Listing Thumbnail

    Splunk Enterprise

     Info
    Sold by: Splunk 
    Deployed on AWS
    AWS Free Tier
    The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS..
    4.3

    Overview

    The Splunk Enterprise AMI accelerates the speed at which organizations deploy Splunk Enterprise in AWS. Splunk Enterprise is the leading platform for Operational Intelligence, delivering an easy, fast, and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems and technology infrastructure - physical, virtual and in the cloud. Use this AMI to take Splunk for a test drive, or as the basis for your Enterprise-level deployment. The Splunk Enterprise AMI ships with a fully-featured trial license that is valid for 60 days after launch. After the trial expires, your deployment will default to Splunk Free.

    Highlights

    • Collect and index any machine-generated data from virtually any source or location in real time. Just point Splunk Enterprise at your data, and it immediately starts collecting and indexing--so you can start searching and analyzing.
    • With Splunk Enterprise, you can correlate complex events spanning many diverse data sources across your environment. Types of correlations include time-based correlations, transaction-based correlations, sub-searches, lookups, and joins.
    • Splunk Enterprise scales to collect and index tens of terabytes of data per day. And because the insights from your data are mission critical, Splunk Enterprise's clustering technology provides the availability you need, even as you scale out your low-cost, distributed computing environment.

    Details

    Sold by

    Delivery method

    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)

    Latest version

    Operating system
    AmazonLinux 2023

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Buyer guide

    Gain valuable insights from real users who purchased this product, powered by PeerSpot.
    Buyer guide

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Splunk Enterprise

     Info
    Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Vendor refund policy

    Refunds are not available

    Custom pricing options

    Request a private offer to receive a custom quote.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    To learn what's new in Enterprise 9.4.13, please visit https://docs.splunk.com/Documentation/Splunk/9.4.13/ReleaseNotes/MeetSplunk 

    Additional details

    Usage instructions

    Get started with Splunk Web:

    • In your EC2 Management Console, find your instance running Splunk Enterprise.
    • Copy its public IP.
    • Paste the public IP into a new browser tab (do not hit enter yet).
    • Append :8000 to the end of the IP.
    • Hit enter.
    • Log into Splunk for the first time with the following credentials: ** username: admin ** password for Enterprise 7.2.5 and above: SPLUNK-$instance-id$ ** password for Enterprise 7.2.0 and below: $instance-id$

    Please modify the security groups to allow and disallow certain IP addresses per your requirements. The default is open to all IP addresses.

    Read more about the Splunk Enterprise AMI here: https://docs.splunk.com/Documentation/Splunk/latest/Admin/AbouttheSplunkAMI 

    Upgrade Instructions: http://docs.splunk.com/Documentation/Splunk/latest/Installation/HowtoupgradeSplunk 

    Resources

    Support

    Vendor support

    Options available

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    10
    In Migration
    Top
    10
    In Data Anonymization, Data Security and Governance

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    0 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    7 reviews
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Complex Event Correlation
    Correlates complex events spanning multiple diverse data sources using time-based correlations, transaction-based correlations, sub-searches, lookups, and joins
    High-Volume Data Processing
    Scales to collect and index tens of terabytes of data per day
    Clustering and High Availability
    Provides clustering technology for availability and fault tolerance across distributed computing environments
    Machine Data Search and Analysis
    Enables searching, analyzing, and visualizing massive streams of machine data generated by IT systems and technology infrastructure
    Real-time Data Collection and Indexing
    Collects and indexes machine-generated data from virtually any source or location in real time with automatic indexing upon data ingestion.
    Complex Event Correlation
    Correlates complex events spanning multiple diverse data sources using time-based correlations, transaction-based correlations, sub-searches, lookups, and joins.
    Scalable Data Processing
    Scales to collect and index tens of terabytes of data per day with distributed computing architecture.
    High Availability Clustering
    Provides clustering technology for availability and fault tolerance across distributed computing environments.
    Machine Data Search and Analysis
    Enables searching, analyzing, and visualization of machine data generated by IT systems and technology infrastructure across physical, virtual, and cloud environments.
    Data Routing and Destination Management
    Routes data to multiple destinations with capability to deliver specific data to targeted tools while archiving full fidelity data to cost-effective storage
    Data Optimization and Reduction
    Reduces data streams by up to 50% through removal of unused log and metric data
    Event Processing and Transformation
    Processes event data through centralized parsing with capabilities to route, optimize, reformat, and enrich data in flight
    Role-Based Access Control
    Implements role-based access control with support for external authentication via LDAP, Splunk, and OpenID Connect identity providers
    Real-Time Monitoring and Configuration
    Provides GUI-based configuration and testing interface with live data capture and real-time observability pipeline monitoring

