1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Reviews
  4. User Review of Splunk Enterprise
Splunk Enterprise Review
March 21, 2018

Splunk Enterprise Review

Larry Helms | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

Splunk is mainly used to log analysis and alerting of events, both business and technical events
  • Business event alerting
  • Technical Event alerting
  • Graphing of information found in the data
  • Users CAN write queries that are non-optimized causing both performance problems or unexpected (as in not what they wanted) results. It would be great if Splunk engineers could come up with some way to 'model' the queries and instruct users on query performance gave x number of records... and possibly an example of results - say using 100-1000 records - so that the user can see what they're going to get.
  • We make each user group pay for the data that their systems index. We have not had any negative reactions indicating that the tool doesn't meet their needs
  • None
It is best used for both business data analysis, reporting and graphing. But it also does well when alerting on events. Users, however, mistakenly assume that alerting can be/is real-time. Unfortunately, even though indexing is very fast, it can take some time to index and then issue alerts. This is NOT a problem if you properly train users about what to expect and how to properly use the tool.

Splunk Enterprise Feature Ratings

Security Information and Event Management (SIEM)
9.1
Centralized event and log data collection
10
Correlation
8
Event and log normalization/management
10
Deployment flexibility
9
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9