Splunk enterprise stable solution
Splunk Enterprise is used in the company by the IT department. Mainly to monitor security events on process-relevant systems where the …
Overview
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Custom dashboards and workspaces (54)8.585%
- Centralized event and log data collection (53)6.565%
- Event and log normalization/management (53)6.060%
- Correlation (52)6.060%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
41 people also want pricing
Alternatives Pricing
What is Blumira?
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.
Product Demos
Splunk Incident Review Demo
YouTube
Splunk Threat Intelligence Demo
YouTube
Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka
YouTube
Features
Return to navigation
Product Details
- About
- Integrations
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise?
Splunk Enterprise enables users to find out what is happening in a business and take meaningful action. It automates the collection, indexing and alerting of machine data that's critical to operations, so that users can uncover the actionable insights from data — no matter the source or format. Leverage artificial intelligence and machine learning for predictive and proactive business decisions.
Splunk Enterprise Integrations
Splunk Enterprise Competitors
Splunk Enterprise Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
SolarWinds Loggly and LogRhythm NextGen SIEM Platform are common alternatives for Splunk Enterprise.
Reviewers rate Incident indexing/searching highest, with a score of 8.9.
The most common users of Splunk Enterprise are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(455)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.
Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.
Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.
Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.
Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.
Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.
Based on user reviews, the following recommendations emerged for using Splunk:
-
Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.
-
Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.
-
Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.
It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.
Attribute Ratings
Reviews
(1-25 of 41)Companies can't remove reviews or game the system. Here's why
October 24, 2023
Great if you have the money
Score 7 out of 10
Vetted Review
Verified User
We use Splunk Enterprise as a SIEM and a separate pool to use for medical record auditing. The SIEM catalogues information from multiple courses to provide efficiency and security data to the organization. Our medical record audit system is a custom written Splunk Enterprise app that takes audits from our EHR to determine suspicious activities
- Searching of information.
- Report building
- Flexibility
- Cost
- Easier guides
- Data normalization.
June 17, 2022
Splunk Enterprise Rocks !!
We use Splunk Enterprise to do various types of monitoring across organizations using a clustered environment with distributed indexers, search heads, UF, and HFW i.e. Application Monitoring of various ETL tools such as Mulesoft, Airflow, Stream sets, etc REST API Monitoring Database monitoring HEC monitoring
- Act as a Search Head, Indexer and Forwarder
- Have full features to install Add-Ons
- Is On-Prem, so we have full control on created lookups on file system
- Better SPL Intelligence
- Add-On's auto upgrade management and notifications
- Implement more features on UI instead of config based implementations
August 17, 2021
Real-time smart meters
Splunk is being using to track the status of electric utility smart meters which record customer energy usage. Smart meters send power outage & restoration notifications which we track in real-time with splunk. This capability is very important for enhancing our situational awareness to help ensure we deliver safe and reliable electricity to our customers.
- Real-time status
- Data integration
- Live dashboards
- Automated machine learning
- Extract transform and loading
- Data modeling
August 09, 2021
Splunk Enterprise in the Cloud empowers me as an analyst
Splunk Enterprise is the basis for our log correlation and analysis. We're using it primarily for IT Security, and occasionally to assist with operations was helpful. It is the basis of our SIEM, Splunk Enterprise security. We pull in events from a wide variety of data sources. The ability of Splunk to ingest and normalize just about any sort of data is one of its strongest points.
- Gets data from anywhere
- Variety of supported alert types
- Real-time insights
- They should not remove support for Duo 2fa.
July 20, 2021
Robust IT Operations and SIEM Management Solution
Splunk Enterprise is used by our Infrastructure and Enterprise Monitoring Team and Security Teams to monitor our infrastructure. Monitoring is enabled for the overall health of our systems. Data is collected from multiple data sources. Logs are analyzed and converted to meaningful metrics for the team to proactive monitor and take corrective actions.
Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
- Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
- Monitor alerts and report on data collected. Create custom dashboards.
- Powerful machine learning and AiOPS functionality.
- Helps with our security compliance and addresses the security team's need to remain PCI compliant.
- Splunk data sizing and data collected. Worked with Professional Service to scale our environment.
- Capacity data storage for Splunk data.
- TuningSplunk analytics dashboards for performance.
March 12, 2020
One Splunk to rule them all!
Score 10 out of 10
Vetted Review
Verified User
Splunk Enterprise is used across the whole department in our organization for Security information
and event management. It improves our security aspect of the assets by collecting logs. Splunk offers log collection from all types of assets in the environment varying from vulnerability scanning tools to network devices. Centralizing all these logs and managing them from one place is the real deal. It manages huge amounts of log data with a robust operation. Every day our environment creates dozens of logs and Splunk enables us to
see anomalies with alarms.
- Maximize endpoint logging.
- Can find and store logs from all types of assets.
- Customization of dashboards.
- Creating apps based on your needs.
- Alarm feature alerts relevant people in the organization.
- Data visualization.
- Search queries can be saved for future or even can be converted to apps.
- Slow interface.
