Splunk Enterprise Security Reviews

I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk. 

Splunk is mainly used for collecting logs and dashboards.

Splunk provides a free version so you can test it before purchasing.  It's better than IBM, in my opinion, because it's an independent entity. IBM, for example, if you want to use EDR, and other features, you must use the features of other companies, such as ServiceNow and Jira.

I am still exploring the features provided in Splunk. As I have not used it for a long time, I don't have a clear vision of it.

As a student, I'd like to see more labs and things for students to test in order to learn.

Having a trial version or more training on Splunk would be helpful.

There is a free version, but it is insufficient for training and learning because it is a little bit difficult to work with, especially if you are a beginner. It's difficult to improve when you're just starting out with logs and SOC. As a result, we require a longer free version.

Splunk is not used in my company. During my internship, I am being taught how to use it at school.

I have been using Splunk for one month.

I did not have any issues with the stability of Splunk. It was quite stable.

There was technical assistance available. When you require assistance, they provide it, they will respond.

We integrate Jira with QRadar which is helpful.

The initial setup was simple because there is available support and tutorials.

I completed the installation with the help of some friends, in the IT department.

I'm only using the free version for the time being.

The cost is reasonable.

Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult.

When compared to QRadar, QRadar, it's simple to pay. 

I did some research for a school project. I needed to compare it to Splunk and a few other tools. As a result, I'm not particularly interested in purchasing them.

I would rate Splunk an eight out of ten.

We are using Splunk for querying data from different sources.

Splunk has machine learning which is a valuable feature.

The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.

I have used Splunk within the past 12 months.

Splunk is a stable solution.

We have contacted the support and most of the reasons we have contact support has been project-related. For example, we want the APAs to work in a certain way or for certain fixes.

I have been using Splunk for approximately 

We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.

The solution could improve by giving more email details.

In a future release, the solution could improve on the artificial intelligence features, such as if an alert comes, it could automatically do logging from the system, get the KV knowledge base, and perform other functions. This would be a benefit.

I have used Splunk for approximately five years.

The technical support is good.

The initial setup is complex.

The price of Splunk is reasonable.

We have evaluated SoapUI and Postman, and we are still evaluating others.

I rate Splunk a seven out of ten.

We have multiple use cases, almost 200 plus use cases. An example, travel activities where you log in.

The solution has plenty of features that are good.

I have been using the solution for two years.

It is a stable solution. 

In my experience, it has been scalable. We have five users using the solution in our company.

The installation is straightforward.

Deployment is not difficult but the lock sources and configurations can take time. We have a team of 15 technicians that do the deployments.

The solution is a little expensive.

I would recommend this solution.

I rate Splunk a six out of ten.

I'm the CSSP manager and we are customers of Splunk. 

Splunk is good at log collection and log management.

I'm a security manager and Splunk is not a good solution for my needs and not as good as other products I've used. I really think they just overreached and are marketing the solution as something that it really isn't. It's really not an SIEM product. It's really not a monitoring solution. If Splunk wants to get into SIEM, they need to make a totally new product. They should just leave SIEM, it's not their thing, not what they do. They're good at log collection and indexing. Stick to it. There are some things with log collection and log retention capabilities that they could actually improve instead of trying to create products for all these other different areas. I don't want their next release, I would rather just kind of scale back on some of the extras, and just really focus on log collection and log retention. I'd like to have more options on how I can perform those features with their products. I'd like to see a lot more integration with other products.

I've been using this solution for three years. 

Once you set up the solution, you don't really have to worry about it. It's very stable. I like the fact that you can pretty much just patch the OS, and it doesn't really affect how Splunk runs. With a lot of products, you almost have to wait for that company to implement a new patch or version of the product before you can upgrade the server it's on, or anything like that. Or you can't upgrade, you just have to go with whatever they give you, because they're giving you an appliance or something. I like the fact that Splunk allows you to integrate and still run as Splunk and still be compliant with most vulnerabilities out there without affecting functionality.

The solution is extremely scalable. We probably have about five or six users, so all our system administrators use it, they're the ones that implement it. Right now, just the CIO, the CTO, and there's a ISSM who has access. There are plans to add more people once we fully implement the Enterprise Security solution. We have admins responsible for maintenance.

The initial setup is kind of complex but I think it's an issue we have and not connected to the solution. We're still deploying. The company didn't have an implementation strategy, they're kind of just flying by the seat of their pants which wasn't a great plan. We're doing it ourselves, we didn't use an integrator. 