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.3
    488 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    57%
    36%
    5%
    1%
    1%
    24 AWS reviews
    |
    464 external reviews
    External reviews are from G2  and PeerSpot .
    MeghaGarg

    Centralized log monitoring has enabled real-time insight into high-volume workflow activity

    Reviewed on Jun 30, 2026
    Review provided by PeerSpot

    What is our primary use case?

    The team I work on is a workflow team for the bank. We get a lot of traffic because of onboarding and workflow processes, which results in around a million hits per day. Whenever we have a release scheduled, Splunk Enterprise Platform  is a very useful tool for me to monitor the logs.

    What is most valuable?

    Splunk offers an advantage where I can log and monitor all of the microservices in a single location. Search Processing Language (SPL), which is the query language for the product. SPL does take time to master as it is somewhat complex. When searches are straightforward, then it is quick, but if you need to perform complex searches with multiple pipes, sub-searches, or statistical functions, then it becomes somewhat confusing. You need time to become familiar with it.

    I created some Splunk Enterprise Platform  dashboards, which is the main focus of my work. I used a drag-and-drop builder, and it has real-time updates, visualization varieties, drilldowns, and token inputs. I built a dashboard for the application which answered these questions: which workflow combination has the highest hits and which users are triggering them. I wrote a query using SPL which aggregated the results from the API in the given timeframe that we can choose, and accordingly it will show a pie chart. Using the drilldowns and tokens, I built another panel where if you click a particular combination, it will list the number of users hitting that combination and how many times. This is something very useful I found in Splunk Enterprise Platform dashboards.

    What needs improvement?

    Regarding the downsides of Splunk Enterprise Platform, as I mentioned, one is the Search Processing Language is somewhat complex when it comes to complex filtering and searching. You need to become familiar with it to make complex searches. That is one thing.

    There is not a no-code option for panels. You have to write an entire query for it. It would be better if they could introduce more drag-and-drop options so that people can add more features to their panels and pie charts and visualize the data they want.

    For how long have I used the solution?

    I have been using Splunk Enterprise Platform for 1.5 years.

    What do I think about the stability of the solution?

    Considering the stability of Splunk Enterprise Platform, it is pretty stable. It sometimes takes time when I switch the timeframe, such as from 15 minutes to one hour. It takes some time in loading all of the logs from the application. Otherwise, it is very stable. It is a latency issue.

    What do I think about the scalability of the solution?

    As I mentioned, the current application I was working on already has a lot of users. So it is a pretty scalable solution. We get millions of hits for the APIs.

    Which solution did I use previously and why did I switch?

    When I joined the company, Splunk Enterprise Platform was already in place from the very start. Many of my friends work in several different companies, many uses DataDog, but here, I have only used Splunk Enterprise Platform.

    Which other solutions did I evaluate?

    I am not involved in those kinds of decisions yet. I do not know about the pricing.

    What other advice do I have?

    The whole bank uses the same tool to monitor their logs and analyze production data or any environment data. That is why I have not had any chance to use an alternative.

    I am not familiar with the pricing because being a junior developer.

    Splunk Enterprise Platform offers Federated Search, which I have not used.

    My overall review rating for Splunk Enterprise Platform is 9 out of 10.

