Our Outcomes from Using Splunk ES
October 21, 2025

Our Outcomes from Using Splunk ES

Cole Ballen | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security

We use it to monitor and correlate data across more than 20 client environments, each with different infrastructures and compliance needs. The main challenge it addresses is visibility. Previously, our SOC relied on separate SIEM tools for certain customers, which meant fragmented investigations and duplicated alerts. Now Splunk ES centralizes all that.

Pros

  • Instead of reviewing thousands of low level alerts, I can prioritize risks based on the entity's risk score on the risk based alerts dashboard
  • The adaptive response framework allows me to link alerts directly to our SOAR playbooks in phantom. This way I can automate triage steps that traditionally took hours.

Cons

  • Creating complex custom correlation searches sometimes feels more complicated than it should. You need deep SPL experience to build anything beyond basic logic.
  • By consolidating 3 legacy SIEM tools into Splunk ES, we reduced licensing and infrastructure costs by about 30 percent annually.
  • We are able to have retention rates much higher than the industry average, since Splunk is ridiculously reliable
Ofc its not a tool that feels simple out of the box, but for seasoned engineers like myself, once properly configured, the flow is super intuitive. It took me months but I understood its structure, that's been real power right there ever since.
In our tests, Sentinel came really close. It was even easier to deploy for cloud native environments. However, once we started integrating OT logs and custom threat intel feeds, the performance and correlation didn't scale as efficiently.

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security go as expected?

No

Would you buy Splunk Enterprise Security again?

Yes

F5 BIG-IP Advanced Firewall Manager (AFM)
Splunk is an incredibly capable platform especially for large scale multitenant environments like hours. But it does demand a lot of engineering effort to get it right.
Splunk thrives in environs that already have mature log pipelines and dedicated teams to maintain them. Its power lies in its flexibility. However, if your data sources are unstructured or inconsistent, you'll constantly write and rewrite custom regex transformations - at an unjustifiable cost effort wise.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
8.5
Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
10
Integration with Identity and Access Management Tools
7
Custom dashboards and workspaces
8
Host and network-based intrusion detection
8
Log retention
8
Data integration/API management
8
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
8
Reporting and compliance management
7
Incident indexing/searching
8

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security