Name: Splunk Enterprise Security
Brand: Splunk
Rating: 4.2 (387 reviews)

Head of Service Integrity with 1,001-5,000 employees

Jun 5, 2014

It can probably do anything if you tweak it enough but it's not cheap.

Splunk is really good at log parsing events over time. It is quick to drill in and analyze and it is quick to build a presentation layer and automate reporting. I love it for problem analysis and event management however it is not a capacity management tool.

It can be a cm tool but not a good tool for projections etc. There are many tools that claim to be cm tools but they are usually expensive and miss the basic day to day challenges of capacity management. Eg: excluding backups from day peaks, removing outliers, forward trending, accepting data from any source. Start by getting your key data extracted from reliable sources and other tools.

The charting and presentation layer is impressive and quick. It can probably do anything if you tweak it enough. I would call it a very handy tool but probably not the tool. It is not that cheap either. I have used it personally to analyze big data as well as creating knowledge from some ordinary logging. I then created some pretty cool dashboards but they were more operational dashboards.

I don't think we could afford it as a capacity tool but we can use the data it simplified.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

reviewer1591122

Technical Architect, Cloud Operations at a computer software company with 5,001-10,000 employees

Jun 6, 2021

Download

Stable, good integrations, and works well

Pros and Cons

"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"It has quite extensive support in terms of integration, and if you want to do anything, there are tools for that."

"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"Its reporting can be improved."

What is most valuable?

I am just a user, and from a user's perspective, it does the job.

It has quite extensive support in terms of integration. If you want to do anything, there are tools for that.

What needs improvement?

Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it.

In terms of new features, I got everything that I needed from the tool. If they want to expand the capabilities to different things, they can cover topics besides log aggregation, etc.

For how long have I used the solution?

I have been using this solution for two years. I am not using it on a daily basis.

What do I think about the stability of the solution?

It is stable. We don't seem to have any problems related to bugs. We are very happy with it.

What about the implementation team?

We have our own internal team for its maintenance.

What other advice do I have?

I would recommend this solution. If you are a technical person, it does what you need. If you are not a technical person and you require graphs, that's a different story.

I would rate Splunk a ten out of ten because I have no problems with it.

Which deployment model are you using for this solution?

On-premises

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide

Splunk Enterprise Security

April 2026

Free Report: Splunk Enterprise Security Reviews and More

Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.

DOWNLOAD NOW

893,311 professionals have used our research since 2012.

reviewer1584621

Cyber Security Consultant at a computer software company with 11-50 employees

May 26, 2021

Download

Customizable and has average installation difficulty

Pros and Cons

"I have found the installation can be of medium difficulty to very complex depending on the use case."
"When using this solution for Security Information Management (SIM), I highly recommend importing data sources from the whole cycle for the service security chain."

"There is improvement needed when importing from some types of data sources."
"There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should."

What needs improvement?

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

For how long have I used the solution?

I have been using this solution for approximately three years.

Which solution did I use previously and why did I switch?

I have previously used Curator and it was much easier to use than this solution.

How was the initial setup?

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

What other advice do I have?

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data.

I rate Splunk an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.