Splunk Enterprise Security Reviews

As a threat detection engineer, my main use case for Splunk Enterprise Security is to create content to find anomalous activity in our environment. Splunk Enterprise Security, via the content management interface, allows us to create correlation searches, take advantage of summary indexes where we can correlate multiple findings per host, per user, whatever anchor point you want to use, and get those alerts to our analysts in a timely manner, where they can be triaged based on alert severity and criticality.

The notable feature of Splunk Enterprise Security, which in version 8 is going to be called "findings," is the ability to send notables, and all the actions that can be chained with the notable when you actually have a hit or a finding.

The ability to quickly automate detections based on alerts or intelligence that we operationalize in the environment benefits my company, as we get that alert sent to the appropriate parties and put in front of the analysts quickly, allowing for triage and the ability to group the alerts together instead of just always looking at a single finding.

Splunk Enterprise Security can be improved by addressing the content management interface, which is very outdated, slow, and clunky; sometimes we think things are saved and they haven't. Being able to edit saved content and saved searches in batch, such as when you have a log source and a field changes, is a pain point right now since you have to go in and basically update all of them unless you do some kind of Eval on the ingestion side; that's probably the biggest pain point with it right now.

I would assess the stability and reliability of Splunk Enterprise Security as very reliable and very stable.

Splunk Enterprise Security scales very well with the growing needs of our company, although there are definitely some things that are behind the times, such as some of the limitations out of the box on KV Stores, lookups, and some of the commands, the MV line of commands and some of the limitations there. Hopefully, with the advent of all the cool AI and ML capabilities coming down in the 8 series, many of those limitations will be eliminated.

Regarding customer service and technical support, I don't generally submit support tickets, however, I have on a few occasions. It's usually our Splunk engineering team.

We have bimonthly meetings with our account representatives, and we have some sort of on-call technical staff that are assigned to our company and our contract, and they've all been excellent; wonderful people to work with.

Positive

Prior to adopting Splunk Enterprise Security, I used another solution that does similar things, and over the course of my career, I've used a couple of different solutions, peer solutions with Splunk, but Splunk Enterprise Security is the best.

It really comes down to the versatility and how powerful it is; I have never worked with another platform where I can do as much for as many teams, not even just security, which is my primary focus, and the value that you can get out of it, I've never seen a platform that versatile.

From my point of view, the biggest return on investment when using Splunk Enterprise Security is keeping our company safe.

The advice I would give to other companies that are considering Splunk Enterprise Security is that if you've never used Splunk, it can be a little daunting at first, learning a new language, Splunk SPL. That said, it's worth it.

The cycle time that's going to be taken in training and upskilling, once your staff is familiar with that, and you don't even have to do a lot of training, just a couple of the basic classes from Splunk University to get proficient, it's going to open a lot of doors.

On a scale of one out of ten, I rate Splunk Enterprise Security a nine out of ten.

I have created various correlation searches to develop use cases for detecting security threats. For example, I have created use cases to identify brute force attacks, unauthorized access, denial of service attacks, and distributed denial of service attacks. To date, I have developed a total of 190 use cases for our environment using Splunk Enterprise Security.

The end-to-end visibility provided by Splunk Enterprise Security is crucial. Its user-friendly interface makes it easy to navigate and configure. The intuitive options allow for simple customization, enabling users to easily select and configure settings. This feature, combined with the excellent support from the Splunk team, makes it a valuable tool for addressing enterprise security issues and creating or modifying use cases.

Splunk's website provides a variety of simple commands for identifying security events. These commands and pre-built security fields make it easy to detect real-time attacks, monitor environments, and identify security threats. Splunk offers a more straightforward and efficient approach than other monitoring tools.

Splunk automatically ingests and normalizes data, eliminating the need for human intervention. When data is ingested, it is automatically converted into index-friendly formats within most source pipes.

The MITRE ATT&CK framework is a valuable tool for security teams, and its integration with Splunk Enterprise Security offers significant benefits. By mapping specific MITRE ATT&CK tactics to Splunk use cases, analysts can quickly identify the root cause of security incidents and access relevant information for remediation. For example, if a brute force attack occurs, an analyst reviewing the incident can quickly determine the corresponding MITRE ATT&CK tactic and access detailed information about the attack, including potential solutions, mitigation strategies, and potential future actions. This seamless integration between MITRE ATT&CK and Splunk empowers security teams to respond to threats more effectively and efficiently.

