a very good log handling and analysis tool
January 02, 2019

a very good log handling and analysis tool

Rounak Jangir | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

Splunk is not used across my organization. It is being used by some of us and for some specific task. And yes, it is also used by other departments as well but according to their need. Specifically, we are using this tool for monitoring the application logs and doing some analysis over it. Splunk provides a very easy way to search your logs and perform some basic analysis.
  • Log search is very good with this tool.
  • Splunk search query language is just very good. You can easily run some analysis using this language
  • Generating reports is a very good feature of this tool.
  • Detecting anomalies and reporting them is just fantastic.
  • Splunk requires some learning to use all of its features. Understanding its SPL is not very easy, and it will take long enough time to learn it.
  • Regular expression is a bit tedious to learn and then use, it needs a good understanding of regular expression.
  • I don't know why, but sometimes its search keeps on going forever and then I had to manually kill that job to start it again.
  • There are a lot of positive impacts that Splunk had made, we have real-time exception alerting which is very useful
  • We have report generation out of the logs which again helped us in many ways.
  • The only negative thing I can say is that it requires good learning and that takes a long time
We are using this because it has lots of advantage over others. And it seems to be a good fit for us. Splunk provides lot more features than others and its UI is user-friendly, so for a new developer, it would not be too difficult to use it and do something around it.
If you need to search and need to do some analysis on top of that, then Splunk is a great thing to use. And also if you want to generate reports from them and want alerts on some specific activity, then Splunk should be your first choice. I have used this tool for this purpose but can't say in which scenario it would not fit.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection