TrustRadius
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.https://media.trustradius.com/product-logos/Rs/AC/1TUEB784F6M4.jpegSplunk-ing across the EnterpriseSplunk is utilized for creation of dashboards and log queries across many areas.,Quick log queries across different types of infrastructure Adaptable dashboards for digesting large amounts of continuous data Easy access and sharing of information via URL links,Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved Dashboard duplication for different areas can be difficult Capturing all necessary data from cloud platforms is not always straightforward,9,Decrease of MTTR in the course of operational activity Decrease of time spent finding pertinent log data Greater visibility and translation of metrics in many areas,ExtraHopSplunk, a great tool!Splunk is being used by the entire organization for searching and reporting and to analyze the logs and entire organization’s data.splunk is a great tool to work on. It’s a great tool to work on. It helps in finding various threats inside and outside the organization. Five stars ⭐️,Versatile Intelligent Reporting Searching Log analysis,Costly Needs training to work on Needs hands on experience to get used to,8,Able to analyze data more effectively. Capture data and threats more efficiently. By using data models, it makes the Splunk system easy to learn.,Logger (formerly HPE Arcsight Logger), Arcsight Enterprise Security Manager (formerly HP Arcsight) and ArcSight Investigate,IBM Resilient Incident Response Platform, IBM Control Desk, Jira Service Desk, JIRA SoftwareRobust IT Operations and SIEM Management SolutionSplunk Enterprise is used by our Infrastructure and Enterprise Monitoring Team and Security Teams to monitor our infrastructure. Monitoring is enabled for the overall health of our systems. Data is collected from multiple data sources. Logs are analyzed and converted to meaningful metrics for the team to proactive monitor and take corrective actions. Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.,Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems. Monitor alerts and report on data collected. Create custom dashboards. Powerful machine learning and AiOPS functionality. Helps with our security compliance and addresses the security team's need to remain PCI compliant.,Splunk data sizing and data collected. Worked with Professional Service to scale our environment. Capacity data storage for Splunk data. TuningSplunk analytics dashboards for performance.,9,Improved MTTR for all our incidents. Reduced alert noise with powerful correlation engine. Performance Analytics dashboards.,IBM QRadar,IBM QRadar,20,5,Network, Systems and Application Monitoring. Aggregation of Machine Data from different sources. Meaningful dashboards based on data collected to aid decision making.,Integration with ticketing tools to automate ticket generation. Reduce noise from multiple monitoring tools. Automating actions based on alerts triggered.,More Automation and invest in self healing Infrastructure.,10,No,Price Product Features Product Usability Product Reputation Vendor Reputation Positive Sales Experience with the Vendor,Collect Data from more different Data Sources.,Third-party professional services,Yes,Change management was a minor issue with the implementation,Collecting Logs from some Storage Systems.,9,No,Capacity Planning for our infrastructure.,9,Reporting Event and alert Correlation Ease of collecting Log from any sources,Managing the data collected from a storage standpoint.,9Splunk Enterprise - all your logging needs under one roofSplunk is an excellent logging platform, allowing for short and long term log storage with top tier indexing and searching capabilities. We have deployed Splunk to aggregate all logs and act as a central logging platform throughout the company. This helps us solve operational issues by providing a centralized log monitoring platform to be used by our operations group. It also helps solve regulatory issues by being the central logging platform with strict access controls as well as tiered storage and archiving capabilities.,Tight access control via a variety of mechanisms to restrict users to specific logs. Solves regulatory controls by providing access control and archival storage capabilities. Provides a quick mechanism to search across multiple logs for issues between systems.,Splunk can be expensive since it's based on the amount of logging you do. The capabilities definitely make up for the cost, but there is a high bar to entry. Splunk can be overly confusing for new users. The capabilities are quite vast and sometimes daunting.,9,Splunk has helped our operations personnel to identify issues quickly and helped lead to quicker resolutions of those issues. Splunk has provided a simple mechanism for aggregating log data and providing reports where necessary.,Logstash and Graylog,Microsoft Visual Studio Code, Microsoft Office 365Excellent tool for analyzing logsSplunk Enterprise is used to monitor both Prod as well as all our lower environments. It is used for analyzing logs and tracing transactions. We write Splunk queries and create dashboards for monitoring several Key Performance Indicators. We first analyze metrics over a particular period of them to understand the trend and then set up alerts on these metrics for threshold violations.,Simplifies analyzing of big logs finds and helps in finding issues faster. Splunk Alerts are great to be notified of possible issues so that necessary actions can be taken to avoid it from becoming a problem to our end users. Dashboard reports can be scheduled to be generated and share with key stakeholders.,Comparison of two or more time series data in a single graph. Search and make suggestions on Splunk commands as we type on the search window.,10,Splunk log analysis helped us understand backend error much better than ever and improved number of errors/ week significantly after resolving those. Charting vendor calls/service helped us understanding default looping/logic which in turn reduce vendor calls and vendor bill/call. Splunk alerting on system resources helped us take necessary actions to tackle the traffic under heavy load condition without impacting user experience.,Dynatrace, JMeter, JenkinsSplunk is a handy log consolidation and dashboarding toolWe use Splunk to consolidate all our logging and I use it primarily for problem debugging and dashboarding.,It does very well at providing a central repository for logging. Provides a convenient tool for problem research, debugging and analysis.,One issue is that users who might find dashboards useful don’t have permissions due to licensing. Dashboard creation is a bit confusing.,8,It’s been handy for problem resolution. I was able to produce a handy dashboard with it.,Dynatracea very good log handling and analysis toolSplunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.,Log search is very good with this tool. Splunk search query language is just very good. You can easily run some analysis using this language Generating reports is a very good feature of this tool. Detecting anomalies and reporting them is just fantastic.,Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it. Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression. I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.,9,There are a lot of positive impacts that Splunk had made, we have real-time exception alerting which is very useful We have report generation out of the logs which again helped us in many ways. The only negative thing I can say is that it requires good learning and that takes a long time,Datadog and Sentry,Google BigQuery, Apache Kafka, HadoopMonitor your monitors...Splunk is used for application logs monitoring and system health checks for production environment and performance environment.,Best tool to do log monitoring and creating intuitive dashboards and charts Best for setting up alerting for application logs,The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.,8,It has been helping with alerting on certain attacks on site and monitoring server health. It slows down during high traffic volume days - ( major 5 days of the year ),New Relic,Adobe Target, Tealium iQ Tag Management System, Signal Tag ManagementSplunk, a revolutionary analytics tools for the new age IT professionalSplunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.,Data Analytics Reporting Indexing search data Searching machine-generated data at realtime to forecast trends,Splunk is expensive. To use Splunk effectively, people must learn SPL. Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.,8,The impact was tremendous in terms of dollar values. The real-time alerts generated helped salvage many business transactions which would have been a nightmare to deal with later. Legacy reporting systems were decommissioned and reporting moved to Splunk which helped in saving maintenance costs. The upfront expenditure is Splunk but whether that can be considered negative depends on the organization.,,IntelliJ IDEA, Toad for Oracle, IntelliJ WebStormSplunk is great for troubleshootingWe use Splunk to catalog all incoming quote requests, booking requests and booking responses (effectively we catalog all successful transactions and errors). My team uses these logs to troubleshoot connections with our partners. We also use this to analyze the behavior of our customers to make sure they are operating as we expect them to. I use this tool every day, for several hours per day, to do my job.,logging server data easy to use commands to parse data automated reporting real-time reporting that will alert when a condition is met,Not a Splunk problem, but we don't have enough space to store as much data as we would like,10,Splunk has decreased the amount of time we spend looking for things to fix in other places. so far no negative effects,,Microsoft SQL Server, Tableau ServerGreat tool to handle all your server and network monitoring needsWe use Splunk Enterprise across the entire company to collect log data that allows us to see up/down times of servers and applications. We have customized Splunk a good bit and it is one of the main tools we rely to monitor our server environment and troubleshoot issues when an app/server is down or having errors.,Monitoring of log data to gauge server status and health Dashboards that allows us to view data about servers in our environment MOnitoring