Overview
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
TrustRadius Insights
Great if you have the money
Splunk Enterprise Rocks !!
Real-time smart meters
Splunk Enterprise in the Cloud empowers me as an analyst
Robust IT Operations and SIEM Management Solution
Great for almost anything
Security/Data Analytics Solution That Comes with SIEM Capabilities
Splunk leads the pack
One Splunk to rule them all!
Splunk Enterprise review
Splunk Enterprise - Log collection & aggregation
Won't you take me to Splunkytown
Excellent product for our cybersecurity team
Splunk Enterprise: A powerful, but expensive tool
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Custom dashboards and workspaces (54)8.585%
- Centralized event and log data collection (53)6.565%
- Event and log normalization/management (53)6.060%
- Correlation (52)6.060%
Reviewer Pros & Cons
Pricing
What is Splunk Enterprise?
Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
40 people also want pricing
Alternatives Pricing
What is Blumira?
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.
Product Demos
Splunk Incident Review Demo
Splunk Threat Intelligence Demo
Splunk Enterprise Security | Splunk Enterprise Installation | Splunk Training | Edureka
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 6.5Centralized event and log data collection(53) Ratings
Effectiveness of real-time centralized event and log data collection
- 6Correlation(52) Ratings
Correlation of logs and events to pinpoint significant threats
- 6Event and log normalization/management(53) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 7.5Deployment flexibility(49) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.5Integration with Identity and Access Management Tools(49) Ratings
Integration with access control tools like Active Directory and LDAP
- 8.5Custom dashboards and workspaces(54) Ratings
dashboards that can be customized to meet the needs of specific groups
- 7Host and network-based intrusion detection(37) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 8.3Data integration/API management(5) Ratings
Ease and quality of data integrations between SIEM and other systems
- 7.8Behavioral analytics and baselining(4) Ratings
How effectively activity and behavior baselines are established and maintained
- 7.8Rules-based and algorithmic detection thresholds(4) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 6.9Response orchestration and automation(4) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 7.9Reporting and compliance management(4) Ratings
Ease and quality of reporting and compliance functions
- 8.9Incident indexing/searching(5) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Integrations
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise?
Splunk Enterprise Integrations
Splunk Enterprise Competitors
Splunk Enterprise Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(455)Community Insights
- Pros
- Cons
- Recommendations
Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.
Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.
Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.
Confusing User Interface: Some users have reported that the user interface in Splunk can be perplexing, leading to difficulties in quickly performing tasks and navigating the software.
Limited Integration with Excel: Users have expressed their desire for improved integration between Splunk and Excel when it comes to creating reports and dashboards. They feel that better connectivity and seamless data transfer would enhance their workflow.
Steep Learning Curve: Several users have mentioned the complexity of Splunk's architecture, requiring a dedicated team of engineers to effectively manage and optimize its performance. This steep learning curve can pose challenges for new users who may need additional time and resources to fully grasp the intricacies of the platform.
Based on user reviews, the following recommendations emerged for using Splunk:
-
Ensure the correct subscription: Users emphasized the importance of having the correct subscription for Splunk to avoid login issues and fully utilize its features. They recommend careful planning of the deployment and learning as much as possible before implementing a large installation.
-
Thoroughly investigate anomalies: While Splunk's great dashboards for troubleshooting are praised, users advise against relying solely on system alerts generated by Splunk. They suggest continuing to investigate any anomalies and carefully setting up sources and background data in Splunk.
-
Utilize Splunk's log analysis capabilities: Many users recommend Splunk as a valuable tool for log analysis and improving the quality of current processes. They find it helpful for debugging integration issues and consider it suitable for large-scale applications/systems. Users appreciate its ability to connect to individual boxes and view multiple logs simultaneously.
It should be noted that some users suggest that there may be better and cheaper alternatives for small to medium-sized businesses, while others propose improvements to the search result UI and pricing structure to attract more users in the industry.
Attribute Ratings
Reviews
(26-50 of 69)Excellent tool for analyzing logs
- Simplifies analyzing of big logs finds and helps in finding issues faster.
- Splunk Alerts are great to be notified of possible issues so that necessary actions can be taken to avoid it from becoming a problem to our end users.
- Dashboard reports can be scheduled to be generated and share with key stakeholders.
- Comparison of two or more time series data in a single graph.
- Search and make suggestions on Splunk commands as we type on the search window.
a very good log handling and analysis tool
- Log search is very good with this tool.