    Shashank Nagesh

    Security monitoring has improved with faster rule creation but search and AI features still need work

    Reviewed on Jun 25, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case for Splunk Enterprise Platform  is as a SIEM /SOAR .

    I use Splunk Enterprise Platform  as a SIEM  where we send all the relevant logs including firewall logs, EDR logs, authentication logs, application logs, and database logs towards Splunk, and then we write rules based on that.

    Day-to-day, it is mainly used as a SIEM solution to look at all the security events and write the rules.

    What is most valuable?

    Splunk Enterprise Platform offers very good integration patterns and extensive support for many log sources with pre-built rule sets and pre-built integrations. It also has a wide variety of support sources.

    Those integrations and pre-built rule sets help my team in our daily work as they made the integrations much faster and easier. Using the community rules was also much faster.

    Splunk Enterprise Platform has very good retention and log ingestion methods. The log querying is also pretty good.

    Splunk Enterprise Platform has positively impacted my organization by providing very good insight into the different security logs.

    I have seen specific outcomes or improvements with Splunk Enterprise Platform, where the time to respond is pretty good. The time to write a rule is very fast, and the time for integration to the different log sources is very good.

    What needs improvement?

    One area where Splunk Enterprise Platform can be improved is that the underlying search architecture is not up to the mark compared to something Elastic. This could be improved.

    I wish Splunk Enterprise Platform could do more towards AI and use AI to help in SOC automation.

    Regarding Splunk Enterprise Platform's AI capabilities, I think its governance and security are pretty good, but not up to the mark.

    Regarding Splunk Enterprise Platform's AI capabilities, I feel that its accuracy and reliability of output are still in the nascent stages, although it is pretty good.

    For how long have I used the solution?

    I have been using Splunk Enterprise Platform for about to three years.

    What do I think about the stability of the solution?

    Splunk Enterprise Platform is stable.

    What do I think about the scalability of the solution?

    Splunk Enterprise Platform's scalability is very good.

    How are customer service and support?

    The customer support is very good.

    I would rate the customer support on a scale of one to ten as an eight. They are able to query and answer most of the questions.

    Which solution did I use previously and why did I switch?

    We have used many solutions before, including Sentinel  and Elastic, which we use in combination.

    What was our ROI?

    I feel I have seen a return on investment, and my general impression is that it is a great product.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup cost, and licensing is that the setup costs and licensing are pretty high.

    Which other solutions did I evaluate?

    Before choosing Splunk Enterprise Platform, I evaluated other options including Elastic.

    What other advice do I have?

    My advice for others looking into using Splunk Enterprise Platform is that it is a great solution, but it is a little expensive. I would rate this review a seven out of ten.

    Dhaval Bhalgamadiya

    Centralized observability has improved incident response and optimized application performance

    Reviewed on Jun 04, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I mainly work on log management and observability for our platforms. We use Splunk Enterprise Platform  for the collection of logs and primarily for the observability of dashboards related to incident management and our application performance.

    What is most valuable?

    The feature I appreciate most about Splunk Enterprise Platform is the Search Processing Language, which is very flexible. It allows me to write complex queries and perform statistical analysis to create better dashboards and visualization capabilities. Through this, we can visualize our systems and manage incident management properly.

    Our team primarily uses the technical capabilities for log management and observability of our systems and the performance of our applications. Our team operates mainly in the technical domain.

    What needs improvement?

    A major factor I dislike about Splunk Enterprise Platform is the cost. Since the cost is based on data ingestion or the volume of data, large logs or large volumes of logs sometimes increase the ROI and overall cost of the product for us. This direct relationship between cost and data ingestion volume is an area I dislike and where there is room for improvement.

    On a scale from one to ten, I would rate Splunk Enterprise Platform overall 8.5 out of 10. The area where it can be improved is mainly the cost. Otherwise, the features and quality of the platform are very good. Splunk Cloud and Splunk Enterprise help reduce MTTR, Mean Time to Resolution, since incident management is faster. Additionally, the visualization and observability of the entire organization infrastructure and application performance are consolidated in one place, as data is collected in a central location. Overall, the features and aspects of Splunk Enterprise Platform are commendable, but the cost aspect could be improved.

