Splunk Enterprise Platform Reviews

Splunk Enterprise Platform serves as our SIEM solution from Splunk, which is a market leader. It is a SIEM solution for log management and correlations. We have multiple logs from most of our infrastructure tools and security products. We obtain these rules and logs through many protocols including syslog and API. We then normalize and correlate this data and create incidents based on the activity running on our infrastructure.

I appreciate the API, the protocols, and the workflows as it functions as a SIEM solution. The main function is correlation.

The best features I value about Splunk Enterprise Platform include a great correlation rule that allows me to edit and generate alerts based on any event in an easy and fast way. I can accomplish this in a short period of time, and afterward, I can see incidents based on the correlation rule in a very professional and effective way.

I value the incident management and the correlations.

Splunk Enterprise Platform helps in detecting anomalies and preventing outages. The main core function for any SIEM is to have correlation. For example, if you receive user activity on a VPN logging in from Egypt, then after a while you receive logs from the firewall showing the same user logging in with a VPN from Ukraine, it is not logical that the user would move from Egypt to Ukraine in just five minutes. Splunk Enterprise Platform will create an incident and detect this as a credential compromise because we have a successful login from another location. This is the magic of correlation. We receive many events, we correlate these events, and then we can create an incident. After that, we have Splunk SOAR to take actions in an automation process to stop this incident without any management or any actions from the team.

The end-user experience is enhanced by the security product, as we have a return on investment on lower security incidents. After we implemented it with the SOC and Splunk SOAR, we can stop phishing and spam. The end-user experience will not see many phishing domains; they will be reduced. Security incidents will be reduced. Network performance will be very good after we implement it because we can detect who is scanning our network and creating a bottleneck on the network. We can stop and detect this with Splunk, whether it is SIEM from Splunk or SIEM with SOAR.

I use the machine learning toolkit with Splunk Enterprise Platform. The machine learning is very good on Splunk, but it sometimes makes searching for events become slow, so we have stopped using it. I think this needs improvement on Splunk.

The machine learning has room for improvement.

I think threat management needs improvement when compared to other vendors.

I compare Splunk Enterprise Platform with other solutions and vendors and see a very good point on pricing. We have Splunk at a very high cost, but I can say that other vendors working with mid-size customers can compete against Splunk. However, compared to Splunk, it is very expensive compared to other vendors. I think after the acquisition from Cisco, we can get discounts for licensing, and I believe Cisco will reconsider the pricing for Splunk Enterprise Platform.

I would prefer to see improved pricing for Splunk Enterprise Platform.

My thoughts on the pricing are that it is not cheap.

I have thoughts on the advanced threat detection, and I see that it is integrating with threat intelligence, and I believe this needs improvement.

I have been using this solution for about two years. We have deployed many services from Splunk here in Egypt. Most of it is a SIEM solution from Splunk. We also have SOAR from Splunk, and we are running it on the largest bank here in Egypt. Most of the portfolio from Splunk that I have worked with was over approximately two years.

Regarding scalability, Splunk Enterprise Platform, like any SIEM solution, provides scalability. Whenever we receive more logs, we can easily scale. I rate this aspect as a ten.

I rate the technical support as very good.

The deployment was not easy, nor was it complex. It requires a professional and certified engineer to deploy the product, as many SIEM solutions do. One cannot easily deploy a SIEM solution. You have to work on correlations and personalize the dashboard. There is a lot of configuration for any SIEM solution, not only Splunk Enterprise Platform.

I would advise others looking to implement this product to totally recommend it. I recommend this both before and after the acquisition. I totally recommend acquiring Splunk Enterprise Platform portfolio, whether it is Splunk SOAR, Splunk Cloud, or Splunk Enterprise Platform. I rate this solution a ten overall.

On-premises

I normally use Splunk Enterprise Platform for review purposes. It is very easy and convenient. Its GUI is easy for me to review and approve all those things.

Splunk Enterprise Platform is very easy and convenient to use. The graphical user interface is easy for me to review and approve tasks. It saves time by allowing me to perform actions on a single platform instead of managing them separately. Additionally, its real-time processing capability is very good.

The only problem I have with Splunk Enterprise Platform is that sometimes when I update a review, it takes time to receive confirmation emails. This happens very rarely, maybe once or twice a month. I feel this can be improved in terms of performance.

I have been using Splunk Enterprise Platform for three years.

Splunk Enterprise Platform is very stable.

Splunk Enterprise Platform is scalable to some extent, which is acceptable. However, when I connect via VPN, it may take time to launch.

I haven't got any support yet, so I can't comment on this as of now.

Splunk Enterprise Platform saves approximately 20 to 30 percent of my time without having to perform different actions separately.

My overall experience with Splunk Enterprise Platform rates around seven out of ten points. The main issues are regarding updating reviews and scalability, which may take some time when connecting via VPN. I would rate the overall solution 7 out of 10.

On-premises

The use cases for Splunk Enterprise Platform vary depending on the specific scenario.

Splunk Enterprise Platform has different purposes, including data visualization and other applications.

