Likelihood to Recommend
If budget is an issue then Fortisiem fits well, as it's more than a typical SIEM solution. It can integrate with environmental monitoring systems, UPS HVAC etc. It can be used as the CMDB solution etc. If fine-tuned and looked after it can actually bring a lot of value for less.
Read full review
Pros: Splunk is very well suited if you have multiple log sources of related data. All of them can be correlated and tasks can be automated based on the requirement. Other than alerts, Splunk can also run a specific script of your choice, based on some defined conditions. Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive.
Read full review Pros Log aggregation and analytics CMDB Device inventory and remote management . It can be used by Managed Security Providers who have multiple customers as it offers multi organization support . Read full review Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data. Dashboards provide insights into historical data Love how Splunk indexes all of the data and provides keys to search on Read full review Cons Non-intuitive/unattractive user interface Too many features that will usually remain unused Very crowded (too many icons) portal The reporting feature is confusing, e.g. you have to click on the "refresh" button to get the result of your inquiry. The report generation process can be much easier, as the user interaction is not pleasant. Read full review At times some queries can run slowly if indices are not on a portion of the query you use. Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log. Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con). Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk. Read full review Likelihood to Renew
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
Read full review Usability
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Read full review Reliability and Availability
When properly setup and configured, Splunk is extremely reliable.
Read full review Support Rating
Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.
Read full review Implementation Rating
Smooth without too many major issues.
Read full review Alternatives Considered
I wanted to learn a new language that I can quickly master and implement. Splunk is easy, fun to use and best of all, it can be developed in hours not days or weeks. Splunk is fundamentally a programming language that is minimal but yet powerful enough to collect, analyze and visualize data.
Read full review Scalability
Splunk can scale in to the petabyte per day range which of course is awesome
Read full review Return on Investment Other SIEM solutions were cost prohibitive at the time of purchase (2016). Just like any other SIEM, it helped draw a better picture of our current security posture. Read full review Overall very positive. It has provided visibility to what is going on within our network. One drawback is the time it takes to get up to speed with the application, but this is up to the user, and Splunk education is excellent. In my field, IT Security, there are few other friends to have in your back pocket better than Splunk. They are just that good. Read full review