TrustRadius
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.https://dudodiprj2sv7.cloudfront.net/product-logos/Rs/AC/1TUEB784F6M4.jpega very good log handling and analysis toolSplunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.,Log search is very good with this tool. Splunk search query language is just very good. You can easily run some analysis using this language Generating reports is a very good feature of this tool. Detecting anomalies and reporting them is just fantastic.,Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it. Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression. I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.,9,There are a lot of positive impacts that Splunk had made, we have real-time exception alerting which is very useful We have report generation out of the logs which again helped us in many ways. The only negative thing I can say is that it requires good learning and that takes a long time,Datadog and Sentry,Google BigQuery, Apache Kafka, HadoopMonitor your monitors...Splunk is used for application logs monitoring and system health checks for production environment and performance environment.,Best tool to do log monitoring and creating intuitive dashboards and charts Best for setting up alerting for application logs,The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.,8,It has been helping with alerting on certain attacks on site and monitoring server health. It slows down during high traffic volume days - ( major 5 days of the year ),New Relic,Adobe Target, Tealium iQ Tag Management System, Signal Tag ManagementSplunk, a revolutionary analytics tools for the new age IT professionalSplunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.,Data Analytics Reporting Indexing search data Searching machine-generated data at realtime to forecast trends,Splunk is expensive. To use Splunk effectively, people must learn SPL. Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.,8,The impact was tremendous in terms of dollar values. The real-time alerts generated helped salvage many business transactions which would have been a nightmare to deal with later. Legacy reporting systems were decommissioned and reporting moved to Splunk which helped in saving maintenance costs. The upfront expenditure is Splunk but whether that can be considered negative depends on the organization.,,IntelliJ IDEA, Toad for Oracle, IntelliJ WebStormSplunk is great for troubleshootingWe use Splunk to catalog all incoming quote requests, booking requests and booking responses (effectively we catalog all successful transactions and errors). My team uses these logs to troubleshoot connections with our partners. We also use this to analyze the behavior of our customers to make sure they are operating as we expect them to. I use this tool every day, for several hours per day, to do my job.,logging server data easy to use commands to parse data automated reporting real-time reporting that will alert when a condition is met,Not a Splunk problem, but we don't have enough space to store as much data as we would like,10,Splunk has decreased the amount of time we spend looking for things to fix in other places. so far no negative effects,,Microsoft SQL Server, Tableau ServerGreat tool to handle all your server and network monitoring needsWe use Splunk Enterprise across the entire company to collect log data that allows us to see up/down times of servers and applications. We have customized Splunk a good bit and it is one of the main tools we rely to monitor our server environment and troubleshoot issues when an app/server is down or having errors.,Monitoring of log data to gauge server status and health Dashboards that allows us to view data about servers in our environment MOnitoring for fraud/cyber security threats and risks,We really like the product but there is a steep learning curve and training is definitely required Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool Tool is very module driven so you are constantly having to add modules and costs to get new functinality,9,Splunk has allowed us to reduce losses via fraud. We have actually be able to monetize how much money it has saved us. This alone has allowed the tool to pay for itself. Splunk provides key machine data easily. This data is used for all sorts of processes throughout the company and is very valuable to other systems/departments. Splunk has allowed us to closely monitoring and catch items before they impact our large customer facing applications. It is hard to quantify, but this has saved us money by keeping more customers happy.,Dynatrace, SolarWinds Network Performance Monitor, CA APM and ThousandEyes,Ivanti ITSM Service Desk, powered by Heat (formerly LANDESK Service Desk), Workday Human Capital Management, MS SharePoint
Unspecified
Splunk Enterprise
191 Ratings
Score 8.5 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Splunk Enterprise Reviews

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
Splunk Enterprise
191 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101
Show Filters 
Hide Filters 
Filter 191 vetted Splunk Enterprise reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-25 of 42)

  Vendors can't alter or remove reviews. Here's why.
Rounak Jangir profile photo
January 02, 2019

Splunk Enterprise Review: "a very good log handling and analysis tool"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.
  • Log search is very good with this tool.
  • Splunk search query language is just very good. You can easily run some analysis using this language
  • Generating reports is a very good feature of this tool.
  • Detecting anomalies and reporting them is just fantastic.
  • Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
  • Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
  • I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
If you need to search and need to do some analysis on top of that, then Splunk is a great thing to use. And also if you want to generate reports from them and want alerts on some specific activity, then Splunk should be your first choice. I have used this tool for this purpose but can't say in which scenario it would not fit.
Read Rounak Jangir's full review
Priti Asai / Thakkar profile photo
December 14, 2018

Splunk Enterprise Review: "Monitor your monitors..."