In Splunk Enterprise Platform, the most impactful features for data analytics allow you to get into the repository.

There are financial benefits from using Splunk Enterprise Platform, and as a retailer, it provides better profit margins.

Splunk Enterprise enhances data analytics with its AI capabilities.

For future updates of Splunk Enterprise Platform, I would like to see integration by GUI.

The integration should be improved with the UI.

I have been using Splunk Enterprise Platform for about two years.

There are no significant challenges in deploying Splunk Enterprise Platform.

The challenges or pain points others should anticipate before implementing Splunk Enterprise Platform are mostly related to the integration part.

The time it takes to deploy Splunk Enterprise Platform depends on the use cases.

It may take anywhere from a couple of hours to a couple of weeks for Splunk Enterprise Platform deployment.

The same three people take part in the deployment of Splunk Enterprise Platform.

I do not take part in the deployment; my team does.

My advice for those looking to implement Splunk Enterprise Platform is to know the product well and have hands-on workshops or create a lab to gain complete knowledge before proceeding.

Regarding maintenance, it does not require much as it is on-premises.

Overall, I would rate Splunk Enterprise Platform an eight.

On-premises

Other

We use Splunk to create dashboards and do analysis.

Splunk can be used primarily to port log files, allowing for easy and quick management of large amounts of logs. However, this can also be a drawback due to the configuration, parsing, and dashboard creation limitations. Communication is stream-based, which means you need to do a lot of pre-emptive setup to get a nice export. Another issue with Splunk is its streamlined nature; it reruns the query whenever you refresh a dashboard. This becomes problematic if you have a large volume of log files, as it can be slow, resource-intensive, and require significant storage space.

It is designed to process and analyze log files. You feed log files into the platform, automatically extracting different fields. This allows you to filter and manipulate the data in a stream-based manner. Essentially, you pass a log file through various filters sequentially, enhancing or reducing its size by adding or removing information. However, this stream-based approach can make it challenging to create detailed dashboards easily. The platform primarily focuses on log files and is unsuitable for real-time data analysis.

I have been using Splunk Enterprise Platform for one or two years.

The product is stable.

I rate the solution’s stability a six out of ten.

It can be very slow if you have a lot of data, and scaling it up for better performance can be quite expensive.

A thousand users use this solution. We have many systems and a lot of data.
It is centrally deployed and used extensively across various systems. I use it daily, but sometimes I only use it once a month. It depends on the data I need or the issue I'm investigating.

I rate the solution’s scalability a four out of ten.

The initial setup is straightforward.

I wouldn't recommend Splunk Enterprise Platform because it's slow and has significant limitations.

Overall, I rate the solution a six out of ten.

On-premises

We are working with AppDynamics, Splunk Enterprise Platform, and other Splunk products. However, the main use case here is with Splunk Enterprise Platform.

Splunk Enterprise Platform is a good tool to have, but it is expensive. The features that have proven most effective for real-time data analysis include parts of the platform and its automation capabilities. However, I want them to enhance their automation to cover every aspect, particularly the automation of roles creation.

While Splunk Enterprise Platform is a good product, it is expensive. Additionally, it is complex for inexperienced cybersecurity engineers and requires experienced personnel to handle it effectively.

We have been providing Splunk Enterprise Platform for ten months.

Splunk's technical support is at the same level for all products, although we have not opened many tickets.

Neutral

Splunk Enterprise Platform is expensive.

The main competitor of Splunk in our region is Exabeam, which is less expensive. For small and medium companies, Fortinet is a competitor. Stellar Cyber has also recently entered the market.

For smaller companies, I recommend Stellar Cyber as an alternative to Splunk Enterprise Platform. Stellar Cyber is easier to implement and integrate, and it has solid AI capabilities, especially for automation. It is also willing to adapt to customer requirements. I would rate Splunk Enterprise Platform overall somewhere between six and eight, depending on the size of the company.

The main use case is to analyze the data log coming from other systems. We use Splunk to identify anomalies in transaction patterns, which may indicate irregular activity from certain customers. Our goal is to create alerts for stakeholders when such anomalies are detected.

Splunk has made our job easier by streamlining data searching and decision-making processes. By using it for fraud detection, we have potentially saved billions of Indonesian rupiah.

Splunk is very flexible in handling various formats of data as long as basic rules are adhered to. Its integration with other systems is seamless and can be done overnight. This ease of integration is its best advantage. Additionally, Splunk is adequate for real-time data processing.

The Splunk Processing Language (SPL) poses a steep learning curve for new users. The software could benefit from additional processing power, such as GPU support, for handling large volumes of data faster. The language could also be more user-friendly, similar to platforms where actions are easier through button clicks.

I have used the solution for approximately three years.

I rarely encounter bugs or glitches during daily use. However, there was one instance where an issue required solutions from the headquarter's next upgrade session.

Splunk is scalable, provided the supporting infrastructure, such as CPU and GPU processing, is also scalable.

I rarely communicate with the Splunk headquarters, usually interacting with the local implementer.

Positive

We are not using anything else that functions like Splunk. However, for fraud detection, we also use GVD Instinct and FICO, along with Elasticsearch.

I have not been involved in implementing it, except in integration, where I've found it easy.

We have been saving significant amounts through fraud detection. I cannot say precisely how much. Overall, Splunk has simplified our data management and decision-making processes.

The official license operates like a subscription with an annual fee. Our local implementer offers pricing based on reserved quota, such as 80 gigabytes per day, costing under one billion Indonesian rupiah, or around $70,000 USD. It is affordable and flexible.

Elasticsearch, Kibana, Check Point, and other solutions like Microsoft Teams, OneDrive, and SharePoint are used.

Keep my identity anonymous; publishing my title is sufficient. It's important to master the SPL for efficient use. Seek solutions that better support GPU for real-time processing.

I'd rate the solution eight out of ten.

Other

I use the solution in my company to capture the events to deal with threat detection, incident response, and compliance reporting. For IT operation management, it gets complex to track the health and performance of IT infrastructure, including our network devices and applications, so Splunk Enterprise Platform can be used for centralized log management.

The most valuable feature of the tool for DevOps and from a continuous delivery perspective is that the tool is useful in areas like deployment, monitoring, and incident management.

If I compare Splunk Enterprise Platform with the other tools, the dashboard and the user interface need to be built at a console level and in a user-friendly mode. Sometimes, the tool looks a bit complex, and we can't find out the exact area where we need to make the changes in the configuration and changes for the log events monitoring. The dashboard and the console-level areas need to be made friendly.

The product's initial setup phase needs to be made easy since it looks like it is very complex compared to the other tools in the market.

I have been using Splunk Enterprise Platform for three years.

From a stability perspective, the tool is good. If any breakdowns exist, remediation and support are provided, so it is not a problem.

The tool is used by around 5,000 employees and servers in my company.

I have interacted with the solution's technical support. I rate the technical support a seven and a half out of ten.

Neutral

The solution is deployed in an on-premises version.

The tool is expensive.

To first-time users, I can say that proper analysis and bandwidth utilization, cloud resource monitoring, and cost optimization are the things I would ask one to check in the tool.

It is not easy for beginners to use, and for freshers, it will take time to understand the tool.

From a security perspective, I rate the tool a nine out of ten. From a user and the console perspective, I rate the tool a seven out of ten.

In general, I rate the tool an eight out of ten.

On-premises

Splunk Enterprise Platform is a powerful application that offers extensive visibility into events, notable occurrences, and correlations, providing robust capabilities.

The valuable feature is the onboarding of various logs using different methods. Additionally, it excels in content development and use case creation. I want to learn about upcoming technologies like Splunk Cloud and Azure integration. These platforms offer extensive capabilities for visualizing and manipulating data according to our requirements. Splunk's proficiency in field extractions and onboarding logs from diverse sources makes it highly capable. Its logging addition and parsing capabilities are particularly noteworthy.

In Splunk Enterprise Platform, while the dashboard feature is powerful, it does have limitations in terms of the number of parameters that can be included in one dashboard. However, it's important to note that these limitations can be addressed through effective dashboard design and optimization techniques. Despite these constraints, Splunk offers extensive capabilities for creating insightful dashboards that can visualize relevant data effectively.

Splunk excels in providing accurate and valuable alerts and reports. These features are crucial in reducing manual efforts, minimizing human errors, and expediting incident resolution processes. With Splunk's alerting and reporting functionalities, users can fine-tune alerts, apply filters, and include necessary information for thorough investigation and analysis. These capabilities contribute significantly to enhancing operational efficiency and decision-making within organizations.

I have been using Splunk Enterprise Platform for five years.

I rate the solution’s stability an eight out of ten.

Scalability is very flexible. Without the Splunk support, we can deploy and scale up.

The responsiveness of the support is very good. They will ask you if you are raising any P2, P1, or major incidents so they'll help us with immediate and accurate results.

The initial setup is straightforward , with detailed deployment steps outlined in their documentation. Additionally, the Splunk community is a valuable resource where users can ask questions and receive expert solutions. 

Splunk Enterprise Platform does not have a few application add-ons. Therefore, when we aim to integrate log sources from new or important ones that Splunk lacks add-ons for, we resort to developing custom add-ons. While this approach allows us to proceed with our work, it requires significant human effort and increases the likelihood of errors. Moreover, troubleshooting becomes time-consuming under these circumstances. Ideally, Splunk would offer add-ons for every possible application, significantly improving our efficiency and effectiveness.

The Splunk Enterprise Platform offers excellent visibility through real-time monitoring. Whenever any data matches our client's SQL code, it triggers an immediate alert, allowing us to respond to incidents swiftly. This capability is highly beneficial during any incident, making Splunk an invaluable tool.

There are various components, such as Universal Forwarder, Indexer, and Search Head. These components are relatively straightforward to set up. However, when implementing a distributed environment or setting up clustering, Splunk offers robust capabilities. Additionally, managing data storage sizing is also seamless.

Overall, I rate the solution an eight out of ten.

On-premises