for fraud/cyber security threats and risks,We really like the product but there is a steep learning curve and training is definitely required Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool Tool is very module driven so you are constantly having to add modules and costs to get new functinality,9,Splunk has allowed us to reduce losses via fraud. We have actually be able to monetize how much money it has saved us. This alone has allowed the tool to pay for itself. Splunk provides key machine data easily. This data is used for all sorts of processes throughout the company and is very valuable to other systems/departments. Splunk has allowed us to closely monitoring and catch items before they impact our large customer facing applications. It is hard to quantify, but this has saved us money by keeping more customers happy.,Dynatrace, SolarWinds Network Performance Monitor, CA APM and ThousandEyes,Ivanti ITSM Service Desk, powered by Heat (formerly LANDESK Service Desk), Workday Human Capital Management, MS SharePointSplunk for log collection, indexing, analysis & dashboardingSplunk is used in our enterprise to analyze monitoring and analytics data. We have thousands of micro services and APIs in our organization. All these APIs emit log data that is used to aggregate and analyze using Splunk. It also helps in end-to-end tracking of flows and data across services, in troubleshooting errors, and in generating metrics. Splunk is also used generating and configuring alerts.,Used for indexing and collecting machine data and log data from APIs. This data is used to generate graphs, alerts, metrics that is useful to business, technology and operations. It is data source agnostic and is used to log API, batch, db and log data. It runs on AWS for us.,The only con might be that it is much costlier than an open source system like ELK (Elastic Logstash Kibana).,8,Splunk has been used as a one-stop-shop for log collection, indexing, alerting, analytics and dashboarding Splunk is a costly software however ROI on our engineering and operations is huge. Negative could only be its high licensing costs. It might not be a viable option for all companies.,,AWS Lambda, AWS CodePipeline, Databricks Unified Analytics Platform, Apache SparkWe've tried the rest and now we're back on Splunk!Splunk is our dumping ground for our logs. We use Splunk to pump the monitoring and statistical logs to, whether for analysis, storage, or for debugging purposes. The main problem it solves is that we have many systems that live in different places, and having one centralized repository for our logging helps us with correlation of bugs to specific times, and monitoring how different infrastructure interacts.,Handles inputs from many different sources. Very easy queries. Dashboard support.,Scaling story. Query speed.,9,Dashboarding allows us to immediately get value without having to have a query to find things in logs. Allows us to troubleshoot bugs faster. Having everyone have access to certain indexes is less of a headache for it to manage.,Sumo LogicOne of the best Log Analysis application available in the market!Splunk is a very powerful analytics tool. As of now, we are using Splunk on an experimental basis in our department but so far the results are pretty great. So we are planning to expand its use on an organizational level. We use Splunk for various things but mainly we use it to monitor and investigate Blackboard system startup issues by analyzing log files. We have written Splunk search strings to list out all the Blackboard system startup errors in a mannerly fashion and later raise it to the concerned department. After starting to use Splunk, it made very easy to find the exact cause of the issue.,Powerful Data Analytics application Excellent and very informative dashboard Defining Field Extractor is very easy and also you can use them to search again Can analyze large amount of data very effectively,Need technical expertise to use Splunk. I will recommend watching training videos before integrating Splunk into your organization. Lacks offline and email features It's a great application but it is bit costly,8,Saves time and effort fining critical system issues Reduces security cost The return on this investment has paid for itself with the ability to customize reporting.,Sumologic,Datadog, SisenseSplunk is a great tool for helping make sense of logsI'm using Splunk to aggregate logs from various servers and devices within my department. While I don't interact with it daily, or even weekly a lot of times, I do use it heavily when faculty or staff come to me asking when users were logged in, when there are any questionable incidents on websites, etc.,Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service. Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.,I would love some better wizards to help build canned reports based off common data sets. An easy way to back out integrating a log that suddenly balloons you over your license limits. An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.,9,Awesome ROI for me. Again, while I don't use the software daily, when I do use it, it beats the pants off manually searching logs. Allows me to provision less storage for logs on my servers, as I can have Splunk ingest and then archive/remove logs from those servers.,OmniFocus, SlackSplunk Enterprise ReviewSplunk is mainly used to log analysis and alerting of events, both business and technical events,Business event alerting Technical Event alerting Graphing of information found in the data,Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.,10,We make each user group pay for the data that their systems index. We have not had any negative reactions indicating that the tool doesn't meet their needs,NoneSplunk ReviewSplunk is used across the whole organization and is used for logging. We log all of our web traffic thru Splunk and we use it to monitor what events are taking palce on our site. The business problem we solve for is not having to build an inhouse logging tool.,Catching web traffic Dashboards are helpful Search capability is great,The dropped logs can be frustrating our instance only retains data for 3 months,9,Saves on the engineering cost of building an inhouse logging systemGreat for almost anythingWe use this across our different departments for security, app performance monitoring, host monitoring, data intelligence, correlation, alerting and much more. It's a Swiss Army Knife of IT products.,The power of it. It's a very good tool that does amazing things. Nothing comes close to it. It can ingest any data and present it in a digestible, searchable format. Flat file format makes it very fast and the best visualizations I've seen.,It can be cost prohibitive, but I still think it's worth it. Training users is a little bit steeper, but once they have it, it's very powerful.,10,Like any tool, if you use it, it does need care and feeding. If you change your log structure or location, update it in Splunk or you'll have missing info. Don't use it as a reactionary tool, it should be the first tool you go to. We use another product for monitoring, but the data is not helpful in their product. We started bringing that data into Splunk and it's actually useful to us now.,Elasticsearch and LogstashSplunk for new usersSplunk is being used extensively in our technology department. Many applications use Splunk to monitor business activity, system resources, exceptions/failures, and to overall system status. Splunk addresses more technology-related problems but it does provide the business greater transparency into the applications which in turn gives both the business and the developer's peace of mind.,SPLUNK has a quick learning curve and can be easily self-taught. For example, there are plenty of resources available such as tutorials and search tools. There is really no prerequisite for learning how to use Splunk. SPLUNK Enterprise provides plenty of useful documentation and user support which makes it easy for anyone to learn and start using SPLUNK in a very short period of time. There are also examples and user feedback that is helpful if you need more advanced implementations. SPLUNK is very powerful, yet simple. For instance, you can set up a dashboard in one day provided you have admin rights and access to the data you want to Splunk.,Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard. Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics. My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.,9,I don't have any numbers to share but Splunk has positively served as a 24/7 monitoring tool that has saved hours of work by self-detecting, saving statistics and alerting problems in the system or from external interfaces as soon as they happen. Splunk dashboards does a solid job in collecting, analyzing data and creating reports that contain an entire day's activity and then automatically sent out to the business. Splunk is very easy to learn and very useful to any program or business application.,Bash and autosys,Agile CRM, PagerDuty, Kanban Tool, CrucibleSplunk will make your job easier!!We currently have evaluated and are deploying Splunk Enterprise to replace our older SIEM device. This will allow us to monitor our critical systems and allow for scalability as we continue to grow. Using this product has saved us time and money as it is used across our whole company's three locations. The flexibility and tools offered with Splunk make our jobs easier. Also, there are great forums and a cool wiki for best practices using Splunk.,Monitoring is made easy and putting out reports for upper management is a breeze. With Splunk analytics we are better able to track our employees usage of systems for auditing purposes. Checking on performance through Splunk's monitoring makes our management of resources a lot easier and resources are put where needed most.,Some of the start up in Splunk requires more than we would otherwise like. We wish there was more customizable reporting. Splunk sales engineers could be a bit more friendly and easier to work with.,10,By going with Splunk we have reduced our overall costs on security without sacrificing and functionality. The return on this investment has paid for itself with the ability to customize reporting. Support for security has been reduced by having more people able to monitor systems without dedicating their full time to one task.,,Consul, Microsoft