March 06, 2020
Splunk Enterprise review
Currently our bank has different departments with their own Splunk infrastructure. We are currently building a larger infrastructure to incorporate all departments to join this centralized infrastructure with Splunk Enterprise. As Splunk is used for log analyzing, it is used for reports on different metrics built from logs collected from different servers. We try to consolidate the logs and put results onto a more centralized data center set as well.
- Log analyzing.
- Reports.
- Forecast (ML model).
- Stability on some components (e.g. indexers).
- Complexity of install and maintenance of infrastructure.
February 27, 2020
Excellent product for our cybersecurity team
Splunk Enterprise has been used by our Cybersecurity Department for almost five years to be the single dashboard for our Security Incident and Event Monitoring. On top of that, we are also using the Enterprise Security, and it helps us to focus on the most notable events that need to be followed up asap.
- Central dashboard for all logs
- Enterprise Security
- Better dashboard graphics
February 26, 2020
Splunk Enterprise: A powerful, but expensive tool
Splunk Enterprise is used as a repository for all our server and network infrastructure logs. This allows us to go to one place to review logs and potentially find a relationship between different systems with specific issues. For example, seeing failed login attempts to our switches and learning that a server was using old credentials.
- Robust collection of plugins to support specific applications
- Relatively easy to use
- Strong and helpful support
- Difficult to master
- Can be very complicated to implement into an environment
- Very expensive
February 23, 2020
Monitor log and alert quickly with the speed of Splunk Light
Splunk Light is being used by our Operational and Maintenance team for transaction logging and event monitoring. It was the right solution for our organization since our IT internal policy stipulates that any solution which interacts with our subscriber's activity data must be deployed on-premise. Moreover, since we only have a handful of O&M team, Splunk Light is a lot more convenient to deploy and manage.
- Splunk Light is perfect for standalone on-premise deployment.
- Mainly works well for a small team
- Scalability might be an issue
- A small limit on the number of the user also poses a challenge for large team collaboration.
February 20, 2020
Splunk is a single tool that does everything
We use Splunk to integrate all the logs for each of the applications. Building dashboards and alerts base on the logs by the Application team's requirement. The Application team will be able to search through their log from one centralized place rather than logging into multiple servers to try to define the issue manually. With the Splunk search language, it is very easy to look for possible errors within a certain time frame. Our organization also use Splunk for fraud investigation purpose. We have more than 100 application teams using Splunk today and most of them are using it for troubleshooting purposes when there is an issue that has occurred.
- Log mining.
- Able to consume multiple log sources.
- Provides the possibility to upgrade the Splunk UF from a deployment server.
- Splunk search language can be very expensive if the users do not know what they are doing.
February 18, 2020
Splunk-ing across the Enterprise
Splunk is utilized for creation of dashboards and log queries across many areas.
- Quick log queries across different types of infrastructure
- Adaptable dashboards for digesting large amounts of continuous data
- Easy access and sharing of information via URL links
- Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved
- Dashboard duplication for different areas can be difficult
- Capturing all necessary data from cloud platforms is not always straightforward
November 22, 2019
Using Splunk in Educational Sectors
Splunk Enterprise has been used across University of Minnesota as one of our IT monitoring and alerting tools. This has been a big help for our user base to provide timed email alerts as well as monitoring all of the threshold parameters we set up. We have a dedicated admin to make sure the Splunk agents have been deployed and configured across all the client tools.
- Timely alerting
- Sharing with end users automatically
- Less impact
- Sometime we see the Splunk agent taking higher CPU from OS prospects
- Similar issues have been noticed in Oracle Databases
November 20, 2019
Splunk: The log expert
Splunk Enterprise is a brilliant tool that we use in the University of Colorado, Denver to analyze logs obtained from various sources. Our team is responsible for maintaining the security of our campus and the University of Colorado, Anschutz medical campus.
The log sources are typically firewall logs, email logs, logs from the Intrusion detection system (IDS), logs of different services running on the google cloud, etc. It offers a very easy interface and a query language. We can build our own alarm rule and UI within it for visualization. The rules will run at a time defined by the user and will send metrics to the email. It helped in automating blacklisting as now we can get the most troublesome IP addresses and block them in a minute. It also helped us in tracing a list of most vulnerable on the campus. The most powerful feature is the correlation of log sources. Correlation of log sources is a very taxing process for any software. Splunk handles this gracefully. By correlating firewall traffic, wireless and IDS traffic we once spotted a machine that had a trojan in it and was trying to spread itself laterally through open SMB ports.
The log sources are typically firewall logs, email logs, logs from the Intrusion detection system (IDS), logs of different services running on the google cloud, etc. It offers a very easy interface and a query language. We can build our own alarm rule and UI within it for visualization. The rules will run at a time defined by the user and will send metrics to the email. It helped in automating blacklisting as now we can get the most troublesome IP addresses and block them in a minute. It also helped us in tracing a list of most vulnerable on the campus. The most powerful feature is the correlation of log sources. Correlation of log sources is a very taxing process for any software. Splunk handles this gracefully. By correlating firewall traffic, wireless and IDS traffic we once spotted a machine that had a trojan in it and was trying to spread itself laterally through open SMB ports.
