Testing for insider threat behavior.
Cyber Analyst with 501-1,000 employees
It has the ability to correlate results
What is our primary use case?
How has it helped my organization?
It gave management confidence in current operations.
What is most valuable?
The ability to correlate results.
What needs improvement?
A few more analysis aids might help. The next release could have more intuitive help examples.
Buyer's Guide
Splunk Enterprise Security
June 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,524 professionals have used our research since 2012.
For how long have I used the solution?
One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Técnico Judiciário at a government with 1,001-5,000 employees
Has the ability to log more logs than similar solutions and is more efficient than its competitors
Pros and Cons
- "It can log more logs than other solutions. It's a good way to troubleshoot problems."
- "Cybersecurity and infrastructure monitoring have room for improvement."
What is our primary use case?
We use it to do SIEM.
How has it helped my organization?
It can log more logs than other solutions. It's a good way to troubleshoot problems.
What is most valuable?
Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.
What needs improvement?
Cybersecurity and infrastructure monitoring have room for improvement.
For how long have I used the solution?
Less than one year.
How was the initial setup?
On a scale from one to ten I would rate the initial setup a seven for its complexity.
Which other solutions did I evaluate?
We also looked at AlienVault.
What other advice do I have?
I would rate it an eight out of ten.
Splunk is more efficient than other solutions but it's also more expensive.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Splunk Enterprise Security
June 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,524 professionals have used our research since 2012.
Network & Telco Lead at a energy/utilities company with 501-1,000 employees
Provides log collection and analysis
What is our primary use case?
- Log collection and analysis
- Reporting for the whole enterprise environment.
How has it helped my organization?
Improved visibility.
What is most valuable?
Log search and alerting/reporting.
What needs improvement?
Code understanding requirement is complicated for most users.
For how long have I used the solution?
One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT & Cloud Architect at AiM Services SA
We use it for reporting and monitoring of all solutions in the company
Pros and Cons
- "We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
- "The security can be improved."
What is our primary use case?
Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.
How has it helped my organization?
We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.
What needs improvement?
The security can be improved.
What do I think about the scalability of the solution?
It is scalable. We have five admins so far that we have in the solution. We have two as techs to develop the design on the world map of the solution, and we have the end users, so 80,000 users altogether.
How was the initial setup?
The initial setup was complex. We have two data centers in France, two in Germany, and we have 18 countries in the world. It's a big company and we have a lot of services, servers, etc. So the setup is more complex.
What other advice do I have?
I would rate this solution a perfect ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller.
Presales Manager at a tech services company with 11-50 employees
Clients benefit from the live security monitoring of their parent IP infrastructure base but Splunk should adjust the pricing
Pros and Cons
- "The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
- "Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
What is our primary use case?
We use it for security incident event management and for IT service intermediates.
How has it helped my organization?
We sell it to clients so clients benefit from Splunk in terms of live security monitoring of their parent IP infrastructure base. Their IP security and network application base is where we have a 24/7 monitoring interface.
What is most valuable?
Splunk has many good apps and has a contribution from all security vendors. That's where Splunk wins.
What needs improvement?
Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market.
Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud.
Its costs are too high and it should be more cost effective because it's going to be a cloud offering.
What do I think about the stability of the solution?
Stability is perfect. It's a good product. The market right now is moving towards cloud. We will use cloud in our option strategy. One thing that Splunk does not have is a partner consulting base so Splunk depends heavily on its own consulting, which I think should not be there. They should promote more partners for consulting. In fact, their education program is also very costly for all partners. For example, if you want to get your guys certified it's really costly. Because they have a good solution, they're completely inflexible with pricing. I don't see a lot of enablement from Splunk.
How was the initial setup?
The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.
The client has to bear that cost plus the initial infrastructure, Splunk does not come in and install it. The client, retailer or the partner has to do it. Secondly, then comes the software installation part of Splunk wherein you go and install the Splunk components. Then you have the configuration part which includes the revenue use cases on the Splunk apps on the Splunk platform which is another big phase. You can build your project the way you want to. It's a life phase. Use cases are not something which cannot be quantified. Initial set up can be done through the Splunk apps and then, later on, you can modify the use cases as per what the client needs.
What's my experience with pricing, setup cost, and licensing?
Pricing is one factor that hurts everybody on the market; the client, the reseller, everybody that touches it. Only Splunk makes money. It is hard to have it for the long term if it's a stretch for your budget. Pricing becomes a problem and people are just focused on numbers rather than creating a vision for the entire product. That is the biggest factor I found with Splunk, that they just want to make money and they don't care about anything else. They lost national, country-level projects because of this attitude.
What other advice do I have?
I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller.
The search function for splunk is like a google search, you just enter and it will quickly show you the results
Pros and Cons
- "The search function for spam is like a google search. You just enter and it will quickly show you the results."
- "Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
What is our primary use case?
Our primary use case of this solution is as a centralized lab collection.
What is most valuable?
The search function for splunk is like a google search. You just enter and it will quickly show you the results.
What needs improvement?
Splunk has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried many of them.
It would be best if they can incorporate all security locks with minimal incidents.
For how long have I used the solution?
One to three years.
What do I think about the scalability of the solution?
It's a little hard to scale on-prem.
How was the initial setup?
The initial setup was easy. It took us one to two days.
What's my experience with pricing, setup cost, and licensing?
It's a little bit expensive for a small to medium enterprise.
Which other solutions did I evaluate?
We also looked at AlienVault.
What other advice do I have?
I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Technical Project Manager at Altran
Enables us to pull up reports very easily, take action, and notify stakeholders
Pros and Cons
- "It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders."
- "It does not give us permission to implement on-premise so we implement them on the cloud."
What is our primary use case?
Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.
How has it helped my organization?
Every tool has a drawback. Some aspects of this solution are secure but getting clean data from the cloud takes time. Looking towards the future, I'm looking for a tool that is the most secure in the cloud environment.
What is most valuable?
It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull up the reports very easily, take action, and notify stakeholders.
What needs improvement?
I would like to see them develop integration with the help of a rack rest API. Which is an API that helps to secure communication with oracle cloud and pull down records from there.
This integration is currently missing in current version of splunk. I'm looking forward to see this feature getting implemented in next version of Splunk and so that organizations can get benefit of this feature in future.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
Stability is very good.
What do I think about the scalability of the solution?
Scalability is good. It's scalable enough. You can play around with this tool. Scalability is one of the main criteria we look for when considering solutions.
How was the initial setup?
The setup depends on the organization. It is very simple here. You can easily install all of the businesses in the company network. Previously, it was suggested that this solution is not flexible enough. It does not give us permission to implement on-premise so we implement them on the cloud.
Which other solutions did I evaluate?
We also looked at HP ArcSight and two other solutions.
What other advice do I have?
I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution.
I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Director of Information Security with 201-500 employees
Extremely scalable but they need to make purpose-built modules more robust
Pros and Cons
- "It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
- "The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."
What is our primary use case?
- SIEM
- Security information
- Event management
What needs improvement?
The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.
What they need to do more than anything else is, they need to take a serious look at purpose-built modules like the SIEM and put a lot more effort into making them more robust. If they did that I think they would have a better chance on the market. The base tool was great, and if the organization that they're looking to sell into requires a good, solid logging solution then they would have a very good sales statement to make because you could get the logging solution you need that could give you the SIEM at the same time.
What do I think about the scalability of the solution?
It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solution would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.
Which solution did I use previously and why did I switch?
- AlienVault
- LogRhthym
- ArcSight
- QRadar
I've used a whole bunch of different solutions. For a SIEM based solution, they are more purpose-built for that function. Where Splunk is purpose-built for a general logging and data capture solution so you'd be able to capture a lot of different information.
How was the initial setup?
Anything that's not out of the box requires codding. Even up until recently when they finally released their SIEM or their security add-on. Before then there was not security stuff at all. I would actually have to go in and code that within the system to able to do the necessary searches to pull that information. Where a lot of the other tools, they already have those preconfigured which means I don't have to go and recreate the wheel. Now, we finally figured that out to a certain degree, and started putting the new tool in a place that gives you some SIEM functionality.
What other advice do I have?
As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
Splunk AppDynamics
Elastic Observability
Grafana Loki
Security Onion
Palantir Foundry
Cortex XSIAM
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack