Heavy Hitter SIEM!
June 22, 2019

Heavy Hitter SIEM!

Chase Palmer, CISSP | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Cloud

We use Splunk to centralize and consume all of our server logs, and various other logs, to monitor for interruptions in service, anomalous activity, and other security-related events. Splunk is primarily used by our DevOps and Security teams. Splunk solved an issue of being able to easily and effectively search hundreds of thousands of log entries in an easy to consume format.

Pros

  • Splunk is extremely versatile and can consume just about any kind of log out there.
  • Splunk's search function is very powerful, and allows for some very complex search criteria. Narrowing and/or expanding search results is as simple as a click of the mouse.
  • There are many different apps/plugins that can be added to Splunk that provide built-in reporting and alerting on certain kinds of events, meaning you don't have to be an expert to use Splunk.

Cons

  • There is a bit of a learning curve to figure out how to initially use it.
  • When SAML is set up, there is no apparent way to log out.
  • The biggest return on investment is how quickly logs are now consumed, and how quickly we can follow events that occur in logs.
  • The number of logs that can be consumed by Splunk is much higher than previous solutions.
  • We have much better visibility into our logs, and are able to spot patterns in events with the built-in graphs and reports.
Other solutions weren't able to consume the volume of logs that we were producing on a daily basis. Searching was difficult because of proprietary or simply confusing search mechanisms. Splunk simplified the searching by using regular expressions. Although the cost of Splunk was higher than other solutions available, none of the other solutions were able to quickly and easily present data in a simple and easy to understand way.
Splunk is not cheap, so Splunk only makes sense for businesses where there are hundreds of thousands of logs a minute, or where manual processes or open source alternatives can't keep up. You will need to have a dedicated person or two in order to configure and manage Splunk on a very regular business, otherwise, you won't be able to reap the full benefits that Splunk can offer.

Splunk Cloud Feature Ratings

Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
10
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
10

Comments

More Reviews of Splunk Cloud