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is used for application logs monitoring and system health checks for production environment and performance environment.
  • Best tool to do log monitoring and creating intuitive dashboards and charts
  • Best for setting up alerting for application logs
  • The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.
For anything related to the application backend logs and monitoring, it's very appropriate to use, based on which we can create various dashboards / charts. For server health / monitoring, Splunk logs are not very helpful. It completely relies on log statements, if statement is not formatted in standard format, and it gives inaccurate results.
Read Priti Asai / Thakkar's full review
Dhruba Jyoti Nag profile photo
December 10, 2018

Splunk Enterprise Review: "Splunk, a revolutionary analytics tools for the new age IT professional"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.
  • Data Analytics
  • Reporting
  • Indexing search data
  • Searching machine-generated data at realtime to forecast trends
  • Splunk is expensive.
  • To use Splunk effectively, people must learn SPL.
  • Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.
Splunk is an excellent analytical tool and if SPL is mastered correctly, it can be very powerful too and much more efficient than competing tools. It can be easily used by Business Analysts to get real-time insights if reports are set up for them. However, when it comes to monitoring systems, a lot of configurations are required, and that makes it not the ideal one-stop solution.
Read Dhruba Jyoti Nag's full review
Matt Judice profile photo
January 02, 2019

Splunk Enterprise Review: "Splunk is great for troubleshooting"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Splunk to catalog all incoming quote requests, booking requests and booking responses (effectively we catalog all successful transactions and errors). My team uses these logs to troubleshoot connections with our partners. We also use this to analyze the behavior of our customers to make sure they are operating as we expect them to. I use this tool every day, for several hours per day, to do my job.
  • logging server data
  • easy to use commands to parse data
  • automated reporting
  • real-time reporting that will alert when a condition is met
  • Not a Splunk problem, but we don't have enough space to store as much data as we would like
Logging server activity, logging transaction data, really any scenario where things or data points can be saved and parsed later.
Read Matt Judice's full review
Matt Overton profile photo
August 10, 2018

Splunk Enterprise Review: "Great tool to handle all your server and network monitoring needs"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Splunk Enterprise across the entire company to collect log data that allows us to see up/down times of servers and applications. We have customized Splunk a good bit and it is one of the main tools we rely to monitor our server environment and troubleshoot issues when an app/server is down or having errors.
  • Monitoring of log data to gauge server status and health
  • Dashboards that allows us to view data about servers in our environment
  • MOnitoring for fraud/cyber security threats and risks
  • We really like the product but there is a steep learning curve and training is definitely required
  • Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool
  • Tool is very module driven so you are constantly having to add modules and costs to get new functinality
Splunk does a great job of collecting and monitoring machine data. We have use it to reduce fraud/cyber crime loses and we have been able to see a measurable return since using the product for this purpose. It is very extensible so you can continue expanding what the tool does over time. There is added expense with this, but it may be worth it in the end.
Read Matt Overton's full review
No photo available
December 13, 2018

Splunk Enterprise Review: "Splunk for log collection, indexing, analysis & dashboarding"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is used in our enterprise to analyze monitoring and analytics data. We have thousands of micro services and APIs in our organization. All these APIs emit log data that is used to aggregate and analyze using Splunk. It also helps in end-to-end tracking of flows and data across services, in troubleshooting errors, and in generating metrics. Splunk is also used generating and configuring alerts.
  • Used for indexing and collecting machine data and log data from APIs.
  • This data is used to generate graphs, alerts, metrics that is useful to business, technology and operations.
  • It is data source agnostic and is used to log API, batch, db and log data. It runs on AWS for us.
  • The only con might be that it is much costlier than an open source system like ELK (Elastic Logstash Kibana).
We use Splunk heavily for log data collection, indexing for analysis, and monitoring our APIs 24x7. It is very easy for developers to generate indexes on unstructured data and easy for operations folks to create graphs of this data.
Read this authenticated review
No photo available
December 11, 2018

Splunk Enterprise Review: "We've tried the rest and now we're back on Splunk!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is our dumping ground for our logs. We use Splunk to pump the monitoring and statistical logs to, whether for analysis, storage, or for debugging purposes. The main problem it solves is that we have many systems that live in different places, and having one centralized repository for our logging helps us with correlation of bugs to specific times, and monitoring how different infrastructure interacts.
  • Handles inputs from many different sources.
  • Very easy queries.
  • Dashboard support.
  • Scaling story.
  • Query speed.
We've tried the rest, and Splunk Enterprise seems to be the best solution for dumping our logs when you have either a multi-cloud or multi-product solution. It is great for having a centralized logging platform for multiple users to access and allows you to manage your data in many different indexes and control access to those indexes.
Read this authenticated review
Rahul Shinde profile photo
February 21, 2018

Splunk Enterprise Review: "One of the best Log Analysis application available in the market!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is a very powerful analytics tool. As of now, we are using Splunk on an experimental basis in our department but so far the results are pretty great. So we are planning to expand its use on an organizational level. We use Splunk for various things but mainly we use it to monitor and investigate Blackboard system startup issues by analyzing log files. We have written Splunk search strings to list out all the Blackboard system startup errors in a mannerly fashion and later raise it to the concerned department. After starting to use Splunk, it made very easy to find the exact cause of the issue.
  • Powerful Data Analytics application
  • Excellent and very informative dashboard
  • Defining Field Extractor is very easy and also you can use them to search again
  • Can analyze large amount of data very effectively
  • Need technical expertise to use Splunk. I will recommend watching training videos before integrating Splunk into your organization.
  • Lacks offline and email features
  • It's a great application but it is bit costly
Splunk is a great data analytics tool for you if you have a large amount of data to analyze. Splunk provides accurate and real-time analysis of data through its dashboard. But if you not quite a technical person or not willing to learn Splunk before using it, I will not recommend it to you. Also, Splunk is less appropriate for static data.
Read Rahul Shinde's full review
Ryan Stasel profile photo
March 28, 2018

Splunk Enterprise Review: "Splunk is a great tool for helping make sense of logs"

Score 9 out of 10
Vetted Review
Verified User
Review Source
I'm using Splunk to aggregate logs from various servers and devices within my department. While I don't interact with it daily, or even weekly a lot of times, I do use it heavily when faculty or staff come to me asking when users were logged in, when there are any questionable incidents on websites, etc.
  • Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
  • Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
  • I would love some better wizards to help build canned reports based off common data sets.
  • An easy way to back out integrating a log that suddenly balloons you over your license limits.
  • An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.
Honestly, I can't think of an instance where Splunk isn't well suited for a task. They offer a free license that will handle up to 500MB/day, which unless you're logging against AD, or Exchange, is probably plenty to trial the software. There are examples where I've grabbed a copy for home to help troubleshoot issues with my home network and the network devices supported sending to a Syslog server.

The only issue most users are going to have is cost once you start figuring out the amount of data you're going to be aggregating, the licensing costs can get rather steep.
Read Ryan Stasel's full review
Larry Helms profile photo
March 21, 2018

"Splunk Enterprise Review"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is mainly used to log analysis and alerting of events, both business and technical events
  • Business event alerting
  • Technical Event alerting
  • Graphing of information found in the data
  • Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.
It is best used for both business data analysis, reporting and graphing. But it also does well when alerting on events. Users, however, mistakenly assume that alerting can be/is real-time. Unfortunately, even though indexing is very fast, it can take some time to index and then issue alerts. This is NOT a problem if you properly train users about what to expect and how to properly use the tool.
Read Larry Helms's full review
Sameer Gupta profile photo
January 30, 2018

