We use the solution to monitor, alert, report, and analyze.

In identity and asset management, Splunk will detect any vulnerabilities , or if any upgrade patching is improperly done, it will send an alert to the specific admin team, indicating the need to patch their servers.

The feature of Splunk Enterprise Platform is its comprehensive capabilities, consolidating various functionalities into a single tool. It excels in searching, reporting, and learning. Additionally, it offers automation and integration features for generating reports at specified business times. One prominent feature widely utilized by companies is enterprise security, crucial for cybersecurity purposes.

The solution could enhance automation capabilities. Currently, the process involves daily manual checks for potential issues, maintenance tasks, and planning for automation. Rather than relying solely on daily activities, there's a need to implement automation solutions for streamlined operations.

The main issue with the Splunk Enterprise Platform is its licensing cost, which can be high for small companies. Many businesses are migrating from Splunk to alternative tools. If Splunk were to lower its licensing fees or offer discounts, it would likely retain more customers.

I have been using Splunk Enterprise Platform for seven years. We are using 9.0.1.2 of the solution.

The solution is stable. There is no impact. I can rate it a nine out of ten.

When increasing your volume of data, high availability is crucial. With Splunk's robust clustering and enrollment features, data availability remains constant. If one site experiences downtime, the other will seamlessly take over, ensuring continuous data availability without any loss or impact. 

10,000 users are using this solution.

As part of our operations focus, we often encounter numerous ticketed issues. Our team is dedicated to addressing these concerns and ensuring the best possible service for our customers.

Positive

Deployment typically takes just a fraction of an hour or two hours. Implementation can be completed within a single day, often within 24 hours.

Splunk Enterprise Platform allows customized data processing, making it highly versatile and easy to maintain. It seamlessly handles tasks like data masking and filtering, ensuring efficient data management.

When it comes to the visualization on the dashboard within the Splunk Enterprise Platform, we do have the chart available, and all its features are included. Additionally, if you require customization for a new customer's preferences, we can implement it using HTML or XML code. The primary approach for developing dashboards is based on XML. Therefore, if you need specific features like radio buttons or checkboxes, they are readily available for inclusion in the dashboards.

I recommend the solution.

Overall, I rate the solution a nine out of ten.

We use Splunk for onboarding updates, dashboards, application monitoring, and insights.

We are using it for event management. We don't have that much exposure on the security side.

It is very easy to use logs and create dashboards. You can define extractions for specific exceptions. Splunk can extract historical data and process upcoming data in real-time. You can easily modify, update, or edit extraction rules as needed. Additionally, you can create custom knowledge objects at any time. The platform allows you to restrict user access based on permissions. Even regular users can create reports and dashboards for their workflows.

Splunk Enterprise Platform needs some improvement. For instance, the dashboard sizing and customization options could be enhanced. There seems to be a limitation in adjusting the size of individual panels within a dashboard. This can be frustrating when comparing data across different panels, as users are forced to scroll continuously. Additionally, while Splunk offers some new features like student dashboards, modifying these dashboards requires a level of JavaScript expertise that not all users possess. Providing more user-friendly options for customization, such as adjusting colors and fonts directly from the user interface, could greatly improve the user experience.

Moreover, for users transitioning from other monitoring tools like Dynatrace, the interface may feel less intuitive and more cumbersome. Offering more intuitive visualization options and simplifying the customization process could bridge this gap and make Splunk more accessible to a wider range of users.

I have been using Splunk Enterprise Platform for seven years. We are using V9.0.4.1 of the solution.

The product is stable. I rate the solution’s stability a nine out of ten.

I've encountered numerous issues and challenges, but I've managed to overcome them. I rely on the Splunk community to find solutions whenever I face difficulties. I want to fully engage with the platform and be active in its development, but sometimes, I struggle to find the right resources or support.

The initial setup is easy.

Splunk Enterprise Platform can seem a bit costly compared to their five-year plans. There's a need to provide options, such as offering a free license for up to ten GB of data or a limited-time test and development license at no cost. For instance, if a company purchases a one-year product license, it could receive additional test and development licenses for free, up to a certain data limit. While there would naturally be some restrictions, such as limitations on certain features or functionalities, offering these options could encourage more people to adopt Splunk for their needs. Many individuals and stakeholders hesitate due to Splunk's perceived high costs when considering the additional expenses for enterprise support, operational support, and device licenses. Introducing more flexible licensing options could alleviate these concerns and attract more users to the platform, benefiting both Splunk and its customers.

Our experience with the Splunk Enterprise Platform has been positive regarding administration and development. However, there are some concerns regarding visualization. Despite our team's proficiency in activating and completing tasks, the dashboard's complexity has decreased user satisfaction. Many users find the visualization lacking when viewing multiple panels simultaneously. They express difficulty in navigating the UI and feel uncomfortable with it. Addressing these concerns would enhance the overall user experience from end to end.

Overall, I rate the solution a nine out of ten.

Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions. 

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.

The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.

Sometimes, queries don't give proper results, and the indexes go down.

I have been using Splunk Enterprise Platform for seven years.

I rate the solution an eight out of ten for stability.

I rate the solution’s scalability a nine out of ten.

The solution’s technical support is good.

The solution’s initial setup is easy.

I have heard from my managers that Splunk Enterprise Platform is an expensive solution.

The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.

Overall, I rate the solution an eight out of ten.

I have a variety of use cases. My company uses it for cloud-related operations, anomaly identification, and threat detection.

It's been very useful in regard to security information and threat management (SIEM). Splunk is a valuable tool for my organization.

The timestamp indexing and the easy-to-use visualization features are the most valuable features for data analysis.

Moreover, the dashboard and visualization features have made a big difference. We can quickly identify issues within the dashboards and easily generate insightful reports. If something goes down, we can easily detect the issue.

Splunk's real-time processing capability has been pretty good for my use cases.

There is room for improvement in terms of scalability. They can enhance the ability to handle increasing volumes of data. 

I have been using it for four years now. 

There have been occasional issues, but nothing major.

I would rate the stability an eight out of ten.

I never had issues with scalability. My organization has 8,000 end users. 

I would rate the scalability an eight out of ten.

The customer service and support are good. 

Positive

In general, the initial setup is fairly easy.

Not everyone can do it. Some knowledge and experience would likely be helpful to get the most out of the setup.

Typically, the deployment would take around 16 to 20 hours.

The pricing is about average.

Overall, I would rate the solution an eight out of ten.

I would recommend using this solution. Overall, Splunk is a good tool for analysis and for representing data in a short span of time. It helps minimize unnecessary noise in the data.