Skip to main content
TrustRadius
Splunk Enterprise

Splunk Enterprise

Overview

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Read more
Recent Reviews

Splunk enterprise stable solution

7 out of 10
January 05, 2024
Splunk Enterprise is used in the company by the IT department. Mainly to monitor security events on process-relevant systems where the …
Continue reading

TrustRadius Insights

Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log …
Continue reading

Great if you have the money

7 out of 10
October 24, 2023
We use Splunk Enterprise as a SIEM and a separate pool to use for medical record auditing. The SIEM catalogues information from multiple …
Continue reading

Real-time smart meters

9 out of 10
August 17, 2021
Incentivized
Splunk is being using to track the status of electric utility smart meters which record customer energy usage. Smart meters send power …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Custom dashboards and workspaces (54)
    8.5
    85%
  • Centralized event and log data collection (53)
    6.5
    65%
  • Event and log normalization/management (53)
    6.1
    61%
  • Correlation (52)
    6.0
    60%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

40 people also want pricing

Alternatives Pricing

What is Blumira?

Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.

Return to navigation

Product Demos

Splunk Incident Review Demo

YouTube

Splunk Threat Intelligence Demo

YouTube

Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.4
Avg 7.8
Return to navigation

Product Details

What is Splunk Enterprise?

Splunk Enterprise enables users to find out what is happening in a business and take meaningful action. It automates the collection, indexing and alerting of machine data that's critical to operations, so that users can uncover the actionable insights from data — no matter the source or format. Leverage artificial intelligence and machine learning for predictive and proactive business decisions.

Splunk Enterprise Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

SolarWinds Loggly and LogRhythm NextGen SIEM Platform are common alternatives for Splunk Enterprise.

Reviewers rate Incident indexing/searching highest, with a score of 8.9.

The most common users of Splunk Enterprise are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(455)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.

Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.

Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.

Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.

Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.

Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.

Based on user reviews, the following recommendations emerged for using Splunk:

  • Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.

  • Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.

  • Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.

It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.

Attribute Ratings

Reviews

(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk Enterprise is used by our Infrastructure and Enterprise Monitoring Team and Security Teams to monitor our infrastructure. Monitoring is enabled for the overall health of our systems. Data is collected from multiple data sources. Logs are analyzed and converted to meaningful metrics for the team to proactive monitor and take corrective actions.

Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
  • Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
  • Monitor alerts and report on data collected. Create custom dashboards.
  • Powerful machine learning and AiOPS functionality.
  • Helps with our security compliance and addresses the security team's need to remain PCI compliant.
  • Splunk data sizing and data collected. Worked with Professional Service to scale our environment.
  • Capacity data storage for Splunk data.
  • TuningSplunk analytics dashboards for performance.
Good for event correlation from multiple data sources, web monitoring, systems and application monitoring. Good as security information and event management tool. It collects data from logs and custom applications helping the business make informed decisions across the organization. Gain insights to drive operational performance and business results. Splunk's rich visualizations make results easy to understand and take necessary actions.
Security Information and Event Management (SIEM) (7)
91.42857142857142%
9.1
Centralized event and log data collection
90%
9.0
Correlation
90%
9.0
Event and log normalization/management
100%
10.0
Deployment flexibility
90%
9.0
Integration with Identity and Access Management Tools
90%
9.0
Custom dashboards and workspaces
90%
9.0
Host and network-based intrusion detection
90%
9.0
  • Improved MTTR for all our incidents.
  • Reduced alert noise with powerful correlation engine.
  • Performance Analytics dashboards.
More features and easy to manage once configured and setup correctly. Stronger correlation engine compared to other products. Easily integrates with ServiceNow for ticket creation, automation, and building workflows. Helps in AiOPS more, as compared to other tools. Provides anomaly detection with powerful machine learning capabilities across various metrics.
20
IT Operations, Security Operations.
5
Enterprise Monitoring, System, Network and Application Monitoring, Server Admin, Network Admin, Security Admin.
  • Network, Systems and Application Monitoring.
  • Aggregation of Machine Data from different sources.
  • Meaningful dashboards based on data collected to aid decision making.
  • Integration with ticketing tools to automate ticket generation.
  • Reduce noise from multiple monitoring tools.
  • Automating actions based on alerts triggered.
  • More Automation and invest in self healing Infrastructure.
Value for Money.
No
  • Price
  • Product Features
  • Product Usability
  • Product Reputation
  • Vendor Reputation
  • Positive Sales Experience with the Vendor
Collect Data from more different Data Sources.
  • Third-party professional services
Yes
Change management was a minor issue with the implementation
  • Collecting Logs from some Storage Systems.
Smooth without too many major issues.
Support has been good and prompt when needed.
Not Available
No
Capacity Planning for our infrastructure.
Very Scalable and provides view and dashboards for the end users which they can understand and take action.
  • Reporting
  • Event and alert Correlation
  • Ease of collecting Log from any sources
  • Managing the data collected from a storage standpoint.
Kenneth Taitingfong | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Splunk is currently the SIEM for IT operations and IT security providing log aggregation and security event correlation for multiple departments. The IT operation groups use Splunk to trend operational data, trouble shoot issues, and send automated alerts when certain triggers are met. The security department utilizes Splunk for investigations and event management, leveraging automated alerts and dashboards. For our organization, Splunk provides the "single pane of glass" for users across several IT departments while also serving as our compliance tool for PCI-DSS and SOX.
  • Splunk is flexible and extensible, able to ingest logs from disparate systems using disparate formats and disparate file types. If the ability exists to make the logs human readable (either natively or via a script), Splunk can ingest it.
  • Splunk's flexibility in how you parse, format, and enhance your data is amazingly deep. When you start event typing, tagging, aliasing, and creating data models, you start to really open up Splunk's capabilities.
  • Splunk scales very well in large environments. Adding additional indexers as your environment grows is pretty trivial and its ability to do multi-site clustering and search head clustering provides load balancing and redundancy that's inherent to the product.
  • Splunk's search language goes very deep. To do some of the more advanced formatting or statistical analysis, there's a bit of a learning curve. Splunk training for learning the search language and manipulating your data can cost anywhere from $500.00 to $1500.00 (although a good number of free training exists).
  • Splunk's dashboard capabilities are pretty decent but to do more exciting visualizations requires a bit of development using simple XML, Java script, and CSS.
  • Splunk releases minor revisions very quickly but because of the sheer number of bugs we've run into, we've upgraded our environment four times in nine months.
Splunk is well suited in both small and very large environments almost regardless of the types of devices. However, depending on how Splunk is architected, it can require a number of devoted engineers to onboard, normalize, and present the data. So for organizations that are unable to-provide dedicated resources, the day-to-day operations and backend duties can be overwhelming. Since Splunk is so flexible, it's easy to overwhelm its available resources when a large number of inefficient searches are running. Splunk users need to be trained to not run "sloppy" searches. The community help forums are a wealth of information but in some cases, without professional support, you're going to be lost. The Splunk licensing can also be costly and in some situations, Splunk virtual environments don't perform well.
Security Information and Event Management (SIEM) (6)
93.33333333333334%
9.3
Centralized event and log data collection
100%
10.0
Correlation
60%
6.0
Event and log normalization/management
100%
10.0
Deployment flexibility
100%
10.0
Integration with Identity and Access Management Tools
100%
10.0
Custom dashboards and workspaces
100%
10.0
  • Splunk provided immediate results when an Active Directory change was made and our Windows AD team was unable to determine when or who had made the change. We were also able to provide information back to our CIRT for multiple security incidents and correlate what some thought was a DOS attack back to a massive scheduled data download occurring off hours.
  • Because of Splunk's role in our PCI-DSS compliance requirements, the compliance office is expanding Splunk's role into SOX compliance as well. We're also being asked by multiple departments to be their official system of record for their system logs.
  • Unfortunately, the decision to virtualize our environment means we're tied to some expensive storage solutions. We are currently facing difficult decisions with regards to data retention due to the cost.
  • According to our database team, showcasing Splunk's capabilities saved their department $75,000 (USD) when they were able to meet their monitoring needs without buying an additional tool. Our mainframe team is doing a proof of concept with a tool called IronStream that integrates directly with Splunk to provide mainframe monitoring, essentially the only tool in existence to do so. Splunk is also replacing both some end-of-life SCOM tools as well as the soon-to-be EOL Symantec SIEM.
Splunk is certainly much more versatile than either of these three products. Unless ArcSight makes a "connector" for your product, you will be required to use Flex Connectors which is an additional license and apparently requires some serious development. Without Logger, you can't perform free form searches so you must know how your data is being normalized before you can find it. McAfee Nitro uses Flash which presents a number of challenges itself. During our POC, it also misidentified McAfee Virus Scan Enterprise updates as malware traffic. QRadar neither excelled in any one place and performed poorly during our POC, but it was unable to be as flexible as Splunk with custom data sources.
Yes
We replaced Symantec SIEM because it was going EOL.
  • Product Features
  • Product Usability
  • Product Reputation
  • Positive Sales Experience with the Vendor
  • Analyst Reports
  • Third-party Reviews
The wide native support for the various products in the environment and the ability to craft technical add-ons to ingest the data sources for which there were no existing technical add-ons.
A head-to-head between the products using the same data looking for the same event may have been helpful, but not practical.
  • Searching indexed data is pretty straight forward. You can do it without even really knowing the Splunk Search Language (SPL). Becoming intimately familiar with the SPL means you have a lot of flexibility in presenting and carving up your data how you want it.
  • Splunk's ability to ingest data using a variety of methods makes Splunk stand out among its competitors. You can stream it directly to Splunk, install a forwarder on a system, used scripted inputs, or even just use WMI for Windows environments.
  • All of Splunk's configuration files are flat text files which makes editing on the fly a breeze. The individual file specifications are well documented and the community support forum is extremely helpful.
  • In large environments, you almost need dedicated Splunk engineers that have formal training to administer, onboard data, normalize data, and perform day-to-day operational tasks.
  • The configuration files can be intimidating. Splunk's flexibility can be a double edged sword. Sometimes finding the right way and the best way to do a specific task isn't very easy.
  • Sometimes, getting backend performance metrics out of Splunk can be like pulling teeth. While there are a number of Splunk Apps that can provide this information easily, it's not always in the format you want, so learning the SPL is a must.
No
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Return to navigation