Office 365, AWS LambdaSplunk in a production environment is a must-have todayProduction line quality monitoring and searching for patterns, leading to outages. Usually scan and fix tasks, finding an event, that leads to an outage. Two main ways of using Splunk prevail: ad-hoc analysis, and monitoring and alerting. In some applications with two production lines, Splunk connected directly to the controllers and monitored data in real time. In other applications, we analyzed logs from 5 systems, among others application server logs, database server logs, production line measuring PCs. In total 5 systems had to communicate and an error on DB server sometimes caused outages on the production line. Splunk helped to find patterns in these incidents. We then set up a monitoring app to provide early indication of a potential upcoming outage.,Parsing huge amounts of data, structuring data, or at least helping to find a structure Very good performance. Very good graphical representation of data, findings, report creation,I really cannot, since after a year we are still discovering more and more possibilities with the product. One specific wish of a manager was: can we work with the reports offline? (e.g. on the airplane) we have not found a reasonable way of doing this. The only thing we came up with was exporting data and rendering specific reports in flash (web viewer) and somehow simulating reports within limited (predefined) boundaries,10,Avoidance of risks in the production line is hard to translate to money. But the department managers know that this tool helps to mitigate risks. And the team grows. After several Proof of Concept mini-projects, Splunk was finally approved as a regular company application: We are now able to link it to live data, not only to use logs. The data science team has grown to four people and we are ready to move from incident localization and fixing to process optimization, proactive monitoring and alerting, finding trends and relationships (what precedes what).,,ThingWorx, SAP BusinessObjects BI Platform, QlikViewMy Dive into using SplunkSplunk is being used across our whole organization. We try to have all/most of our logs get pulled into splunk to be able to use the splunk UI to search across information. We are able to give employees access to splunk and allow them to diagnose issues without giving them explicit access to production servers or other production locations.,Allow for separation of control where we don't let some employees have access to production but still can diagnose issues. Common location to go for all logs even if the logs themselves aren't in the same place. Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).,At times some queries can run slowly if indices are not on a portion of the query you use. Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log. Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con). Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk.,8,Splunk has allowed developers to diagnose production issues when access of control was taken away from them to be allowed to view items in production environments and I believe that is invaluable. At times some developers weren't super happy about using it, but it was more of the fact that they were used to having production access and not creating their splunk queries to get information. Going one place to view logs was very beneficial to have.,Logstash,ElasticsearchSplunk - the most flexible SIEM tool on the market.Splunk is currently the SIEM for IT operations and IT security providing log aggregation and security event correlation for multiple departments. The IT operation groups use Splunk to trend operational data, trouble shoot issues, and send automated alerts when certain triggers are met. The security department utilizes Splunk for investigations and event management, leveraging automated alerts and dashboards. For our organization, Splunk provides the "single pane of glass" for users across several IT departments while also serving as our compliance tool for PCI-DSS and SOX.,Splunk is flexible and extensible, able to ingest logs from disparate systems using disparate formats and disparate file types. If the ability exists to make the logs human readable (either natively or via a script), Splunk can ingest it. Splunk's flexibility in how you parse, format, and enhance your data is amazingly deep. When you start event typing, tagging, aliasing, and creating data models, you start to really open up Splunk's capabilities. Splunk scales very well in large environments. Adding additional indexers as your environment grows is pretty trivial and its ability to do multi-site clustering and search head clustering provides load balancing and redundancy that's inherent to the product.,Splunk's search language goes very deep. To do some of the more advanced formatting or statistical analysis, there's a bit of a learning curve. Splunk training for learning the search language and manipulating your data can cost anywhere from $500.00 to $1500.00 (although a good number of free training exists). Splunk's dashboard capabilities are pretty decent but to do more exciting visualizations requires a bit of development using simple XML, Java script, and CSS. Splunk releases minor revisions very quickly but because of the sheer number of bugs we've run into, we've upgraded our environment four times in nine months.,10,Splunk provided immediate results when an Active Directory change was made and our Windows AD team was unable to determine when or who had made the change. We were also able to provide information back to our CIRT for multiple security incidents and correlate what some thought was a DOS attack back to a massive scheduled data download occurring off hours. Because of Splunk's role in our PCI-DSS compliance requirements, the compliance office is expanding Splunk's role into SOX compliance as well. We're also being asked by multiple departments to be their official system of record for their system logs. Unfortunately, the decision to virtualize our environment means we're tied to some expensive storage solutions. We are currently facing difficult decisions with regards to data retention due to the cost. According to our database team, showcasing Splunk's capabilities saved their department $75,000 (USD) when they were able to meet their monitoring needs without buying an additional tool. Our mainframe team is doing a proof of concept with a tool called IronStream that integrates directly with Splunk to provide mainframe monitoring, essentially the only tool in existence to do so. Splunk is also replacing both some end-of-life SCOM tools as well as the soon-to-be EOL Symantec SIEM.,HP Arcsight and IBM Security QRadar,Google Drive,Yes,Product Features Product Usability Product Reputation Positive Sales Experience with the Vendor Analyst Reports Third-party Reviews,A head-to-head between the products using the same data looking for the same event may have been helpful, but not practical.,Searching indexed data is pretty straight forward. You can do it without even really knowing the Splunk Search Language (SPL). Becoming intimately familiar with the SPL means you have a lot of flexibility in presenting and carving up your data how you want it. Splunk's ability to ingest data using a variety of methods makes Splunk stand out among its competitors. You can stream it directly to Splunk, install a forwarder on a system, used scripted inputs, or even just use WMI for Windows environments. All of Splunk's configuration files are flat text files which makes editing on the fly a breeze. The individual file specifications are well documented and the community support forum is extremely helpful.,In large environments, you almost need dedicated Splunk engineers that have formal training to administer, onboard data, normalize data, and perform day-to-day operational tasks. The configuration files can be intimidating. Splunk's flexibility can be a double edged sword. Sometimes finding the right way and the best way to do a specific task isn't very easy. Sometimes, getting backend performance metrics out of Splunk can be like pulling teeth. While there are a number of Splunk Apps that can provide this information easily, it's not always in the format you want, so learning the SPL is a must.,No,10Splunk in a nutshellWe are a reseller of the product and for our customers we are solving problems from Security, operational intelligence, app development and big data problems.,Splunk is great at correlation of data from multiple sources and allows access to critical information without giving access to servers or applications. Splunk is good at integration of data and information from multiple point tools. The ability to have a single pane of glass view in to the IT world is critical to most IT shops. Splunk has a flexible dashboard system built on simple xml. Most users of the product can easily create and manipulate their data into useful dashboards.,Splunk is not particularly hard to understand or deploy. The only problem I've really run in to is the 3-6 month use case exhaustion. Customers will have Splunk to solve a particular problem then stop once that problem is fixed. The use cases are only limited to their imagination and can blossom in the right hands.,10,Increased efficiency in the NOC. Reduction on app/dev lifecycles Reduction on MTTR on most outage scenarios,,10,8,10Got Splunk?Although still in the final implementation stage, Splunk has allowed us to troubleshoot our software suite more efficiently. Our monitoring and engineering team can now rely on the syslog and log correlation capabilities of the Splunk to pinpoint where the issue is.,Log correlation Alerting Syslog,Would like to see more integrated tools and supported vendors (such as F5, Checkpoint, Palo-Alto, etc.).,8,Improved troubleshooting of the software suite Increased visibility into the network logs,,SolarWinds Log & Event Manager, ITRS Geneos, SolarWinds Netflow Traffic Analyzer, Dynatrace
Unspecified
Splunk Enterprise
228 Ratings
Score 8.7 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Splunk Enterprise Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
Splunk Enterprise
228 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101
TrustRadius Top Rated for 2019
Show Filters 
Hide Filters 
Filter 228 vetted Splunk Enterprise reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-25 of 48)

