The Power of Splunk Enterprise.
Updated March 25, 2024
The Power of Splunk Enterprise.
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk Enterprise Security (ES)
We use Splunk Enterprise in our Organization to achieve the following. Consolidate logs from all sources in one place. Create Custom Correlation alerts to paint the bigger picture effectively. Create Sophisticated Dashboards and reports using multiple data sources for better and non-redundant visualization. Create some basic automation like CSV updates. Perform Threat Hunting to discover unknown threats. Manage Incidents in one place and track Analyst Performance.
- Writes Powerful Queries: The queries that can be written using the Splunk Query Language are very powerful and highly customizable to meet every need. Ex: Writing queries to search the intersection of two different sources like Network and Endpoint Logs.
- Offers Dashboard Abilities: Helps build complex panels for Dashboards in addition to providing several out-of-the-box panels. Ex: creating panels to calculate the performance of analysts in a given timezone.
- Helpful Search Aids: It helps to set up complex custom alerts very easily. The interesting fields section is very helpful while threat hunting. Ex: It shows all the users and the frequency of each in a failed login event. The user list on the interesting fields is useful to look for suspicious logins.
- Dashboard Builder: It needs more out-of-the-box panels for beginners to learn.
- Autofill: The query autofill isn't that great. It needs better suggestions for beginners especially.
- Speed: The speed of the search isn't that great. It can be improved. For some queries, it takes too long.
- Error handler: The error messages in the case of wrong syntax can be more descriptive. The messages are sometimes vague and are not helpful.
- There are fewer licenses on other tools as the logs are forwarded to Splunk. That saves money.
- Instead of hiring experts in different tools, hiring engineers with Splunk experience did the job quite handsomely.
- It helps create reports on performance. This saved money on other report tools like Tableau.
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and quite frankly lot faster than Splunk. However, I prefer Splunk because of its better Dashboards and panel customization abilities. Elastic is another amazing tool. It is hard to choose between the two especially because both have different sets of logs on them. I use both. Elastic for internal server logs, Splunk for everything else.
Do you think Splunk Enterprise Security (ES) delivers good value for the price?
Yes
Are you happy with Splunk Enterprise Security (ES)'s feature set?
Yes
Did Splunk Enterprise Security (ES) live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk Enterprise Security (ES) go as expected?
I wasn't involved with the implementation phase
Would you buy Splunk Enterprise Security (ES) again?
Yes