Splunk Enterprise: "Splunk Review"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is used across the whole organization and is used for logging. We log all of our web traffic thru Splunk and we use it to monitor what events are taking palce on our site. The business problem we solve for is not having to build an inhouse logging tool.
  • Catching web traffic
  • Dashboards are helpful
  • Search capability is great
  • The dropped logs can be frustrating
  • our instance only retains data for 3 months
I think Splunk makes a ton of sense for a company that is looking for an out of box logging tool. Splunk does a good job of letting you log various parameters across your site and easily search and query for the said events.
Read Sameer Gupta's full review
No photo available
April 05, 2018

Splunk Enterprise Review: "Great for almost anything"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We use this across our different departments for security, app performance monitoring, host monitoring, data intelligence, correlation, alerting and much more. It's a Swiss Army Knife of IT products.
  • The power of it. It's a very good tool that does amazing things. Nothing comes close to it.
  • It can ingest any data and present it in a digestible, searchable format.
  • Flat file format makes it very fast and the best visualizations I've seen.
  • It can be cost prohibitive, but I still think it's worth it.
  • Training users is a little bit steeper, but once they have it, it's very powerful.
Overall security monitoring: It can take data in and correlate it across very different datasets. Some tools require you to ingest and format it their way, but being able to do ad-hoc searching during an incident has proven to be very valuable.
Read this authenticated review
Trung Pham profile photo
September 14, 2017

Splunk Enterprise Review: "Splunk for new users"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Splunk is being used extensively in our technology department. Many applications use Splunk to monitor business activity, system resources, exceptions/failures, and to overall system status. Splunk addresses more technology-related problems but it does provide the business greater transparency into the applications which in turn gives both the business and the developer's peace of mind.
  • SPLUNK has a quick learning curve and can be easily self-taught. For example, there are plenty of resources available such as tutorials and search tools. There is really no prerequisite for learning how to use Splunk.
  • SPLUNK Enterprise provides plenty of useful documentation and user support which makes it easy for anyone to learn and start using SPLUNK in a very short period of time. There are also examples and user feedback that is helpful if you need more advanced implementations.
  • SPLUNK is very powerful, yet simple. For instance, you can set up a dashboard in one day provided you have admin rights and access to the data you want to Splunk.
  • Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
  • Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
  • My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.
Splunk is well suited for applications or companies that process and store large data. Some of these applications may be legacy but as long as you can retrieve this data, then you can use Splunk to transform this data into meaningful reports or dashboards. In addition, Splunk is great for a 24/7 monitoring operations tool that can be set up to send alerts for production support. Splunk is less suited for applications that may already have a GUI because the Splunk features would be less superior than what a graphical user interface could provide in terms of features and customization.
Read Trung Pham's full review
Eric Krueger profile photo
November 13, 2017

Splunk Enterprise Review: "Splunk will make your job easier!!"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We currently have evaluated and are deploying Splunk Enterprise to replace our older SIEM device. This will allow us to monitor our critical systems and allow for scalability as we continue to grow. Using this product has saved us time and money as it is used across our whole company's three locations. The flexibility and tools offered with Splunk make our jobs easier. Also, there are great forums and a cool wiki for best practices using Splunk.
  • Monitoring is made easy and putting out reports for upper management is a breeze.
  • With Splunk analytics we are better able to track our employees usage of systems for auditing purposes.
  • Checking on performance through Splunk's monitoring makes our management of resources a lot easier and resources are put where needed most.
  • Some of the start up in Splunk requires more than we would otherwise like.
  • We wish there was more customizable reporting.
  • Splunk sales engineers could be a bit more friendly and easier to work with.
Splunk Enterprise meets all of our needs under one platform. The cost savings along without sacrificing functionality have made our choice to go with Splunk an easy decision. The functionality and cost savings alone have made upper management happy to deploy this system in our environment and the return on this investment has paid for itself.
Read Eric Krueger's full review
Viktor Mulac profile photo
August 31, 2017

Splunk Enterprise Review: "Splunk in a production environment is a must-have today"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Production line quality monitoring and searching for patterns, leading to outages. Usually scan and fix tasks, finding an event, that leads to an outage.

Two main ways of using Splunk prevail: ad-hoc analysis, and monitoring and alerting.

