Skip to main content
TrustRadius
Splunk Enterprise

Splunk Enterprise

Overview

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Read more
Recent Reviews

Splunk enterprise stable solution

7 out of 10
January 05, 2024
Splunk Enterprise is used in the company by the IT department. Mainly to monitor security events on process-relevant systems where the …
Continue reading

TrustRadius Insights

Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log …
Continue reading

Great if you have the money

7 out of 10
October 24, 2023
We use Splunk Enterprise as a SIEM and a separate pool to use for medical record auditing. The SIEM catalogues information from multiple …
Continue reading

Real-time smart meters

9 out of 10
August 17, 2021
Incentivized
Splunk is being using to track the status of electric utility smart meters which record customer energy usage. Smart meters send power …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Custom dashboards and workspaces (54)
    8.5
    85%
  • Centralized event and log data collection (53)
    6.5
    65%
  • Event and log normalization/management (53)
    6.1
    61%
  • Correlation (52)
    6.0
    60%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

40 people also want pricing

Alternatives Pricing

What is Blumira?

Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.

Return to navigation

Product Demos

Splunk Incident Review Demo

YouTube

Splunk Threat Intelligence Demo

YouTube

Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.4
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise?

Splunk Enterprise enables users to find out what is happening in a business and take meaningful action. It automates the collection, indexing and alerting of machine data that's critical to operations, so that users can uncover the actionable insights from data — no matter the source or format. Leverage artificial intelligence and machine learning for predictive and proactive business decisions.

Splunk Enterprise Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

SolarWinds Loggly and LogRhythm NextGen SIEM Platform are common alternatives for Splunk Enterprise.

Reviewers rate Incident indexing/searching highest, with a score of 8.9.

The most common users of Splunk Enterprise are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(455)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.

Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.

Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.

Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.

Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.

Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.

Based on user reviews, the following recommendations emerged for using Splunk:

  • Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.

  • Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.

  • Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.

It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.

Attribute Ratings

Reviews

(51-69 of 69)
Companies can't remove reviews or game the system. Here's why
Sumant Murke | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Spunk is a great tool. We use it for analyzing large chunks of data in the data center where the data is dynamic and continuously incoming from various events generated by all the servers. We also keep track of the data provided by the metrics generated which gives a good insight of what is going wrong in the data center.
  • Easy to scale with large data sets.
  • Real time analyzing.
  • Suport all types of data.
  • Doesn't provide optimized results with smaller size of data.
  • Costly.
Spunk is a great log analyzing tool if the data is quite large and accepts widely used data format. It provides accurate real time analyzing. Most importantly, it is extensible. The problem with the free version is the data indexing limit whereas the professional version is quite costly for an individual.
Gaurav Kasliwal | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk is really useful while analyzing dynamic data. I have been using Splunk for 2 years and I really find it very useful, especially working with bigger datasets. I have used Splunk for my project to analyze and learn different patterns from [my] university dataset. It was really very easy and user friendly to use.
  • Scalability. Splunk is really useful when you are dealing with a dynamic and bigger system and you want to make your system scalable.
  • Reliable. Very reliable.
  • Indexing and speed. Splunk really works very fast, even with bigger datasets.
  • Cost! Splunk is a little costly when it comes to economical comparison.
  • Speed is sometimes less when inflow of dynamic data is huge.
  • Learning curve is there to become master of Splunk.
Graphical display of results is really useful while doing analysis of big data. Really useful for dynamic datasets, like network packet flow analysis. Not ver useful for static data.
Kenneth Taitingfong | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk is currently the SIEM for IT operations and IT security providing log aggregation and security event correlation for multiple departments. The IT operation groups use Splunk to trend operational data, trouble shoot issues, and send automated alerts when certain triggers are met. The security department utilizes Splunk for investigations and event management, leveraging automated alerts and dashboards. For our organization, Splunk provides the "single pane of glass" for users across several IT departments while also serving as our compliance tool for PCI-DSS and SOX.
  • Splunk is flexible and extensible, able to ingest logs from disparate systems using disparate formats and disparate file types. If the ability exists to make the logs human readable (either natively or via a script), Splunk can ingest it.
  • Splunk's flexibility in how you parse, format, and enhance your data is amazingly deep. When you start event typing, tagging, aliasing, and creating data models, you start to really open up Splunk's capabilities.
  • Splunk scales very well in large environments. Adding additional indexers as your environment grows is pretty trivial and its ability to do multi-site clustering and search head clustering provides load balancing and redundancy that's inherent to the product.
  • Splunk's search language goes very deep. To do some of the more advanced formatting or statistical analysis, there's a bit of a learning curve. Splunk training for learning the search language and manipulating your data can cost anywhere from $500.00 to $1500.00 (although a good number of free training exists).
  • Splunk's dashboard capabilities are pretty decent but to do more exciting visualizations requires a bit of development using simple XML, Java script, and CSS.
  • Splunk releases minor revisions very quickly but because of the sheer number of bugs we've run into, we've upgraded our environment four times in nine months.
Splunk is well suited in both small and very large environments almost regardless of the types of devices. However, depending on how Splunk is architected, it can require a number of devoted engineers to onboard, normalize, and present the data. So for organizations that are unable to-provide dedicated resources, the day-to-day operations and backend duties can be overwhelming. Since Splunk is so flexible, it's easy to overwhelm its available resources when a large number of inefficient searches are running. Splunk users need to be trained to not run "sloppy" searches. The community help forums are a wealth of information but in some cases, without professional support, you're going to be lost. The Splunk licensing can also be costly and in some situations, Splunk virtual environments don't perform well.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
I currently use Splunk to extract user activity on both the front and back end of information systems.
  • The querying speed is relatively fast. Of course the complexity of your query can affect how quickly it returns results, however, mine are fairly complex and I haven't had any issues.
  • The query language allows for the ability to extract exactly what you are looking for.
  • The ability to set up alerts is great for increased visibility and monitoring of your data.
  • Splunk provides to the ability to create nice looking dashboards but the dashboards lack dynamic filtering. It would be nice if all the charts within a single dashboard filtered bases on selections within each chart.
Who will be using the tool? The tool is best utilized by technial analysts who are able to comprehend the splunk query language.
November 11, 2015