- It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn.
- We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users.
- There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn.
- They can introduce a query builder for non-technical users.
- The query error messages could be more specific.
Splunk Enterprise tool is being used across our Digital department. Using this tool we are able to search and analyze event logs of our customer sessions. We can see the error trends of our Digital Services. Set up alerts for multiple KPIs and create dashboards for monitoring the health of our Digital products.
- Captures multiple different information about a customer and his/her session.
- Intuitive and informative search options.
- Option to set up precise alerts for different KPIs.
- The speed of the tool could be improved.
- It could store and allow to search for historical data older than 60 days (may be related to our company license).
- Dashboard creation could be more user-friendly.
May 21, 2019
Splunk, a great tool!
Score 8 out of 10
Vetted Review
Verified User
Splunk is being used by the entire organization for searching and reporting and to analyze the logs and entire organization’s data. Splunk is a great tool to work on. It helps in finding various threats inside and outside the organization. Five stars.
- Versatile
- Intelligent
- Reporting
- Searching
- Log analysis
- Costly
- Needs training to work on
- Needs hands on experience to get used to
January 02, 2019
a very good log handling and analysis tool
Splunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.
- Log search is very good with this tool.
- Splunk search query language is just very good. You can easily run some analysis using this language
- Generating reports is a very good feature of this tool.
- Detecting anomalies and reporting them is just fantastic.
- Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
- Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
- I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
January 02, 2019
Splunk is great for troubleshooting
We use Splunk to catalog all incoming quote requests, booking requests and booking responses (effectively we catalog all successful transactions and errors). My team uses these logs to troubleshoot connections with our partners. We also use this to analyze the behavior of our customers to make sure they are operating as we expect them to. I use this tool every day, for several hours per day, to do my job.
- logging server data
- easy to use commands to parse data
- automated reporting
- real-time reporting that will alert when a condition is met
- Not a Splunk problem, but we don't have enough space to store as much data as we would like
December 14, 2018
Monitor your monitors...
Splunk is used for application logs monitoring and system health checks for production environment and performance environment.
- Best tool to do log monitoring and creating intuitive dashboards and charts
- Best for setting up alerting for application logs
- The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.
December 14, 2018
Splunk for log collection, indexing, analysis & dashboarding
Splunk is used in our enterprise to analyze monitoring and analytics data. We have thousands of micro services and APIs in our organization. All these APIs emit log data that is used to aggregate and analyze using Splunk. It also helps in end-to-end tracking of flows and data across services, in troubleshooting errors, and in generating metrics. Splunk is also used generating and configuring alerts.
- Used for indexing and collecting machine data and log data from APIs.
- This data is used to generate graphs, alerts, metrics that is useful to business, technology and operations.
- It is data source agnostic and is used to log API, batch, db and log data. It runs on AWS for us.
- The only con might be that it is much costlier than an open source system like ELK (Elastic Logstash Kibana).
December 12, 2018
We've tried the rest and now we're back on Splunk!
Splunk is our dumping ground for our logs. We use Splunk to pump the monitoring and statistical logs to, whether for analysis, storage, or for debugging purposes. The main problem it solves is that we have many systems that live in different places, and having one centralized repository for our logging helps us with correlation of bugs to specific times, and monitoring how different infrastructure interacts.
- Handles inputs from many different sources.
- Very easy queries.
- Dashboard support.
- Scaling story.
- Query speed.
Splunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.
- Data Analytics
- Reporting
- Indexing search data
- Searching machine-generated data at realtime to forecast trends
- Splunk is expensive.
- To use Splunk effectively, people must learn SPL.
- Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.
We use Splunk Enterprise across the entire company to collect log data that allows us to see up/down times of servers and applications. We have customized Splunk a good bit and it is one of the main tools we rely to monitor our server environment and troubleshoot issues when an app/server is down or having errors.
- Monitoring of log data to gauge server status and health
- Dashboards that allows us to view data about servers in our environment
- MOnitoring for fraud/cyber security threats and risks
- We really like the product but there is a steep learning curve and training is definitely required
- Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool
- Tool is very module driven so you are constantly having to add modules and costs to get new functinality
April 10, 2018
Splunk it!
We have used splunk light in the past for log analysis of Cisco routers, firewalls and switches to determine path issues. This was mainly used within the network infrastructure group. The alerting was the main benefit when trying to determine intruder detection and the path the intruder was trying to take.
- Though it was a little hard at first, creating the dashboards from the raw data became the big benefit.
- Setup of alerts was, again a little confusing but over time with the real time alert became useful.
- The building of dashboards for the security team for tracking intruders.
- The big one is writing the dashboards based off the raw data.
March 28, 2018
Splunk is a great tool for helping make sense of logs
I'm using Splunk to aggregate logs from various servers and devices within my department. While I don't interact with it daily, or even weekly a lot of times, I do use it heavily when faculty or staff come to me asking when users were logged in, when there are any questionable incidents on websites, etc.
- Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
- Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
- I would love some better wizards to help build canned reports based off common data sets.
- An easy way to back out integrating a log that suddenly balloons you over your license limits.
- An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.