Skip to main content
TrustRadius
Splunk Enterprise

Splunk Enterprise

Overview

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Read more

Learn from top reviewers

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

48 people also want pricing

Alternatives Pricing

What is Sumo Logic?

Sumo Logic is a log management offering from the San Francisco based company of the same name.

What is Blumira?

Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.

Return to navigation

Product Demos

Splunk Incident Review Demo

YouTube

Splunk Threat Intelligence Demo

YouTube

Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.5
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise?

Splunk Enterprise enables users to find out what is happening in a business and take meaningful action. It automates the collection, indexing and alerting of machine data that's critical to operations, so that users can uncover the actionable insights from data — no matter the source or format. Leverage artificial intelligence and machine learning for predictive and proactive business decisions.

Splunk Enterprise Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

SolarWinds Loggly and LogRhythm NextGen SIEM Platform are common alternatives for Splunk Enterprise.

Reviewers rate Incident indexing/searching highest, with a score of 9.

The most common users of Splunk Enterprise are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(471)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.

Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.

Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.

Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.

Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.

Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.

Based on user reviews, the following recommendations emerged for using Splunk:

  • Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.

  • Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.

  • Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.

It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.

Reviews

(1-18 of 18)
Companies can't remove reviews or game the system. Here's why

Real-time smart meters

Rating: 9 out of 10
August 17, 2021
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk is being using to track the status of electric utility smart meters which record customer energy usage. Smart meters send power outage & restoration notifications which we track in real-time with splunk. This capability is very important for enhancing our situational awareness to help ensure we deliver safe and reliable electricity to our customers.
  • Real-time status
  • Data integration
  • Live dashboards
Handling millions of real-time data points can be achieved with ease.

Robust IT Operations and SIEM Management Solution

Rating: 10 out of 10
July 20, 2021
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk Enterprise is used by our Infrastructure and Enterprise Monitoring Team and Security Teams to monitor our infrastructure. Monitoring is enabled for the overall health of our systems. Data is collected from multiple data sources. Logs are analyzed and converted to meaningful metrics for the team to proactive monitor and take corrective actions.

Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
  • Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
  • Monitor alerts and report on data collected. Create custom dashboards.
  • Powerful machine learning and AiOPS functionality.
  • Helps with our security compliance and addresses the security team's need to remain PCI compliant.
Good for event correlation from multiple data sources, web monitoring, systems and application monitoring. Good as security information and event management tool. It collects data from logs and custom applications helping the business make informed decisions across the organization. Gain insights to drive operational performance and business results. Splunk's rich visualizations make results easy to understand and take necessary actions.

Splunk Enterprise - Log collection & aggregation

Rating: 10 out of 10
February 29, 2020
FC
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk was initially purchased to be our replacement for our syslog server, but it has grown into much much more and this is because of how easy it is to get logs into Splunk and the flexibility of what can be done with those logs.
We are now using it as a security tool, ingesting logs from lots of different sources and even our cloud platforms.
Currently it is just our IT team that use Splunk.
  • Dashboards/visualisations.
  • Can ingest any type of data.
  • Flexibility with filtering, etc.
Splunk is excellent in most situations where log collection and aggregation is needed. It can work as a small scale syslog server and be built on from that.
The obvious wall is the cost of the product and for that reason I would say smaller businesses would not be suited to this as there are free solutions that could bridge this gap.

Won't you take me to Splunkytown

Rating: 9 out of 10
February 29, 2020
Verified User
Vetted Review
Verified User
Splunk Enterprise
3 years of experience
We're using Splunk Enterprise to assist us with IT Operations and IT Security. We came to look at Splunk because when I entered the company I found over 500 devices with no centralized logging in any way, no ability to pinpoint problems across the whole organization whether historic or predictable and things like this. Splunk is helping us deliver a predictable, robust operation of our infrastructure instead of reacting to problems and working to find just what was affected and when.

We believe we can apply Splunk to other data, in time, specifically aiding the company with analyzing financial information, but this is not yet an active project.
  • Fast, efficient
  • Solid community of experts and training materials
  • Ingests data from many sources, with a large number of partner relationships
Splunk Enterprise is well-suited for any requirement to aggregate vast sums of data, no matter how structured or unstructured, and search across it all at speed, or report on it with visualizations, etc.

