Splunk Enterprise Security Reviews

The analytics and querying the indices is super easy.

The data representation options in the dashboards are excellent.

Multiple datasource/filetypes are supported and each can be customized in a few clicks.

Security administration and user access control is pretty basic. This can be improved.

The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.

If this is improved, with a mapping against LDAP roles, it would be excellent.

We had no stability issues.

We had no scalability issues.

Technical support and the online community are some of the best for any product.

We did not have a previous solution.

The setup was quite easy and there is lot of technical documentation for handholding you through the process.

Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market.

We looked at IBM SmartCloud Analytics and Log Analytics.

Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)

• Flexibility when creating dashboards
• Automated cron searches
• Real-time and scheduled searches with alternate functionalities
• User-base integration with LDAP

It alerted many situations before other monitoring systems identified that there is a critical issue.

VMware and security device integration looks a bit complex.

I have used Splunk for almost three years.

As of now, we have had no issues with stability. It is running like a charm.

From a nodes perspective, there have been no scalability issues.

I can say that support is good.

We never used other solutions.

We used the Splunk Cluster setup. It was a bit complex to set up, but management-wise and stability-wise, it was awesome.

License costs fall under the NDA, but Splunk license costs are public, I believe.

We evaluated Logstash and others, but Splunk plays a pivotal role.

I would strongly recommend this product, as it would be very beneficial for service operations and management.

They provide excellent predefined user cases.

This helps us in the footprinting of all the incidents.

When we deep dive into the events for the triggers, we have very little information in some instances.

I have used Splunk for two years.

We raised support cases.

Scalability is always a question for this product.

Response from technical support can be improved. There was always a delay and we had to chase them.

We didn’t have a previous solution.

I was not present during the initial setup.

Pricing and licensing are always high compared to other products in the market. Storage is very expensive as well.

It is a good product, but expensive.

• Collects data from any source
• Powerful search, analysis, and visualization
• Easy to build system on any platform
• API and easily integrated search
• Action script

We have over 7000 devices in our network infrastructure for monitoring, maintenance, and performance assessment.

We achieve this by collecting data and applying the analysis.

I have used this solution for one year.

We did not encounter any issues with scalability. Everything is normal with no bugs.

It’s easy to obtain support from Splunk for technical issues. We also have enough knowledge ourselves to apply fixes.

We used to deploy Elastic Stack. The search language of Splunk is easier and friendlier than Elastic Stack. It has helped me to search quickly and easily. Based on the results, it’s easy to visualize and add results to a previously built, personal dashboard.

Licensing is free. Pricing is based on usage.

We evaluated Elastic Stack and Sumo Logic.

If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.

It has been helping a lot of my clients with fast data mining and information propagation.

The GUI should be improved, in other words, the overall appearance.

I am not the end-user. However, my job was more relevant as a consultant.

Performance upgrades are needed when more processing power is required.

We have not had scalability issues.

Technical support is good.

The client was using an open source solution. They decided to switch to an enterprise product.

The setup can be straightforward, if use cases are well defined.

Overall, it the cost is reasonable and it is easy to upgrade.

Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.

Start off with something at a comfortable level, expand gradually, and then move upwards, expanding steadily.

• Can ingest data from various data sources.
• Is very useful for organizations who are attempting to meet compliance requirements.
• Is able to fully configure and integrate various solutions into one tool and provide actionable results.

My use of Splunk at my previous place of employment improved how we functioned.

I have used Splunk for three years.

We didn’t have any stability issues.

We didn’t have any scalability issues.

During our use of Splunk, we had professional services assisting and not actual technical support. However, the professional services team was great.

Our organization did not have an established SIEM tool.

The initial setup is straightforward, depending on the level of implementation of the tool.

Take into consideration the labor costs for a dedicated Splunk developer who can craft the required queries needed for each organization. Organizations usually have their own form of implementation of each tool.

We didn’t evaluate any alternatives.

We are using it for operational intelligence. We are using Splunk as a data lake for machine data. We gather all our machine data from the IT infrastructure and monitor its health.

Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.

Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data.

Visualizations can improve. There are some performance and stability issues with the visualization layer.

There were stability issues, but only with the visualization layer.

There were no scalability issues.

The technical support is quite good.

Previously, we worked with different vendors and solutions.

The setup was very straightforward.

The price is pretty high for our region.

We did a SIEM solutions review with this and other systems for one of our customers.

This is the right choice if you are looking for a platform that can combine all machine-generated data and use it for various use cases from different domains.

What Splunk calls operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.

MES is a complex and very critical distributed system here. Production WIP is directly connected to it and ICT is required to provide a continuous availability and very stable performance (line production has a costant speed, software cannot slowdown). Collect operational data from hardware, middleware and application software can potentially improve ICT proactive and reactive tasks.

I've ever used it, just studied it.

We also use a traditional monitor, and Microsoft SCOM.

Every stop or slowdown of the production line means lost of money, e.g. 30% reduction when compared to the current baseline.

Every stop or slowdown of the production line means lost of money, e.g. 30% of reduction compare to the current baseline.

IBM QRadar