My usual use cases for Splunk Enterprise Platform involve all NOC and SOC activities, where SOC-related alerts will be aggregated with NOC-related alerts, allowing for correlation between them, including use cases such as abnormal travel and anomaly detection, all of which are detected by Splunk Enterprise Platform.

For instance, if there is a DDoS attack indicated by an anomaly in the traffic when WAF is integrated, an alert is generated in Splunk Enterprise Platform, which our L1 and L2 teams will then visualize and remediate based on the alert.

I do not use Splunk Enterprise Platform's Machine Learning Toolkit directly, but my team utilizes it.

Splunk Enterprise Platform's Machine Learning Toolkit has helped us with predictive analytics in our organization significantly, as it automates the anomaly detection that previously required our L1 and L2 teams to spend three to four hours on.

It immediately triggers alerts upon detecting patterns such as WAF spikes or suspicious login behavior, allowing our L1 to avoid manual analysis and triaging. The predictive analysis reduces false positives, enabling our analysts to close tickets swiftly—previously taking two to three days, and now they close them before breaching the SLA due to effective pattern discovery and outlier detection.

Splunk Enterprise Platform's Machine Learning Toolkit is efficient in detecting abnormal login attempts and brute force attacks, effectively aiding our proactive defense planning through advanced analytics and anomaly detection.

Splunk Enterprise Platform's most valuable features include its integration with AI, as Cisco, which has taken Splunk Enterprise Platform recently, is building up AI functionalities, enhancing remediation capabilities and the orchestration part in the market. Additionally, Splunk Enterprise Platform shows the correct logs at the correct time, and inventory management is very good.

I assess the effectiveness of Splunk Enterprise Platform in detecting anomalies and preventing system outages as very strong; for over two to three decades, it has provided centralized log visibility, real-time monitoring, and analytics correlation, which is robust for threat detection and incident investigation.

Splunk Enterprise Platform's machine learning capability of the toolkit predicts trends and reduces many false positives, making Splunk Enterprise Platform an essential tool for both SOC and network operations, where it effectively detects anomalies that other SIEM tools cannot.

Splunk Enterprise Platform's personalized dashboards are superb, as I have been experimenting with them extensively, and new features have enhanced their quality, making them particularly effective for presentations to leadership, including direct engagement with the CISO.

In terms of improvement for Splunk Enterprise Platform, as more companies embrace AI, adding more AI automations is crucial and could parallel what competitors such as Xplain are doing. Managing duplicate alerts efficiently can optimize costs, as the current license-based data ingestion can quickly escalate if duplicate data is fed.

Better filtering of unnecessary log sources could greatly interest clients by demonstrating cost efficiency. From an architectural standpoint, data onboarding, normalization, performance, and scalability improvements would be beneficial, particularly in optimizing search speed and query execution to handle larger searches efficiently.

I have been working with Splunk Enterprise Platform for the last 10 years as a Splunk certified power user and advanced user, and along with Splunk Enterprise Platform, I am using Palo Alto's Cortex XSOAR and Azure Sentinel continuously for over 10 and 12 or more years.

I evaluate the stability and reliability of Splunk Enterprise Platform as very high; we utilize it for both SOC and NOC operations, and our L1 and L2 teams get real-time alerts and query the SPL effectively without delays that other SIEM solutions may impose.

Splunk Enterprise Platform is scalable; we have already adapted it from SOC to NOC operations while maintaining good indexing practices that prevent overload and ensure clear searches, maximizing performance in large SPL queries.

My L1 team regularly communicates with Splunk Enterprise Platform's technical support, which is very helpful.

I would rate the technical support from Splunk Enterprise Platform around eight on a scale from one to ten, where one would be the worst and ten would be the best.

Before using Splunk Enterprise Platform, I utilized Azure Sentinel in my previous company at Deloitte, prior to leaving.

Although I did not participate in the initial setup, I provided mentoring for the team under me who managed the implementation because I have spent 14 years in the industry, which included hands-on implementations earlier in my career.

Splunk Enterprise Platform's implementation is very straightforward; I do not feel there is a significant difference from the implementation point of view, as everything is clearly documented by Splunk Enterprise Platform.

We are a customer of Splunk Enterprise Platform, currently at Aramex, and we bought a vendor from Capgemini who has actually implemented Splunk Enterprise Platform for us, so we are not directly linked with Splunk Enterprise Platform but rely on our vendor to use Splunk Enterprise Platform for us.

Splunk Enterprise Platform's dashboards significantly improve data interpretation, providing immediate real-time visibility on top trending alerts and live data without needing to run queries repeatedly. They aggregate metrics and highlight trends such as threat overviews and MITRE ATT&CK mapping, which reduces the workload for our L1 and L2 teams.