Splunk in a nutshell

Rick Yetter | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Reseller
We are a reseller of the product and for our customers we are solving problems from Security, operational intelligence, app development and big data problems.
  • Splunk is great at correlation of data from multiple sources and allows access to critical information without giving access to servers or applications.
  • Splunk is good at integration of data and information from multiple point tools. The ability to have a single pane of glass view in to the IT world is critical to most IT shops.
  • Splunk has a flexible dashboard system built on simple xml. Most users of the product can easily create and manipulate their data into useful dashboards.
  • Splunk is not particularly hard to understand or deploy. The only problem I've really run in to is the 3-6 month use case exhaustion. Customers will have Splunk to solve a particular problem then stop once that problem is fixed. The use cases are only limited to their imagination and can blossom in the right hands.
Splunk for Enterprise Security bar none is the most intuitive and flexible security tool around. The ability to integrate and visualize threat analysis in real time is a key importance to keeping the enterprise secure.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk has been deployed and actively used in whole development cycle, in operation, in business analysis, and in security auditing.
  • During our software development, Splunk is used for troubleshooting issues. With its ability to provide consolidated log messages for a specific period of time and transaction mode to correlate all relevant messages, it helps us pinpoint the root cause of the issue.
  • Our operational staff relies on Splunk to provide timely alerts of issues and health monitoring of our entire operation.
  • Our security team can easily perform audits as required using Splunk archives online instead of pulling backup tapes and tediously search though all relevant records of interests.
  • Indexer replication is overly complicated
As a matter of fact, we are still discovering more and more use cases for Splunk.
February 25, 2015

Good Tool for log mining

Ajinkya Karande | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Overall the experience with Splunk has been good. Although some aspects of UI are little annoying when the query exceeds certain limit the text-area gets bigger and there is no way of knowing if the query is actually running or just hung up. Considering the amount of data being pumped everyday Splunk is very good tool for analyzing and creating reports. Another aspect which can be enhanced is of creating public dashboards which enables all the users to see them just with a link and also to delete them when not needed. Overall very good tool and have had a positive experience with it.
  • Finding Oracle stats
  • Getting request types based on users i.e. sorting capabilities
  • Creating reports and charting based on data
  • UI could be improved i.e. the query text-area behavior
  • Creating reports publicly and deleting them is little non-intuitive for users
For queries with more than a week's data usually will time-out also sometimes query doing lot of things for a days' worth data can time out. There are options where the process can be executed in the background but there isn't a way of knowing if the job failed to fetch the data.
Michael Brombacher | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
logging, logging, logging... from new systems and applications troubleshooting to auditing and general system issue resolution
  • search is amazing
  • search is fast
  • search is customizable
  • reporting is great
  • works well for my users
Perhaps find out how much space/data it can index.
January 12, 2015

