Splunk Enterprise: A powerful, but expensive tool
February 26, 2020

Splunk Enterprise: A powerful, but expensive tool

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

Splunk Enterprise is used as a repository for all our server and network infrastructure logs. This allows us to go to one place to review logs and potentially find a relationship between different systems with specific issues. For example, seeing failed login attempts to our switches and learning that a server was using old credentials.
  • Robust collection of plugins to support specific applications
  • Relatively easy to use
  • Strong and helpful support
  • Difficult to master
  • Can be very complicated to implement into an environment
  • Very expensive
  • Great for the smaller teams as one individual can easily find issues across multiple systems from one location.
  • The amount of time and manpower saved may not be enough to make up for the overall cost of Splunk Enterprise.
  • Less time required trying to locate specific issues from logs.
The Solarwinds SIEM solutions are much more bare-bones and don't offer as many features as Splunk Enterprise. Still, they are also infinitely more affordable and provide precisely what's required for small to medium environments. Implementation is straight forward even for larger environments, and technical support is decent if issues. Overall it comes down to price. For an organization of 100 people, it's hard to recommend Splunk Enterprise when they can use a Solarwinds solution that falls under budget.
Splunk Enterprise's customer support is amazing. They will go above and beyond even for the smallest issue. Outside of customer support, Splunk Enterprise also has a very active community that will answer more specific questions for unofficial Splunk Enterprise applications. We once ran into an issue with an application plugin and out the answer was provided by a community member.

Do you think Splunk Enterprise delivers good value for the price?


Are you happy with Splunk Enterprise's feature set?


Did Splunk Enterprise live up to sales and marketing promises?


Did implementation of Splunk Enterprise go as expected?


Would you buy Splunk Enterprise again?


If the organization is looking for a powerful SIEM solution and has the budget, then I would recommend Splunk Enterprise. Using the tool can be as simple or as complicated as you want it. My only hesitation will be the complexity of implementation. For smaller organizations, it shouldn't be an issue, but larger ones may find it challenging to follow Splunk Enterprise's best practices for implementation.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces