The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.

Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.

Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.

The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.

I have used the solution for approximately three years.

I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.

Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.

I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.

Positive

We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.

I have not been involved in implementing it, except in integration, where I've found it easy.

We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.

The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.

Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.

Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.

I'd rate the solution eight out of ten.

Our use case for Splunk Enterprise Platform involved deploying the solution for a client requirement, focusing on their data monitoring and management needs.

Splunk Enterprise Platform has significantly improved operational efficiency by making it easier to monitor infrastructure, detect errors, and read logs. It has reduced troubleshooting efforts from one hundred percent to about twenty percent, thereby increasing productivity significantly. The platform's ability to monitor Docker containers directly has also been beneficial for us.

The most valuable features of Splunk Enterprise Platform include its performance, ease of implementation, and user interface, which are superior compared to other on-premises products.

Pricing is an area that needs improvement, as it is considered high. Additionally, the addition of AI capabilities would be beneficial for analyzing IP activity patterns and providing alerts. During the integration with Docker, we noticed that Splunk only shows container IDs and not their names, which is a drawback.

I have used Splunk Enterprise Platform for one to two years for the projects I have mentioned.

Splunk Enterprise Platform is a stable solution, and I would rate its stability as nine out of ten.

Splunk Enterprise Platform is scalable, though the implementation can be challenging. I would rate scalability as eight out of ten.

We have not opted for paid support but have utilized community support, which is good but could benefit from more contributions. I rate the support a seven out of ten.

Neutral

We have tried multiple products before, but they were difficult to implement. Splunk Enterprise Platform is much easier to implement and execute quickly, which is why we chose it.

The initial setup was not considered easy and required learning and implementation by ourselves. It was an average difficulty process, not too difficult but not very easy either.

The deployment and implementation were done by myself and one of my teammates, totaling two people involved in the process.

Monetary ROI was not directly measured, but using Splunk Enterprise Platform has reduced time spent on troubleshooting, therefore enhancing productivity.

I would rate the pricing around three out of ten, considering the tool's cost. We haven't used any extra features, so I'm not sure about additional offerings.

We evaluated several other products, but they were found difficult to implement. Splunk was the easier solution.

I highly recommend Splunk Enterprise Platform for organizations with large volumes of logs and multiple servers, as it provides good ROI for big companies. However, due to its cost, it may not be suitable for small organizations.

I use the solution in my company to capture the events to deal with threat detection, incident response, and compliance reporting. For IT operation management, it gets complex to track the health and performance of IT infrastructure, including our network devices and applications, so Splunk Enterprise Platform can be used for centralized log management.

The most valuable feature of the tool for DevOps and from a continuous delivery perspective is that the tool is useful in areas like deployment, monitoring, and incident management.

If I compare Splunk Enterprise Platform with the other tools, the dashboard and the user interface need to be built at a console level and in a user-friendly mode. Sometimes, the tool looks a bit complex, and we can't find out the exact area where we need to make the changes in the configuration and changes for the log events monitoring. The dashboard and the console-level areas need to be made friendly.

The product's initial setup phase needs to be made easy since it looks like it is very complex compared to the other tools in the market.

I have been using Splunk Enterprise Platform for three years.

From a stability perspective, the tool is good. If any breakdowns exist, remediation and support are provided, so it is not a problem.

The tool is used by around 5,000 employees and servers in my company.

I have interacted with the solution's technical support. I rate the technical support a seven and a half out of ten.

Neutral

The solution is deployed in an on-premises version.

The tool is expensive.

To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool.

It is not easy for beginners to use, and for freshers, it will take time to understand the tool.

From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten.

In general, I rate the tool an eight out of ten.

Splunk Enterprise Platform is a basic monitoring tool used for application performance monitoring, database monitoring, and infrastructure monitoring. Currently, I use the solution for application monitoring and security monitoring. I use the tool to monitor security breaches or suspicious activities.

The solution is very good for monitoring compared to other tools. It provides an accurate solution. We used to get a free trial of around 60 days to test and get a good experience on Splunk.

The solution's license cost is high and can be improved. There are some limitations on data onboarding if you have huge data.

I have been using Splunk Enterprise Platform for three to four years.

Compared to other monitoring tools, Splunk Enterprise Platform provides good stability.

I haven’t faced any issues with the solution’s scalability.

Splunk ITSI is very good for support, which includes getting an incident number and working on it.

We need to integrate Splunk Enterprise Platform with other tools, which provide some security events. After integrating, you get the logs from that application's API. Once you get those logs, we will create a code per the business requirements and create an alert, report, or dashboard, whichever is needed.

Splunk Enterprise Platform works based on apps installed in Splunk. For example, if you want SQL data to get into Splunk, you need to install an SQL database plugin on the Splunk server. That plugin will capture the logs related to an SQL database with Splunk. After that, we write a query, pull out the data we need, and provide knowledge objects.

Visualization is very good in Splunk Enterprise Platform. The solution has good visualization elements like bar graphs, pie charts, line graphs, single visualizations, and maps. I would recommend the solution to other users.

Splunk Enterprise Platform is a very good tool for monitoring your day-to-day activity logs. This will eventually help you create reports or dashboards to monitor the business's progress.

Overall, I rate the solution seven and a half or eight out of ten.

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions. 

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

We use the Splunk Enterprise Platform for logging and monitoring purposes. If users log into different databases and do something, we onboard database logs and other AWS logs to Splunk. Then, we create a dashboard alert report, and based on those dashboard alerts, we monitor users' actions. If they perform suspicious activities, we also send alerts. We use the solution to create dashboard alerts, reports, and some query language.

The most valuable features of the solution are the load balancing technique, the forwarding technique, and SSL certification.

Sometimes, queries don't give proper results, and the indexes go down.

I have been using Splunk Enterprise Platform for seven years.

I rate the solution an eight out of ten for stability.

I rate the solution’s scalability a nine out of ten.

The solution’s technical support is good.

The solution’s initial setup is easy.

I have heard from my managers that Splunk Enterprise Platform is an expensive solution.

The solution has helped us with our security information and event management. If someone performs deletion operations, we get an automated alert informing us that a privileged activity has been performed. We forward the logs in real-time. We are ingesting 10GB of data into the solution daily. We have some input filters in the solution's dashboard.

Overall, I rate the solution an eight out of ten.