We have a 100 gig annual license. I'm not sure of the cost. Their licensing is based on the amount of data you collect. There is an additional cost for Enterprise Security. If there are any other kind of applications, the APIs that we created that we want to add, there are costs for most of those as well. Their pricing structure really could use a revamp. They really need to review and look at that and see if there's a better way that they can do it. Elasticsearch is a little cheaper and a better product in my view. 

It's important to prepare. You can't just get a solution and start to implement it. A big part of that needs to be preparation, and in IT, we're not great at that. I would go with Elastic, a similar product but better. The licensing is a little different but it gives you a little more freedom to do things. It's really flexible with what you can do and versatile in how you can use it. Splunk is still top when it comes to log collection. If you wanted anything more than that, you should probably look into using several different products. There isn't really one product that you're going to find that's going to give you that coverage and I just like the versatility of using several different products. There are some other things you can use that actually do a better job at the correlation part. 

I would rate this solution a seven out of 10. 

It's the primary place where I'd go to do an investigation if I want to see what's going on within an endpoint, or on a network, or with a user.

The flexibility of the solution is quite good.

The product is stable.

It offers good scalability if you are willing to pay.

The technical support on offer is responsive.

The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do.

The solution needs a bit more functionality. For example, being able to save a search and select it when you're doing an investigation. I know you can create dashboards and things like that, however, sometimes being able to have a pre-saved search and just fill in whatever value you need would make everything so much easier.

I've been using Splunk for four years so far. It's been a while.

I haven't had any stability issues with it. It's pretty stable. There aren't bugs or glitches. It doesn't crash or feeze.

You can scale the solution, however, users need to be aware of the product increasing in cost as well.

The technical support is very good. We're quite satisfied with the level of service provided. They are knowledgeable and responsive.

When I came to the company, they were already using Splunk. It's only now that we're looking to possibly move to another vendor. The cost of Splunk is much too high.

I wasn't here when this solution was put into place, however, from looking at the documentation and things like that, the setup is pretty involved. I'd say it's a bit more complex than straightforward.

We find the solution to be quite expensive. Therefore, we're looking for other options.

I don't know of the exact costs, as licensing is handled by another department.

We're just users. We don't have a business relationship with Splunk.

We're on a variation of version seven. I'm not sure of the exact one. It's not quite the latest.

I'd advise new users, if they have the budget for it, to go and take the training that they offer. Or, for casual users, you just want to spend as much time watching YouTube videos as you can. It will help lessen the learning curve.

As a solution, it's still pretty much industry standard. I would give it a nine out of ten overall, even though I have my gripes with it.

We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.

Without Splunk or a similar product, if I want to check the log files every day, I have to log in to the individual hardware components in our system. I have to log in to the firewall, I have to log in to Windows. There are so many devices I would have to manually log into, one-by-one. It would take a very long time for me. 

Also, we don't have a dashboard so we don't know which issues are critical. When we use a centralized log monitoring system we can see things on the dashboard and it is easier for the IT manager or an IT engineer to take corrective action in the system.

The most valuable feature of Splunk is the log monitoring.

If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.

It's very stable.

Up until we trialed Splunk we did not have any solution. We used Splunk because we don't have anything to monitor our system. I contacted our local vendor in Vietnam, and they suggest using the trial version of Splunk to see how it works in our environment. This is the main reason I trialed Splunk. We just used the trial version in our office and, since it expired, we haven't used it.

For me, the initial setup was not too complex. For an IT person like me, it was okay.

Our local vendor knows Splunk very well. He had already implemented Splunk for another customer. I called him to our office to have him install the Splunk. It took a couple of hours for him to finish.

We used a consultant for the deployment, from KDDI Vietnam. Our experience with him was good.

Because it was a trial version, I was the only one who used it in our company.

I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.

We use Splunk for a few different use cases:

1. We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards.
2. We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams.
3. We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

It has improved our organization in many ways:

1. Having Splunk as part of one of our software products was our choice for giving our customers a great user experience.
2. It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems.

• The easy automatic field parsing of logs. 
• Data model acceleration
  
• The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.

It needs to improve the way to install third-party apps and enable installation without logging into splunk.com.

Not at all.

Not really.

Their support is pretty good, but not amazing. Although we have our own in-house Splunk expert who worked for Splunk themselves for a few years, we do not really need external support that much. We basically use them for licensing stuff. 

The forums are pretty thorough, so technically we have not had much need for support.

The initial setup is easy. Although, we currently use just a single server and not multi-server clustered instances. 

For our Linux instance setup, an upgrade is very easy. It is all managed by about three simple Bash scripts.

It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.

We evaluated ELK Stack and QlikView.

We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.