Splunk Enterprise Security Reviews and Pricing

CEO with 51-200 employees

Jul 29, 2014

Pros and Cons of Splunk, Sumo Logic, LogStash and Others

Splunk, Sumo Logic, LogStash, GrayLog, Loggly, PaperTrails – did I miss someone? I’m pretty sure I did. Logs are like fossil fuels – we’ve been wanting to get rid of them for the past 20 years, but we’re not quite there yet. Well, if that’s the case I want a BMW!

To deal with the growth of log data a host of log management & analysis tools have been built over the last few years to help developers and operations make sense of the growing data. I thought it’d be interesting to look at our options and what are each tools’ selling point, from a developer’s standpoint.

Splunk

As the biggest tool in this space, I decided to put Splunk in a category of its own. That’s not to say it’s the best tool for what you need, but more to give credit to a product who essentially created a new category.

Pros

Splunk is probably the most feature rich solution in the space. It’s got hundreds of apps (I counted 537) to make sense of almost every format of log data, from security to business analytics to infrastructure monitoring. Splunk’s search and charting tools are feature rich to the point that there’s probably no set of data you can’t get to through its UI or APIs.

Cons

Splunk has two major cons. The first, that is more subjective, is that it’s an on-premise solution which means that setup costs in terms of money and complexity are high. To deploy in a high-scale environment you will need to install and configure a dedicated cluster. As a developer, it’s usually something you can’t or don’t want to do as your first choice.

Splunk’s second con is that it’s expensive. To support a real-world application you’re looking at tens of thousands of dollars, which most likely means you’ll need sign offs from high-ups in your organization, and the process is going to be slow. If you’ve got a new app and you want something fast that you can quickly spin up and ramp as things progress – keep reading.

Read the rest of this post here.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user159375Principal Program Manager at a consumer goods company with 1,001-5,000 employees

Report as inappropriate

Nov 6, 2016

I don't want to oversimplify things but I am a 0 and 1 guy. Either you Splunk or you don't Splunk. Yes, Splunk has it's cost. Then again, if you try to go with a cheaper solution, OpenSource solution, or totally home grown, I can almost guarantee that the true cost will be much higher than Splunk. Think of it as meeting half-way. Splunk does half the work, and you need to do the other half, including the committing finances. A good trick is to leverage the free version or trial version for real-life solutions. Once you provide a solution to someone that they can't live without, then you got them hooked. Create a hunger first, then you got them hooked in (the people who will approve the cost).

See all 3 comments

it_user138168

Senior Software Engineer at a retailer with 10,001+ employees

Jul 16, 2014

Support can retrieve salient logging data from massive distributed systems in seconds but deployment is not easy.

I've been using Splunk for over 3 years now. The most valuable feature for me is alerting. Using Splunk, production support teams can retrieve salient logging data from massive distributed systems in seconds.

I'd say that some the key/value pair parsing can be a little off and has room for improvement. The deployment is not easy and I've only encountered issues with stability and scalability when on under-provisioned equipment. The initial setup was complex - need to identify source types in advance, and a large deployment with multiple indexers can be tricky. We initially implemented in-house, and then through Splunk themselves to upgrade and improve.

Before implementing Splunk we used an in-house system, but Splunk offered far more to us. Also, their customer service is good and their technical supper is excellent. Our ROI was big!

I'd advise others who are looking into implementing Splunk to get a true Splunk expert - either spunk themselves or a vendor, to do the installation.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide

Splunk Enterprise Security

June 2025

Free Report: Splunk Enterprise Security Reviews and More

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.

DOWNLOAD NOW

860,632 professionals have used our research since 2012.

it_user129642

Systems Administrator at a energy/utilities company with 10,001+ employees

Jun 17, 2014

Download

Splunk vs LogLogic: Splunk stands out for its ability to consume almost any log type and it's ease of searching

Valuable Features:

Splunk – ease of searching large amounts of data.

Improvements to My Organization:

Splunk – real time alerts on critical indicators, compliance reports, troubleshooting and predictive abilities using trends.

Use of Solution:

Splunk – 3 years

Deployment Issues:

Splunk – Had one issue requiring a support call regarding the configuration of the automated configuration deployment package. Quickly resolved.

Stability Issues:

Splunk – None.

Scalability Issues:

Splunk – Not needed yet.

Customer Service:

Splunk – Splunk has a very knowledgeable support staff and the Splunk support website is outstanding. The message boards are very active and often using them will often prevent having to call support.