It's not suited for scenarios where you want to report on a single set of data, say, in a traditional way, for example, a typical scheduled report out of a finance system.

Splunk Enterprise: A powerful, but expensive tool

Rating: 10 out of 10
February 26, 2020
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk Enterprise is used as a repository for all our server and network infrastructure logs. This allows us to go to one place to review logs and potentially find a relationship between different systems with specific issues. For example, seeing failed login attempts to our switches and learning that a server was using old credentials.
  • Robust collection of plugins to support specific applications
  • Relatively easy to use
  • Strong and helpful support
If the organization is looking for a powerful SIEM solution and has the budget, then I would recommend Splunk Enterprise. Using the tool can be as simple or as complicated as you want it. My only hesitation will be the complexity of implementation. For smaller organizations, it shouldn't be an issue, but larger ones may find it challenging to follow Splunk Enterprise's best practices for implementation.

Splunk is a single tool that does everything

Rating: 9 out of 10
February 20, 2020
SD
Vetted Review
Verified User
Splunk Enterprise
4 years of experience
We use Splunk to integrate all the logs for each of the applications. Building dashboards and alerts base on the logs by the Application team's requirement. The Application team will be able to search through their log from one centralized place rather than logging into multiple servers to try to define the issue manually. With the Splunk search language, it is very easy to look for possible errors within a certain time frame. Our organization also use Splunk for fraud investigation purpose. We have more than 100 application teams using Splunk today and most of them are using it for troubleshooting purposes when there is an issue that has occurred.
  • Log mining.
  • Able to consume multiple log sources.
Splunk is the best tool to use for log mining. It is also good at combining multiple sources of logs together and creates a single pane of glass. It can do lots of APM monitoring however at the end of the day it is more of a log mining tool but not an APM tool. It is best to use for business analyzing, debugging and fraud investigation. When it comes to monitoring part, get a proper APM tool will be a better idea.

a very good log handling and analysis tool

Rating: 9 out of 10
January 02, 2019
RJ
Vetted Review
Verified User
Splunk Enterprise
1 year of experience
Splunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.
  • Log search is very good with this tool.
  • Splunk search query language is just very good. You can easily run some analysis using this language
  • Generating reports is a very good feature of this tool.
  • Detecting anomalies and reporting them is just fantastic.
If you need to search and need to do some analysis on top of that, then Splunk is a great thing to use. And also if you want to generate reports from them and want alerts on some specific activity, then Splunk should be your first choice. I have used this tool for this purpose but can't say in which scenario it would not fit.

Monitor your monitors...

Rating: 8 out of 10
December 14, 2018
Splunk is used for application logs monitoring and system health checks for production environment and performance environment.
  • Best tool to do log monitoring and creating intuitive dashboards and charts
  • Best for setting up alerting for application logs
For anything related to the application backend logs and monitoring, it's very appropriate to use, based on which we can create various dashboards / charts. For server health / monitoring, Splunk logs are not very helpful. It completely relies on log statements, if statement is not formatted in standard format, and it gives inaccurate results.

Splunk, a revolutionary analytics tools for the new age IT professional

Rating: 8 out of 10
December 10, 2018
Splunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.
  • Data Analytics
  • Reporting
  • Indexing search data
  • Searching machine-generated data at realtime to forecast trends
Splunk is an excellent analytical tool and if SPL is mastered correctly, it can be very powerful too and much more efficient than competing tools. It can be easily used by Business Analysts to get real-time insights if reports are set up for them. However, when it comes to monitoring systems, a lot of configurations are required, and that makes it not the ideal one-stop solution.

Great tool to handle all your server and network monitoring needs

Rating: 9 out of 10
August 10, 2018
MO
Vetted Review
Verified User
Splunk Enterprise
1 year of experience
We use Splunk Enterprise across the entire company to collect log data that allows us to see up/down times of servers and applications. We have customized Splunk a good bit and it is one of the main tools we rely to monitor our server environment and troubleshoot issues when an app/server is down or having errors.
  • Monitoring of log data to gauge server status and health
  • Dashboards that allows us to view data about servers in our environment
  • MOnitoring for fraud/cyber security threats and risks
Splunk does a great job of collecting and monitoring machine data. We have use it to reduce fraud/cyber crime loses and we have been able to see a measurable return since using the product for this purpose. It is very extensible so you can continue expanding what the tool does over time. There is added expense with this, but it may be worth it in the end.

