and analyze logs from servers, endpoints, firewalls, and network devices. I monitor security events, investigate alerts, troubleshoot issues, and support incident response through dashboards and log search.

    One example of how I have used Splunk Enterprise Platform for security monitoring and incident detection was when Splunk Enterprise Platform generated multiple failed login alerts for a privileged account from different IP addresses in a short period. I used SPL to review the authentication logs, correlating them with firewall and Windows Event Logs. I confirmed it was a password spraying attempt rather than normal user activity. I escalated the incident, the account was secured, and the source IPs were blocked.

    In addition to security monitoring, I use Splunk Enterprise Platform for operational monitoring and troubleshooting. It helps me quickly search logs from Windows and Linux servers, network devices, and security tools to identify the root cause of issues. I have also used dashboards to monitor system health and create alerts for critical events, which improves response time and reduces manual log analysis.

    What is most valuable?

    The best features Splunk Enterprise Platform offers are its log analysis and its powerful log search capabilities using SPL. Centralized log collection, real-time monitoring, alerting, customizable dashboards, fast troubleshooting, and the ability to correlate events from multiple data sources are all valuable. It also scales well for large environments and integrates with many security and IT tools, making incident investigation much more efficient.

    Splunk Enterprise Platform has improved visibility across the environment by centralizing logs from multiple systems. It has reduced the time needed to detect, investigate, and respond to security incidents, streamlined troubleshooting, and helped my team respond to issues more quickly. Overall, it has improved operational efficiency and reduced downtime.

    What needs improvement?

    One area for improvement for Splunk Enterprise Platform is the learning curve. Splunk Enterprise Platform and SPL can take time for new users to master. Licensing and data ingestion costs can also become expensive as log volumes grow. Additionally, simplifying the initial deployment and providing more out-of-the-box dashboards and use cases would help organizations get value more quickly.

    For how long have I used the solution?

    I have been working for three or more years in my current field.

    What other advice do I have?

    The feature I rely on the most day-to-day is SPL, Search Processing Language. It allows me to quickly search and filter large volumes of logs, investigate alerts, and troubleshoot issues instead of manually checking logs on multiple systems. I can correlate events from different sources in one place, identify root causes faster, and respond to incidents more efficiently.

    One thing I particularly appreciate about the features is the flexibility of Splunk Enterprise Platform dashboards and alerts. They can be customized for different teams and prioritized, making it easier to monitor critical events without constantly searching through logs. That saves time and helps focus on the most important issues.

    Although we have not measured exact KPIs, Splunk Enterprise Platform helped reduce the time required to investigate incidents. Instead of manually checking logs across multiple systems, we could quickly search centralized logs and identify the root cause much faster. For many incidents, the initial investigation time was reduced from around 30 to 45 minutes to approximately 10 to 15 minutes, which improved our overall response time.

    Regarding Splunk Enterprise Platform's AI capabilities, from my experience, it provides strong governance and security through role-based access control, audit logging, encryption, and integration with enterprise identity providers. These features help ensure that access to data and AI-assisted capabilities is controlled and traceable. As AI capabilities continue to evolve, I would appreciate seeing even more transparency around AI-generated results and more granular governance controls.

    From my experience, Splunk Enterprise Platform's AI-assisted capabilities are generally accurate and can help in prioritizing alerts, summarizing information, and speeding up the investigation. However, I do not treat the output as definitive. I always validate AI-generated insights against the underlying logs and other evidence before making a decision. Overall, I would describe the accuracy and reliability as good, but human verification is still important.

    My advice for those looking into using Splunk Enterprise Platform is to clearly define your logging and security monitoring objectives before deployment. Start with your most critical data sources. Invest time in learning SPL and build dashboards and alerts that align with your operational needs. Additionally, plan your data ingestion carefully to manage licensing costs and get the best value from the platform. I rate this product a nine out of ten.

    Mahendra Rathal

    Centralized log analytics has improved incident investigations and simplifies real-time monitoring

    Reviewed on Jul 09, 2026
    Review from a verified AWS customer

    What is our primary use case?

    Splunk Enterprise Platform  serves as our primary solution for centralized log management and security monitoring. We collect logs from multiple systems and security devices into a single platform to investigate incidents, troubleshoot issues, monitor suspicious activity, and create dashboards and alerts for better operational visibility. The platform also helps us correlate events from different log sources, making investigation faster and more efficient.

    For example, an organization received an alert about suspicious PowerShell activity on a Windows endpoint. Using Splunk Enterprise Platform , the analyst searches for the affected hostname and username, then correlates Windows Event Log, Active Directory authentication log, firewall log, and endpoint security log. The timeline shows that the user logged in from an unusual IP address or executed a PowerShell command and then attempted a connection to multiple internal servers. Because all relevant logs are available in one place and can be correlated by timestamp, username, and host, the analyst can quickly understand the sequence of events and determine the scope of the incident without manually checking multiple systems.

    What is most valuable?

    Splunk Enterprise Platform's Search Processing Language, real-time search and alerting, and customizable dashboards are the most valuable features I have found. The Search Processing Language makes it easy to search and analyze large volumes of log data to quickly identify issues or security events. The real-time alerting capability has helped us detect critical events as they occur, allowing for faster response. I appreciate the flexibility of dashboards, which can be customized to display key metrics and operational insights for different teams. Additionally, Splunk Enterprise Platform's ability to ingest data from a wide range of sources and correlate events across multiple systems provides a comprehensive view of the environment, making troubleshooting and incident investigation much more efficient.

    The Search Processing Language is the feature I rely on the most in Splunk Enterprise Platform. It allows me to quickly search and analyze large volumes of log data, filter relevant events, and identify the root cause of issues much faster than manually reviewing logs. Whether I am investigating a security alert or troubleshooting an operational problem, the Search Processing Language helps me pinpoint relevant information efficiently, making it the most valuable feature in my day-to-day work.

    Overall, the feature set of Splunk Enterprise Platform is comprehensive and flexible. The combination of centralized log management, powerful search capability, customizable dashboards, and real-time alerting enables teams to monitor their environment, investigate incidents, and troubleshoot issues from a single platform. The extensive integration support also makes it easy to bring together data from different systems, providing better visibility across IT and security infrastructure.

    Organizations commonly report that Splunk Enterprise Platform improves visibility across their IT and security environments by centralizing logs from multiple systems. This can help security and operations teams investigate incidents more quickly, reduce the time spent troubleshooting issues, and identify potential problems through real-time monitoring and alerting. Many organizations also use dashboards and reporting to gain operational insights, support compliance activities, and make more informed decisions based on machine data.

    What needs improvement?

    One area where Splunk Enterprise Platform could be improved is its licensing model, as costs can increase significantly with higher data ingestion volumes. The initial deployment and data onboarding process can also be complex, especially for large environments. Additionally, there is a learning curve for new users when working with the Search Processing Language and building advanced dashboards. Simplifying  administration, improving the onboarding experience, and providing more built-in templates and guided analytics would make the platform easier to adopt and manage.

    Another area of improvement would be performance optimization in very large environments where complex searches can take longer to execute if they are not properly optimized. It would also be beneficial to have more artificial intelligence-driven analytics, automated recommendations for search optimization, and pre-built dashboards and use cases.

    For how long have I used the solution?

    I have been working in this field for approximately four and a half years.

    What do I think about the stability of the solution?

    Splunk Enterprise Platform is highly stable.

    What do I think about the scalability of the solution?

    Splunk Enterprise Platform is highly scalable and is designed to support organizations ranging from small deployments to large enterprise environments. It can ingest and analyze increasing volumes of data by adding indexers, search heads, and other components as requirements grow. The distributed architecture allows organizations to expand capacity while maintaining performance and reliability. Proper infrastructure planning, data management, and search optimization are important to ensure the platform continues to perform efficiently as the environment scales.

    Which solution did I use previously and why did I switch?

    Splunk Enterprise Platform was our primary log management and analytics platform, so we did not migrate from another SIEM  or log management solution. We selected it because of its powerful search capability, scalability, broad integration support, and ability to centralize logs from multiple systems for monitoring.

    We did not conduct a formal evaluation of multiple solutions before adopting Splunk Enterprise Platform. The decision was primarily based on its strong reputation for log management and analytics, extensive integration capabilities, powerful search functionality, and its ability to scale to meet enterprise security and operational requirements.

    How was the initial setup?

    Before implementing Splunk Enterprise Platform, I clearly define my use cases, identify the log sources I want to onboard, and estimate my expected data volume to plan licensing and infrastructure appropriately. I invest time in learning the Search Processing Language and designing an efficient ingestion strategy, as these have a significant impact on performance and usability. It is also a good idea to start a phased deployment, build dashboards and alerts around your highest priority use cases, and establish governance for user access and data retention from the beginning. This approach will help me get the most value from the platform while keeping the deployment manageable.

    What was our ROI?

    We have seen operational benefits, although we did not formally measure ROI with specific metrics. Splunk Enterprise Platform helped reduce the time required to investigate incidents by centralizing logs and providing powerful search capabilities. This improved analyst productivity and troubleshooting efficiency. The biggest return has been better visibility and faster access to relevant data, rather than a measurable reduction in headcount or quantified cost savings.

    What's my experience with pricing, setup cost, and licensing?

    The pricing for Splunk Enterprise Platform for large volumes is on the higher side compared to some alternatives, especially for organizations that ingest large volumes of data. The initial setup requires investment in implementation, but once deployed, the platform provides strong value through its scalability and extensive capabilities. The licensing model is straightforward but requires careful planning to manage data growth and costs. For organizations that prioritize security and IT operations, the overall value generally justifies the investment.

    What other advice do I have?

    My organization has tracked TCO metrics for the non-indexing analytics approach to evaluate the success of reducing TCO with Splunk Enterprise Platform's non-indexing analytics approach.

    Splunk Enterprise Platform provides useful artificial intelligence-assisted capabilities that can help improve security operations and data analysis. From a governance and security perspective, I think it is important that artificial intelligence features respect existing role-based access control, maintain audit logs, and protect sensitive data. Organizations should also have clear policies around how artificial intelligence is used, what data it can access, and how artificial intelligence-generated insights are validated before taking action. Overall, the artificial intelligence capabilities are promising, but strong governance, transparency, and data protection are essential for enterprise adoption.

    Artificial intelligence capabilities in an enterprise security platform can significantly improve productivity by helping summarize data, identify patterns, and assist with investigation. However, the accuracy and reliability of the output depend on the quality of the underlying data and configuration. Artificial intelligence-generated insights should be treated as decision support rather than definite answers, and they should always be validated by security analysts before taking action. I provided this review with an overall rating of nine out of ten.

    Information Technology and Services

    Splunk Enterprise Excels at Analyzing Large Machine-Generated Logs

    Reviewed on Jul 08, 2026
    Review provided by G2
    What do you like best about the product?
    The best about Splunk Enterprise is its log analyzing capabilities. It can analyse large machine generated logs
    What do you dislike about the product?
    Its licensing is very costly for analysing large machine generated logs. It requires much fine tuning to support large log analysis
    What problems is the product solving and how is that benefiting you?
    The problem that Splunk Enterprise solving for me is Centralized log management for machine generated logs that i mainly use for troubleshooting. It supports real time dashboard and alerts based upon the data provided.
    Sama Parveen

    Monitoring has become centralized and alerts now reduce response time across many servers

    Reviewed on Jul 06, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for Splunk Enterprise Platform  is for doing data analysis. I can give you an example of how I use Splunk Enterprise Platform  for data analysis. We are monitoring the infrastructure of the client, such as what systems they are using. It could be network devices, or it could be Windows or Linux servers. We get the infra-related data in Splunk Enterprise Platform environment, such as CPU, memory, and host status, and based on that, we do the configuration at our end. If any issues are there, we are generating the ticket. For example, if a disk is occupying more than 90% of its space, then based on that, we are triggering an alert. If any host is not responsive, we generate an alert such as 'host reporting no data'.

    We are having multiple ways to use Splunk Enterprise Platform day-to-day. We have multiple environments, such as a high availability environment and a low availability environment. Based on the client's budget, we set up Splunk Enterprise Platform infrastructure. For example, with a high availability environment, the cost will be more, but the availability of the monitoring tool will be high. That is called the clustered environment. If a client has a low budget and they have a smaller number of servers to monitor, then we will go for a distributed environment.

    What is most valuable?

