We use the solution mainly for security operations. We receive logs from different log sources.
External reviews
445 reviews
from
and
External reviews are not included in the AWS star rating for the product.
The product is very easy to use, the GUI is simple, and the technical support is responsive
What is our primary use case?
What is most valuable?
The product is very easy to use. We just have to run the agent and collect the log. We don't have many delays or problems. We faced an issue once or twice when there was a network issue and when the system was rebooted. The percentage of issues is very low compared to the overall deployment. It is 0.001%.
The solution supports our organization's security and compliance monitoring very much. We rely on the platform to detect abnormalities and to perform searches. If someone brings a compliance issue, we request logs from the platform to determine whether it happened. We use the tool’s search feature and Intel's machine learning platform to conduct our analysis.
We don't face any issues in real-time monitoring. There is no latency. We have options to create our own dashboards. The GUI is very simple. It's a simple platform. It is very easy to use.
What needs improvement?
The product doesn’t have prebuilt dashboards. It would be great if the product provided prebuilt dashboards. For example, we allowed some devices into our network through VPN, but there is no dashboard to combine two log sources and understand which user has logged in. So, we created our own dashboard with the available Splunk searches.
It’d be good if the solution provided more prebuilt dashboards and released them on the app platform. Then, we can deploy the dashboards straight away. Also, if the tool provides additional dashboards, we can reduce the resources needed to develop them. Since Splunk has overall visibility all around the globe, it can give better suggestions on the dashboards that we must use and how to project the data to the management.
We faced some issues in parsing when the load was too much. If we have a 100 MB log source, 80 MB will be parsed correctly, but we face issues with 20 MB. We raised a support ticket, and the support team suggested we increase the time interval between sending the logs to the Splunk forwarder to handle the processing correctly.
For how long have I used the solution?
I have been using the solution for two years. I am using the latest version of the solution.
What do I think about the stability of the solution?
The tool is stable enough. In my demo environment, I used my own physical machines to run it. I was able to ingest as many log sources as I wanted within the data limit, and it did not have any issues. The search is very responsive when compared to the other platforms. There was no lag.
Splunk has been supporting free text searches for two years. We can query anything out of the box without specifying any indexes. We can perform free-text queries. Usually, it takes very little time to produce the results if the data set is too small. If the data set is too large, the product suggests we finetune our search, and it provides us with hints on which indexes to specify. It has three different options: Fast mode, Push mode, and Smart mode. We can switch the modes to get results quicker. Later, we can change the mode back to do a deeper analysis.
What do I think about the scalability of the solution?
Scalability is not an issue for SMBs and moderately big companies. When we went beyond certain limits, like 700 Gbps or 800 Gbps, we faced some issues with the engine. So, we split up the platform and diverted some of the logs into different indexes. It solved the problem. Up to 500 Gbps per day is okay. When we go beyond that, a single instance cannot handle it. We need to split it up.
This issue was only with the on-premise version. We do not face such issues in the cloud. When customers wanted to renew their subscriptions, we suggested they move to the cloud. On-premise, we have to manage our indexes and searches, but in the cloud, it's done by the vendor. It's a plug-and-play process. Splunk automatically takes care of parsing. We have more than 30 customers.
How are customer service and support?
The technical support is very good. The team supported us even during the Christmas holidays. The support engineer walked us through every step. The team is always reachable. We never had issues while contacting them.
How was the initial setup?
I built some demo environments for my practice since Splunk was new to me two years ago. I used the free license. It was a pretty straightforward setup. I did not find any difficulties in setting up my lab environment. The deployment can be done within 15 minutes.
What was our ROI?
The return on investment is very good. It's very easy to use. Many of our customers decided to continue using Splunk because they have invested much in the training modules, the analysts are familiar with the tool, and it's very easy to search. Open-text queries are the best in Splunk. It is easy for our customers to perform the search. It's very lightweight compared to other solutions.
What's my experience with pricing, setup cost, and licensing?
Our customers pay for the licenses. It’s bundled together in a yearly subscription.
What other advice do I have?
There are some problems in managing the tool when it exceeds certain limits. Overall, I rate the product a nine out of ten.
Review-Splunk
What do you like best about the product?
User friendly UI
Easy to configure and set Alerts.
If you stuck, people around you know about this platform and can help.
Convinient.
We can use custom dashboards and use it as per our need.
we can integrate this with Microsoft Exchange and get realtime messages/emails.
Easy to configure and set Alerts.
If you stuck, people around you know about this platform and can help.
Convinient.
We can use custom dashboards and use it as per our need.
we can integrate this with Microsoft Exchange and get realtime messages/emails.
What do you dislike about the product?
It can be challenging to configure and troubleshoot the issues for newbies. Person should have expressions knowledge to operate this tool/platform.
What problems is the product solving and how is that benefiting you?
With Monitoring. we take proactive actions, so we can resolve problems before someone notice or report it.
Splunk Enterprise - All in one platform for analyzing and monitoring data
What do you like best about the product?
Splunk Enterprise is a great solution for the organization collecting data from different services and can be used to do a lots of tasks like searching,visualizing and analyzing data.
It is easy to integrate with number of applications like Jira,AWS,Splunk security,etc.
Can be easily used by all team members to analyze data for indexing and searching.
It can be implemented with other splunk services.
It has great customer support available via chat,email,chatbot,slack,etc.
It can be frequently used by various team members for different roles.
