Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
- Custom dashboards and workspaces (101)9.999%
- Correlation (50)9.999%
- Event and log normalization/management (99)9.797%
- Centralized event and log data collection (51)9.393%
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Splunk Enterprise, and make your voice heard!
Entry-level set up fee?
- No setup fee
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
- Act as a Search Head, Indexer and Forwarder
- Have full features to install Add-Ons
- Is On-Prem, so we have full control on created lookups on file system
- Better SPL Intelligence
- Add-On's auto upgrade management and notifications
- Implement more features on UI instead of config based implementations
- Real-time status
- Data integration
- Live dashboards
- Automated machine learning
- Extract transform and loading
- Data modeling
- Gets data from anywhere
- Variety of supported alert types
- Real-time insights
- They should not remove support for Duo 2fa.
Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
- Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
- Monitor alerts and report on data collected. Create custom dashboards.
- Powerful machine learning and AiOPS functionality.
- Helps with our security compliance and addresses the security team's need to remain PCI compliant.
- Splunk data sizing and data collected. Worked with Professional Service to scale our environment.
- Capacity data storage for Splunk data.
- TuningSplunk analytics dashboards for performance.
- The power of it. It's a very good tool that does amazing things. Nothing comes close to it.
- It can ingest any data and present it in a digestible, searchable format.
- Flat file format makes it very fast and the best visualizations I've seen.
- It can be cost prohibitive, but I still think it's worth it.
- Training users is a little bit steeper, but once they have it, it's very powerful.
- Data Normalization
- Data Analytics
- Use Case Development Capability
- Single source of truth for all log files.
- Alerting system based on captured log data.
- Reporting/Dashboard system to present data.
- Complex overall architecture.
- Long implementation time.
- High cost.
- Requires on-going staff time to keep running effectively.
- Maximize endpoint logging.
- Can find and store logs from all types of assets.
- Customization of dashboards.
- Creating apps based on your needs.
- Alarm feature alerts relevant people in the organization.
- Data visualization.
- Search queries can be saved for future or even can be converted to apps.
- Slow interface.
- Network teams can easily see if there is a problem with the network device.
- The security team can easily be notified about anomalies that may due to an intrusion.
- The support team can follow the situation of assets and tools.
- It can be integrated with most of the tools available on the market.
- Log analyzing.
- Forecast (ML model).
- Stability on some components (e.g. indexers).
- Complexity of install and maintenance of infrastructure.
Setup and maintenance would not be easy, so always plan ahead. Also always do health check for stability on some of the Splunk components such as indexers and HFs.
We are now using it as a security tool, ingesting logs from lots of different sources and even our cloud platforms.
Currently it is just our IT team that use Splunk.
- Can ingest any type of data.
- Flexibility with filtering, etc.
- Steep learning curve.
- Full stack reporting (though with SignalFX being purchased by Splunk, this is clearly a high priority).
- Team needed to manage large installations.
The obvious wall is the cost of the product and for that reason I would say smaller businesses would not be suited to this as there are free solutions that could bridge this gap.
However, when dealing directly with Splunk for support it can be quite challenging. The support is okay, but has a lot of room for improvement. Sometimes tickets just get no response for weeks with multiple chases. It's very hard to speak to a member of the team that would actually work on your ticket, it's always just frontline who then just send it to the correct team.
We believe we can apply Splunk to other data, in time, specifically aiding the company with analyzing financial information, but this is not yet an active project.
- Fast, efficient
- Solid community of experts and training materials
- Ingests data from many sources, with a large number of partner relationships
- There is a high learning curve. If you go to a Splunk demo or class, get inspired, then install it yourself, you'll have no idea what you're meant to do. It's not intuitive to the first-time user in any way.
- Pricing can be confusing. People ask how much data you want to ingest, and you don't know until after you've been using Splunk. It's not easy to sign up and start without guesswork.
- I found online help pages are broken or out-of-date, or incomplete. e.g. pages on setting up the Java-based SQL Server driver don't even tell you where to download it or where to install it.
It's not suited for scenarios where you want to report on a single set of data, say, in a traditional way, for example, a typical scheduled report out of a finance system.