- Splunk search query language is just very good. You can easily run some analysis using this language
- Generating reports is a very good feature of this tool.
- Detecting anomalies and reporting them is just fantastic.
- Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
- Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
- I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
Splunk is great for troubleshooting
- logging server data
- easy to use commands to parse data
- automated reporting
- real-time reporting that will alert when a condition is met
- Not a Splunk problem, but we don't have enough space to store as much data as we would like
- Indexing Logs
- Powerful Searching features
- Alerting us of very detailed alerts
- Custom indexing options
- Splunk Light does not scale very well
- Need to purchase Splunk Enterprise if you ever wish to use 3rd-party applications
- Very Basic. I wish Splunk Light came with a bit more capabilities out of the box
Monitor your monitors...
- Best tool to do log monitoring and creating intuitive dashboards and charts
- Best for setting up alerting for application logs
- The tool needs to integrate AI to understand the system logs and alerting should be based on the auto learning.
Splunk for log collection, indexing, analysis & dashboarding
- Used for indexing and collecting machine data and log data from APIs.
- This data is used to generate graphs, alerts, metrics that is useful to business, technology and operations.
- It is data source agnostic and is used to log API, batch, db and log data. It runs on AWS for us.
- The only con might be that it is much costlier than an open source system like ELK (Elastic Logstash Kibana).
We've tried the rest and now we're back on Splunk!
- Handles inputs from many different sources.
- Very easy queries.
- Dashboard support.
- Scaling story.
- Query speed.
- Data Analytics
- Reporting
- Indexing search data
- Searching machine-generated data at realtime to forecast trends
- Splunk is expensive.
- To use Splunk effectively, people must learn SPL.
- Splunk is good at what it does, but to create an efficient analytics systems other products like SW monitoring tools need to be used in conjunction.
- Monitoring of log data to gauge server status and health
- Dashboards that allows us to view data about servers in our environment
- MOnitoring for fraud/cyber security threats and risks
- We really like the product but there is a steep learning curve and training is definitely required
- Our environment is setup so that you have to be fairly technical to navigate it and get value from it. We need to make our dashboards/reports less technical so the business users get more value from the tool
- Tool is very module driven so you are constantly having to add modules and costs to get new functinality
Splunk it!
- Though it was a little hard at first, creating the dashboards from the raw data became the big benefit.
- Setup of alerts was, again a little confusing but over time with the real time alert became useful.
- The building of dashboards for the security team for tracking intruders.
- The big one is writing the dashboards based off the raw data.
Splunk is a great tool for helping make sense of logs
- Log aggregation is extremely well done. Whether sending it logs over Syslog, mounting log directories over NFS, or using their log forwarding service.
- Searching. I'm an amateur at best when searching and aggregating logs. The reporting functionality is amazing.
- I would love some better wizards to help build canned reports based off common data sets.
- An easy way to back out integrating a log that suddenly balloons you over your license limits.
- An easier way to help Splunk parse log types. You can give Splunk any data you have, but unless you're able to tell it how the random log is formatted, your ability to search on it is limited.
Splunk Enterprise Review
- Business event alerting
- Technical Event alerting
- Graphing of information found in the data
- Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.
Proactive log monitoring with Splunk Light
- Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs
- Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data.
- Dashboards provide insights into historical data
- Love how Splunk indexes all of the data and provides keys to search on
- Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
- Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
- Better insight into daily ingestion values
Splunk Review
- Catching web traffic
- Dashboards are helpful
- Search capability is great
- The dropped logs can be frustrating
- our instance only retains data for 3 months
My Dive into using Splunk
- Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
- Common location to go for all logs even if the logs themselves aren't in the same place.
- Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).
- At times some queries can run slowly if indices are not on a portion of the query you use.
- Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log.
- Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con).
- Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk.
Splunk will make your job easier!!
- Monitoring is made easy and putting out reports for upper management is a breeze.
- With Splunk analytics we are better able to track our employees usage of systems for auditing purposes.
- Checking on performance through Splunk's monitoring makes our management of resources a lot easier and resources are put where needed most.
- Some of the start up in Splunk requires more than we would otherwise like.
- We wish there was more customizable reporting.
- Splunk sales engineers could be a bit more friendly and easier to work with.
Splunk for new users
- SPLUNK has a quick learning curve and can be easily self-taught. For example, there are plenty of resources available such as tutorials and search tools. There is really no prerequisite for learning how to use Splunk.
