Security and incident management, which is helpful when organizing the data from different systems and running analysis on all the data together.
Principal Engineer at Publix Super Markets
A more secure, robust environment, which keeps out harmful software
Pros and Cons
- "Visualizations are the best way to understand deviation techniques from the norm."
- "We have a more secure, robust environment, which keeps the harmful software out of the zone required."
- "More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
What is our primary use case?
How has it helped my organization?
We have a more secure, robust environment, which keeps the harmful software out of the zone required.
What is most valuable?
The most valuable features are:
- Risk analysis
- Machine Learning Toolkit
- dbConnect
- Cisco products
- eStreamer
- SIEM.
Visualizations are the best way to understand deviation techniques from the norm.
What needs improvement?
More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results.
Buyer's Guide
Splunk Enterprise Security
June 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,490 professionals have used our research since 2012.
For how long have I used the solution?
Three to five years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Business Intelligence Developer at Arizona State University
Search language is easy to understand and teach to new users
Pros and Cons
- "Support is quick and competent."
- "Search language is easy to understand and teach to new users."
- "Certain sections of the developer documentation could use some updating and clarification."
- "Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
What is our primary use case?
- Monitoring IT and other processes for a large university.
- Leveraging alerts and dashboards to detect and predict security breaches and other events.
How has it helped my organization?
Splunk has enabled us to detect, even predict potential security issues, before they become severe. It has enabled our operations and development teams to more efficiently monitor and troubleshoot their systems.
What is most valuable?
The search language is easy to understand and teach to new users. The SDK is comprehensive and has incredible levels of integration with the platform and data.
What needs improvement?
- Certain sections of the developer documentation could use some updating and clarification.
- Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling.
- Some terminology is vague and confusing (examples: deployer versus deployment server or search head versus search peer).
For how long have I used the solution?
Three to five years.
How is customer service and technical support?
Support is quick and competent.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Splunk Enterprise Security
June 2025

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,490 professionals have used our research since 2012.
Senior Cloud Operations Analyst at a tech vendor with 1,001-5,000 employees
Makes us much faster finding and addressing issues
Pros and Cons
- "We are much faster finding and addressing issues with Splunk."
- "I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
What is our primary use case?
Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.
How has it helped my organization?
We are much faster finding and addressing issues with Splunk. We reduce the MTR and get more done.
What is most valuable?
So many of Splunk's features are invaluable to us:
- Machine and business data retention
- Solid HA and distribution
- Adaptability to custom data
- Search, Search, Search.
What needs improvement?
I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
How is customer service and technical support?
The support team is very competent.
How was the initial setup?
The initial setup is very straightforward.
What about the implementation team?
We implemented in-house
What was our ROI?
Our ROI is high.
Which other solutions did I evaluate?
We evaluated LogRhythm.
What other advice do I have?
I love this product.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Systems Analyst Staff - SW Eng Compute Analytics Lead at Qualcomm
Allows for transparency into IT metrics for insightful business analytics
Pros and Cons
- "It allows for transparency into IT metrics for insightful business analytics."
- "It has the ability to correlate data, analyze and review it."
- "Free-floating panels in the dashboards are like a glass table."
- "It needs more formatting control without having to be an admin."
What is our primary use case?
IT service analytics:
- Server machine data
- Monitoring data
- Alerting data
- ITSI KPIs
- Real-time reporting
- Month-over-month reporting.
How has it helped my organization?
It allows for transparency into IT metrics for insightful business analytics.
What is most valuable?
It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver.
What needs improvement?
- Free-floating panels in the dashboards are like a glass table.
- It needs more formatting control without having to be an admin.
For how long have I used the solution?
Three to five years.
Which solution did I use previously and why did I switch?
Previously, only the service owner could see the data and he might have gone to several places to obtain it. Now, it is all in one place and easy to access.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Sr. Production Support Analyst at Electric Reliability Council of Texas
Quickly searches logs, performance data, and other inputs to assist with troubleshooting
Pros and Cons
- "The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
What is our primary use case?
Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.
How has it helped my organization?
The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting. The visualizations are easy and well received by business and management users.
What is most valuable?
For how long have I used the solution?
Three to five years.
How is customer service and technical support?
The user community is extremely beneficial, particularly with Splunk Answers and the Slack User Groups.
What's my experience with pricing, setup cost, and licensing?
The licensing model can be expensive, but the value it provides is significant.
What other advice do I have?
The recent acquisition of Phantom makes the future seem bright with more automated responses.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Business Intelligence Engineer at SONIFI Solutions, Inc.
Allows us to dig into raw events
Pros and Cons
- "Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
- "Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
- "The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
What is our primary use case?
Primary use is business intelligence.
How has it helped my organization?
Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events.
What is most valuable?
Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business.
What needs improvement?
The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more.
For how long have I used the solution?
More than five years.
What do I think about the scalability of the solution?
We ingest roughly 30GB/day. We have a small environment, but it provides big insights.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Director of IT at BLUE LAKE RANCHERIA
Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed
Pros and Cons
- "Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."
- "Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
- "The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
What is our primary use case?
We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top.
How has it helped my organization?
Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations. This has not only
increased our speed of response, but our efficiency dealing with the issue(s)
raised.
What is most valuable?
Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed.
What needs improvement?
The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement.
For how long have I used the solution?
One to three years.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Information Security Engineer/Architect at The Church of Jesus Christ of Latter-day Saints
Helped us consolidate all our solutions into an easy tool to use for various employees
Pros and Cons
- "It helped us consolidate all our solutions into an easy tool to use for various employees."
- "More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
What is our primary use case?
We use Splunk for operations, application monitoring, and security. We are both cloud and on-premise based, so it has been very versatile for us.
How has it helped my organization?
It helped us consolidate all our solutions into an easy tool to use for various employees.
What is most valuable?
- Unstructured data
- Linking things together
- Building out stuff which is actionable.
Once you learn SPL and what data you need to obtain and merge together, it is really useful.
What needs improvement?
More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it.
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
No stability issues.
What do I think about the scalability of the solution?
No scalability issues.
Which solution did I use previously and why did I switch?
While we did not have a previous solution, we took what little of Splunk that we have been using and have increased it greatly.
What was our ROI?
We are a nonprofit, so it is hard to quantify.
What's my experience with pricing, setup cost, and licensing?
Be upfront about your needs and expectations. Splunk is one of the top SIEM solutions to work with.
Which other solutions did I evaluate?
No.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Product Categories
Security Information and Event Management (SIEM) Log Management IT Operations AnalyticsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
IBM Security QRadar
Elastic Security
Splunk AppDynamics
Elastic Observability
Grafana Loki
Security Onion
Palantir Foundry
Cortex XSIAM
Buyer's Guide
Download our free Splunk Enterprise Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, IBM QRadar or Splunk?
- What are some of the best features and use-cases of Splunk?
- What SOC product do you recommend?
- Splunk as an Enterprise Class monitoring solution -- thoughts?
- What is the biggest difference between Dynatrace and Splunk?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What are the advantages of ELK over Splunk?
- How does Splunk compare with Azure Monitor?
- New risk scoring framework in the Splunk App for Enterprise Security -- thoughts?
- Splunk vs. Elastic Stack