Pre-built alerts for anomalies in login attempts, failed attempts, or geolocation mapping are very visible in Splunk Enterprise Platform's dashboard, which plays a critical role in providing real-time visibility into security events and network activities.

Splunk Enterprise Platform's application management feature enhances end-user experiences by providing organized dashboards that monitor application usage and configurations, facilitating faster detection and query execution. It logs metrics into applications that reveal usage patterns, anomaly detections, and attack occurrences, while also ensuring proper governance and versioning of applications.

I consider Splunk Enterprise Platform an expensive tool because budget constraints from license-based data ingestion costs are significant. Costs can escalate rapidly when duplicate data is processed, which Splunk Enterprise Platform can identify to help clients save directly on unnecessary spending.

I leverage Splunk Enterprise Platform for advanced threat detection, which is critical for our SOC operations. Threat intelligence and detection are vital, especially since Cisco's acquisition of Splunk Enterprise Platform has integrated Talos into it, enhancing our ability to monitor for IP reputation and potential attacks, while also keeping an eye on advisories regarding application vulnerabilities. I would rate this product overall at a nine out of ten.

Ingesting massive amounts of machine-generated data and running real-time searches to identify patterns, anomalies, or threats related to specific security issues was how I used Splunk Enterprise Platform for detection and investigation. The most significant aspect, if I must prioritize, is the data ingestion capability. Splunk Enterprise Platform usually collects authentication logs from various sources such as Windows event logs and SSH, which relates to Linux logs, and some web application-based logs as well. Apart from that, I use it for detection logic. The main search I use is Search Processing Language, based upon the queries I provide related to the machines I monitor.

Mostly for brute-force detection, I use it for monitoring multiple failed login attempts from a single source or multiple IP sources followed by a successful login, which often indicates a compromised account. I also use it for lateral movement and privilege escalations. For privilege escalations, it involves detecting when a normal user is added to a high-privilege group, such as Domain Admins. Additionally, I have capabilities related to IT operations, which involve web traffic analysis, mostly identifying slow-loading web pages or sudden spikes, errors such as 404 or 403 Forbidden, or even 500 errors.

When a specific condition is met, such as any brute-force attack happening, it is easy to investigate the alert, particularly in Splunk Enterprise Platform. Integration is a notable aspect of the features in Splunk Enterprise Platform.

Before using Splunk Enterprise Platform, I used LogRhythm, but after initiating Splunk Enterprise Platform, I noticed several positive impacts in my organization.

I still work with Splunk Enterprise. I want to clarify that I am only working with Splunk Enterprise, not with Splunk AppDynamics, Splunk Cloud Platform, or Splunk Enterprise Platform. I am solely focused on Splunk Enterprise for my current work.

I have been working with this platform for almost the last five years, even more than that. Overall, it has been around 17 years that I have been working in IT and with software in general, not only Splunk but other software as well. That was really good. The primary use for us was anomaly detection and system outage prevention, and Splunk was definitely helpful to us in those areas. The personalized dashboards in Splunk have helped me significantly with my overall workflow.

We are using Splunk Enterprise Platform for advanced threat detection. The Splunk feeds go through different systems for SIEM audits, and we utilize them from there. Overall, Splunk Enterprise Platform impacts my organization positively, and I can see the benefit from using the product.

For improvement, I do see a lot of issues with Splunk support, particularly with response times. When there is an issue, finding the root cause is taking too long. The system shows some error infrastructure-wise, but that error is not directly linked with the problems. There are some delays with the response time from their technical support, and I am not very satisfied with their work in this regard.

I have been working with this platform for almost the last five years, even more than that.

There was no complexity with implementation. It was straightforward for me and my team, with no complexities involved.

I do not see any challenges with scalability right now. Integration with third-party tools is quite easy, and I have not noticed any difficulties in this area.

Regarding the technical support of Splunk, there are some delays with the response time, and I am not very satisfied with their work in this regard.

Before Splunk, I worked with Dynatrace and AppDynamics. Splunk is the one directly used for log analytics and anomaly detection. I have not worked with any competitors such as Datadog.

We were moved from AppDynamics to Dynatrace. We used AppDynamics more for transaction tracing. From there, we were strategically moved into Dynatrace. For the entire log monitoring, we still recommend Splunk Enterprise Platform. We still use Dynatrace for the other transaction trace and other services. The reason for switching from AppDynamics to Splunk Enterprise Platform was that we needed a dedicated solution specifically for log monitoring and anomaly detection.

I cannot say directly about cost reduction, but it is returning on our platform in terms of detections. In terms of finance, I do benefit from Splunk Enterprise Platform, and it provides a return on investment.

Right now, the Enterprise version is reasonable. When we go for Splunk Cloud or something similar, we recently had negotiations, and that is acceptable. When it comes to Enterprise, it is definitely reasonable in terms of pricing.

We are not using Splunk's Machine Learning Toolkit directly, but the Splunk feeds are still going back to the originating machine learning systems.

I am working with Splunk Enterprise Platform, and I have worked with Enterprise and ITSI, both. Sometimes I have worked with ES also, Enterprise Security.

I use Splunk Enterprise Platform mostly for log monitoring. In our company and our projects, we are monitoring for log monitoring, we are using Splunk. After that, we have created some dashboards according to our requirement and alerts and reports. Sometimes for historical data, we have created summary indexing. We are managing our Splunk Enterprise Platform infrastructure like search head, indexers, deployment server, and license master. We have 1,000, you could say 10,000+ UF. Some of them we are using with apps like Splunk DB Connect. For Kafka, we are using different add-ons for sending our data to Splunk Enterprise Platform from different log paths and log sources. That is the main use for Splunk Enterprise Platform. Mostly we are using it for log monitoring.

When I talk about Splunk Enterprise Platform, I can say that Splunk Enterprise Platform is, whatever the tool I have worked from my last eight, nine years of experience in my overall corporate journey, a very powerful tool where I can customize everything as per my requirement. There is no hesitation and there is no limitation for my customization. Whatever I want, I can do that from Splunk Enterprise Platform. If I am talking about tools other than Splunk Enterprise Platform, they are not very vast, or not good enough to customize. Here I can customize. If I need to customize from backend side, I can do whatever using Python, Java. If I want to create some things, that is a different thing. In every project, the requirements differ. If I need JavaScript in my platform, in my dashboard, where I want to customize and play with the dashboard according to my requirement, I can use JavaScript. I send the data, I can use Python script to send the data to Splunk Enterprise Platform. There are very different things. Mostly the SPL, which I am using, has already covered most of the things. But for what is not covered, I can use some different things also.

In my opinion, the effectiveness of Splunk Enterprise Platform in detecting anomalies for preventing system outages is very good. It is improving day by day.

When I talk about the personalization dashboard in Splunk Enterprise Platform, I can easily customize my dashboard.

Even if people do not know about Splunk Enterprise Platform, they want to create the dashboard, they can just drag and drop. They can add a widget and choose some visualization like a bar chart. If they do not know about the XML or the backend of their dashboards, they can still do it from the UI only.

The Application Management feature in Splunk Enterprise Platform may help enhance the end-user experience, but I need to check that.

Advanced threat detection in Splunk Enterprise Platform is very good enough to detect anomalies and detect vulnerabilities. Splunk Enterprise Platform has a different product called Splunk ES, which is a very good product in cybersecurity. I can easily detect some problems, and it automatically sends alerts. The anomaly detection is very good for live production data. Whenever an anomaly comes in an application, it automatically resolves and just gives the notification. It creates incidents or whatever is needed, where I can integrate with different tools like PagerDuty, Moogsoft, or even send my data into Slack if I am not using ServiceNow.

For a potential area of improvement in Splunk Enterprise Platform, I can say to try to make it easy for the user and user-friendly.

Simplifying the UI would help, because not everybody has it in their knowledge. If you want to sell your product, you will go with the company CIO, Chief Information Technology Officer. I do not think he will be working on that project; he will be working on your tool. Their resources, their employees will be working on Splunk Enterprise Platform. If you will show them the UI where they can understand, even if they do not know about any coding, they can just play, drop, and drag. If you satisfy them, then anyone will work on their tool in their company. I just want to give you the business perspective, because if you talk to any CIO, they are looking first at the UI part. They will not look into the coding part; they will just check the UI. If the UI is user-friendly, it will attract every person.

There is very much improvement needed from Splunk vendor support side because they need to check what people are raising in the requests. They do not understand the concerns people are raising. I do not think Splunk is working on their application support, I believe they hire third-party people who do not know as much about Splunk Enterprise Platform.

Regarding deep knowledge of the product, I am talking about the technical aspects. If anyone says something is not working, it seems many cases I have raised where they do not reply to my request adequately. That is why I say there is a requirement for improvement.

I have been working with Splunk Enterprise Platform for the last six years.

From one to ten, I would rate the stability for Splunk Enterprise Platform as a nine.

I would rate the scalability as an eight.

For technical support from Splunk, I can say it is a two only.

The setup process for Splunk Enterprise Platform is very simple.

In my opinion, the main competitors for Splunk Enterprise Platform in the Enterprise Platform market are Dynatrace and DataDog. Recently, at a Dynatrace conference, they mentioned their goal to beat Splunk Enterprise Platform in the future.

DataDog is also relevant. For open-source options, ELK is available for those who need a more budget-friendly solution since Splunk Enterprise Platform is not open source and is quite costly.

I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us.

I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR.

I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that.

The ability to manage applications through Splunk Enterprise Platform is something I need to check.

I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM, where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it.

Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage.

This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL.

I purchased Splunk Enterprise Platform directly from the vendor.

I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.