Splunk Enterprise - Log collection & aggregation
February 29, 2020

Splunk Enterprise - Log collection & aggregation

Fraser Clark | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise

Splunk was initially purchased to be our replacement for our syslog server, but it has grown into much much more and this is because of how easy it is to get logs into Splunk and the flexibility of what can be done with those logs.
We are now using it as a security tool, ingesting logs from lots of different sources and even our cloud platforms.
Currently it is just our IT team that use Splunk.
  • Dashboards/visualisations.
  • Can ingest any type of data.
  • Flexibility with filtering, etc.
  • Steep learning curve.
  • Full stack reporting (though with SignalFX being purchased by Splunk, this is clearly a high priority).
  • Team needed to manage large installations.
  • Better security posture.
  • Single pane of glass monitoring.
  • Ability to alert on security events or errors.
We originally used Kiwi Syslog but this was not able to keep up with the level of logs that were being sent to it. Also Kiwi does not allow you to search through logs, create alerts, etc. or any of the other features Splunk has. It is purely just a web GUI for syslog.
If going through a reseller, their support can be very good and I have experienced this.
However, when dealing directly with Splunk for support it can be quite challenging. The support is okay, but has a lot of room for improvement. Sometimes tickets just get no response for weeks with multiple chases. It's very hard to speak to a member of the team that would actually work on your ticket, it's always just frontline who then just send it to the correct team.

Do you think Splunk Enterprise delivers good value for the price?


Are you happy with Splunk Enterprise's feature set?


Did Splunk Enterprise live up to sales and marketing promises?


Did implementation of Splunk Enterprise go as expected?


Would you buy Splunk Enterprise again?


Splunk is excellent in most situations where log collection and aggregation is needed. It can work as a small scale syslog server and be built on from that.
The obvious wall is the cost of the product and for that reason I would say smaller businesses would not be suited to this as there are free solutions that could bridge this gap.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection