Item: Splunk Enterprise
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

We're using Splunk Enterprise to assist us with IT Operations and IT Security. We came to look at Splunk because when I entered the company I found over 500 devices with no centralized logging in any way, no ability to pinpoint problems across the whole organization whether historic or predictable and things like this. Splunk is helping us deliver a predictable, robust operation of our infrastructure instead of reacting to problems and working to find just what was affected and when.

We believe we can apply Splunk to other data, in time, specifically aiding the company with analyzing financial information, but this is not yet an active project.

Pros and Cons

Fast, efficient
Solid community of experts and training materials
Ingests data from many sources, with a large number of partner relationships

There is a high learning curve. If you go to a Splunk demo or class, get inspired, then install it yourself, you'll have no idea what you're meant to do. It's not intuitive to the first-time user in any way.
Pricing can be confusing. People ask how much data you want to ingest, and you don't know until after you've been using Splunk. It's not easy to sign up and start without guesswork.
I found online help pages are broken or out-of-date, or incomplete. e.g. pages on setting up the Java-based SQL Server driver don't even tell you where to download it or where to install it.

Return on Investment

Ability to proactively deal with security threats before they become a problem.
Able to identify everything affected right away when a problem occurs.
Able to drill into problems, including historic problems, and work out the root causes.
No negative impacts.

Support Rating

We found the Splunk support team were experts and friendly, though the online documentation could stand to be reviewed and broken links, etc., fixed.

Key Insights

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise go as expected?

Would you buy Splunk Enterprise again?

Yes

Other Software Used

Epicor ERP, Dameware Remote Support, Microsoft Office 365

Likelihood to Recommend

Splunk Enterprise is well-suited for any requirement to aggregate vast sums of data, no matter how structured or unstructured, and search across it all at speed, or report on it with visualizations, etc.

It's not suited for scenarios where you want to report on a single set of data, say, in a traditional way, for example, a typical scheduled report out of a finance system.

Won't you take me to Splunkytown

Overall Satisfaction with Splunk Enterprise