In some applications with two production lines, Splunk connected directly to the controllers and monitored data in real time. In other applications, we analyzed logs from 5 systems, among others application server logs, database server logs, production line measuring PCs. In total 5 systems had to communicate and an error on DB server sometimes caused outages on the production line. Splunk helped to find patterns in these incidents. We then set up a monitoring app to provide early indication of a potential upcoming outage.
  • Parsing huge amounts of data, structuring data, or at least helping to find a structure
  • Very good performance.
  • Very good graphical representation of data, findings, report creation
  • I really cannot, since after a year we are still discovering more and more possibilities with the product. One specific wish of a manager was: can we work with the reports offline? (e.g. on the airplane) we have not found a reasonable way of doing this. The only thing we came up with was exporting data and rendering specific reports in flash (web viewer) and somehow simulating reports within limited (predefined) boundaries
Trained analyst, with e.g. python knowledge, regular expressions knowledge, etc. will do his tasks quite quickly.

In the beginning, when starting to learn Splunk, you have to deal with tons of error messages, (mostly resolved by Google discussions).
Read Viktor Mulac's full review
No photo available
December 01, 2017

Splunk Enterprise Review: "My Dive into using Splunk"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Splunk is being used across our whole organization. We try to have all/most of our logs get pulled into splunk to be able to use the splunk UI to search across information. We are able to give employees access to splunk and allow them to diagnose issues without giving them explicit access to production servers or other production locations.
  • Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
  • Common location to go for all logs even if the logs themselves aren't in the same place.
  • Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).
  • At times some queries can run slowly if indices are not on a portion of the query you use.
  • Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log.
  • Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con).
  • Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk.
Scenarios, where Splunk is well suited, would be a larger organization where multiple teams have their own logs and a web ops team is trying to come in and get a central location to be able to ingest and report on those logs

Scenarios, where Splunk wouldn't be as well suited, would be a small org where all their logs are in one place, easy to find and report on.
Read this authenticated review
No photo available
April 17, 2017

Splunk Enterprise Review: "Splunk - Visibility into What's Really Going on in Your Network"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is being used to capture logs from all Windows, Linux, and firewall devices in our enterprise. Currently it is being used by the IT infrastructure department only, but our hope is to make it available to other departments to follow trends in our business. Splunk addresses the issue of visibility into the network. It actually gives IT professionals access to view what is taking place on the network, and it provides something to look at in order to address issues occurring behind the scenes.
  • It gathers logs very well from almost all machine types - most SIEM related products don't do this quite as well.
  • It provides visuals to the user, giving you the ability to transform logs into visual charts (e.g. pie charts, graphs, tables, etc.).
  • Splunk is very quick in reporting and alerting on anomalies. There is little delay.
  • Splunk can be very expensive, and it is best to size out your environment first before procuring. Planning is key, and make sure to buy a license that is at least 2-3 times what you think you need.
  • There is a learning curve to Splunk. It takes a bit to get up to speed with the application.
  • Support is very good, but they will almost never tell you to ways to not use up your license. I had to figure that out myself, and ended up cutting out some useless logs that used over 50 % of my license.
In a corporate environment, especially in a financial sector, I would actually go with a product like RSA Security Analytics. But that is not necessarily the rule of thumb and is not the case for all financial companies. In higher ed, for example, I recommend Splunk because of the ability to monitor trends of students that can help them to get better grades, help the university to grow, and streamline registration processes.
Read this authenticated review
Kenneth Taitingfong profile photo
December 02, 2015

Splunk Enterprise Review: "Splunk - the most flexible SIEM tool on the market."