Splunk for new users

Rating: 9 out of 10
September 14, 2017
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk is being used extensively in our technology department. Many applications use Splunk to monitor business activity, system resources, exceptions/failures, and to overall system status. Splunk addresses more technology-related problems but it does provide the business greater transparency into the applications which in turn gives both the business and the developer's peace of mind.
  • SPLUNK has a quick learning curve and can be easily self-taught. For example, there are plenty of resources available such as tutorials and search tools. There is really no prerequisite for learning how to use Splunk.
  • SPLUNK Enterprise provides plenty of useful documentation and user support which makes it easy for anyone to learn and start using SPLUNK in a very short period of time. There are also examples and user feedback that is helpful if you need more advanced implementations.
  • SPLUNK is very powerful, yet simple. For instance, you can set up a dashboard in one day provided you have admin rights and access to the data you want to Splunk.
Splunk is well suited for applications or companies that process and store large data. Some of these applications may be legacy but as long as you can retrieve this data, then you can use Splunk to transform this data into meaningful reports or dashboards. In addition, Splunk is great for a 24/7 monitoring operations tool that can be set up to send alerts for production support. Splunk is less suited for applications that may already have a GUI because the Splunk features would be less superior than what a graphical user interface could provide in terms of features and customization.

Splunk - Visibility into What's Really Going on in Your Network

Rating: 10 out of 10
April 17, 2017
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk is being used to capture logs from all Windows, Linux, and firewall devices in our enterprise. Currently it is being used by the IT infrastructure department only, but our hope is to make it available to other departments to follow trends in our business. Splunk addresses the issue of visibility into the network. It actually gives IT professionals access to view what is taking place on the network, and it provides something to look at in order to address issues occurring behind the scenes.
  • It gathers logs very well from almost all machine types - most SIEM related products don't do this quite as well.
  • It provides visuals to the user, giving you the ability to transform logs into visual charts (e.g. pie charts, graphs, tables, etc.).
  • Splunk is very quick in reporting and alerting on anomalies. There is little delay.
In a corporate environment, especially in a financial sector, I would actually go with a product like RSA Security Analytics. But that is not necessarily the rule of thumb and is not the case for all financial companies. In higher ed, for example, I recommend Splunk because of the ability to monitor trends of students that can help them to get better grades, help the university to grow, and streamline registration processes.

Powerful tool with a big learning curve

Rating: 8 out of 10
December 11, 2015
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
We are using Splunk to collect relevant security logs and correlate across different data sources to look for abnormal traffic or activity. Other business units such as marketing and engineering are increasingly becoming interested in using Splunk as it offers on the fly access to their data with powerful visualization including charts.
  • Easy log collection
  • A large library of search commands
  • Able to ingest many different log types
Splunk is a very powerful tool but requires continuous tuning as new data types are added. Splunk licensing is based on ingested data and it can become very expensive very quickly as new data is added. Splunk is a good fit if you have a dedicated individual or team to actively manage it.

Splunk: Dynamic and Fast compliance tool

Rating: 10 out of 10
December 08, 2015
GK
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk is really useful while analyzing dynamic data. I have been using Splunk for 2 years and I really find it very useful, especially working with bigger datasets. I have used Splunk for my project to analyze and learn different patterns from [my] university dataset. It was really very easy and user friendly to use.
  • Scalability. Splunk is really useful when you are dealing with a dynamic and bigger system and you want to make your system scalable.
  • Reliable. Very reliable.
  • Indexing and speed. Splunk really works very fast, even with bigger datasets.
Graphical display of results is really useful while doing analysis of big data. Really useful for dynamic datasets, like network packet flow analysis. Not ver useful for static data.

Splunk - the most flexible SIEM tool on the market.

