Overview
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
TrustRadius Insights
Great if you have the money
Splunk Enterprise Rocks !!
Real-time smart meters
Splunk Enterprise in the Cloud empowers me as an analyst
Robust IT Operations and SIEM Management Solution
Great for almost anything
Security/Data Analytics Solution That Comes with SIEM Capabilities
Splunk leads the pack
One Splunk to rule them all!
Splunk Enterprise review
Splunk Enterprise - Log collection & aggregation
Won't you take me to Splunkytown
Excellent product for our cybersecurity team
Splunk Enterprise: A powerful, but expensive tool
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Custom dashboards and workspaces (54)8.585%
- Centralized event and log data collection (53)6.565%
- Event and log normalization/management (53)6.060%
- Correlation (52)6.060%
Reviewer Pros & Cons
Pricing
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
41 people also want pricing
Alternatives Pricing
What is Blumira?
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.
Product Demos
Splunk Incident Review Demo
Splunk Threat Intelligence Demo
Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 6.5Centralized event and log data collection(53) Ratings
Effectiveness of real-time centralized event and log data collection
- 6Correlation(52) Ratings
Correlation of logs and events to pinpoint significant threats
- 6Event and log normalization/management(53) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 7.5Deployment flexibility(49) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.5Integration with Identity and Access Management Tools(49) Ratings
Integration with access control tools like Active Directory and LDAP
- 8.5Custom dashboards and workspaces(54) Ratings
dashboards that can be customized to meet the needs of specific groups
- 7Host and network-based intrusion detection(37) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 8.4Data integration/API management(5) Ratings
Ease and quality of data integrations between SIEM and other systems
- 7.8Behavioral analytics and baselining(4) Ratings
How effectively activity and behavior baselines are established and maintained
- 7.8Rules-based and algorithmic detection thresholds(4) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 6.9Response orchestration and automation(4) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 7.9Reporting and compliance management(4) Ratings
Ease and quality of reporting and compliance functions
- 8.9Incident indexing/searching(5) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Integrations
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise?
Splunk Enterprise Integrations
Splunk Enterprise Competitors
Splunk Enterprise Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(455)Community Insights
- Pros
- Cons
- Recommendations
Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.
Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.
Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.
Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.
Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.
Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.
Based on user reviews, the following recommendations emerged for using Splunk:
-
Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.
-
Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.
-
Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.
It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.
Attribute Ratings
Reviews
(1-25 of 41)Great if you have the money
- Searching of information.
- Report building
- Flexibility
- Cost
- Easier guides
- Data normalization.
Splunk Enterprise Rocks !!
- Act as a Search Head, Indexer and Forwarder
- Have full features to install Add-Ons
- Is On-Prem, so we have full control on created lookups on file system
- Better SPL Intelligence
- Add-On's auto upgrade management and notifications
- Implement more features on UI instead of config based implementations
Real-time smart meters
- Real-time status
- Data integration
- Live dashboards
- Automated machine learning
- Extract transform and loading
- Data modeling
Splunk Enterprise in the Cloud empowers me as an analyst
- Gets data from anywhere
- Variety of supported alert types
- Real-time insights
- They should not remove support for Duo 2fa.
Robust IT Operations and SIEM Management Solution
Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
- Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
- Monitor alerts and report on data collected. Create custom dashboards.
- Powerful machine learning and AiOPS functionality.
- Helps with our security compliance and addresses the security team's need to remain PCI compliant.
- Splunk data sizing and data collected. Worked with Professional Service to scale our environment.
- Capacity data storage for Splunk data.
- TuningSplunk analytics dashboards for performance.
One Splunk to rule them all!
- Maximize endpoint logging.
- Can find and store logs from all types of assets.
- Customization of dashboards.
- Creating apps based on your needs.
- Alarm feature alerts relevant people in the organization.
- Data visualization.
- Search queries can be saved for future or even can be converted to apps.
- Slow interface.
- Network teams can easily see if there is a problem with the network device.
- The security team can easily be notified about anomalies that may due to an intrusion.
- The support team can follow the situation of assets and tools.
- It can be integrated with most of the tools available on the market.
Splunk Enterprise review
- Log analyzing.
- Reports.
- Forecast (ML model).
- Stability on some components (e.g. indexers).
- Complexity of install and maintenance of infrastructure.
Setup and maintenance would not be easy, so always plan ahead. Also always do health check for stability on some of the Splunk components such as indexers and HFs.
Excellent product for our cybersecurity team
- Central dashboard for all logs
- Enterprise Security
- Better dashboard graphics
Splunk Enterprise: A powerful, but expensive tool
- Robust collection of plugins to support specific applications
- Relatively easy to use
- Strong and helpful support
- Difficult to master
- Can be very complicated to implement into an environment
- Very expensive
Monitor log and alert quickly with the speed of Splunk Light
- Splunk Light is perfect for standalone on-premise deployment.
