Splunk Enterprise Review
June 16, 2025

Splunk Enterprise Review

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Software Version

Splunk Light (legacy)

Overall Satisfaction with Splunk Enterprise

We send the logs for most of our devices to Splunk, so that's going to be routers, switches, firewalls, f5, and they are collected in Splunk. And whenever there's any sort of outage, we're investigating an issue or troubleshooting a problem, we utilize Splunk to combine all of our efforts and see if we can identify what the problem is using the Splunk logging. So it's quite helpful in that regard.

Pros

  • One thing that Splunk does particularly well is that it gives an excellent view of historical data. So let's say that we identify an issue that happens earlier in the morning, but we suspect that this may be a recurrence of that problem and we can specifically bring in, because we can look at a huge amount of historical data from multiple points of views, we can basically graph out any possible instance of that problem happening in the past. As long as we have that data.

Cons

  • One area of improvement I would say is that there are some situations where the logs are missing from our devices where it gets forwarded to Splunk, but there's a problem with the forwarders and some indications where it's not functioning as we have expected to, would definitely be an improvement.
  • It's had quite positive impacts. It's allowed us to create more effective monitoring and respond quickly to when issues happen. So whenever there's an impactful event, we get on a large call with multiple teams and one of the first things that we do is we check Splunk logs, we check our dashboards in Splunk and that enables us to quickly identify what the problem is and create a solution for it.

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Yes

It would be best suited for a situation where you need to identify, for example, if you're looking for traffic that is being blocked by your firewall or your proxy and you need to look for all of that in one place without having to go to that firewall or to that proxy, you can just look for it there and identify it by the specific action that the platform is taking. One situation where it wouldn't be suited for that, I would say perhaps a case with possibly hardware logs, but I haven't encountered a case where Splunk isn't suited for it, so I'd probably have to think on that.

Splunk Enterprise Feature Ratings

Security Information and Event Management (SIEM)
Not Rated
Centralized event and log data collection
Not Rated
Correlation
Not Rated
Event and log normalization/management
Not Rated
Deployment flexibility
Not Rated
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Not Rated
Host and network-based intrusion detection
Not Rated
Log retention
Not Rated
Data integration/API management
Not Rated
Behavioral analytics and baselining
Not Rated
Rules-based and algorithmic detection thresholds
Not Rated
Response orchestration and automation
Not Rated
Reporting and compliance management
Not Rated
Incident indexing/searching
Not Rated

Comments

More Reviews of Splunk Enterprise

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Reviews
  4. User Review of Splunk Enterprise