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is currently the SIEM for IT operations and IT security providing log aggregation and security event correlation for multiple departments. The IT operation groups use Splunk to trend operational data, trouble shoot issues, and send automated alerts when certain triggers are met. The security department utilizes Splunk for investigations and event management, leveraging automated alerts and dashboards. For our organization, Splunk provides the "single pane of glass" for users across several IT departments while also serving as our compliance tool for PCI-DSS and SOX.
  • Splunk is flexible and extensible, able to ingest logs from disparate systems using disparate formats and disparate file types. If the ability exists to make the logs human readable (either natively or via a script), Splunk can ingest it.
  • Splunk's flexibility in how you parse, format, and enhance your data is amazingly deep. When you start event typing, tagging, aliasing, and creating data models, you start to really open up Splunk's capabilities.
  • Splunk scales very well in large environments. Adding additional indexers as your environment grows is pretty trivial and its ability to do multi-site clustering and search head clustering provides load balancing and redundancy that's inherent to the product.
  • Splunk's search language goes very deep. To do some of the more advanced formatting or statistical analysis, there's a bit of a learning curve. Splunk training for learning the search language and manipulating your data can cost anywhere from $500.00 to $1500.00 (although a good number of free training exists).
  • Splunk's dashboard capabilities are pretty decent but to do more exciting visualizations requires a bit of development using simple XML, Java script, and CSS.
  • Splunk releases minor revisions very quickly but because of the sheer number of bugs we've run into, we've upgraded our environment four times in nine months.
Splunk is well suited in both small and very large environments almost regardless of the types of devices. However, depending on how Splunk is architected, it can require a number of devoted engineers to onboard, normalize, and present the data. So for organizations that are unable to-provide dedicated resources, the day-to-day operations and backend duties can be overwhelming. Since Splunk is so flexible, it's easy to overwhelm its available resources when a large number of inefficient searches are running. Splunk users need to be trained to not run "sloppy" searches. The community help forums are a wealth of information but in some cases, without professional support, you're going to be lost. The Splunk licensing can also be costly and in some situations, Splunk virtual environments don't perform well.
Read Kenneth Taitingfong's full review
Rick Yetter profile photo
November 11, 2015

Splunk Enterprise Review: "Splunk in a nutshell"

Score 10 out of 10
Vetted Review
Reseller
Review Source
We are a reseller of the product and for our customers we are solving problems from Security, operational intelligence, app development and big data problems.
  • Splunk is great at correlation of data from multiple sources and allows access to critical information without giving access to servers or applications.
  • Splunk is good at integration of data and information from multiple point tools. The ability to have a single pane of glass view in to the IT world is critical to most IT shops.
  • Splunk has a flexible dashboard system built on simple xml. Most users of the product can easily create and manipulate their data into useful dashboards.
  • Splunk is not particularly hard to understand or deploy. The only problem I've really run in to is the 3-6 month use case exhaustion. Customers will have Splunk to solve a particular problem then stop once that problem is fixed. The use cases are only limited to their imagination and can blossom in the right hands.
Splunk for Enterprise Security bar none is the most intuitive and flexible security tool around. The ability to integrate and visualize threat analysis in real time is a key importance to keeping the enterprise secure.
Read Rick Yetter's full review
Andrew Yudin, MBA/CCNP profile photo
December 17, 2015

Splunk Enterprise Review: "Got Splunk?"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Although still in the final implementation stage, Splunk has allowed us to troubleshoot our software suite more efficiently. Our monitoring and engineering team can now rely on the syslog and log correlation capabilities of the Splunk to pinpoint where the issue is.
  • Log correlation
  • Alerting
  • Syslog
  • Would like to see more integrated tools and supported vendors (such as F5, Checkpoint, Palo-Alto, etc.).
Splunk is well suited on medium to large scale networks.
Read Andrew Yudin, MBA/CCNP's full review
Steven Brice profile photo
December 14, 2015

Splunk Enterprise Review: "Splunk running strong"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is currently being used on our JBOSS Fuse ESB/SOA environment within our department. We have three teams constantly using Splunk for development, QA testing and Operations Support. Splunk has dramatically reduced the QA testing/validation times and has also helped reduce the amount of time spent on operational support. Having instant access to production logs and metrics has greatly reduced time spent gathering and manually analyzing log information. Splunk has ultimately reduced the amount of software tools needed to analyze, gather and validate operational metrics of our entire stack of software. One stop shop.
  • Operational out of the box. No need to spend days setting up and configuring an application to ingest and analyze data.
  • Web UI is fluid and flows easily.
  • Additional applications available for integration with Splunk, and most are free.
  • Enterprise Solution that can be up and running in a couple of hours.
  • Enterprise license that fluctuates between license pools, having the ability to grab more space from unused pools.
  • Ability to stop forwarders from indexing data via web console.
  • Archiving of old indexed data could be refined. Current process is bit hard to understand with the different buckets and max times.
Splunk has helped us create some amazing operational dashboards. We now have instant view-ability into our message flows and route traffic. We see errors before they happen. QA is able to create use cases that can be consistently applied in many different testing scenarios. Developers are able to see production logs without having to worry about access issues or non availability into production environments.
Read Steven Brice's full review
Sumant Murke profile photo
December 08, 2015

Splunk Enterprise Review: "For real time data analyzing get splunk."