  Vendors can't alter or remove reviews. Here's why.
Daniel Garrett profile photo
February 23, 2019

Splunk Enterprise Review: "Splunk-ing across the Enterprise"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is utilized for creation of dashboards and log queries across many areas.
  • Quick log queries across different types of infrastructure
  • Adaptable dashboards for digesting large amounts of continuous data
  • Easy access and sharing of information via URL links
  • Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved
  • Dashboard duplication for different areas can be difficult
  • Capturing all necessary data from cloud platforms is not always straightforward
Real-time and historical log research is a glowing achievement for Splunk. Splunk is also quite effective at dashboard creation and presentation with high level or more granular investigation possible.
Read Daniel Garrett's full review
No photo available
May 20, 2019

Splunk Enterprise Review: "Splunk, a great tool!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is being used by the entire organization for searching and reporting and to analyze the logs and entire organization’s data.splunk is a great tool to work on. It’s a great tool to work on. It helps in finding various threats inside and outside the organization. Five stars ⭐️
  • Versatile
  • Intelligent
  • Reporting
  • Searching
  • Log analysis
  • Costly
  • Needs training to work on
  • Needs hands on experience to get used to
Splunk is the best tool to work on if there is a need for analyzing the logs and the organization’s inside data. The way employees use search engines and browse for their personal use they can be caught easily. Also, if there are some outside threats within the company you can analyze those by setting up alerts.
Read this authenticated review
No photo available
May 15, 2019

