Item: Splunk Enterprise
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

We are using Splunk to collect relevant security logs and correlate across different data sources to look for abnormal traffic or activity. Other business units such as marketing and engineering are increasingly becoming interested in using Splunk as it offers on the fly access to their data with powerful visualization including charts.

Pros and Cons

Easy log collection
A large library of search commands
Able to ingest many different log types

Normalization of data is challenging
Not all Apps/Add-ons are CIM compatible
Big learning curve

Return on Investment

Makes IR (Incident Response) easier
Empowers users to view their data differently

Alternatives Considered

Elasticsearch

Haven't evaluated any other tools. Of course there are many other vendors in the space but Splunk continues to be the market leader and to maintain its position in Gartner's magic quadrant. Haven't used Elasticsearch but hear very highly of it, offering a better licensing model with a smaller learning curve compared to Splunk.

Other Software Used

Palo Alto Networks WildFire, Symantec Endpoint Protection, AirWatch

Likelihood to Recommend

Splunk is a very powerful tool but requires continuous tuning as new data types are added. Splunk licensing is based on ingested data and it can become very expensive very quickly as new data is added. Splunk is a good fit if you have a dedicated individual or team to actively manage it.

Powerful tool with a big learning curve

Overall Satisfaction with Splunk