Splunk is a single tool that does everything
February 20, 2020

Splunk is a single tool that does everything

ShuYun Du | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

We use Splunk to integrate all the logs for each of the applications. Building dashboards and alerts base on the logs by the Application team's requirement. The Application team will be able to search through their log from one centralized place rather than logging into multiple servers to try to define the issue manually. With the Splunk search language, it is very easy to look for possible errors within a certain time frame. Our organization also use Splunk for fraud investigation purpose. We have more than 100 application teams using Splunk today and most of them are using it for troubleshooting purposes when there is an issue that has occurred.

Pros

  • Log mining.
  • Able to consume multiple log sources.

Cons

  • Provides the possibility to upgrade the Splunk UF from a deployment server.
  • Splunk search language can be very expensive if the users do not know what they are doing.
  • Improvement to the MTTR of our organization.
  • Allows users to analyze business data to improve the services.
Splunk is easier to setup compare to ELK. It has better support, well-documented information plus the Splunk database which has an addon that built by them or the other users to help to improve the experience with Splunk. However, ELK is open-source and it is free. At the end of the day, they are doing similar things. However, with the help of different addons from Splunk database, it saves you more time on configurations by yourself.
It is a great tool that does an excellent job. However, the only downside of Splunk is that the learning curve is not very flat. It requires the user to investigate some time to train a beginner becomes an expert. Also, working on the Splunk Web GUI is very different from working on Splunk infrastructure. Even if the Splunk environment is well designed, you will still need someone to constantly watching the performance of the Splunk instance. Other than this, everything works very well.

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise go as expected?

I wasn't involved with the implementation phase

Would you buy Splunk Enterprise again?

Yes

Splunk is the best tool to use for log mining. It is also good at combining multiple sources of logs together and creates a single pane of glass. It can do lots of APM monitoring however at the end of the day it is more of a log mining tool but not an APM tool. It is best to use for business analyzing, debugging and fraud investigation. When it comes to monitoring part, get a proper APM tool will be a better idea.

Splunk Enterprise Feature Ratings

Security Information and Event Management (SIEM)
9.0
Centralized event and log data collection
10
Correlation
8
Event and log normalization/management
10
Deployment flexibility
8
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
8

Comments

More Reviews of Splunk Enterprise

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Reviews
  4. User Review of Splunk Enterprise