Robust IT Operations and SIEM Management Solution
Updated July 20, 2021
Robust IT Operations and SIEM Management Solution
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise
Splunk Enterprise is used by our Infrastructure and Enterprise Monitoring Team and Security Teams to monitor our infrastructure. Monitoring is enabled for the overall health of our systems. Data is collected from multiple data sources. Logs are analyzed and converted to meaningful metrics for the team to proactive monitor and take corrective actions.
Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
Splunk has the ability to correlate data from disparate data sources and provide root cause hence reducing MTTR and improving our SLA's with our customers. The events logged in Splunk help our IT Analyst and Security Analyst take proactive action before impacting the services which our customer uses. The Event Correlation helps us find RCA and improve MTTD and MTTR.
Pros
- Collect data from multiple data sources and correlate. Reduce alert noise from multiple monitoring systems.
- Monitor alerts and report on data collected. Create custom dashboards.
- Powerful machine learning and AiOPS functionality.
- Helps with our security compliance and addresses the security team's need to remain PCI compliant.
Cons
- Splunk data sizing and data collected. Worked with Professional Service to scale our environment.
- Capacity data storage for Splunk data.
- TuningSplunk analytics dashboards for performance.
- Improved MTTR for all our incidents.
- Reduced alert noise with powerful correlation engine.
- Performance Analytics dashboards.
More features and easy to manage once configured and setup correctly. Stronger correlation engine compared to other products. Easily integrates with ServiceNow for ticket creation, automation, and building workflows. Helps in AiOPS more, as compared to other tools. Provides anomaly detection with powerful machine learning capabilities across various metrics.
Splunk Enterprise Feature Ratings
Using Splunk Enterprise
20 - IT Operations, Security Operations.
5 - Enterprise Monitoring, System, Network and Application Monitoring, Server Admin, Network Admin, Security Admin.
- Network, Systems and Application Monitoring.
- Aggregation of Machine Data from different sources.
- Meaningful dashboards based on data collected to aid decision making.
- Integration with ticketing tools to automate ticket generation.
- Reduce noise from multiple monitoring tools.
- Automating actions based on alerts triggered.
- More Automation and invest in self healing Infrastructure.
Evaluating Splunk Enterprise and Competitors
- Price
- Product Features
- Product Usability
- Product Reputation
- Vendor Reputation
- Positive Sales Experience with the Vendor
Collect Data from more different Data Sources.
Splunk Enterprise Implementation
- Third-party professional services
Change management was a minor issue with the implementation
- Collecting Logs from some Storage Systems.
Splunk Enterprise Support
| Pros | Cons |
|---|---|
Quick Resolution Knowledgeable team Kept well informed Immediate help available Support cares about my success | Poor followup Problems left unsolved Escalation required Need to explain problems multiple times Slow Initial Response |
Not Available
Capacity Planning for our infrastructure.
Using Splunk Enterprise
| Pros | Cons |
|---|---|
Like to use Easy to use Well integrated Quick to learn Feel confident using | Unnecessarily complex Requires technical support Inconsistent Cumbersome Lots to learn |
- Reporting
- Event and alert Correlation
- Ease of collecting Log from any sources
- Managing the data collected from a storage standpoint.
Comments
Please log in to join the conversation