Review of Splunk

Score 10 out of 10
Vetted Review
Verified User
Incentivized
Currently our cloud services logging is integrated with Splunk . Before Splunk it used to be very long and not a user friendly process if we wanted to check any logs on any of the nodes . With Splunk it is very very easy and efficient. We also use it for additional analysis of our cloud services systems.
  • Analysis of the Data. The feature to drill down the details .
  • Visualization
  • User Friendly
  • Dashboards and Reports
  • Search Functionality with Queries
  • Can't think of any as of now . Happy with what ever they are offering currently.
It's very very helpful in trouble shooting our cloud services in terms of seeing integrated logs across all the nodes in cluster.
Score 9 out of 10
Vetted Review
Verified User
We use Splunk to monitor (performance, status, capacity, inventory) all our multi-ventor storage equipment. It is the best tool I've found to be able to monitor/alert on any type of equipment & no other tool is able to do what Splunk does.
  • Provide custom dashboards. In our environment, we are prepping for offshore off hours administration & no other tool can provide the exact information we are wanting to monitor in on view.
  • It doesnt matter what vendor. We have this tool monitoring Brocade, EMC, Netapp, Isilon & more exactly the way we want to see status.
  • We are able to alert on exactly what we want to see.
  • The learning curve for the tool is workable.
  • I'd like better ability to make alerts look like what we want to see. better able to pass variables into the alert.
  • I'd like to see Excel integration with the syntax when creating reports/dashboards. So many times I know what I want but excel syntax doesnt work
  • Easier data inputs for syslog & related.
It's suitable for any equipment where related logs can be extracted.
Score 5 out of 10
Vetted Review
Verified User
Incentivized
Used to analyze web logs to find anomalies. It was supposed to make easier to for business to understand impact of various types of campaigns. It was also meant to find problems that may occur as part of application failure or fraud, or phishing attempts. Another application it was meant for is to help IT staff to diagnose problems by having central access for all logs.
  • Analyze weblogs and extract key words
  • Visualize increase or decrease usage
  • Drill down capabilities
  • There should be alternate licensing models for companies with large data
  • Better compression of data stored on disk
  • Lesser penalties for over usage
Price is the biggest draw back for us. We could not justify the cost especially when there are alternate products that cost less and even free products that do most of what we want out of Splunk.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I am using Splunk everyday to know what is going on in production. All our services logs are indexed in it and we can easily fetch data with the sample query language offered by Splunk. It really helps us to detect threats before any client complains about it. Moreover, we use it to output stats about the performance of our services.
  • Alerts on any specifics searches help to detect a threat before any client observes it.
  • Dashboards is a nice way to output useful and cool information about how our services are used in production.
  • Easy powerful query language makes Splunk fun to use and any fetched data is not trivial because it's fun! It's really powerful.
  • Documentation is very nice and Splunk is supported by a community.
  • Sadly, splunk is not an open source project.
When a company has a lot of services with a lot of logging, Splunk is very useful to find anything you want. Basically, we can see it as grep, plus there are a lot of libraries to manipulate data. If you have a small company with few products, using Splunk could be an overhead.
Score 9 out of 10
Vetted Review
Verified User
We use Splunk for application alerts, reporting and debugging purposes. We have been using Splunk across multiple projects in our mobile development department. Splunk helps us to closely monitor application logs which are spread across multiple servers/jvm's. We get a consolidated, view of multiple log files in the Splunk dashboard. Splunk's real time indexing service is very efficient. It takes pre-defined key attributes of log files, creates a link to those attributes and displays it on the dashboard which can be further used to filter out results without writing any complex queries. We have created multiple alerts in Splunk to capture different scenarios, one of the most important alerts is the capturing of runtime exceptions (for eg. NullPointerException, Outofmemory Exception etc). This alert informs the development team immediately, resulting in immediate action to resolve that issue based on complexity.
  • Real time indexing of log files - This functionality helps us to track performance of the application during our monthly SOASTA run. We can see request coming and going to different services in real time.
  • Searches - Splunk queries help us to search multiple log files residing in different servers in one go, which makes debugging very easy in a distributed environment.
  • Alerts - Splunk alerts is an efficient tool which tells us before hand about issues in our production environment and gives us enough time to validate and fix those issues.
  • Reporting - We work in an SOA based environment where multiple services talk to each other, we use splunk to generate daily performance reports of each service which includes lookups, hits, failures etc.
  • We are using Splunk 6.0 version which is better in terms of performance as compared to its older versions, but it slows down, started using more server resources like memory, cpu time etc than expected, I guess this is one area where improvement is needed.
  • Splunk queries are slightly complex when it comes to new or less experienced people, if we can make it more simple that will be awesome. But I must say it is doing its job very well.
Splunk is very well suited to our ecosystem. We have very complex distributed SOA based environment where applications are running on multiple jvm's configured on multiple servers to support high traffic load. Splunk has made everything transparent and now we can dig deep to figure out problems in no time. With Splunk, performance monitoring has reached the level where we are able to capture minor details, do analysis and take steps to improve.
Score 2 out of 10
Vetted Review
Verified User
Splunk was used to mine system logs for trends and errors. It was expensive, and the most interesting reports ran very slowly. So slowly that sometimes you couldn't get the results before something would time out. I didn't design the system or the report.
  • Nice graphs.
  • I would have liked it to run offline and email me the result.
I was not involved in selection.
Bryan Ignatow | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Splunk was used in a variety of log collection activities for Linux and UNIX systems, both in our company and at our customers companies. It allowed for the easy collection of logs, searching, and automated actions resulting from the messages received. The multi-tier architecture was easy to install and operate, as well as provided significant flexibility for our customer implementations.
  • Gathering log messages from a multitude of sources.
  • Summarizing and gathering important information from those logs.
  • Allows simple and advanced searches, as well as complex automations to be created, gathering more value from existing data.
  • There is a bit of a learning curve for a multi-tier architecture, but with a little work its easy to understand from the instructional materials provided by Splunk.
  • Searches can take a bit to understand, especially regular expressions and search syntax.
  • As always, understanding your data is paramount to being able to derive value from it.
Its the Swiss army knife of log collection and searching. I'd recommend it wholeheartedly. I consider it to be the gold standard for products in this industry. Working with the vendor is easy, as they have a very open and helpful attitude. And you can try the product for free to get a feel for it before investing heavily in it (which you will want to once you decide how it benefits your organization).
Richard Wilbert, MBA | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Splunk is being used as an aggregator of our log data to produce reports for activity and audit and to monitor file access. The capabilities of Splunk streamline the level of effort needed to produce reports for auditors. Additionally, it can be setup to monitor file access which can indicate a data breach attempt as an example.
  • Splunk is great for visualizing your data in a format that can indicate trends.
  • Splunk can help you determine root cause and assimilate dissimilar data sources in a consistent manner.
  • Splunk can help you find "the needle in the haystack" problems without having to log into many different devices.
  • Splunk can be setup to look for symptoms that may cause issues in your environment and either alert report or trigger an action.
  • Maybe wizards to help you walk through different tasks might help the beginner.
It is very well suited for large environments that have sensitive data or have a lot of devices. It is also well suited for IT management that likes pretty pictures of how their environment is running. It is very suitable for companies that spend too much of their IT engineers' time on audits, compliance and reporting to groups outside of IT.
Rajesh Jain | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Splunk is used by our customers either for log analysis, or getting insights in performance issues. Most of the users of Splunk are in Ops -- they are focused on keeping the lights on and getting ahead before the the problem occurs. The main business problems which customers attempt to solve are - Security breaches and Fraud analysis and performance diagnostics.
  • Log Aggregation and Ingestion
  • Search and Analytics
  • Operational Intelligence - identify patterns in performance bottleneck
  • Setting up the log monitors and data ingestion process
  • Search Queries - they have a new Data model and UI, but it needs more improvement
I would suggest that Splunk is best suited if