Splunk Enterprise Review: "Robust IT Operations and SIEM Management Solution"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk Enterprise is used by our Infrastructure and Enterprise Monitoring Team and Security Teams to monitor our infrastructure. Monitoring is enabled for the overall health of our systems. Data is collected from multiple data sources. Logs are analyzed and converted to meaningful metrics for the team to proactive monitor and take corrective actions.

Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
  • Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
  • Monitor alerts and report on data collected. Create custom dashboards.
  • Powerful machine learning and AiOPS functionality.
  • Helps with our security compliance and addresses the security team's need to remain PCI compliant.
  • Splunk data sizing and data collected. Worked with Professional Service to scale our environment.
  • Capacity data storage for Splunk data.
  • TuningSplunk analytics dashboards for performance.
Good for event correlation from multiple data sources, web monitoring, systems and application monitoring. Good as security information and event management tool. It collects data from logs and custom applications helping the business make informed decisions across the organization. Gain insights to drive operational performance and business results. Splunk's rich visualizations make results easy to understand and take necessary actions.
Read this authenticated review
No photo available
March 11, 2019

Review: "Splunk Enterprise - all your logging needs under one roof"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is an excellent logging platform, allowing for short and long term log storage with top tier indexing and searching capabilities. We have deployed Splunk to aggregate all logs and act as a central logging platform throughout the company. This helps us solve operational issues by providing a centralized log monitoring platform to be used by our operations group. It also helps solve regulatory issues by being the central logging platform with strict access controls as well as tiered storage and archiving capabilities.
  • Tight access control via a variety of mechanisms to restrict users to specific logs.
  • Solves regulatory controls by providing access control and archival storage capabilities.
  • Provides a quick mechanism to search across multiple logs for issues between systems.
  • Splunk can be expensive since it's based on the amount of logging you do. The capabilities definitely make up for the cost, but there is a high bar to entry.
  • Splunk can be overly confusing for new users. The capabilities are quite vast and sometimes daunting.
Splunk is an excellent central logging system. For companies concerned about the cost, you can combine Splunk with an open-source logging engine such as rsyslog and only ingest the logs you need to search. Splunk is an excellent tool for handling web and systems logging and can help quickly identify issues in both.
Read this authenticated review
No photo available
February 28, 2019

Splunk Enterprise Review: "Excellent tool for analyzing logs"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk Enterprise is used to monitor both Prod as well as all our lower environments. It is used for analyzing logs and tracing transactions. We write Splunk queries and create dashboards for monitoring several Key Performance Indicators. We first analyze metrics over a particular period of them to understand the trend and then set up alerts on these metrics for threshold violations.
  • Simplifies analyzing of big logs finds and helps in finding issues faster.
  • Splunk Alerts are great to be notified of possible issues so that necessary actions can be taken to avoid it from becoming a problem to our end users.
  • Dashboard reports can be scheduled to be generated and share with key stakeholders.
  • Comparison of two or more time series data in a single graph.
  • Search and make suggestions on Splunk commands as we type on the search window.
Simplifies analyzing of big logs finds and helps in finding issues faster. Splunk Alerts are great to be notified of possible issues so that necessary actions can be taken to avoid it from becoming a problem to our end users. Dashboard reports can be scheduled to be generated and share with key stakeholders.
Read this authenticated review
No photo available
February 22, 2019

Splunk Enterprise Review: "Splunk is a handy log consolidation and dashboarding tool"

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use Splunk to consolidate all our logging and I use it primarily for problem debugging and dashboarding.
  • It does very well at providing a central repository for logging.
  • Provides a convenient tool for problem research, debugging and analysis.
  • One issue is that users who might find dashboards useful don’t have permissions due to licensing.
  • Dashboard creation is a bit confusing.
Not so great for applications that don’t write much useful info to logs.
Read this authenticated review
Rounak Jangir profile photo
January 02, 2019

Splunk Enterprise Review: "a very good log handling and analysis tool"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.
  • Log search is very good with this tool.
  • Splunk search query language is just very good. You can easily run some analysis using this language
  • Generating reports is a very good feature of this tool.
  • Detecting anomalies and reporting them is just fantastic.
  • Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
  • Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
  • I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
If you need to search and need to do some analysis on top of that, then Splunk is a great thing to use. And also if you want to generate reports from them and want alerts on some specific activity, then Splunk should be your first choice. I have used this tool for this purpose but can't say in which scenario it would not fit.
Read Rounak Jangir's full review
Priti Asai / Thakkar profile photo
December 14, 2018

Splunk Enterprise Review: "Monitor your monitors..."

