Splunk Enterprise You are awesome
October 23, 2025

Splunk Enterprise You are awesome

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

Splunk Light (legacy)

Overall Satisfaction with Splunk Enterprise

Splunk Enterprise is used for overall machine log collection, transform the data for better analysis and then use them for various analytical capabilities like dashboarding, monitoring, alerting and reporting.
Data is collected from various sources and is transformed to get a overall operational visibility and quantify key metrices like availability, latency, throughput and identify patterns in application, infrastructure and network logs. The overall visibility helps us to easily identify common issues, proactively capture points of failures, identify network attacks and resolve issues quickly to improve customer satisfaction. It also gives us a chance to improve our services by identifying areas which can be optimized by refactoring code, updating configs or move to better underlying technologies.

Pros

  • Collection of logs from multiple sources like cloud, network, applications in different formats and aggregating to get a clear business picture.
  • Splunk Enterprise design is intuitive and seems to be developed by a multidisciplinary team which makes it easier to read logs in their raw format, extract new fields, develop dashboards and alerts. Autoextracted fields, dashboard sharing, simple alert design are some of examples which are very well thought and designed.
  • Splunk Enterprise is fast, even though it handles loads of data , the parsing and indexing done at core level helps us to quickly sift through data , this makes it critical in troubleshooting and fixing issues on priority.
  • We have apps for specific use cases like networking, threat detection, machine learning, NLP . Splunk Enterprise also allows to create customized apps to cater to team or organization specific use case. These can also be used to limit which users can access the data in the respective apps

Cons

  • Splunk Enterprise remains high cost tool specially if the amount of data ingested is huge.
  • Built in AI capabilities should be improved
  • Takes some time to learn SPL, Splunk Enterprise own language for queries. However once mastered make the overall usage very easy.
  • Its a terrific tool to improve operational excellence, issue identification and troubleshooting is so easier the team can quickly fix production issues
  • Splunk Enterprise offers scalability which offers high uptime. In my last 5-6 years of Splunk Enterprise usage i never found Splunk Enterprise crashing due to workload.
  • Learning curve is steep, Splunk Enterprise can invest in their own code assist features to develop queries as per use case
Splunk Enterprise makes the life easier for operational team including devops, SRE where team can spend more time on solving problems rather then sifting through logs to find the problem or aggregate the metrices. Even in the log pane it provide key statistics on data which give a start to investigate in a direction rather then aggregating all fields or suspected fields to identify the issue scenario.
Splunk Enterprise is a very seasoned software , while other comparable software keep on adding new features and keep evolving, Splunk Enterprise has reached a state where new user onboarded doesnt have to request any basic feature or develop modules to simple tasks. Log parsing in other tools has to be done explicitly with several lines of code while in Splunk Enterprise it happens easily. Dashboards are easily shared and edited. It also has strong security compliance which is a must for enterprise grade solutions.

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Yes

Splunk Enterprise is a goto tool for anyone working with multiple sources of machine data. I really like how logs are pre-parsed to highlight all required fields and more can be extracted if required. We dont have to write complex code to extract json or xml data which is a real pain area in some of the similar softwares. Dashboards can be scheduled on email to stakeholders as daily reports and can also be exported and imported as XML.
We can also create macros which are small code blocks which can be resused at multiple places.

Splunk Enterprise Feature Ratings

Security Information and Event Management (SIEM)
9.4
Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
9
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9
Log retention
9
Data integration/API management
9
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
8
Reporting and compliance management
10
Incident indexing/searching
9

Comments

More Reviews of Splunk Enterprise

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Reviews
  4. User Review of Splunk Enterprise