    The best feature of Splunk Enterprise Platform is data insights. The data is very quickly searchable. The data is stored in an index. If you have a very large amount of data and you put it in Excel, it will take a lot of time to work on it and get the insights, such as the exact error logs. But in Splunk Enterprise Platform, data is stored in a TSIDX file. We have an index to get the data, so you can quickly get a look at your environment's data. The visibility is very high.

    Suppose a thousand servers are under monitoring. All the data from those thousand servers is ingested into Splunk Enterprise Platform. If any of the servers go down, it will quickly create an alert, irrespective of how many. Even if a thousand servers go down, it will create the alert quickly. The investigation is very easy. We have a set of indexes where data will be stored. We will have log files, we will have the log data, so the analysis is very easy.

    We also have vendor support. If my environment is not working or is showing an error, the vendors provide support on time. The security level is also very good. Whenever any vulnerability is detected, the vendor will inform us, and they will come up with the latest version so that we can do the upgrades. The documentation part is everything very transparent.

    Whatever problem the client comes up with, for example, 'My environment has this many servers, and we cannot do it because it is at different locations,' it cannot be manually monitored. There should be a one-stop destination so that we can monitor all the environments. In that way, Splunk Enterprise Platform is playing a very important role in our organization to serve clients better.

    The response time is reduced because within 5 to 15 minutes, if any issue occurs with the server, it will generate an alert. If the system comes back up, there is an automation process, so the ticket will auto-resolve as well. However, the footprint will always be there. It will show exactly when the issue happened. It is saving time also because whatever data we are getting, it is taking less time to parse, index, and process the data and give us the ticket.

    What needs improvement?

    Regarding improvement for Splunk Enterprise Platform, compatibility is needed. They are coming out with a newer version every two months, and there is the vulnerability part. When they are releasing any version, they need to check it from a security point of view completely. The remediation they are providing is in the newer version. In the existing version itself, they can review it and provide the fixes so that every two or three months, we do not need to go for upgrades, because upgrades take some time.

    The Splunk experts are there who are involved and have the knowledge to do the integration. Everything is fine. The only thing is the vulnerability part, which is the only flaw I observed.

    For how long have I used the solution?

    I have been using Splunk Enterprise Platform for the last five years.

    What do I think about the stability of the solution?

    Splunk Enterprise Platform is stable.

    What do I think about the scalability of the solution?

    The scalability of Splunk Enterprise Platform is very good. If we are talking about the cluster setup, you can add more indexers, more search heads, and more heavy forwarders. You can add more components based on your requirements. Scalability is very easy in Splunk Enterprise Platform.

    How are customer service and support?

    Customer support is also top-notch. We are getting the support. They have on-call support and email support.

    Which other solutions did I evaluate?

    Multiple options are available, such as Dynatrace  and DataDog, but Splunk Enterprise Platform is the leading one nowadays because it provides security features as well. Splunk Enterprise Platform was acquired by Cisco, and Cisco is a big player in security. Splunk Enterprise Platform is a good one, and it is also cost-saving. It is not charging more. It is charging based on indexing the data only, so we are good with Splunk Enterprise Platform.

    What other advice do I have?

    Governance  and security within Splunk Enterprise Platform is good. Whenever they find any vulnerability, they immediately inform their customers, telling them to stop using something and providing the fixes. They come up with it immediately. Splunk Enterprise Platform itself was bought by Cisco, so from a security point of view, they are getting better now.

    Directly, as of now, we are not integrated with agentic AI, but we are using agentic AI for the troubleshooting part. It will take some time to integrate it, but these things will be there. However, everywhere, human intervention will always be there. It cannot allow the AI to go and change the configuration without the permission of a human being.

    Splunk Enterprise Platform has high capability. It is capable of handling that much data. It will use more resources, but it can handle it.

    We have used the federated search feature of Splunk Enterprise Platform because the client had location-related security requirements. We have the option and the feature where we can hold the data there, and it can be searched from one location. The data will be stored in a different location, but it can be searchable from one destination. It is very helpful. The environment is providing a very reliable solution to us.

    Splunk Enterprise Platform has a very good feature. You can mask the data while indexing it. If you are talking about the access part, we have multiple access levels available. If you want to limit the access to particular data for a particular team, we have that option. We can create a customized role, and it also has in-built roles. Based on that, a dedicated user can only access the dedicated data.

