Enterprise monitoring tool which is quite fast to find logs and create alerts
October 20, 2025

Enterprise monitoring tool which is quite fast to find logs and create alerts

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Software Version

Splunk Light (legacy)

Overall Satisfaction with Splunk Enterprise

We use Splunk Enterprise for event bus where teams communicate to each other via Pub/Sub. Its topic conventions are making it easier for us to use wildcard subscriptions, filter on specific events etc. Having exclusive and non-exclusive queues are also a nice separation to spread the load or helping to keep the order depending on which you choose.

Pros

  • Easy queue definitions and subscriptions
  • Delivery guarantee of events
  • UI is helpful to monitor things a bit

Cons

  • UI doesn't show stuck events/messages, would be nice to see them directly.
  • Permission management to the queues would be simpler and more granular
  • It simplifies and make onboarding easier in organizations with many teams
  • You spend less time with subscriptions to a specific path or wildcard, plus it is more readable
It has rooms for improvement for sure, that's why it is not 10. There were some cases we had to build things in front of Splunk Pub/Sub to guarantee and manage the state of messages ourselves.
However, it can be useful in organizations where it is a standard mechanism of sharing non-critical information.
Splunk Enterprise was already chosen by our organization to be used across teams. However, the reasoning I know behind is the ability to share events/messages across different message brokers and making onboarding easier to legacy teams by just simple configuration.

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Yes

Splunk is well suited if you want to be robust but not 100% correct. It is fast and convenient.
However if you like to pass messages including users payment details etc. I definitely suggest something else where you as consumer can decide what to do with messages. To me it is a bit weird that publishers can set whether a message can go to DLQ or not.

Splunk Enterprise Feature Ratings

Security Information and Event Management (SIEM)
6.9
Centralized event and log data collection
7
Correlation
6
Event and log normalization/management
8
Deployment flexibility
7
Integration with Identity and Access Management Tools
6
Custom dashboards and workspaces
6
Host and network-based intrusion detection
7
Log retention
8
Data integration/API management
8
Behavioral analytics and baselining
7
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
6
Reporting and compliance management
7
Incident indexing/searching
6

Using Splunk Enterprise

  • Keeping logs
  • Creating alerts on logs
  • Connectivity with Splunk Observability (formerly signalfx)
  • For quick logs, Splunk is the fastest search solution between our options
  • Observability features which are quite new and not very well integration yet with logs.

Evaluating Splunk Enterprise and Competitors

Not Sure
  • Scalability
  • Ease of Use
  • Other
Because it was fast in log searches compared to other monitoring tools we checked. Plus, it's search syntax gives you a lot of flexibility on searching on different properties, grouping things in logs etc.
I would probably consider metrics and traces alongside logs. Because their connection is the most important things when diving deep into a problem investigation. There are other factors to still consider of course, like speed, price, number of people using it etc.

Splunk Enterprise Implementation

  • Implemented in-house
  • Third-party professional services
  • Migrating many teams into the platform, there was no easy migration tool for teams using other observability tools.
  • Exposing logs from kubernetes as a standard was hard to implement

Splunk Enterprise Support

We didn't have much of a problem, the system was overall consistent. We only contacted for customized log parameters and labels which went okay and we got help quickly.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
Nope, because of costs.
When we had a request to be able to add customized labels into our logs.

Using Splunk Enterprise

ProsCons
Technical support not required
Well integrated
Consistent
Quick to learn
Convenient
Feel confident using
Familiar
None
  • Search speed
  • Search text syntax with large flexibility
  • Compatability with Splunk Observability
  • Price is high
  • Not having the same platform for metrics, traces and logs.

Comments

More Reviews of Splunk Enterprise

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Reviews
  4. User Review of Splunk Enterprise