- SPLUNK Enterprise provides plenty of useful documentation and user support which makes it easy for anyone to learn and start using SPLUNK in a very short period of time. There are also examples and user feedback that is helpful if you need more advanced implementations.
- SPLUNK is very powerful, yet simple. For instance, you can set up a dashboard in one day provided you have admin rights and access to the data you want to Splunk.
- Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
- Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
- My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.
Splunk in a production environment is a must-have today
- Parsing huge amounts of data, structuring data, or at least helping to find a structure
- Very good performance.
- Very good graphical representation of data, findings, report creation
- I really cannot, since after a year we are still discovering more and more possibilities with the product. One specific wish of a manager was: can we work with the reports offline? (e.g. on the airplane) we have not found a reasonable way of doing this. The only thing we came up with was exporting data and rendering specific reports in flash (web viewer) and somehow simulating reports within limited (predefined) boundaries
- It gathers logs very well from almost all machine types - most SIEM related products don't do this quite as well.
- It provides visuals to the user, giving you the ability to transform logs into visual charts (e.g. pie charts, graphs, tables, etc.).
- Splunk is very quick in reporting and alerting on anomalies. There is little delay.
- Splunk can be very expensive, and it is best to size out your environment first before procuring. Planning is key, and make sure to buy a license that is at least 2-3 times what you think you need.
- There is a learning curve to Splunk. It takes a bit to get up to speed with the application.
- Support is very good, but they will almost never tell you to ways to not use up your license. I had to figure that out myself, and ended up cutting out some useless logs that used over 50 % of my license.
Splunk Implementor review
- Collecting logs and event information from disparate sources.
- Make correlating log information easier.
- Search and report on large volumes of machine data.
- Enterprise level management.
- Certificate management.
Got Splunk?
- Log correlation
- Alerting
- Syslog
- Would like to see more integrated tools and supported vendors (such as F5, Checkpoint, Palo-Alto, etc.).
Splunk running strong
- Operational out of the box. No need to spend days setting up and configuring an application to ingest and analyze data.
- Web UI is fluid and flows easily.
- Additional applications available for integration with Splunk, and most are free.
- Enterprise Solution that can be up and running in a couple of hours.
- Enterprise license that fluctuates between license pools, having the ability to grab more space from unused pools.
- Ability to stop forwarders from indexing data via web console.
- Archiving of old indexed data could be refined. Current process is bit hard to understand with the different buckets and max times.
If you must analyze a ton of data then Splunk is your solution.
- Parsing data without manual intervention is a true time saver. Not to say you can't tweak the parsing, but unlike my experiences with the ELK stack, Splunk's ingestion and parsing is so good you can focus on other priorities.
- Splunk offers many free technology add-ons that provides real value immediately. For example, the Distributed Management Console (DMC) helps pull all the Splunk Architecture management together in one set of dashboards. To me, this is a true differentiator compared to its competitors.
- Searching for data nuggets is fast. Even dense datasets returns results surprisingly fast.
- Splunk works well with external data sources too. DBConnect is a feature that allows Splunk to interact with an existing data warehouse. So there's no need to move legacy data into Splunk indices since you can just use a SQL-like (dbquery) command to pull the data in for analysis.
- Search head clustering is great for reducing configuration differences among standalone search heads. The biggest problem with search head clustering (at the moment) is administration of non-knowledge object functions, like user roles and capabilities. Tasks like these must be done using Linux text editors and forces a rolling restart of all the search heads in the cluster.
- Creating custom applications in a search head cluster has also taken a step backwards. One strength I didn't mention earlier, is the ability to segregate users from data sets they shouldn't see. One method to assist partitioning users is with custom applications (aka sandboxes). However, like user administration, creating the "sandbox" requires Linux skills as opposed to the previous GUI-driven method.
- Querying LDAP datasets is limited to users with admin capabilities. That's okay only if the entire user community in your shop are administrators. Thus a great source for analyzing active directory membership is hindered until Splunk gets this fixed.
Powerful tool with a big learning curve
- Easy log collection
- A large library of search commands
- Able to ingest many different log types
- Normalization of data is challenging
- Not all Apps/Add-ons are CIM compatible
- Big learning curve
From a student's heart
- Easy to understand.
- Deals well with big data.
- Great integration.
- Can we have public API integration for Splunk?
- Splunk should be available on AWS marketplace so that people can use it on the fly.
- Can we have some business modesl like Splunk as a service?