Splunk has significantly enhanced my business resilience and problem-solving capabilities. Due to the urgency of different issues, there are four types of Splunk support cases: P1, P2, P3, and P4. P1 cases are incredibly critical and require immediate attention. If a business-critical issue arises, I can open a P1 case, and the Splunk support team will respond within 15 minutes. This rapid response has enabled me to resolve critical issues promptly. For P2 cases, the support team typically connects within two to three hours. P3 cases receive a response within 24 hours. Overall, the Splunk support team consistently resolves issues efficiently.

After deploying the use case, we immediately observed the benefits of Splunk Enterprise Security. We can instantly monitor enterprise security use cases in our environment without delay. However, as a precautionary measure, we deploy use cases and monitor them for seven days. If the use case does not generate excessive noise within this period, we deploy it to the final environment. Otherwise, we refrain from deployment. Splunk's capability allows us to deploy use cases within seconds.

Splunk helps me consolidate all the data, such as networking and cyber security data. If there are other types, such as behaviour analysis, we can perform them with the help of Splunk. But I'm mainly in the cyber security field, so I am more concerned with Splunk for cyber security data only. For example, in my PhD, I created my thesis based on medical performance monitoring. I monitor the performance health condition of one million people with the help of Splunk. So, this is not a cybersecurity use case I'm creating there. I monitor the health condition with the help of a Splunk Enterprise. If a health condition is significant, the alert immediately goes to the doctor, physician, and their relative.

My alert volume has decreased significantly. Splunk is a machine that generates alerts based on specific use cases or service queries. Before implementing a new use case or alert, we must analyze how many alerts it will trigger. If it generates fewer than one alert per day, it's acceptable. However, I will only deploy it if it generates one daily alert. This approach allows me to reduce the alert volume effectively using Splunk Enterprise Security.

Splunk streamlined my security investigations by consolidating logs into a single repository. The Splunk community provided invaluable assistance, enabling me to quickly find answers to my security-related questions and address concerns promptly. By leveraging the collective knowledge of the global community, I expedited my security processes and enhanced overall security measures.

Splunk reduces the mean time to resolve because it enables L1 SOC analysts to view relevant data in the power role field directly. For example, when a brute force attack alert triggers, analysts can easily see the source IP, time of the alert, user, destination IP, and other critical fields. This immediate access to information allows for swift preventive measures, countermeasures, and efficient resolution of cybersecurity issues. Splunk's clear and intuitive interface empowers even junior analysts with only one year of experience to effectively apply their knowledge and address security challenges.

The two features I like most in Splunk Enterprise Security are the content management system and the inter-incident review dashboard. The incident review dashboard allows us to directly view significant events triggered by the use cases I've configured within the content management system.

I suggest that Splunk provide the same resources on its platform, as on other websites through Google. For instance, they could offer pre-built search queries for everyday use cases like brute force attacks, DDoS attacks, and other security threats. These queries would be generated based on my specific data, saving me the time and effort of creating them manually. This would be incredibly beneficial and align with the AI capabilities already present in Splunk Enterprise Security.

I have been using Splunk Enterprise Security for eight years.

In the eight years I have used Splunk Enterprise Security, I have experienced no stability issues. There has been no downtime or crashing. The only problems I have encountered were temporary interruptions in some features, lasting approximately 15 minutes.

Splunk Enterprise Security is highly scalable. For example, I currently have one terabyte of data to deploy, and tomorrow, I need to deploy ten terabytes. In that case, the system can easily accommodate the increased load without compromising performance. It is extremely fast and efficient, ensuring no issues even as the input data volume grows. The system adjusts quickly to meet the demands of expanding data requirements.

I have contacted Splunk technical support three times in the past fifteen days due to various issues encountered while using Splunk. Each time I reached out, they responded promptly and assisted me in resolving the problems.

Positive

I have used several alternatives to Splunk, such as AppDynamics, Dynatrace, and Oracle Enterprise Manager. However, I have found Splunk Enterprise and Splunk Enterprise Security the most effective tools for my needs. These platforms are easy to use, allowing for flexible parameter customization and dynamic adjustments to meet specific requirements.

The initial deployment of Splunk Enterprise Security was straightforward due to my prior experience learning and using various tools. I found it to be significantly easier to implement than similar software.

I set up my lab independently, being new to the environment at the time and eager to learn. I visited the Splunk website and discovered the free courses they offer. Using these courses, I successfully configured my lab. Splunk provides valuable assistance for setting up personal labs and offers a 60-day trial version. This version allows for direct log setup and hands-on practice of Splunk skills without cost.

Splunk Enterprise Security's pricing is competitive. For instance, the cost typically increases proportionally with the daily license volume. For example, purchasing a 100 GB license per day is less expensive than buying one GB per day. A discount is offered for larger volume purchases.

I would rate Splunk Enterprise Security eight out of ten.

My main use cases for Splunk Enterprise Security include finding out excessive login failures, any compromised accounts, any compromised emails using phishing tactics with Proofpoint, network anomalies, User Behavior Analysis, and detecting rogue assets.

I appreciate the Identity and Assets framework the most, as well as the threat analysis framework. Those are my two favorites in Splunk Enterprise Security, along with correlation searches and the entire incident response workflow.

The Risk-Based Alerting in Splunk Enterprise Security is a great addition to our team, as it correlates data from different sources and adds scores to users or systems, allowing us to make decisions based on risk scores assigned to assets or identities.

Splunk Enterprise Security dashboards communicate our security posture and risk score to executives, including major contributing risk factors, key performance indicators (KPIs), and key risk indicators, which help us make informed decisions about future focus areas.

Splunk Enterprise Security helps our team save time by performing correlation searches automatically, eliminating the need for manual searches. We also utilize SOAR for taking automated remediation responses.

To improve Splunk Enterprise Security, I suggest incorporating more AI features for faster remediation and enhanced responses, allowing users to build more correlation searches quickly. Regarding improvements in Enterprise Security, I believe the incorporation of AI would enable Splunk users to spend less time on building correlation searches while still gaining productive ideas.

I have over eight-plus years of experience working in the IT sector, with six-plus years of experience collectively working on security and Splunk-related tasks.

I would assess the stability and reliability of Splunk Enterprise Security at 90%.

The scalability of Splunk Enterprise Security is impressive, as you can scale it to any size and make various types of data readable, although event types and tagging are necessary for optimal performance.

Customer service and technical support for Splunk Enterprise Security are great; they respond quickly and handle our cases efficiently whenever we require assistance.

Positive

I used Splunk Enterprise Security at my previous company yet have not used any different products since then, although I have some knowledge about platforms such as Elastic Search and QRadar.

The challenges with deployment are the fine-tuning and some of the correlations, such as where the data is not normalized. And that's why the CIM module has been great so far.

The biggest return on investment with Splunk Enterprise Security lies in the time and effort it saves due to its built-in features, datasets, and pre-built dashboards, providing us with visibility across different data sources.

My advice for other companies considering Splunk Enterprise Security is that if they're looking to enhance their security visibility or establish a security operation center, this tool is an excellent starting point, and they can scale and automate processes using SOAR effectively.

On a scale of one to ten, I rate this solution an eight.

My main use case for Splunk Enterprise Security is incident response.

The feature I appreciate the most in Splunk Enterprise Security is the case management, although I have more critiques for the case management than favorite features. Having case management in Splunk Enterprise Security is something I appreciate since we needed a way to centrally manage all of our incidents. 

Having case management in Splunk Enterprise Security has really benefited our organization.

To improve Splunk Enterprise Security, I would suggest allowing third-party SOAR solutions to work with it. The most significant challenges I face when using Splunk Enterprise Security for advanced threat detection include the user interface, which isn't terribly intuitive, and it has been a process to get people to adopt it and use it as much as they should.

The user interface feels clunky to navigate and interact with in Splunk Enterprise Security compared to other case management solutions where it feels easier to use at a high level. In Splunk Enterprise Security, the way you click through everything, attach stuff, and interact with other analysts feels cumbersome, with a lot of digging required to get into things; not everything is just one click away—things are usually three clicks away. 

The process of extending the usage of Splunk Enterprise Security is still bumpy; the user experience is really the challenge there, as many of our analysts complain about its difficulty for day-to-day use.

I have been using Splunk Enterprise Security for about three years.