- If you are drowned in log files and don't have any clue of where your problems are?
- If you are reactive and not looking at patterns or problem bottlenecks?
- Would like to get Business Intelligence from your Operational / Log file or / dynaTrace Performance Data
May 14, 2014

Splunk: a review

Score 8 out of 10
Vetted Review
Verified User
Splunk is used across our entire organization as a centralized location for all of the various data elements that we use to track performance of our internal systems and client facing interactions.
  • Splunk is great at quickly finding the insights you need to start an analysis
  • Once you understand the query syntax, Splunk is very easy to use.
  • Great alert monitoring.
  • Splunk lacks the ability to create professional looking customer facing reports.
  • Steep learning curve.
  • Large queries are slower than a more traditional DB.
Splunk is very well suited for monitoring IT systems. It allows you to have almost real-time access to data as it is being generated. This allows for extremely useful alert monitoring. As a customer facing tool, which is not a standard use-case, Splunk is slightly lacking. You can set-up many reports with the data you need, but they have a technical feel that is not suited for some external clients.
Joshua Fischer | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
We are using it primarily a a business analytics tool. We use it to run A/B tests, identify potential fraudsters, troubleshoot site issues and look at overall site behavior broken down by cohort. It's also used to identify issues in real time.
  • It allows people to break down all of your data by any cohorts that you have.
  • It pulls data in real time
  • It's query writing is flexible so you don't have to know exactly what you want before an experiment begins
  • Speed. Queries can take forever to run
  • Reliability, we are regularly having issues with our Splunk set-up going down
  • Complexity, we need a team of engineers to keep it running
Great for companies who care a lot about A/B testing and breaking down the results by cohorts. For very data-focused organizations with strong tech teams
Return to navigation