It is easy to integrate with number of applications like Jira,AWS,Splunk security,etc.
Can be easily used by all team members to analyze data for indexing and searching.
It can be implemented with other splunk services.
It has great customer support available via chat,email,chatbot,slack,etc.
It can be frequently used by various team members for different roles.
What do you dislike about the product?
Splunk has a lot of benefits but there are few points to be noted like -
1. For large enterprise it is costly and has to buy license for all employees to access the application.
2. Desktop application is faster than the web application so sometimes it crash.
1. For large enterprise it is costly and has to buy license for all employees to access the application.
2. Desktop application is faster than the web application so sometimes it crash.
What problems is the product solving and how is that benefiting you?
We have integrated our logistic application with Splunk enterprise to collect, process and analyze data from different microservices and other connected application so that we can find out specific data and logs for certain business scenarios. Splunk has also helped us to do the visualization and indexing of the data for enterprise monitoring and alert management.
Amazing Platform for Data analysis and Logs Validation
What do you like best about the product?
The best thing which i liked about splunk platform is the capturing and analysis of logs which is very much efficient and gives accurate results upon verification, Splunk has played a significant role in projects while analysis of any kind of issues , which makes splunk a right choice for quick analysis and very great tool which can be implemented, Also comes up with great customer support is provided in case of issues encountered.
What do you dislike about the product?
The one factor which i didnt like about splunk platform was sometimes it takes more time to display logs. Sometimes this issue occurs fequently.
What problems is the product solving and how is that benefiting you?
The major thing which splunk solved for us for analysis and flow of data which was happening beyond the UI , It was very easy for us to identify the data and the flow of it with respect to different set of applications which helped in quick identification of error and in which flow it happened , those sets of data helped for quick delivery of projects.
A great tool for consolidated logging and monitoring
What do you like best about the product?
Its an easy to use centralized platform that provides a solid suite of monitoring.
What do you dislike about the product?
Its query language, though robust, can still be cumbersome.
What problems is the product solving and how is that benefiting you?
It allowed for centralized monitoring of our mission critical environment. It sends alerts when the system is in the error state.
Splunk's performance in the financial industry is really amazing
What do you like best about the product?
Splunk has strong capabilities in data collection and analysis, which is a great blessing for users in the financial industry
What do you dislike about the product?
Splunk is still a bit expensive for end users and not particularly friendly
What problems is the product solving and how is that benefiting you?
Splunk can first search for data and then quickly analyze the collected data, enabling customers to make the right decisions quickly. This is really important for the financial industry, as it can identify which cardholders have financial risks and help customers avoid such risks in advance
one of the most reliable SIEM solution
What do you like best about the product?
friendly user interface, smooth integration with other security products, easy to manage events, I really like the reporting feature
What do you dislike about the product?
I do not see anything in Splunk as of now which I can write here.
What problems is the product solving and how is that benefiting you?
SIEM solution is one of the pillars of Cyber security. Splunk solves many problems like event monitoring, auditing, data corelation, threat notifications and many more
A powerful tool for point-in-time security detection with stability
What is our primary use case?
We use Splunk Enterprise Platform for point-in-time security detection. It can be applied to security and IT operations scenarios, offering control and insight into user activity, registration processes, and customer data.
What is most valuable?
The solution has a status query and feed. I can reach them by phone at the residential. It is stable and has a fast response.
What needs improvement?
The product is expensive.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine out of ten.
What other advice do I have?
Splunk Enterprise is a powerful platform. It's a leader in its field with a large and active community. Users can access support in various ways, including forums and documentation.
Overall, I rate the solution an eight out of ten.
Empowering Log Management Excellence with Splunk Enterprise
What do you like best about the product?
Splunk Enterprise's potent log analysis, user-friendly interface, scalability, alerting, and rich ecosystem empower efficient log management, offering a comprehensive view of systems.
What do you dislike about the product?
Challenges include the perceived cost and licensing model, a learning curve for new users specially because of the SPL (Splunk Programming Language), and resource consumption in larger deployments. Effective optimization strategies are crucial.
What problems is the product solving and how is that benefiting you?
Splunk Enterprise is crucial during high-impact events like Black Friday. With powerful dashboards and alerts, we achieve real-time visibility into critical applications. Monitoring data enables proactive issue response, swiftly detecting anomalies. This approach ensures operational health, preventing disruptions. Splunk's alerting features empower us to address issues before they escalate, ensuring a seamless customer experience. In essence, Splunk's real-time visibility enhances system reliability during peak demand.
A highly scalable solution that can be used for security, IT monitoring, and observability
What is most valuable?
Splunk Enterprise Platform can be used for security, IT monitoring, and observability.
What needs improvement?
The solution’s pricing could be improved.
For how long have I used the solution?
I have been working with Splunk Enterprise Platform for six years.
What do I think about the stability of the solution?
Splunk Enterprise Platform is a stable solution.
I rate the solution an eight or nine out of ten for stability.
What do I think about the scalability of the solution?
Splunk Enterprise Platform has very high scalability.
What's my experience with pricing, setup cost, and licensing?
Customers need to pay a yearly licensing fee for Splunk Enterprise Platform.
On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing around seven or eight out of ten.
What other advice do I have?
I would recommend Splunk Enterprise Platform to other users.
Overall, I rate Splunk Enterprise Platform an eight out of ten.
showing 41 - 50