    For how long have I used the solution?

    I have been using Splunk Enterprise Platform for more than one year.

    What do I think about the stability of the solution?

    My impression of the stability of Splunk Enterprise Platform is that the stability is much better, and we can also scale by cluster indices if needed. The stability and scalability of the platform meet our requirements and are functioning properly.

    What do I think about the scalability of the solution?

    The scalability of Splunk Enterprise Platform is such that we can scale by cluster indexes as needed. The scalability is appropriate to the standards we require.

    How are customer service and support?

    I have not contacted the technical support or customer support for Splunk Enterprise Platform much because the procurement part was managed by our finance team.

    Which solution did I use previously and why did I switch?

    Previously, we were using open-source tools such as Prometheus and Grafana  for our dashboards, visibility, and monitoring. Additionally, while selecting tools, we tried ELK for some time. However, we are currently using Splunk Enterprise Platform.

    How was the initial setup?

    The initial deployment of Splunk Enterprise Platform is very easy because it was primarily done by our infrastructure team. The deployment was easy, especially since our deployment model is cloud-based. Although there is an on-premise setup available, we are not using that much, but the cloud-based deployment was very straightforward.

    What about the implementation team?

    For the initial deployment of Splunk Enterprise Platform, two or three people were involved, though I am not entirely certain of the details because the organization was using this tool before I joined.

    What was our ROI?

    Granular data access is mainly for controlling data that gets ingested. I understand that granular control over data gives us the ability to restrict how much data we want, thereby helping us reduce the cost of Splunk Cloud.

    Which other solutions did I evaluate?

    I am not using the Federated Search feature of Splunk Enterprise Platform because we primarily use SPL queries for our log management and database visualization.

    What other advice do I have?

    Splunk Enterprise Platform does not require any maintenance on our end since it is a cloud-based system, so I do not think we require any maintenance for that.

    My impression of Splunk Enterprise Platform's capability to manage data sovereignty at a petabyte scale within my environment is that our data is collected at a centralized location for all our metrics and logs. Having it in one place helps us for better visualization and data sovereignty because our data is in one location, which reassures me that our data is not being leaked or used by other AI tools or any other third-party applications.

    My impression of Splunk Enterprise Platform's approach to managing governance within a private network environment is that governance is managed by the security team. From my experience, the governance and compliance for the data of our organization with Splunk Enterprise Platform follows mainly SOC 2. I am not fully aware of all the details, but I know that it aligns with best practices in the market, which is why our security team has approved it.

    I would rate Splunk Enterprise Platform overall 8.5 out of 10.

    Darsh A.

    Customizable and Stable with Great Support, but Pricing and AI Lag Behind

    Reviewed on May 27, 2026
    Review provided by G2
    What do you like best about the product?
    Splunk Enterprise provides high level of customizability in terms of creating custom queries, integrations and other knowledge objects. Overall the UI/UX is good and the performance is highly stable. The Splunk support is excellent.
    What do you dislike about the product?
    The pricing is too expensive compared to other products and the use of AI is very less compared to the offerings by other solutions available in the market.
    What problems is the product solving and how is that benefiting you?
    Splunk Enterprise allows us to onboard logs and provides stable, reliable search while fulfilling all of our use cases, such as alerting, dashboards, and custom apps. Because of this, the observability of our servers has improved, and it saves us about 80% of the time through automation compared with the manual setup work we previously had to do.
    Dominika T.

    Real-Time Log Analysis and Aggregation That Delivers

    Reviewed on May 22, 2026
    Review provided by G2
    What do you like best about the product?
    That it lets you to analyze and aggregate logs in real time.
    What do you dislike about the product?
    At the beginning it’s a lot of False positives and it requires tunning.
    What problems is the product solving and how is that benefiting you?
    Need of looking in many logs. Instead of it you can aggregate them and review together. Also you can use dashboards for better visualization.
    View all reviews