My hands on experience with Splunk ES
Updated December 16, 2025

My hands on experience with Splunk ES

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security

Between our warehouse systems, fleet tracking, logistics portals and cloud apps, there's a flood of data every second. Splunk ES is the connector that pulls all that into one view. The company handles freight for a couple of government clients. We are therefore required to prove that all access and data transfers are monitored. Splunk's audit dashboards make that less painful

Pros

  • The dashboards are super flexible. We've built custom ones for different teams with so much ease
  • Correlation search feature is superb
  • Risk based alerting

Cons

  • The more data you feed it the more maintenance it needs and the cycle never stops but storage costs keep spiking.
  • Data onboarding is harder than it needs to be. We are always forced to contract partners whenever we're bringing in a lot of logs
  • It saves the company millions by avoiding disruptions across logistics
  • My crew and I respond to threats so much faster with Splunk
It takes real effort to make it smooth. The interface is fine once you know your way around but it's not something a new guy can hop into and start using confidently. I guess the main reason for that is how much fine tuning it needs. We spent weeks customizing correlation searches and filtering false positives before it started working the way we needed.
We piloted Sentinel for one of our regional logistics hubs but it struggled to handle our volume on-prem iot and telematics data cleanly. Splunk on the other hand gave us more control than its competitors

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

No

Did implementation of Splunk Enterprise Security go as expected?

No

Would you buy Splunk Enterprise Security again?

Yes

Splunk is powerful, no doubt about that but it also demands way too much attention. I'd recommend it to teams that have a decent handle on their data flow. As for us, we're still struggling to get ahead of the data situation but Splunk's complex data ingestion gateway isn't making that any easier.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
8.4
Centralized event and log data collection
7
Correlation
9
Event and log normalization/management
9
Deployment flexibility
8
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
8
Log retention
7
Data integration/API management
8
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
8
Reporting and compliance management
9
Incident indexing/searching
8

Using Splunk Enterprise Security

ProsCons
Like to use
Well integrated
Consistent
Feel confident using
Requires technical support
Slow to learn
Lots to learn
  • Correlation search building and tuning. Once you get comfortable with SPL, stitching together signals is surprisingly fluid
  • The incident review dashboard is way better than Splunk's alternatives
  • Alert noise management. Splunk gives you a lot of knobs, throttling, suppression, risk scoring - but tuning them is more art than science

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security