I have not experienced any downtime, crashes, or performance issues with Splunk Enterprise Security. Although we occasionally receive emails from Splunk about performance issues, they are typically resolved quickly, and the system appears to be running smoothly.

Splunk Enterprise Security scales effectively with the growing needs of my organization and there are no issues.

I evaluate customer service and technical support as great; our support team is fantastic, and we have regular cadence with our support teams and our representatives.

Positive

Before adopting Splunk Enterprise Security, we were using several different SIM products to address similar needs, but I disliked them all; none of them really worked and they all crumbled under the ingest load. 

One product required us to completely sever logs since it couldn't compute; it was pretty bad. Splunk Enterprise Security is probably one of the first products that actually could handle all the ingest and do all the correlation without crumbling under its own weight.

I would describe my experience with deploying Splunk Enterprise Security as easy, mainly because we use the cloud version; since it's Splunk Cloud, we didn't have to do much to deploy it, and we don't do a deployment in the cloud—it's managed.

I have a team that customizes, develops, tests, deploys, and refines detections in Splunk Enterprise Security; I don't do that personally, so I cannot talk extensively to that process, however, we go through a process to do that and I haven't heard many complaints about it.

I have seen a return on investment with Splunk Enterprise Security. Incident response, along with triaging and increased efficiency, has been a notable example of return on investment.

It would always be great if Splunk Enterprise Security was cheaper; we definitely hit limits frequently with our ingest. I'm planning to explore the SVC model soon to see what that looks like. We're able to get what we need with what we have and can afford, so I'm satisfied.

We do not purchase this product on AWS Marketplace; instead, we get it directly from Splunk, or we go through a VAR.

My advice to other organizations considering Splunk Enterprise Security is to make sure you understand all the functionality of it, not just what they show you, but also the integration points; understand the automation side of it and get a good holistic understanding before making a decision. 

On a scale of one to ten, I rate this solution a seven out of ten.

Our purpose for using Splunk Enterprise Security is SIEM.

Machine learning has been incredibly beneficial in our efforts to detect various threats. For example, we pull all security logs and utilize the MLTK framework, which helps us identify potential risks effectively. So, overall, it's been quite helpful.

We use the risk-based alerting feature. For instance, when it detects a failed login attempt, it assigns a risk score to it. This allows us to utilize the risk-based alerting features effectively to prioritize incidents based on their severity.

Risk-based alerting generates notifications based on the level of risk associated with a transaction. This approach effectively assists in monitoring transactions, such as payments. It allows us to track the progress of a transaction, from initiation to completion, and identify any errors that may occur during the process. If there are numerous errors, we can assess the risk and determine whether the transaction might be a false positive.

Splunk Enterprise Security has been very helpful in this regard. However, I've noticed that improvement is still needed. We need to analyze the data more thoroughly. While this can be quite complex, finding a simpler solution would be beneficial.

The best features of Splunk Enterprise Security are the correlation rules and automation over the correlation rules. We can trigger alerts and notifications. The alerting and notification mechanism is really powerful and good. 

It needs more AI integration. The threat intelligence framework requires some AI functionality, which would be helpful.

We have been using Splunk Enterprise Security for a couple of years, and I have been on the ES team for the last year. I have also used it in my previous company.

The stability of Splunk Enterprise Security rates at eight out of ten.

It is scalable. We can only increase the environment. For instance, with an ES server, we cannot make a cluster of ES. If you have two servers and want to make a cluster of these two servers for ES, that is not possible. There is only one server, and if you want to increase scalability, you must increase the RAM and memory for that same server. The scalability is an eight out of ten.

We simply request Splunk support to increase our storage or make other adjustments as needed. We don't have access to AWS; all of that is managed by Splunk. We just need to reach out to them and say, "Please increase our storage by one terabyte," and they can handle that for us.

Technical support for Splunk Enterprise Security is very good. We have daily calls. They are very helpful, rating at nine out of ten.

Positive

We tried LogScale in the past, but it has very limited functionalities and not a proper UI. It offers approximately 10% of Splunk Enterprise Security's capabilities. We haven't found any solution comparable to Splunk Enterprise Security.

We utilize a combination of both cloud and on-premises setup. Specifically, we use Splunk Cloud for search indexes and other things. On the on-premises side, we have our heavy forwarders, standard forwarders, and user-defined forwarders. So, we effectively integrate both approaches.

