Splunk enterprise stable solution
Splunk Enterprise is used in the company by the IT department. Mainly to monitor security events on process-relevant systems where the …
Overview
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Custom dashboards and workspaces (54)8.585%
- Centralized event and log data collection (53)6.565%
- Event and log normalization/management (53)6.060%
- Correlation (52)6.060%
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
40 people also want pricing
Alternatives Pricing
What is Blumira?
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.
Product Demos
Splunk Incident Review Demo
YouTube
Splunk Threat Intelligence Demo
YouTube
Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka
YouTube
Features
Return to navigation
Product Details
- About
- Integrations
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise?
Splunk Enterprise enables users to find out what is happening in a business and take meaningful action. It automates the collection, indexing and alerting of machine data that's critical to operations, so that users can uncover the actionable insights from data — no matter the source or format. Leverage artificial intelligence and machine learning for predictive and proactive business decisions.
Splunk Enterprise Integrations
Splunk Enterprise Competitors
Splunk Enterprise Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
SolarWinds Loggly and LogRhythm NextGen SIEM Platform are common alternatives for Splunk Enterprise.
Reviewers rate Incident indexing/searching highest, with a score of 8.9.
The most common users of Splunk Enterprise are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(455)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.
Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.
Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.
Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.
Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.
Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.
Based on user reviews, the following recommendations emerged for using Splunk:
-
Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.
-
Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.
-
Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.
It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.
Attribute Ratings
Reviews
(1-25 of 43)Companies can't remove reviews or game the system. Here's why
August 17, 2021
Real-time smart meters
Splunk is being using to track the status of electric utility smart meters which record customer energy usage. Smart meters send power outage & restoration notifications which we track in real-time with splunk. This capability is very important for enhancing our situational awareness to help ensure we deliver safe and reliable electricity to our customers.
- Real-time status
- Data integration
- Live dashboards
- Automated machine learning
- Extract transform and loading
- Data modeling
August 09, 2021
Splunk Enterprise in the Cloud empowers me as an analyst
Splunk Enterprise is the basis for our log correlation and analysis. We're using it primarily for IT Security, and occasionally to assist with operations was helpful. It is the basis of our SIEM, Splunk Enterprise security. We pull in events from a wide variety of data sources. The ability of Splunk to ingest and normalize just about any sort of data is one of its strongest points.
- Gets data from anywhere
- Variety of supported alert types
- Real-time insights
- They should not remove support for Duo 2fa.
April 14, 2020
Splunk leads the pack
Splunk is our one stop shop for all log data. We send logs from everything from servers, routers, firewalls, switches, sans and applications there to be analyzed and reviewed by different teams. This solves a critical issue by ensuring all teams are working from the same information. Prior to consolidating onto Splunk a number of different sources of truth leading different teams to work with different information.
- Single source of truth for all log files.
- Alerting system based on captured log data.
- Reporting/Dashboard system to present data.
- Complex overall architecture.
- Long implementation time.
- High cost.
- Requires on-going staff time to keep running effectively.
March 12, 2020
One Splunk to rule them all!
Score 10 out of 10
Vetted Review
Verified User
Splunk Enterprise is used across the whole department in our organization for Security information
and event management. It improves our security aspect of the assets by collecting logs. Splunk offers log collection from all types of assets in the environment varying from vulnerability scanning tools to network devices. Centralizing all these logs and managing them from one place is the real deal. It manages huge amounts of log data with a robust operation. Every day our environment creates dozens of logs and Splunk enables us to
see anomalies with alarms.
- Maximize endpoint logging.
- Can find and store logs from all types of assets.
- Customization of dashboards.
- Creating apps based on your needs.
- Alarm feature alerts relevant people in the organization.
- Data visualization.
- Search queries can be saved for future or even can be converted to apps.
- Slow interface.
March 06, 2020
Splunk Enterprise review
Currently our bank has different departments with their own Splunk infrastructure. We are currently building a larger infrastructure to incorporate all departments to join this centralized infrastructure with Splunk Enterprise. As Splunk is used for log analyzing, it is used for reports on different metrics built from logs collected from different servers. We try to consolidate the logs and put results onto a more centralized data center set as well.
- Log analyzing.
- Reports.
- Forecast (ML model).
- Stability on some components (e.g. indexers).
- Complexity of install and maintenance of infrastructure.
February 29, 2020
Won't you take me to Splunkytown
We're using Splunk Enterprise to assist us with IT Operations and IT Security. We came to look at Splunk because when I entered the company I found over 500 devices with no centralized logging in any way, no ability to pinpoint problems across the whole organization whether historic or predictable and things like this. Splunk is helping us deliver a predictable, robust operation of our infrastructure instead of reacting to problems and working to find just what was affected and when.
We believe we can apply Splunk to other data, in time, specifically aiding the company with analyzing financial information, but this is not yet an active project.
We believe we can apply Splunk to other data, in time, specifically aiding the company with analyzing financial information, but this is not yet an active project.
- Fast, efficient
- Solid community of experts and training materials
- Ingests data from many sources, with a large number of partner relationships
- There is a high learning curve. If you go to a Splunk demo or class, get inspired, then install it yourself, you'll have no idea what you're meant to do. It's not intuitive to the first-time user in any way.
- Pricing can be confusing. People ask how much data you want to ingest, and you don't know until after you've been using Splunk. It's not easy to sign up and start without guesswork.
- I found online help pages are broken or out-of-date, or incomplete. e.g. pages on setting up the Java-based SQL Server driver don't even tell you where to download it or where to install it.
February 26, 2020
Splunk Enterprise: A powerful, but expensive tool
Splunk Enterprise is used as a repository for all our server and network infrastructure logs. This allows us to go to one place to review logs and potentially find a relationship between different systems with specific issues. For example, seeing failed login attempts to our switches and learning that a server was using old credentials.
- Robust collection of plugins to support specific applications
- Relatively easy to use
- Strong and helpful support
- Difficult to master
- Can be very complicated to implement into an environment
- Very expensive
February 23, 2020
Monitor log and alert quickly with the speed of Splunk Light
Splunk Light is being used by our Operational and Maintenance team for transaction logging and event monitoring. It was the right solution for our organization since our IT internal policy stipulates that any solution which interacts with our subscriber's activity data must be deployed on-premise. Moreover, since we only have a handful of O&M team, Splunk Light is a lot more convenient to deploy and manage.
- Splunk Light is perfect for standalone on-premise deployment.
- Mainly works well for a small team
- Scalability might be an issue
- A small limit on the number of the user also poses a challenge for large team collaboration.
February 20, 2020
Splunk is a single tool that does everything
We use Splunk to integrate all the logs for each of the applications. Building dashboards and alerts base on the logs by the Application team's requirement. The Application team will be able to search through their log from one centralized place rather than logging into multiple servers to try to define the issue manually. With the Splunk search language, it is very easy to look for possible errors within a certain time frame. Our organization also use Splunk for fraud investigation purpose. We have more than 100 application teams using Splunk today and most of them are using it for troubleshooting purposes when there is an issue that has occurred.
- Log mining.
- Able to consume multiple log sources.
- Provides the possibility to upgrade the Splunk UF from a deployment server.
- Splunk search language can be very expensive if the users do not know what they are doing.
February 18, 2020
Splunk-ing across the Enterprise
Splunk is utilized for creation of dashboards and log queries across many areas.
- Quick log queries across different types of infrastructure
- Adaptable dashboards for digesting large amounts of continuous data
- Easy access and sharing of information via URL links
- Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved
- Dashboard duplication for different areas can be difficult
- Capturing all necessary data from cloud platforms is not always straightforward
November 22, 2019
Using Splunk in Educational Sectors
Splunk Enterprise has been used across University of Minnesota as one of our IT monitoring and alerting tools. This has been a big help for our user base to provide timed email alerts as well as monitoring all of the threshold parameters we set up. We have a dedicated admin to make sure the Splunk agents have been deployed and configured across all the client tools.
- Timely alerting
- Sharing with end users automatically
- Less impact
- Sometime we see the Splunk agent taking higher CPU from OS prospects
- Similar issues have been noticed in Oracle Databases
November 20, 2019
Splunk: The log expert
Splunk Enterprise is a brilliant tool that we use in the University of Colorado, Denver to analyze logs obtained from various sources. Our team is responsible for maintaining the security of our campus and the University of Colorado, Anschutz medical campus.
The log sources are typically firewall logs, email logs, logs from the Intrusion detection system (IDS), logs of different services running on the google cloud, etc. It offers a very easy interface and a query language. We can build our own alarm rule and UI within it for visualization. The rules will run at a time defined by the user and will send metrics to the email. It helped in automating blacklisting as now we can get the most troublesome IP addresses and block them in a minute. It also helped us in tracing a list of most vulnerable on the campus. The most powerful feature is the correlation of log sources. Correlation of log sources is a very taxing process for any software. Splunk handles this gracefully. By correlating firewall traffic, wireless and IDS traffic we once spotted a machine that had a trojan in it and was trying to spread itself laterally through open SMB ports.