- Mainly works well for a small team
- Scalability might be an issue
- A small limit on the number of the user also poses a challenge for large team collaboration.
Splunk is a single tool that does everything
- Log mining.
- Able to consume multiple log sources.
- Provides the possibility to upgrade the Splunk UF from a deployment server.
- Splunk search language can be very expensive if the users do not know what they are doing.
Splunk-ing across the Enterprise
- Quick log queries across different types of infrastructure
- Adaptable dashboards for digesting large amounts of continuous data
- Easy access and sharing of information via URL links
- Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved
- Dashboard duplication for different areas can be difficult
- Capturing all necessary data from cloud platforms is not always straightforward
Using Splunk in Educational Sectors
- Timely alerting
- Sharing with end users automatically
- Less impact
- Sometime we see the Splunk agent taking higher CPU from OS prospects
- Similar issues have been noticed in Oracle Databases
Splunk: The log expert
The log sources are typically firewall logs, email logs, logs from the Intrusion detection system (IDS), logs of different services running on the google cloud, etc. It offers a very easy interface and a query language. We can build our own alarm rule and UI within it for visualization. The rules will run at a time defined by the user and will send metrics to the email. It helped in automating blacklisting as now we can get the most troublesome IP addresses and block them in a minute. It also helped us in tracing a list of most vulnerable on the campus. The most powerful feature is the correlation of log sources. Correlation of log sources is a very taxing process for any software. Splunk handles this gracefully. By correlating firewall traffic, wireless and IDS traffic we once spotted a machine that had a trojan in it and was trying to spread itself laterally through open SMB ports.
- It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn.
- We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users.
- There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn.
- They can introduce a query builder for non-technical users.
- The query error messages could be more specific.
Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive.
- Captures multiple different information about a customer and his/her session.
- Intuitive and informative search options.
- Option to set up precise alerts for different KPIs.
- The speed of the tool could be improved.
- It could store and allow to search for historical data older than 60 days (may be related to our company license).
- Dashboard creation could be more user-friendly.
Splunk, a great tool!
- Versatile
- Intelligent
- Reporting
- Searching
- Log analysis
- Costly
- Needs training to work on
- Needs hands on experience to get used to
a very good log handling and analysis tool
- Log search is very good with this tool.
- Splunk search query language is just very good. You can easily run some analysis using this language
- Generating reports is a very good feature of this tool.
- Detecting anomalies and reporting them is just fantastic.
- Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
- Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
- I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
Splunk is great for troubleshooting
- logging server data
- easy to use commands to parse data
- automated reporting
- real-time reporting that will alert when a condition is met
- Not a Splunk problem, but we don't have enough space to store as much data as we would like
Monitor your monitors...
- Best tool to do log monitoring and creating intuitive dashboards and charts
- Best for setting up alerting for application logs
- The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.
Splunk for log collection, indexing, analysis & dashboarding
- Used for indexing and collecting machine data and log data from APIs.
- This data is used to generate graphs, alerts, metrics that is useful to business, technology and operations.
- It is data source agnostic and is used to log API, batch, db and log data. It runs on AWS for us.
- The only con might be that it is much costlier than an open source system like ELK (Elastic Logstash Kibana).
We've tried the rest and now we're back on Splunk!
- Handles inputs from many different sources.
- Very easy queries.
- Dashboard support.
- Scaling story.
- Query speed.
- Data Analytics
- Reporting
- Indexing search data
- Searching machine-generated data at realtime to forecast trends
- Splunk is expensive.
- To use Splunk effectively, people must learn SPL.
- Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.
- Monitoring of log data to gauge server status and health
- Dashboards that allows us to view data about servers in our environment
- MOnitoring for fraud/cyber security threats and risks
- We really like the product but there is a steep learning curve and training is definitely required
- Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool
- Tool is very module driven so you are constantly having to add modules and costs to get new functinality
Splunk it!
- Though it was a little hard at first, creating the dashboards from the raw data became the big benefit.
- Setup of alerts was, again a little confusing but over time with the real time alert became useful.
- The building of dashboards for the security team for tracking intruders.
- The big one is writing the dashboards based off the raw data.
Splunk is a great tool for helping make sense of logs
- Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
- Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
- I would love some better wizards to help build canned reports based off common data sets.
- An easy way to back out integrating a log that suddenly balloons you over your license limits.
- An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.
The only issue most users are going to have is cost once you start figuring out the amount of data you're going to be aggregating, the licensing costs can get rather steep.