Complete monitoring alerting and log search partner in RCA
January 09, 2026

Complete monitoring alerting and log search partner in RCA

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

Splunk Light (legacy)

Overall Satisfaction with Splunk Enterprise

In my organisation, we use Splunk for log monitoring, alerting and specific search in our application logs. For Us, We've set some alerts for error and exception msg for our application log so that we could get alerts for any issues and resolve those.Also while debugging the INCs, we use Splunk to search for specific error msg for our services. We are using Splunk at very broad level and almost we have Splunk setup for 480+ application services.

Pros

  • Alert notification
  • Msg search in application logs
  • Count of exceptions and error for application logs
  • Custom notification on specific indexes

Cons

  • Seriously it needs new UI
  • Better text highlights on search
  • Maybe done search suggestions using AI based on past searches
  • In Q3, 2025, at our org we have saved 180+ hours for RCA due to Splunk index search and log monitoring
  • We have set alert for Cassandra timeout which was occuring 10000+ time on an average weekly basis and we've worked to resolve this as it was causing issue with data commit/write in database and team was assuming very less data loss on a million data system
Because I use it it on almost daily basic for alerts, reporting and log searches and it does best for what it has been made. Sometimes lag Will be there but that's fine because we have huge data flowing in our microservices with kafka topics and it repo every incidents, provide all counts of specific exception and alerts on every indexes. That's pretty much enough to rate it best.

Do you think Splunk Enterprise delivers good value for the price?

Yes

Are you happy with Splunk Enterprise's feature set?

Yes

Did Splunk Enterprise live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise go as expected?

Yes

Would you buy Splunk Enterprise again?

Yes

If you have application where you want to setup alerts of specific error or exception message to get notified or your applications are more customer centric and any missing data is crucial, honestly you need Splunk to help you in debugging and identifying the root cause, u can setup multiple indexes and monitor all your services to ensure no data or msg are getting missed due to any exceptions or error and if it gets you will get it through Splunk and it will be helpful in RCA and fixing the issue. If you want just monitoring then AppD is sufficient, u don't need Splunk.

Splunk Enterprise Feature Ratings

Security Information and Event Management (SIEM)
9.3
Centralized event and log data collection
10
Correlation
8
Event and log normalization/management
10
Deployment flexibility
9
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
9
Log retention
10
Data integration/API management
9
Response orchestration and automation
9
Reporting and compliance management
9
Incident indexing/searching
10

Comments

More Reviews of Splunk Enterprise

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Reviews
  4. User Review of Splunk Enterprise