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is used for application logs monitoring and system health checks for production environment and performance environment.
  • Best tool to do log monitoring and creating intuitive dashboards and charts
  • Best for setting up alerting for application logs
  • The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.
For anything related to the application backend logs and monitoring, it's very appropriate to use, based on which we can create various dashboards / charts. For server health / monitoring, Splunk logs are not very helpful. It completely relies on log statements, if statement is not formatted in standard format, and it gives inaccurate results.
Read Priti Asai / Thakkar's full review
Dhruba Jyoti Nag profile photo
December 10, 2018

Splunk Enterprise Review: "Splunk, a revolutionary analytics tools for the new age IT professional"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.
  • Data Analytics
  • Reporting
  • Indexing search data
  • Searching machine-generated data at realtime to forecast trends
  • Splunk is expensive.
  • To use Splunk effectively, people must learn SPL.
  • Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.
Splunk is an excellent analytical tool and if SPL is mastered correctly, it can be very powerful too and much more efficient than competing tools. It can be easily used by Business Analysts to get real-time insights if reports are set up for them. However, when it comes to monitoring systems, a lot of configurations are required, and that makes it not the ideal one-stop solution.
Read Dhruba Jyoti Nag's full review
Matt Judice profile photo
January 02, 2019

Splunk Enterprise Review: "Splunk is great for troubleshooting"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Splunk to catalog all incoming quote requests, booking requests and booking responses (effectively we catalog all successful transactions and errors). My team uses these logs to troubleshoot connections with our partners. We also use this to analyze the behavior of our customers to make sure they are operating as we expect them to. I use this tool every day, for several hours per day, to do my job.
  • logging server data
  • easy to use commands to parse data
  • automated reporting
  • real-time reporting that will alert when a condition is met
  • Not a Splunk problem, but we don't have enough space to store as much data as we would like
Logging server activity, logging transaction data, really any scenario where things or data points can be saved and parsed later.
Read Matt Judice's full review
Matt Overton profile photo
August 10, 2018

Splunk Enterprise Review: "Great tool to handle all your server and network monitoring needs"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Splunk Enterprise across the entire company to collect log data that allows us to see up/down times of servers and applications. We have customized Splunk a good bit and it is one of the main tools we rely to monitor our server environment and troubleshoot issues when an app/server is down or having errors.
  • Monitoring of log data to gauge server status and health
  • Dashboards that allows us to view data about servers in our environment
  • MOnitoring for fraud/cyber security threats and risks
  • We really like the product but there is a steep learning curve and training is definitely required
  • Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool
  • Tool is very module driven so you are constantly having to add modules and costs to get new functinality
Splunk does a great job of collecting and monitoring machine data. We have use it to reduce fraud/cyber crime loses and we have been able to see a measurable return since using the product for this purpose. It is very extensible so you can continue expanding what the tool does over time. There is added expense with this, but it may be worth it in the end.
Read Matt Overton's full review
No photo available
December 13, 2018

Splunk Enterprise Review: "Splunk for log collection, indexing, analysis & dashboarding"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is used in our enterprise to analyze monitoring and analytics data. We have thousands of micro services and APIs in our organization. All these APIs emit log data that is used to aggregate and analyze using Splunk. It also helps in end-to-end tracking of flows and data across services, in troubleshooting errors, and in generating metrics. Splunk is also used generating and configuring alerts.
  • Used for indexing and collecting machine data and log data from APIs.
  • This data is used to generate graphs, alerts, metrics that is useful to business, technology and operations.
  • It is data source agnostic and is used to log API, batch, db and log data. It runs on AWS for us.
  • The only con might be that it is much costlier than an open source system like ELK (Elastic Logstash Kibana).
We use Splunk heavily for log data collection, indexing for analysis, and monitoring our APIs 24x7. It is very easy for developers to generate indexes on unstructured data and easy for operations folks to create graphs of this data.
Read this authenticated review
No photo available
December 11, 2018

Splunk Enterprise Review: "We've tried the rest and now we're back on Splunk!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is our dumping ground for our logs. We use Splunk to pump the monitoring and statistical logs to, whether for analysis, storage, or for debugging purposes. The main problem it solves is that we have many systems that live in different places, and having one centralized repository for our logging helps us with correlation of bugs to specific times, and monitoring how different infrastructure interacts.
  • Handles inputs from many different sources.
  • Very easy queries.
  • Dashboard support.
  • Scaling story.
  • Query speed.
We've tried the rest, and Splunk Enterprise seems to be the best solution for dumping our logs when you have either a multi-cloud or multi-product solution. It is great for having a centralized logging platform for multiple users to access and allows you to manage your data in many different indexes and control access to those indexes.
Read this authenticated review
Rahul Shinde profile photo
February 21, 2018

Splunk Enterprise Review: "One of the best Log Analysis application available in the market!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is a very powerful analytics tool. As of now, we are using Splunk on an experimental basis in our department but so far the results are pretty great. So we are planning to expand its use on an organizational level. We use Splunk for various things but mainly we use it to monitor and investigate Blackboard system startup issues by analyzing log files. We have written Splunk search strings to list out all the Blackboard system startup errors in a mannerly fashion and later raise it to the concerned department. After starting to use Splunk, it made very easy to find the exact cause of the issue.
  • Powerful Data Analytics application
  • Excellent and very informative dashboard
  • Defining Field Extractor is very easy and also you can use them to search again
  • Can analyze large amount of data very effectively
  • Need technical expertise to use Splunk. I will recommend watching training videos before integrating Splunk into your organization.
  • Lacks offline and email features
  • It's a great application but it is bit costly
Splunk is a great data analytics tool for you if you have a large amount of data to analyze. Splunk provides accurate and real-time analysis of data through its dashboard. But if you not quite a technical person or not willing to learn Splunk before using it, I will not recommend it to you. Also, Splunk is less appropriate for static data.
Read Rahul Shinde's full review
Ryan Stasel profile photo
March 28, 2018

Splunk Enterprise Review: "Splunk is a great tool for helping make sense of logs"

Score 9 out of 10
Vetted Review
Verified User
Review Source
I'm using Splunk to aggregate logs from various servers and devices within my department. While I don't interact with it daily, or even weekly a lot of times, I do use it heavily when faculty or staff come to me asking when users were logged in, when there are any questionable incidents on websites, etc.
  • Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
  • Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
  • I would love some better wizards to help build canned reports based off common data sets.
  • An easy way to back out integrating a log that suddenly balloons you over your license limits.
  • An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.
Honestly, I can't think of an instance where Splunk isn't well suited for a task. They offer a free license that will handle up to 500MB/day, which unless you're logging against AD, or Exchange, is probably plenty to trial the software. There are examples where I've grabbed a copy for home to help troubleshoot issues with my home network and the network devices supported sending to a Syslog server.

