Item: Splunk Enterprise
Rating: 9
Author: Verified User

Overall Satisfaction with Splunk Enterprise

Use Cases and Deployment Scope

Splunk Enterprise is our main tool for data analytics, observability and monitoring. Our company produces petabytes of data, so splunk provides an awesome tool to not only monitor the logs that are produced by our services bit also to create dashboards for monitoring and alerting. We regularly create alerts using splunk queries and use them to find out of there is something wrong with our products. It addresses the following business problems:Loss of revenue, by means of making sure we are not giving customers degraded experience. Data driven decision making: Allows business analysts to analyze splunk dashboards and make sure that they can do appropriate analysis and take appropriate decisions for revenue growth.

Pros and Cons

Pros

Configurable and sophisticated way of alerting on certain conditions observed via logs
Ability to create amazing dashboards to showcase current performance and allows us to monitor system health.
ability to do anomaly detection using AIOps and Machine learning to find out proactively if there is anything wrong with the system

Cons

Difficult to learn SPL (Search processing language) for newcomers to splunk. Should have made it easy to understand
Splunk is mainly log-centric, so to add stuff like distributed tracing we need to purchase premium applications (like Splunk APM)
Dashboard creation can be a bit messy experience for people that dont know how to do it fast. The drag-and-drop model seems outdated and UI can certainly do better in terms of usability.

Return on Investment

IT and Business Ops : Increased revenue by providing smart trends and leads to understand issues or opportunities for growth.
Improves time taken by DevOps and Engineers to diagnose and debug problems and bugs
Manual effort for auditing and compliance reporting reduced for security engineers by providing relavent alerts and dashboards.

Usability

I think this is a 5/10 because the query language SPL is having a bit of a learning curve. Hence people adept in this can easily and rapidly use this to come up with queries fast. But for newcomers or junior engineers this has a steep learning curve and can cause newcomers or juniors to take time while executing queries and without a senior engineer or Splunk admin/expert created dashboards they may feel lost.

Alternatives Considered

Datadog and Kibana

Splunk was better in terms of analyzing unstructured data. Also Splunk has had a very good and strong community and is also has a more tried and tested performance. I personally found the dash boarding capability of Splunk better than Datadog.

We also analyzed using Kibana. Although the UI of Kibana was a bit better I found that the SPL (Search processing language) was way too powerful and allowed us to perform investigation on unstructured data in a way better manner.

Key Insights

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Did Splunk Enterprise live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Yes

Other Software Used

AWS CloudFormation, AWS Elastic Beanstalk, Kubernetes, Grafana, Slack, GitHub

Likelihood to Recommend

I will give it 9. And its best suited for large organizations with high stakes and lot of data. Which precisely need near complex, real-time monitoring, and alerting. Especially in places where some errors, if left unattended can cause customer and revenue loss. It is useful where cost is secondary to having the capability of this sort of monitoring.

It may be less suitable for startups which dont have a lot of data, and are cost sensitive. It is also not very suitable if we dont have requirement for precision dashboarding and monitoring.

Splunk Enterprise Feature Ratings

Comments

Please log in to join the conversation

Splunk: The Good The Bad and The SPL

Software Version