Powerful tool with a big learning curve
December 11, 2015

Powerful tool with a big learning curve

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Splunk

We are using Splunk to collect relevant security logs and correlate across different data sources to look for abnormal traffic or activity. Other business units such as marketing and engineering are increasingly becoming interested in using Splunk as it offers on the fly access to their data with powerful visualization including charts.
  • Easy log collection
  • A large library of search commands
  • Able to ingest many different log types
  • Normalization of data is challenging
  • Not all Apps/Add-ons are CIM compatible
  • Big learning curve
  • Makes IR (Incident Response) easier
  • Empowers users to view their data differently
Haven't evaluated any other tools. Of course there are many other vendors in the space but Splunk continues to be the market leader and to maintain its position in Gartner's magic quadrant. Haven't used Elasticsearch but hear very highly of it, offering a better licensing model with a smaller learning curve compared to Splunk.
Splunk is a very powerful tool but requires continuous tuning as new data types are added. Splunk licensing is based on ingested data and it can become very expensive very quickly as new data is added. Splunk is a good fit if you have a dedicated individual or team to actively manage it.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
9
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9