Rating: 10 out of 10
December 02, 2015
KT
Vetted Review
Verified User
Splunk Enterprise
6 years of experience
Splunk is currently the SIEM for IT operations and IT security providing log aggregation and security event correlation for multiple departments. The IT operation groups use Splunk to trend operational data, trouble shoot issues, and send automated alerts when certain triggers are met. The security department utilizes Splunk for investigations and event management, leveraging automated alerts and dashboards. For our organization, Splunk provides the "single pane of glass" for users across several IT departments while also serving as our compliance tool for PCI-DSS and SOX.
  • Splunk is flexible and extensible, able to ingest logs from disparate systems using disparate formats and disparate file types. If the ability exists to make the logs human readable (either natively or via a script), Splunk can ingest it.
  • Splunk's flexibility in how you parse, format, and enhance your data is amazingly deep. When you start event typing, tagging, aliasing, and creating data models, you start to really open up Splunk's capabilities.
  • Splunk scales very well in large environments. Adding additional indexers as your environment grows is pretty trivial and its ability to do multi-site clustering and search head clustering provides load balancing and redundancy that's inherent to the product.
Splunk is well suited in both small and very large environments almost regardless of the types of devices. However, depending on how Splunk is architected, it can require a number of devoted engineers to onboard, normalize, and present the data. So for organizations that are unable to-provide dedicated resources, the day-to-day operations and backend duties can be overwhelming. Since Splunk is so flexible, it's easy to overwhelm its available resources when a large number of inefficient searches are running. Splunk users need to be trained to not run "sloppy" searches. The community help forums are a wealth of information but in some cases, without professional support, you're going to be lost. The Splunk licensing can also be costly and in some situations, Splunk virtual environments don't perform well.

Splunk in the Storage Arena

Rating: 9 out of 10
July 08, 2014
CL
Vetted Review
Verified User
Splunk Enterprise
3 years of experience
We use Splunk to monitor (performance, status, capacity, inventory) all our multi-ventor storage equipment. It is the best tool I've found to be able to monitor/alert on any type of equipment & no other tool is able to do what Splunk does.
  • Provide custom dashboards. In our environment, we are prepping for offshore off hours administration & no other tool can provide the exact information we are wanting to monitor in on view.
  • It doesnt matter what vendor. We have this tool monitoring Brocade, EMC, Netapp, Isilon & more exactly the way we want to see status.
  • We are able to alert on exactly what we want to see.
  • The learning curve for the tool is workable.
It's suitable for any equipment where related logs can be extracted.

Splunk Excells at Business Visibility

Rating: 10 out of 10
May 16, 2014
BI
Vetted Review
Verified User
Splunk Enterprise
3 years of experience
Splunk was used in a variety of log collection activities for Linux and UNIX systems, both in our company and at our customers companies. It allowed for the easy collection of logs, searching, and automated actions resulting from the messages received. The multi-tier architecture was easy to install and operate, as well as provided significant flexibility for our customer implementations.
  • Gathering log messages from a multitude of sources.
  • Summarizing and gathering important information from those logs.
  • Allows simple and advanced searches, as well as complex automations to be created, gathering more value from existing data.
Its the Swiss army knife of log collection and searching. I'd recommend it wholeheartedly. I consider it to be the gold standard for products in this industry. Working with the vendor is easy, as they have a very open and helpful attitude. And you can try the product for free to get a feel for it before investing heavily in it (which you will want to once you decide how it benefits your organization).

Splunk: a review

Rating: 8 out of 10
May 14, 2014
Verified User
Vetted Review
Verified User
Splunk Enterprise
2 years of experience
Splunk is used across our entire organization as a centralized location for all of the various data elements that we use to track performance of our internal systems and client facing interactions.
  • Splunk is great at quickly finding the insights you need to start an analysis
  • Once you understand the query syntax, Splunk is very easy to use.
  • Great alert monitoring.
Splunk is very well suited for monitoring IT systems. It allows you to have almost real-time access to data as it is being generated. This allows for extremely useful alert monitoring. As a customer facing tool, which is not a standard use-case, Splunk is slightly lacking. You can set-up many reports with the data you need, but they have a technical feel that is not suited for some external clients.
Return to navigation