The only issue most users are going to have is cost once you start figuring out the amount of data you're going to be aggregating, the licensing costs can get rather steep.
Read Ryan Stasel's full review
Larry Helms profile photo
March 21, 2018

"Splunk Enterprise Review"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is mainly used to log analysis and alerting of events, both business and technical events
  • Business event alerting
  • Technical Event alerting
  • Graphing of information found in the data
  • Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.
It is best used for both business data analysis, reporting and graphing. But it also does well when alerting on events. Users, however, mistakenly assume that alerting can be/is real-time. Unfortunately, even though indexing is very fast, it can take some time to index and then issue alerts. This is NOT a problem if you properly train users about what to expect and how to properly use the tool.
Read Larry Helms's full review
Sameer Gupta profile photo
January 30, 2018

Splunk Enterprise: "Splunk Review"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is used across the whole organization and is used for logging. We log all of our web traffic thru Splunk and we use it to monitor what events are taking palce on our site. The business problem we solve for is not having to build an inhouse logging tool.
  • Catching web traffic
  • Dashboards are helpful
  • Search capability is great
  • The dropped logs can be frustrating
  • our instance only retains data for 3 months
I think Splunk makes a ton of sense for a company that is looking for an out of box logging tool. Splunk does a good job of letting you log various parameters across your site and easily search and query for the said events.
Read Sameer Gupta's full review
No photo available
April 05, 2018

Splunk Enterprise Review: "Great for almost anything"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use this across our different departments for security, app performance monitoring, host monitoring, data intelligence, correlation, alerting and much more. It's a Swiss Army Knife of IT products.
  • The power of it. It's a very good tool that does amazing things. Nothing comes close to it.
  • It can ingest any data and present it in a digestible, searchable format.
  • Flat file format makes it very fast and the best visualizations I've seen.
  • It can be cost prohibitive, but I still think it's worth it.
  • Training users is a little bit steeper, but once they have it, it's very powerful.
Overall security monitoring: It can take data in and correlate it across very different datasets. Some tools require you to ingest and format it their way, but being able to do ad-hoc searching during an incident has proven to be very valuable.
Read this authenticated review
Trung Pham profile photo
September 14, 2017

Splunk Enterprise Review: "Splunk for new users"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is being used extensively in our technology department. Many applications use Splunk to monitor business activity, system resources, exceptions/failures, and to overall system status. Splunk addresses more technology-related problems but it does provide the business greater transparency into the applications which in turn gives both the business and the developer's peace of mind.
  • SPLUNK has a quick learning curve and can be easily self-taught. For example, there are plenty of resources available such as tutorials and search tools. There is really no prerequisite for learning how to use Splunk.
  • SPLUNK Enterprise provides plenty of useful documentation and user support which makes it easy for anyone to learn and start using SPLUNK in a very short period of time. There are also examples and user feedback that is helpful if you need more advanced implementations.
  • SPLUNK is very powerful, yet simple. For instance, you can set up a dashboard in one day provided you have admin rights and access to the data you want to Splunk.
  • Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
  • Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
  • My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.
Splunk is well suited for applications or companies that process and store large data. Some of these applications may be legacy but as long as you can retrieve this data, then you can use Splunk to transform this data into meaningful reports or dashboards. In addition, Splunk is great for a 24/7 monitoring operations tool that can be set up to send alerts for production support. Splunk is less suited for applications that may already have a GUI because the Splunk features would be less superior than what a graphical user interface could provide in terms of features and customization.
Read Trung Pham's full review
Eric Krueger profile photo
November 13, 2017

Splunk Enterprise Review: "Splunk will make your job easier!!"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We currently have evaluated and are deploying Splunk Enterprise to replace our older SIEM device. This will allow us to monitor our critical systems and allow for scalability as we continue to grow. Using this product has saved us time and money as it is used across our whole company's three locations. The flexibility and tools offered with Splunk make our jobs easier. Also, there are great forums and a cool wiki for best practices using Splunk.
  • Monitoring is made easy and putting out reports for upper management is a breeze.
  • With Splunk analytics we are better able to track our employees usage of systems for auditing purposes.
  • Checking on performance through Splunk's monitoring makes our management of resources a lot easier and resources are put where needed most.
  • Some of the start up in Splunk requires more than we would otherwise like.
  • We wish there was more customizable reporting.
  • Splunk sales engineers could be a bit more friendly and easier to work with.
Splunk Enterprise meets all of our needs under one platform. The cost savings along without sacrificing functionality have made our choice to go with Splunk an easy decision. The functionality and cost savings alone have made upper management happy to deploy this system in our environment and the return on this investment has paid for itself.
Read Eric Krueger's full review
Viktor Mulac profile photo
August 31, 2017

Splunk Enterprise Review: "Splunk in a production environment is a must-have today"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Production line quality monitoring and searching for patterns, leading to outages. Usually scan and fix tasks, finding an event, that leads to an outage.

Two main ways of using Splunk prevail: ad-hoc analysis, and monitoring and alerting.

In some applications with two production lines, Splunk connected directly to the controllers and monitored data in real time. In other applications, we analyzed logs from 5 systems, among others application server logs, database server logs, production line measuring PCs. In total 5 systems had to communicate and an error on DB server sometimes caused outages on the production line. Splunk helped to find patterns in these incidents. We then set up a monitoring app to provide early indication of a potential upcoming outage.
  • Parsing huge amounts of data, structuring data, or at least helping to find a structure
  • Very good performance.
  • Very good graphical representation of data, findings, report creation
  • I really cannot, since after a year we are still discovering more and more possibilities with the product. One specific wish of a manager was: can we work with the reports offline? (e.g. on the airplane) we have not found a reasonable way of doing this. The only thing we came up with was exporting data and rendering specific reports in flash (web viewer) and somehow simulating reports within limited (predefined) boundaries
Trained analyst, with e.g. python knowledge, regular expressions knowledge, etc. will do his tasks quite quickly.

