Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Splunk Enterprise stacks similarly to IBM's qradar and outperforms both Palo Alto's Panorama and Cisco's Secure Firewall Management Center in regards to storing large amounts of logs and the ability for quick searches. Splunk Enterprise handles queries of data effectively and …
Splunk Enterprise is a very seasoned software , while other comparable software keep on adding new features and keep evolving, Splunk Enterprise has reached a state where new user onboarded doesnt have to request any basic feature or develop modules to simple tasks. Log parsing …
Splunk does a good job at log aggregation and compatibility however, integrations with other products is been a challenge. Especially the pricing can be more competitive to spice up the market and orgs looking to explore AI based logging over traditional practices.
Able to show more than Log data in Splunk views, we tested several plug-ins during a small pilot, and we were able to bring O/S (Win/Unix/Linux) & APM data metrics into the same views as Logged data. I've seen others use it to visualize a wider range of data types, too...better …
While both are market-leading SIEM platforms, they cater to different environments and organization priorities. The choice often comes down to a company's existing infrastructure, integration needs, and long-term security strategy. Deployment and architecture - Splunk offeres …
Splunk Enterprise was already chosen by our organization to be used across teams. However, the reasoning I know behind is the ability to share events/messages across different message brokers and making onboarding easier to legacy teams by just simple configuration.
Verified User
Employee
Chose Splunk Enterprise
Splunk was better in terms of analyzing unstructured data. Also Splunk has had a very good and strong community and is also has a more tried and tested performance. I personally found the dash boarding capability of Splunk better than Datadog.
Omnibus was a Linux based tool. Not very easy to sue. End user needs to know Linux commands. Splunk Enterprise is more flexible and ease to use. Splunk Enterprise can generate reports, graphs, data visualization, data validation and much more. Use friendly query language and …
A lot of products have natively inside their own dashboards and or their own logging repositories. And each one is difficult to learn or they're too complex or they're not verbose in the sense that they're not easy to mine the data that you're looking for. So that could be …
Elastic and it's a little bit more cumbersome and a little bit more time consuming. Using Splunk is much easier flow and quicker to utilize to get to the root of a problem.
Cost was major factor which made us choose Splunk Enterprisek. Splunk Enterprise is versatile tool which further helped us to make our decision. Apart from that Managment wish to use something robust hence Splunk Enterprise became there first choice.
Splunk Enterprise is honestly the first tool we used and we cant realistically switch. We have not done any in depth studies or comparisons. We know there are alternatives and we would probably switch if one of them was much more economically viable, but right now we are happy …
Splunk is easy to use , the User interface is quite easy and the components or functionality speak for themselves. The ease with you can search and from there fine tune your search functionality. Also the admin console is quite simple to use, you can find the functionality at …
We had an old version of QRadar before Splunk. It was difficult to customize and difficult to pull in our data sources. It wound up being neglected and not providing value for us as an institution. We have also looked into other things like AlienVault but in general, the …
More features and easy to manage once configured and setup correctly. Stronger correlation engine compared to other products. Easily integrates with ServiceNow for ticket creation, automation, and building workflows. Helps in AiOPS more, as compared to other tools. Provides …
LogRhythm is a great SIEM Tool. But Splunk Enterprise is so much more than that. [It's] a Security Analytics Tool with no limitation. It depends on [organization's] size, budget[,] and also what exactly they are looking for.
We reviewed a number of different platforms and found Splunk to be the more mature product across the board. Splunk is the market leader and the rest of the industry chances them. We needed a platform from a company with the resources to continue development and meet new …
Splunk is a better solution for log analyzing based on the complexity of data it can collect, analyze and store. Dynatrace is just in the beginning stage of collecting logs but this tool is good for user application monitoring. So they are different products and it may not be …
We originally used Kiwi Syslog but this was not able to keep up with the level of logs that were being sent to it. Also Kiwi does not allow you to search through logs, create alerts, etc. or any of the other features Splunk has. It is purely just a web GUI for syslog.
It's well suited for what I do, which is network security operations. And that's for anything from troubleshooting incidents, troubleshooting performance, troubleshooting for the purpose of a compliance and auditing. It's not best suited for users who are new in terms of they're new to the product and they have expectations that probably Splunk cannot meet.
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method.
The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself.
I didn't get to fully evaluate Logstash as our corporation was already using Logstash, but both seemed like viable solutions to the problem that we were having. I wanted to evaluate Logstash some more, both did seem like they would work for the business needs that we had, we went with splunk as many teams were already using it.
I don't have any numbers to share but Splunk has positively served as a 24/7 monitoring tool that has saved hours of work by self-detecting, saving statistics and alerting problems in the system or from external interfaces as soon as they happen.
Splunk dashboards does a solid job in collecting, analyzing data and creating reports that contain an entire day's activity and then automatically sent out to the business.
Splunk is very easy to learn and very useful to any program or business application.