- Central dashboard for all logs
- Enterprise Security
- Better dashboard graphics
- Robust collection of plugins to support specific applications
- Relatively easy to use
- Strong and helpful support
- Difficult to master
- Can be very complicated to implement into an environment
- Very expensive
- Splunk Light is perfect for standalone on-premise deployment.
- Mainly works well for a small team
- Scalability might be an issue
- A small limit on the number of the user also poses a challenge for large team collaboration.
- Log mining.
- Able to consume multiple log sources.
- Provides the possibility to upgrade the Splunk UF from a deployment server.
- Splunk search language can be very expensive if the users do not know what they are doing.
- Quick log queries across different types of infrastructure
- Adaptable dashboards for digesting large amounts of continuous data
- Easy access and sharing of information via URL links
- Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved
- Dashboard duplication for different areas can be difficult
- Capturing all necessary data from cloud platforms is not always straightforward
- Timely alerting
- Sharing with end users automatically
- Less impact
- Sometime we see the Splunk agent taking higher CPU from OS prospects
- Similar issues have been noticed in Oracle Databases
The log sources are typically firewall logs, email logs, logs from the Intrusion detection system (IDS), logs of different services running on the google cloud, etc. It offers a very easy interface and a query language. We can build our own alarm rule and UI within it for visualization. The rules will run at a time defined by the user and will send metrics to the email. It helped in automating blacklisting as now we can get the most troublesome IP addresses and block them in a minute. It also helped us in tracing a list of most vulnerable on the campus. The most powerful feature is the correlation of log sources. Correlation of log sources is a very taxing process for any software. Splunk handles this gracefully. By correlating firewall traffic, wireless and IDS traffic we once spotted a machine that had a trojan in it and was trying to spread itself laterally through open SMB ports.
- It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn.
- We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users.
- There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn.
- They can introduce a query builder for non-technical users.
- The query error messages could be more specific.
Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive.
- Love the real-time monitoring system.
- Easy to use.
- I have no suggestions.
- Captures multiple different information about a customer and his/her session.
- Intuitive and informative search options.
- Option to set up precise alerts for different KPIs.
- The speed of the tool could be improved.
- It could store and allow to search for historical data older than 60 days (may be related to our company license).
- Dashboard creation could be more user-friendly.
- Log analysis
- Needs training to work on
- Needs hands on experience to get used to
- Monitoring and Alerting: Creating custom actions based on log entries was the largest unexpected bonus for us. While we had other software configured to do this job Splunk was easy to implement and could be managed by a larger number of our team members.
- Cross-Device Analysis: Seeing data from all of your devices in one location makes following event chains much easier.
- Vendor Specific Add-ons: There is a large library of vendor-specific add-ons for the software allowing for automatic formatting and action for certain types of logs, greatly reducing the man-hours required to get started.
- Splunk Light doesn't include the ability to create data models or tables without paying for a large upgrade. This is a rather basic feature, I wish it had been included.
- High Availability is another basic feature that is excluded, greatly limiting Splunk Light's usefulness.
- Tight access control via a variety of mechanisms to restrict users to specific logs.
- Solves regulatory controls by providing access control and archival storage capabilities.
- Provides a quick mechanism to search across multiple logs for issues between systems.
- Splunk can be expensive since it's based on the amount of logging you do. The capabilities definitely make up for the cost, but there is a high bar to entry.
- Splunk can be overly confusing for new users. The capabilities are quite vast and sometimes daunting.
- Simplifies analyzing of big logs finds and helps in finding issues faster.
- Splunk Alerts are great to be notified of possible issues so that necessary actions can be taken to avoid it from becoming a problem to our end users.
- Dashboard reports can be scheduled to be generated and share with key stakeholders.
- Comparison of two or more time series data in a single graph.
- Search and make suggestions on Splunk commands as we type on the search window.
- Log search is very good with this tool.
- Splunk search query language is just very good. You can easily run some analysis using this language
- Generating reports is a very good feature of this tool.
- Detecting anomalies and reporting them is just fantastic.
- Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
- Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
- I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.