Overall Satisfaction with Splunk Enterprise
Splunk Enterprise is the basis for our log correlation and analysis. We're using it primarily for IT Security, and occasionally to assist with operations was helpful. It is the basis of our SIEM, Splunk Enterprise security. We pull in events from a wide variety of data sources. The ability of Splunk to ingest and normalize just about any sort of data is one of its strongest points.
- Accepts data from a variety of sources
- Pre-built apps exist to help with bringing in data from many systems
- The event correlation is the basis for security use cases
- Splunk helps us to be aware of security events before they become issues
- Splunk helps us diagnose operational issues
We had an old version of QRadar before Splunk. It was difficult to customize and difficult to pull in our data sources. It wound up being neglected and not providing value for us as an institution. We have also looked into other things like AlienVault but in general, the customizability to pull in things like an Oracle audit trail or nonstandard multiline SSO logs have been much easier in Splunk, if in fact, it was possible on other platforms.
Do you think Splunk Enterprise delivers good value for the price?
Are you happy with Splunk Enterprise's feature set?
Did Splunk Enterprise live up to sales and marketing promises?
Did implementation of Splunk Enterprise go as expected?
Would you buy Splunk Enterprise again?
Splunk is well suited almost anywhere an Enterprise can afford it. It does require some technical chops to support an on-prem installation, but less so with a Cloud subscription. If it involves data there is a good chance that is possible with Splunk. In particular, it is a great base for Security use cases, especially for disparate and non-standard data sources.