Splunk ES Review
Updated December 09, 2025

Splunk ES Review

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Enterprise Security

We use Splunk ES to monitor security-relevant events, create notables for our Analysts to review, and overall improve our organization's security and security hygiene. Splunk ES is a service we offer to our clients as an MSSP and SOC-as-a-service, giving potential customers another great option to use for their own organization.

Pros

  • Breakdown event logs into easy-to-search fields
  • Provide relevant trends and metrics for events
  • Develop dashboards and notables to track security-relevant details

Cons

  • Ease-of-use for new users
  • Better options to export events/notables
  • More streamlined UI
  • Faster MTTR
  • Training ended up being costly, but over projected to be high ROI over time
  • Dashboards provide better context for our executives
If it wasn't for the steep learning curve required to use the product, I would give it a higher rating. The potential is near limitless but it definitely requires training, practice, and prior knowledge of what you want to look for or do within the application.
  • AlienVault USM
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.

Do you think Splunk Enterprise Security delivers good value for the price?

Yes

Are you happy with Splunk Enterprise Security's feature set?

Yes

Did Splunk Enterprise Security live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk Enterprise Security go as expected?

I wasn't involved with the implementation phase

Would you buy Splunk Enterprise Security again?

Yes

It has nearly limitless potential for security uses, but the learning curve is very steep. Our analysts have had to go through extensive training and practice to fully utilize Splunk ES.

Splunk Enterprise Security Feature Ratings

Security Information and Event Management (SIEM)
8.0
Centralized event and log data collection
9
Correlation
9
Event and log normalization/management
9
Deployment flexibility
6
Integration with Identity and Access Management Tools
6
Custom dashboards and workspaces
9
Host and network-based intrusion detection
8
Log retention
10
Data integration/API management
6
Behavioral analytics and baselining
6
Rules-based and algorithmic detection thresholds
6
Response orchestration and automation
9
Reporting and compliance management
9
Incident indexing/searching
10

Splunk Enterprise Security Reliability

It is very easy to connect data sources and manipulate data sets of any size
I don't think I've ever seen Splunk ES go fully offline or have any downtime greater than a few minutes on rare occasions.
I think it's a bit more dependent on organizational structure, but unfortunately in our use case the reports and dashboards can takes a very long time to load.

Comments

More Reviews of Splunk Enterprise Security

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Splunk Enterprise Security Reviews
  4. User Review of Splunk Enterprise Security