Score 9 out of 10
Vetted Review
Verified User
Review Source
Spunk is a great tool. We use it for analyzing large chunks of data in the data center where the data is dynamic and continuously incoming from various events generated by all the servers. We also keep track of the data provided by the metrics generated which gives a good insight of what is going wrong in the data center.
  • Easy to scale with large data sets.
  • Real time analyzing.
  • Suport all types of data.
  • Doesn't provide optimized results with smaller size of data.
  • Costly.
Spunk is a great log analyzing tool if the data is quite large and accepts widely used data format. It provides accurate real time analyzing. Most importantly, it is extensible. The problem with the free version is the data indexing limit whereas the professional version is quite costly for an individual.
Read Sumant Murke's full review
Gaurav Kasliwal profile photo
December 08, 2015

Splunk Enterprise Review: "Splunk: Dynamic and Fast compliance tool"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Splunk is really useful while analyzing dynamic data. I have been using Splunk for 2 years and I really find it very useful, especially working with bigger datasets. I have used Splunk for my project to analyze and learn different patterns from [my] university dataset. It was really very easy and user friendly to use.
  • Scalability. Splunk is really useful when you are dealing with a dynamic and bigger system and you want to make your system scalable.
  • Reliable. Very reliable.
  • Indexing and speed. Splunk really works very fast, even with bigger datasets.
  • Cost! Splunk is a little costly when it comes to economical comparison.
  • Speed is sometimes less when inflow of dynamic data is huge.
  • Learning curve is there to become master of Splunk.
Graphical display of results is really useful while doing analysis of big data. Really useful for dynamic datasets, like network packet flow analysis. Not ver useful for static data.
Read Gaurav Kasliwal's full review
Ajinkya Karande profile photo
February 25, 2015

Splunk Enterprise Review: "Good Tool for log mining"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Overall the experience with Splunk has been good. Although some aspects of UI are little annoying when the query exceeds certain limit the text-area gets bigger and there is no way of knowing if the query is actually running or just hung up. Considering the amount of data being pumped everyday Splunk is very good tool for analyzing and creating reports. Another aspect which can be enhanced is of creating public dashboards which enables all the users to see them just with a link and also to delete them when not needed. Overall very good tool and have had a positive experience with it.
  • Finding Oracle stats
  • Getting request types based on users i.e. sorting capabilities
  • Creating reports and charting based on data
  • UI could be improved i.e. the query text-area behavior
  • Creating reports publicly and deleting them is little non-intuitive for users
For queries with more than a week's data usually will time-out also sometimes query doing lot of things for a days' worth data can time out. There are options where the process can be executed in the background but there isn't a way of knowing if the job failed to fetch the data.
Read Ajinkya Karande's full review
Michael Brombacher profile photo
February 25, 2015

Splunk Enterprise Review: "Big data indexing - Splunk"

Score 8 out of 10
Vetted Review
Verified User
Review Source
logging, logging, logging... from new systems and applications troubleshooting to auditing and general system issue resolution
  • search is amazing
  • search is fast
  • search is customizable
  • reporting is great
  • works well for my users
Perhaps find out how much space/data it can index.
Read Michael Brombacher's full review

Feature Scorecard Summary

Centralized event and log data collection (26)
9.2
Correlation (26)
8.0
Event and log normalization (26)
9.1
Deployment flexibility (24)
8.3
Integration with Identity and Access Management Tools (24)
8.0
Custom dashboards and views (27)
9.4
Host and network-based intrusion detection (16)
8.5

About Splunk Enterprise

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Splunk Enterprise Integrations

Splunk Enterprise Competitors

Pricing

Has featureFree Trial Available?Yes
Has featureFree or Freemium Version Available?Yes
Does not have featurePremium Consulting/Integration Services Available?No
Entry-level set up fee?No

Splunk Enterprise Technical Details

Operating Systems: Unspecified
Mobile Application:No