The deployment for Splunk Cloud is very easy. They have predefined templates and setups on the AWS end. They utilize many AWS features. If you terminate any indexer, it will spawn up again. This type of automation exists with Splunk Cloud, making it really efficient.

It doesn't require any maintenance, but when we are doing batch upgrades, we need downtime, which is acceptable. It's four to five hours of downtime.

Currently we have a team of seven people for Splunk Enterprise Security, with additional staff using Splunk Cloud and related services.

Splunk Enterprise Security helps to save a lot of time, which is our main purpose. Whenever something is wrong in our environment, we immediately get an alert. It saves time and costs. Compared to traditional methods, Splunk Enterprise Security saves approximately 40% to 50% of time.

For small customers, Splunk Enterprise Security is quite expensive. For my team with a substantial budget, the cost is acceptable.

I would definitely recommend Splunk Enterprise Security because if you are really concerned about security and want to follow compliance rules, this product is really helpful.

Splunk Enterprise Security helps save significant time and money, which most customers are looking for. It is easy to configure and manage. If you have certification or basic knowledge of Splunk Enterprise Security, it provides excellent job opportunities. The solution provides numerous helpful dashboards where you can directly check threats and other metrics. 

Overall, I would rate it an eight out of ten.

My main use cases for Splunk Enterprise Security are detections and incident response.

An example of how these features have benefited my organization is that risk-based alerting has transformed our ability to reduce the number of detections that we have, streamline our observability into risks and threats in our environment, and really focus our analysts on actual real problems, helping to remove the noise and false positives to a large degree. It frees us up to do actual work.

The features of Splunk Enterprise Security that I prefer the most are risk-based alerting, the new Mission Control, and the integrations that are coming into place between Mission Control and Splunk SOAR.

Splunk Enterprise Security could be improved by having better role-based access controls. We need to be able to better control who can do what, which people can be allowed to take certain actions, run certain playbooks, or view specific items, and separate things between teams.

I have been using Splunk Enterprise Security for about 8 years.

I evaluate customer service and technical support as fantastic. Technical support is some of the best that I've worked with.

I work with a lot of different vendors, and Splunk support is very responsive and capable. They have very knowledgeable people who can deep dive into the details and understand the inner workings of the platform without having to engage developers or back-end people all the time; they can just deal with it because they know what they're doing.

Positive

I have also used Google Chronicle and the Google SecOps platform. The factors that led me to consider a change included the lack of maturity in the other product and the maturity of Splunk. Google SecOps doesn't have anywhere near the capabilities of the Splunk ecosystem.

The search capabilities in Splunk Enterprise Security, and Splunk in general, are far superior to the search capabilities in Google's products. Their automation platform was extraordinarily immature. It doesn't have many of the basic capabilities that you would expect in an enterprise-class platform, and Splunk does have that. The Splunk capabilities were just vastly superior.

I would describe my experience with deploying Splunk Enterprise Security as fairly straightforward.  We have detection engineers who know what they're doing, and so learning the detection platform in Splunk Enterprise Security was quick for them to pick up. Even those who were not familiar with Splunk Enterprise Security to begin with were able to pick that up quickly.

I have seen a return on investment with Splunk Enterprise Security.

I would rate it an eight out of ten.

My main use cases for Splunk Enterprise Security are event correlation and risk-based alerting.

The features I appreciate most about Splunk Enterprise Security are the different domains they have and the intelligence that comes along with each of those dashboards, being that single pane of glass for analysts to go in and look at. Splunk Enterprise Security has helped improve my organization's business resilience.

We use Cribl to pull data in and get it optimized before it hits Splunk Enterprise Security as far as collection. I have not done much customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security yet; we started off with just getting data in, and now we are at the point where we are starting to look at detections.

In Splunk Enterprise Security, I do not use risk-based alerting as much as we should. That goes back to the whole time issue, as we need to teach people what to do with it and how to tune them, and we do not have enough time in the day.

As for improvements to Splunk Enterprise Security, we will see how ES 8.2 looks. It is hard to say. We just found out about a bunch of changes, so it is difficult to make specific recommendations at this point.

The most significant challenges I face when using Splunk Enterprise Security for advanced threat detection include not having enough time to be in it, the resources and people to also be in there, and trying to configure it and teach people how to use it. A lack of resources prevents us from giving it the attention it needs.