The log sources are typically firewall logs, email logs, logs from the Intrusion detection system (IDS), logs of different services running on the google cloud, etc. It offers a very easy interface and a query language. We can build our own alarm rule and UI within it for visualization. The rules will run at a time defined by the user and will send metrics to the email. It helped in automating blacklisting as now we can get the most troublesome IP addresses and block them in a minute. It also helped us in tracing a list of most vulnerable on the campus. The most powerful feature is the correlation of log sources. Correlation of log sources is a very taxing process for any software. Splunk handles this gracefully. By correlating firewall traffic, wireless and IDS traffic we once spotted a machine that had a trojan in it and was trying to spread itself laterally through open SMB ports.
- It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn.
- We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users.
- There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn.
- They can introduce a query builder for non-technical users.
- The query error messages could be more specific.
November 16, 2019
A real-time monitoring system
Splunk is used by our Engineering Department. Splunk has been a valuable and useful tool for our company to monitor errors occurring at all times. We love the real-time monitoring system that helps us detect errors and get the right people to handle them when needed to get things back up and running.
- Love the real-time monitoring system.
- Easy to use.
- I have no suggestions.
February 28, 2019
Excellent tool for analyzing logs
Splunk Enterprise is used to monitor both Prod as well as all our lower environments. It is used for analyzing logs and tracing transactions. We write Splunk queries and create dashboards for monitoring several Key Performance Indicators. We first analyze metrics over a particular period of them to understand the trend and then set up alerts on these metrics for threshold violations.
- Simplifies analyzing of big logs finds and helps in finding issues faster.
- Splunk Alerts are great to be notified of possible issues so that necessary actions can be taken to avoid it from becoming a problem to our end users.
- Dashboard reports can be scheduled to be generated and share with key stakeholders.
- Comparison of two or more time series data in a single graph.
- Search and make suggestions on Splunk commands as we type on the search window.
January 02, 2019
a very good log handling and analysis tool
Splunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.
- Log search is very good with this tool.
- Splunk search query language is just very good. You can easily run some analysis using this language
- Generating reports is a very good feature of this tool.
- Detecting anomalies and reporting them is just fantastic.
- Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
- Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
- I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
January 02, 2019
Splunk is great for troubleshooting
We use Splunk to catalog all incoming quote requests, booking requests and booking responses (effectively we catalog all successful transactions and errors). My team uses these logs to troubleshoot connections with our partners. We also use this to analyze the behavior of our customers to make sure they are operating as we expect them to. I use this tool every day, for several hours per day, to do my job.
- logging server data
- easy to use commands to parse data
- automated reporting
- real-time reporting that will alert when a condition is met
- Not a Splunk problem, but we don't have enough space to store as much data as we would like
Currently we use it for compliance purposes. As per the policy we are required to maintain a record of authentication, authorization, and other security and audit logs surrounding the scope of the compliance. We are currently using Splunk Light to meet these compliance needs. Our auditor has been very pleased with the results of the reports we were able to generate using Splunk Light. We also use it to proactively fix issues that arise like locked AD, RSA, and other accounts that are being monitored.
- Indexing Logs
- Powerful Searching features
- Alerting us of very detailed alerts
- Custom indexing options
- Splunk Light does not scale very well
- Need to purchase Splunk Enterprise if you ever wish to use 3rd-party applications
- Very Basic. I wish Splunk Light came with a bit more capabilities out of the box
Splunk Enterprise is used by the organization to primarily analyze data. It looks at data generated by various on-premise systems and provides meaningful insights out of them. Many advanced features like custom reporting are used by business analysts on a regular basis to determine the course of action. Last but not least, it is also used to execute daily support tasks like log analysis.
- Data Analytics
- Reporting
- Indexing search data
- Searching machine-generated data at realtime to forecast trends
- Splunk is expensive.
- To use Splunk effectively, people must learn SPL.
- Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.
April 10, 2018
Splunk it!
We have used splunk light in the past for log analysis of Cisco routers, firewalls and switches to determine path issues. This was mainly used within the network infrastructure group. The alerting was the main benefit when trying to determine intruder detection and the path the intruder was trying to take.
- Though it was a little hard at first, creating the dashboards from the raw data became the big benefit.
- Setup of alerts was, again a little confusing but over time with the real time alert became useful.
- The building of dashboards for the security team for tracking intruders.
- The big one is writing the dashboards based off the raw data.
March 21, 2018
Splunk Enterprise Review
Splunk is mainly used to log analysis and alerting of events, both business and technical events
- Business event alerting
- Technical Event alerting
- Graphing of information found in the data
- Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.
