Just try Splunk once. You wouldn't have to find an alternative.
March 22, 2022

Just try Splunk once. You wouldn't have to find an alternative.

Vaishakh S | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security (ES)

Splunk has acted as a one-stop solution for all our cyber security requirements. We have extensively used Splunk for log analysis and monitoring. The best part has been the onboarding time required for the team. The ease of use has amazed the entire team. We developed a workflow for monitoring and identifying key issues from the logs that are generated. We initially set up Splunk on our premises which were easy thanks to the Splunk customer service team. Later our team set up an index to store the data, We also designed a listener to receive the data systematically. Later we installed Splunk universal forwarder. This specific tool has single-handedly acted as a backbone for the architecture. We set up a forward server to monitor and connected it with the forwarder. Later we developed a program to search and view the generated reports. Finally, the metrics were collected and could be viewed in the dashboard. Windows OS generates logs during its lifecycle. They will be collected; also we can monitor the event log channels and files which are forwarded by the in-Splunk cloud. Creating Dashboards and the use of panels in the Splunk applications gives a no-code experience. This architecture ensures high compliance, efficiency and also improves sales/ Marketing.
  • This allowed us to comply with the organizational and Global security policies and regulations. This also helps the companies auditing easier and the response to data breaches a lot easier. The filtering ability for the logs and the latency for search responses are amazing indeed.
  • The ability for third-party adapters support is phenomenal. There are plenty of configurable options for data and reporting. This also allows the integration of external endpoints.
  • As a company that generates TBs of data, Splunk's ability to handle large datasets surprises me.
  • The product is pretty much on the expensive side.
  • The User interface and experience could improve as these things matter a lot nowadays. The number of clicks required could be minimized.
  • The RAM consumption is very huge. Could optimize and improve.
  • Better compliance and ease of audits
  • Reduced training costs
  • Faster response time to security threats
Throughout the journey since we onboarded the product to our company, we have seen positive results. I have also commended the efficiency and scalability in which the product handles the amount of log data produced. As a data company, we have to monitor data at all levels. So far we have been happy with the reporting and the analysis done by Splunk.
  • Black Duck Software Composition Analysis (SCA)
We are actually both applications but for different use cases. The mix of both products works well for us. Black duck does certain things better, while Splunk is used for certain other use cases.

Do you think Splunk Enterprise Security (ES) delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security (ES)'s feature set?

Yes

Did Splunk Enterprise Security (ES) live up to sales and marketing promises?

Yes

Did implementation of Splunk Enterprise Security (ES) go as expected?

Yes

Would you buy Splunk Enterprise Security (ES) again?

Yes

Black Duck Software Composition Analysis (SCA), Azure AD Security Governance, Azure App Service
In our team, while we had set up the architecture for log analysis we had load balancers, ingresses, and Full TLS based deployment. The logs captured at ingress to server communications were not captured at all. The troubleshooting efforts required to solve this was too much. I think as the system architecture becomes complicated, the efforts in configuring Splunk become complicated too. This could be improved by providing use case-based documentation or more training materials.

Splunk Enterprise Security (ES) Feature Ratings

Centralized event and log data collection
9
Correlation
8
Event and log normalization/management
9
Deployment flexibility
9
Integration with Identity and Access Management Tools
8
Custom dashboards and workspaces
9
Host and network-based intrusion detection
8
Log retention
9
Data integration/API management
9
Behavioral analytics and baselining
9
Rules-based and algorithmic detection thresholds
9
Response orchestration and automation
10
Reporting and compliance management
9
Incident indexing/searching
9