    Nothing is missing because Splunk Enterprise Platform has very strong capabilities with multiple roles, and we have customized roles as well. For the login process, we can use SAML and LDAP. It is a very good platform that provides you with a way to maintain data security. The governance tools provided by Splunk Enterprise Platform are very good.

    The cost saving is a shared resource for multiple projects. We can work for 10 to 12 or 15 projects with Splunk Enterprise Platform skill set. I am working as an admin and developer, so that part comes under the architect team. We have a dedicated team that decides the pricing, cost, and licensing based on the client's requirements, such as how many servers are under monitoring. For a thousand servers, it should go with a clustering environment and high availability. It totally depends on the demand of the client.

    Because we have 10 to 12 projects and 10 to 12 associates, there is no dependency. If someone goes on leave, everyone else has access to all the projects, so there is no dependency. Everyone can work on any of the projects, so it is good. You do not need to put two dedicated people there, and if those two people are not there, then who will work? There is no such issue. With shared responsibility and shared resources, it is working very nicely with less cost.

    I would rate this review an 8 overall.

    MeghaGarg

    Centralized log monitoring has enabled real-time insight into high-volume workflow activity

    Reviewed on Jun 30, 2026
    Review provided by PeerSpot

    What is our primary use case?

    The team I work on is a workflow team for the bank. We get a lot of traffic because of onboarding and workflow processes, which results in around a million hits per day. Whenever we have a release scheduled, Splunk Enterprise Platform  is a very useful tool for me to monitor the logs.

    What is most valuable?

    Splunk offers an advantage where I can log and monitor all of the microservices in a single location. Search Processing Language (SPL), which is the query language for the product. SPL does take time to master as it is somewhat complex. When searches are straightforward, then it is quick, but if you need to perform complex searches with multiple pipes, sub-searches, or statistical functions, then it becomes somewhat confusing. You need time to become familiar with it.

    I created some Splunk Enterprise Platform  dashboards, which is the main focus of my work. I used a drag-and-drop builder, and it has real-time updates, visualization varieties, drilldowns, and token inputs. I built a dashboard for the application which answered these questions: which workflow combination has the highest hits and which users are triggering them. I wrote a query using SPL which aggregated the results from the API in the given timeframe that we can choose, and accordingly it will show a pie chart. Using the drilldowns and tokens, I built another panel where if you click a particular combination, it will list the number of users hitting that combination and how many times. This is something very useful I found in Splunk Enterprise Platform dashboards.

    What needs improvement?

    Regarding the downsides of Splunk Enterprise Platform, as I mentioned, one is the Search Processing Language is somewhat complex when it comes to complex filtering and searching. You need to become familiar with it to make complex searches. That is one thing.

    There is not a no-code option for panels. You have to write an entire query for it. It would be better if they could introduce more drag-and-drop options so that people can add more features to their panels and pie charts and visualize the data they want.

    For how long have I used the solution?

    I have been using Splunk Enterprise Platform for 1.5 years.

    What do I think about the stability of the solution?

    Considering the stability of Splunk Enterprise Platform, it is pretty stable. It sometimes takes time when I switch the timeframe, such as from 15 minutes to one hour. It takes some time in loading all of the logs from the application. Otherwise, it is very stable. It is a latency issue.

    What do I think about the scalability of the solution?

    As I mentioned, the current application I was working on already has a lot of users. So it is a pretty scalable solution. We get millions of hits for the APIs.

    Which solution did I use previously and why did I switch?

    When I joined the company, Splunk Enterprise Platform was already in place from the very start. Many of my friends work in several different companies, many uses DataDog, but here, I have only used Splunk Enterprise Platform.

    Which other solutions did I evaluate?

    I am not involved in those kinds of decisions yet. I do not know about the pricing.

    What other advice do I have?

    The whole bank uses the same tool to monitor their logs and analyze production data or any environment data. That is why I have not had any chance to use an alternative.

    I am not familiar with the pricing because being a junior developer.

    Splunk Enterprise Platform offers Federated Search, which I have not used.

    My overall review rating for Splunk Enterprise Platform is 9 out of 10.

    View all reviews