In the beginning, when starting to learn Splunk, you have to deal with tons of error messages, (mostly resolved by Google discussions).
Read Viktor Mulac's full review
No photo available
December 01, 2017

Splunk Enterprise Review: "My Dive into using Splunk"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is being used across our whole organization. We try to have all/most of our logs get pulled into splunk to be able to use the splunk UI to search across information. We are able to give employees access to splunk and allow them to diagnose issues without giving them explicit access to production servers or other production locations.
  • Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
  • Common location to go for all logs even if the logs themselves aren't in the same place.
  • Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).
  • At times some queries can run slowly if indices are not on a portion of the query you use.
  • Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log.
  • Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con).
  • Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk.
Scenarios, where Splunk is well suited, would be a larger organization where multiple teams have their own logs and a web ops team is trying to come in and get a central location to be able to ingest and report on those logs

Scenarios, where Splunk wouldn't be as well suited, would be a small org where all their logs are in one place, easy to find and report on.
Read this authenticated review
Kenneth Taitingfong profile photo
December 02, 2015

Splunk Enterprise Review: "Splunk - the most flexible SIEM tool on the market."

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is currently the SIEM for IT operations and IT security providing log aggregation and security event correlation for multiple departments. The IT operation groups use Splunk to trend operational data, trouble shoot issues, and send automated alerts when certain triggers are met. The security department utilizes Splunk for investigations and event management, leveraging automated alerts and dashboards. For our organization, Splunk provides the "single pane of glass" for users across several IT departments while also serving as our compliance tool for PCI-DSS and SOX.
  • Splunk is flexible and extensible, able to ingest logs from disparate systems using disparate formats and disparate file types. If the ability exists to make the logs human readable (either natively or via a script), Splunk can ingest it.
  • Splunk's flexibility in how you parse, format, and enhance your data is amazingly deep. When you start event typing, tagging, aliasing, and creating data models, you start to really open up Splunk's capabilities.
  • Splunk scales very well in large environments. Adding additional indexers as your environment grows is pretty trivial and its ability to do multi-site clustering and search head clustering provides load balancing and redundancy that's inherent to the product.
  • Splunk's search language goes very deep. To do some of the more advanced formatting or statistical analysis, there's a bit of a learning curve. Splunk training for learning the search language and manipulating your data can cost anywhere from $500.00 to $1500.00 (although a good number of free training exists).
  • Splunk's dashboard capabilities are pretty decent but to do more exciting visualizations requires a bit of development using simple XML, Java script, and CSS.
  • Splunk releases minor revisions very quickly but because of the sheer number of bugs we've run into, we've upgraded our environment four times in nine months.
Splunk is well suited in both small and very large environments almost regardless of the types of devices. However, depending on how Splunk is architected, it can require a number of devoted engineers to onboard, normalize, and present the data. So for organizations that are unable to-provide dedicated resources, the day-to-day operations and backend duties can be overwhelming. Since Splunk is so flexible, it's easy to overwhelm its available resources when a large number of inefficient searches are running. Splunk users need to be trained to not run "sloppy" searches. The community help forums are a wealth of information but in some cases, without professional support, you're going to be lost. The Splunk licensing can also be costly and in some situations, Splunk virtual environments don't perform well.
Read Kenneth Taitingfong's full review
Rick Yetter profile photo
November 11, 2015

Splunk Enterprise Review: "Splunk in a nutshell"

Score 10 out of 10
Vetted Review
Reseller
Review Source
We are a reseller of the product and for our customers we are solving problems from Security, operational intelligence, app development and big data problems.
  • Splunk is great at correlation of data from multiple sources and allows access to critical information without giving access to servers or applications.
  • Splunk is good at integration of data and information from multiple point tools. The ability to have a single pane of glass view in to the IT world is critical to most IT shops.
  • Splunk has a flexible dashboard system built on simple xml. Most users of the product can easily create and manipulate their data into useful dashboards.
  • Splunk is not particularly hard to understand or deploy. The only problem I've really run in to is the 3-6 month use case exhaustion. Customers will have Splunk to solve a particular problem then stop once that problem is fixed. The use cases are only limited to their imagination and can blossom in the right hands.
Splunk for Enterprise Security bar none is the most intuitive and flexible security tool around. The ability to integrate and visualize threat analysis in real time is a key importance to keeping the enterprise secure.
Read Rick Yetter's full review
Andrew Yudin, MBA/CCNP profile photo
December 17, 2015

Splunk Enterprise Review: "Got Splunk?"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Although still in the final implementation stage, Splunk has allowed us to troubleshoot our software suite more efficiently. Our monitoring and engineering team can now rely on the syslog and log correlation capabilities of the Splunk to pinpoint where the issue is.
  • Log correlation
  • Alerting
  • Syslog
  • Would like to see more integrated tools and supported vendors (such as F5, Checkpoint, Palo-Alto, etc.).
Splunk is well suited on medium to large scale networks.
Read Andrew Yudin, MBA/CCNP's full review

Feature Scorecard Summary

Centralized event and log data collection (32)
9.2
Correlation (32)
8.4
Event and log normalization (32)
9.0
Deployment flexibility (29)
8.1
Integration with Identity and Access Management Tools (29)
7.8
Custom dashboards and views (33)
9.2
Host and network-based intrusion detection (19)
8.8

About Splunk Enterprise

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Splunk Enterprise Integrations

Splunk Enterprise Competitors

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Does not have featurePremium Consulting/Integration Services Available?No
Entry-level set up fee?No

Splunk Enterprise Technical Details

Operating Systems: Unspecified
Mobile Application:No