I have been using Splunk Enterprise Security for two years.

I would assess the stability and reliability of Splunk Enterprise Security as good, as I have not had any issues with it. I have experienced downtime, crashes, or performance issues with Splunk Enterprise Security only once or twice when we have had to restart our Splunk instance, and it has taken three minutes and come right back, so nothing major.

Splunk Enterprise Security has not hit the point yet where we need to scale; we are still at the initial ingestion phase. We are in the process of expanding usage for Splunk Enterprise Security; we have not actually done it yet, as we are still planning and trying to get other teams involved while meeting their use cases, so we are probably a month away from that.

I would evaluate customer service and technical support for Splunk Enterprise Security as far better than anything else, giving it an eight out of ten, thanks to the response times they meet. When going to our account representatives, if we need something, they are always responsive and we get whatever we need.

Positive

The deployment was easy since we're cloud-based. We didn't really didn't have to do anything.

I have seen ROI with Splunk Enterprise Security. Just getting data in and being able to use the data and making sure it is compliant and mapping it to data models is far more efficient than any other SIM I have had experience with.

My experience with pricing, setup costs, and licensing for Splunk Enterprise Security is straightforward and self-explanatory. We are ingest-based, so we are not compute-based, making it pretty simple to get everything in without worrying about pricing.

Factors that led me to consider the change include shifting to a cloud-based solution at an affordable price and moving to something that is going to help reduce time spent on alerts and maintaining the system, with maintaining the system being probably the biggest reason since shifting to the cloud.

For the future of Splunk Enterprise Security, I would want the Edge Processor to be able to send to multiple destinations rather than just Splunk, though that is more about Observability.

The advice I would give to other organizations considering Splunk Enterprise Security is that everybody wants to drive a Ferrari, so get the Ferrari of SIMs.

I rate Splunk Enterprise Security ten out of ten.

Many of my use cases for Splunk Enterprise Security involve integrating with our networks and systems to troubleshoot and streamline our capabilities.

One of the features of Splunk Enterprise Security that I really enjoy is the ability to have the scalability of the product and the moldability that's really customized to meet our specific needs. 

The flexibility of Splunk Enterprise Security is beneficial, and that feature, while a broad statement, is crucial in itself, as it allows us to design our own environments with the flexibility and malleability needed to function effectively.

Splunk Enterprise Security's Risk-Based Alerting or RBA has been really amazing. We're still new at it, however, it's definitely nice to be able to have those results at your fingertips instead of having to search what you need to.

Using Splunk Enterprise Security's dashboards to communicate security posture to executives is probably one of the nicest things that Splunk offers. Not everyone is as skilled with the inner workings of the system as we are in my industry, so being able to put a visualization on there is critical.

The ability of Splunk Enterprise Security to ingest data has been amazing for our threat detection. Combating insider threats and advanced persistent threats is an amazing feature of Splunk Enterprise Security, and it gives us the visibility that we need for those detections that other software doesn't have.

The stability and reliability of Splunk Enterprise Security is outstanding. It's a software and product that anybody can really pick up and use.

I'm not as familiar as I should be to answer how Splunk Enterprise Security can be improved, however, one of the improvement points that Enterprise Security could offer is on-prem training, the availability to have a Splunk representative come out to different sites and actually sit down with the organizations and help them understand.

I've been using Splunk Enterprise Security for about a year to a year and a half now.

I handle most things in-house, however, I evaluate Splunk Enterprise Security's technical support and service as outstanding based on the few times we've had to contact them.

Positive

My experience with deploying Splunk Enterprise Security is that the deployment process is pretty straightforward, especially once you have the certifications and you understand how the process works. I'd say it goes back to the training opportunities; some people are unfamiliar with it, so a little bit of support would be appreciated sometimes.

Splunk Enterprise Security has definitely reduced the amount of time that it takes us to detect and respond. I would say the percentage lowered by using Splunk Enterprise Security is around 25 to 30%.

I understand how the pricing, the setup costs, and the licensing of Splunk Enterprise Security work, however, I personally don't have knowledge of the numerical values.

I'd give Splunk Enterprise Security a rating of ten out of ten. 

My advice to other companies considering Splunk Enterprise Security is to just do it. Don't look at any of the competitors; Splunk, hands down, is the product that I would recommend to other companies.