Splunk it!
April 10, 2018

Splunk it!

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Software Version

Splunk Light (legacy)

Overall Satisfaction with Splunk Enterprise

We have used splunk light in the past for log analysis of Cisco routers, firewalls and switches to determine path issues. This was mainly used within the network infrastructure group. The alerting was the main benefit when trying to determine intruder detection and the path the intruder was trying to take.

Pros

  • Though it was a little hard at first, creating the dashboards from the raw data became the big benefit.
  • Setup of alerts was, again a little confusing but over time with the real time alert became useful.
  • The building of dashboards for the security team for tracking intruders.

Cons

  • The big one is writing the dashboards based off the raw data.
  • The intrusion detection with the real-time alert has been a huge positive impact.
  • Log search has helped us in tracking certain internal issues.
  • Dashboards for quick glance to show the upper management has saved us time on explaining where more protection is needed.
Splunk's graphical interfaces or dashboards was the big reason for using it for log analysis. All the products are able to trap logs but each has a limited mechanism for correlating the logs into a usable interface for analyzing. This is where splunk prospers. Splunk's main function is the correlation of logs where the others are built to do a lot more.
The path detection was very useful when an intruder tried to break in our firewalls. Being PCI compliant, a breach within our PCI environment would be dangerous to our customers as well as our day to day business. The real time alert allowed us to monitor and prevent intrusion on the fly.

Splunk Enterprise Feature Ratings

Centralized event and log data collection
9
Correlation
8
Event and log normalization/management
8
Deployment flexibility
6
Integration with Identity and Access Management Tools
6
Custom dashboards and workspaces
8
Host and network-based intrusion detection
8

Comments

More Reviews of Splunk Enterprise