March 02, 2018
Proactive log monitoring with Splunk Light
Splunk Light is used by the engineering team. The main use case it targets - is proactive log monitoring. We wanted to integrate a system, which does log monitoring(application + system logs) and send us alerts if the system identifies errors or warning. Additionally, the solution needed to be HIPAA compliant. So instead of Splunk Enterprise or Splunk Cloud, we ended up choosing Splunk Light, as we can manage the infra on our own.
- Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs
- Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data.
- Dashboards provide insights into historical data
- Love how Splunk indexes all of the data and provides keys to search on
- Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
- Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
- Better insight into daily ingestion values
December 01, 2017
My Dive into using Splunk
Splunk is being used across our whole organization. We try to have all/most of our logs get pulled into splunk to be able to use the splunk UI to search across information. We are able to give employees access to splunk and allow them to diagnose issues without giving them explicit access to production servers or other production locations.
- Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
- Common location to go for all logs even if the logs themselves aren't in the same place.
- Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).
- At times some queries can run slowly if indices are not on a portion of the query you use.
- Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log.
- Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con).
- Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk.
November 13, 2017
Splunk will make your job easier!!
We currently have evaluated and are deploying Splunk Enterprise to replace our older SIEM device. This will allow us to monitor our critical systems and allow for scalability as we continue to grow. Using this product has saved us time and money as it is used across our whole company's three locations. The flexibility and tools offered with Splunk make our jobs easier. Also, there are great forums and a cool wiki for best practices using Splunk.
- Monitoring is made easy and putting out reports for upper management is a breeze.
- With Splunk analytics we are better able to track our employees usage of systems for auditing purposes.
- Checking on performance through Splunk's monitoring makes our management of resources a lot easier and resources are put where needed most.
- Some of the start up in Splunk requires more than we would otherwise like.
- We wish there was more customizable reporting.
- Splunk sales engineers could be a bit more friendly and easier to work with.
August 31, 2017
Splunk in a production environment is a must-have today
Production line quality monitoring and searching for patterns, leading to outages. Usually scan and fix tasks, finding an event, that leads to an outage.
Two main ways of using Splunk prevail: ad-hoc analysis, and monitoring and alerting.
In some applications with two production lines, Splunk connected directly to the controllers and monitored data in real time. In other applications, we analyzed logs from 5 systems, among others application server logs, database server logs, production line measuring PCs. In total 5 systems had to communicate and an error on DB server sometimes caused outages on the production line. Splunk helped to find patterns in these incidents. We then set up a monitoring app to provide early indication of a potential upcoming outage.
Two main ways of using Splunk prevail: ad-hoc analysis, and monitoring and alerting.
In some applications with two production lines, Splunk connected directly to the controllers and monitored data in real time. In other applications, we analyzed logs from 5 systems, among others application server logs, database server logs, production line measuring PCs. In total 5 systems had to communicate and an error on DB server sometimes caused outages on the production line. Splunk helped to find patterns in these incidents. We then set up a monitoring app to provide early indication of a potential upcoming outage.
- Parsing huge amounts of data, structuring data, or at least helping to find a structure
- Very good performance.
- Very good graphical representation of data, findings, report creation
- I really cannot, since after a year we are still discovering more and more possibilities with the product. One specific wish of a manager was: can we work with the reports offline? (e.g. on the airplane) we have not found a reasonable way of doing this. The only thing we came up with was exporting data and rendering specific reports in flash (web viewer) and somehow simulating reports within limited (predefined) boundaries
Splunk is being used to capture logs from all Windows, Linux, and firewall devices in our enterprise. Currently it is being used by the IT infrastructure department only, but our hope is to make it available to other departments to follow trends in our business. Splunk addresses the issue of visibility into the network. It actually gives IT professionals access to view what is taking place on the network, and it provides something to look at in order to address issues occurring behind the scenes.
- It gathers logs very well from almost all machine types - most SIEM related products don't do this quite as well.
- It provides visuals to the user, giving you the ability to transform logs into visual charts (e.g. pie charts, graphs, tables, etc.).
- Splunk is very quick in reporting and alerting on anomalies. There is little delay.
- Splunk can be very expensive, and it is best to size out your environment first before procuring. Planning is key, and make sure to buy a license that is at least 2-3 times what you think you need.
- There is a learning curve to Splunk. It takes a bit to get up to speed with the application.
- Support is very good, but they will almost never tell you to ways to not use up your license. I had to figure that out myself, and ended up cutting out some useless logs that used over 50 % of my license.