Splunk Enterprise Reviews

They can introduce a query builder for non-technical users.

The query error messages could be more specific.

Steep learning curve.

Full stack reporting (though with SignalFX being purchased by Splunk, this is clearly a high priority).

Team needed to manage large installations.

Provides the possibility to upgrade the Splunk UF from a deployment server.

Splunk search language can be very expensive if the users do not know what they are doing.

Building Splunk queries can be comber some without intricate knowledge of Splunk and the applications involved

Dashboard duplication for different areas can be difficult

Capturing all necessary data from cloud platforms is not always straightforward

Slow interface.

The speed of the tool could be improved.

It could store and allow to search for historical data older than 60 days (may be related to our company license).

Dashboard creation could be more user-friendly.

I have no suggestions.

Complex overall architecture.

Long implementation time.

High cost.

Requires on-going staff time to keep running effectively.

Stability on some components (e.g. indexers).

Complexity of install and maintenance of infrastructure.

There is a high learning curve. If you go to a Splunk demo or class, get inspired, then install it yourself, you'll have no idea what you're meant to do. It's not intuitive to the first-time user in any way.

Pricing can be confusing. People ask how much data you want to ingest, and you don't know until after you've been using Splunk. It's not easy to sign up and start without guesswork.

I found online help pages are broken or out-of-date, or incomplete. e.g. pages on setting up the Java-based SQL Server driver don't even tell you where to download it or where to install it.

Better dashboard graphics

Difficult to master

Can be very complicated to implement into an environment

Very expensive

Sometime we see the Splunk agent taking higher CPU from OS prospects

Similar issues have been noticed in Oracle Databases

Costly

Needs training to work on

Needs hands on experience to get used to

Splunk data sizing and data collected. Worked with Professional Service to scale our environment.

Capacity data storage for Splunk data.

TuningSplunk analytics dashboards for performance.

Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.

Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.

I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.

The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.

Splunk is expensive.

To use Splunk effectively, people must learn SPL.

Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.

Not a Splunk problem, but we don't have enough space to store as much data as we would like

We really like the product but there is a steep learning curve and training is definitely required

Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool

Tool is very module driven so you are constantly having to add modules and costs to get new functinality

Need technical expertise to use Splunk. I will recommend watching training videos before integrating Splunk into your organization.

Lacks offline and email features

It's a great application but it is bit costly

I would love some better wizards to help build canned reports based off common data sets.

An easy way to back out integrating a log that suddenly balloons you over your license limits.

An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.

Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.

The dropped logs can be frustrating

our instance only retains data for 3 months

Some of the start up in Splunk requires more than we would otherwise like.

We wish there was more customizable reporting.

Splunk sales engineers could be a bit more friendly and easier to work with.