Initial Setup:

Splunk – Easy, but can get very complex depending on the type of logs to ingest. While Splunk, out of the box, handles most common types. The extraction of data from custom logs can be problematic. Although Splunk does provide tools for accomplishing this.

Other Advice:

Both Splunk and LogLogic excel at their intended purpose. If you are looking for an appliance that you can stick in the rack, minimally configure and then forget about, you will like the LogLogic solution. If you need to regularly search different logs for different data you will like Splunk better.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user126639

Sr. Security Engineer at a university with 1,001-5,000 employees

Jun 10, 2014

In additon to search and analytic capabilities, Splunk has under-the-cover capabilities for timestamp data.

Splunk is a pretty powerful piece of software. There is the obvious search and analytic capabilities it has but there is some robustness under the covers as well. One of those under-the-cover capabilities is detecting and understanding timestamp data. Its the sort of thing that as users of the software we simply accept and generally speaking don't spend a whole lot of time thinking about.

From an admin perspective as you start to put some effort into understanding your deployment and making sure things are working correctly one of the items to look at is the DateParserVerbose logs. Why you ask? I've recently had to deal with some timstamp issues. These internal logs generally document problems related to timestamp extraction and can tell you if, for example, there are logs being dropped for a variety of timestamp related reasons.

Dropped events are certainly worthy of some of your time! What about logs that aren't being dropped but for one reason or another Splunk is assigning a timestamp that isn't correct?

Continue reading this post on my blog here.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user126636

Senior Manager of Network with 1,001-5,000 employees

Jun 10, 2014

Splunk is great for Syslog capabilites. For normal device management, you can't go wrong with SolarWinds.

I'd go with Splunk for logging. For Syslog capabilities, Splunk wins outright from my experience. It's quick, very customizable, and there are many different modules some specific for vendors and devices. (Cisco Security Suite for one).

If you are really into SolarWinds and want to use them for Syslog then I would go with Kiwi. SolarWinds NPM has a syslog collector but under heavy load (a few hundred devices) it will get bogged down real quick in my experience.

If you are looking for normal device management then NPM, NCM, NTA are the way to go. You can't go wrong with SolarWinds.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user167895Project Manager and consultant enterprise IT tooling at a consultancy with 51-200 employees

Report as inappropriate

Jun 10, 2018

Kiwi syslog for SolarWinds must be seen as a patch for SolarWinds Orion NPM. SolarWinds will release a LOG management module for the Orion NPM platform but this product is in an early state of log collecting, searching and filtering. Splunk can be a good tactical solution to filter out and forward important events to SolarWinds Orion NPM

See all 2 comments

it_user121728

Head of Service Integrity with 1,001-5,000 employees

Jun 5, 2014

It can probably do anything if you tweak it enough but it's not cheap.

Splunk is really good at log parsing events over time. It is quick to drill in and analyze and it is quick to build a presentation layer and automate reporting. I love it for problem analysis and event management however it is not a capacity management tool.

It can be a cm tool but not a good tool for projections etc. There are many tools that claim to be cm tools but they are usually expensive and miss the basic day to day challenges of capacity management. Eg: excluding backups from day peaks, removing outliers, forward trending, accepting data from any source. Start by getting your key data extracted from reliable sources and other tools.

The charting and presentation layer is impressive and quick. It can probably do anything if you tweak it enough. I would call it a very handy tool but probably not the tool. It is not that cheap either. I have used it personally to analyze big data as well as creating knowledge from some ordinary logging. I then created some pretty cool dashboards but they were more operational dashboards.

I don't think we could afford it as a capacity tool but we can use the data it simplified.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

reviewer1086690

Enterprise Client Executive at a tech services company with 11-50 employees

Jan 9, 2022

Download

Good user community, good support, and very powerful

Pros and Cons

"The Splunk user community and forum are most valuable."

"Its interface could be improved."

What is our primary use case?

We use it for security operations and management.

What is most valuable?

The Splunk user community and forum are most valuable.

What needs improvement?

Its interface could be improved.

For how long have I used the solution?

We have been a reseller for three years.

What do I think about the stability of the solution?

It is stable. It is very powerful.

How are customer service and support?

Their support is good.

How was the initial setup?

Its initial setup is complex. You're going to need deployment services from somebody who is an expert in the product. You would need at least two users.

What other advice do I have?

It is hard to integrate because it can do so many things. A lot of people think it is a set-it-and-forget-it solution, but it is a full-time job for somebody. I would advise others to plan and prepare for ongoing management. It requires a dedicated person for management.

Compared to other SIEMs, it is a 10 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer.