Splunk Enterprise Platform serves as our SIEM solution from Splunk, which is a market leader. It is a SIEM solution for log management and correlations. We have multiple logs from most of our infrastructure tools and security products. We obtain these rules and logs through many protocols including syslog and API. We then normalize and correlate this data and create incidents based on the activity running on our infrastructure.
Splunk Enterprise
SplunkExternal reviews
459 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Easy to Use and Secure—A Great Fit for Our Team
What do you like best about the product?
good to use and security we use same software
What do you dislike about the product?
License is the issue for the splunk enterprise
What problems is the product solving and how is that benefiting you?
splunk help me to implement ES for the enterprise log
Splunk Enterprise Delivers Powerful Real-Time Search and Actionable Insights
What do you like best about the product?
Splunk Enterprise excels at real-time data indexing and search, allowing you to quickly correlate disparate logs into actionable insights using its powerful Search Processing Language (SPL).
Its versatile visualization tools and massive Splunkbase app ecosystem make it a top choice for centralized security monitoring and high-scale IT operations.
Its versatile visualization tools and massive Splunkbase app ecosystem make it a top choice for centralized security monitoring and high-scale IT operations.
What do you dislike about the product?
Splunk Enterprise is often criticized for its complex and expensive licensing based on data volume, which can become unpredictable as your infrastructure grows.
Users also find its Search Processing Language (SPL) has a steep learning curve, and the platform can be resource-intensive to maintain and scale.
Users also find its Search Processing Language (SPL) has a steep learning curve, and the platform can be resource-intensive to maintain and scale.
What problems is the product solving and how is that benefiting you?
Splunk Enterprise solves data fragmentation and visibility gaps by centralizing massive volumes of machine data into a single, searchable platform.
It benefits you by providing real-time security insights and operational monitoring, drastically reducing the time needed to detect and resolve critical system issues
It benefits you by providing real-time security insights and operational monitoring, drastically reducing the time needed to detect and resolve critical system issues
Splunk’s for SOC Operations
What do you like best about the product?
What I like most about Splunk is how well it integrates with many well-known products, along with its very clear, easy-to-use dashboards. On top of that, the search system is incredibly versatile and works especially well for SOC operations.
What do you dislike about the product?
The main downside of Splunk is that it’s still quite expensive compared to other vendors. As a service provider, I also find it difficult to position with clients, because the costs can climb quickly and the overall price becomes high.
What problems is the product solving and how is that benefiting you?
Splunk helps us address security issues for our clients. Its fast query capabilities and event correlation add an important layer to our security operations, making it easier to investigate and connect related activity when incidents come up.
Comprehensive correlation and automation have improved incident detection and reduced phishing
What is our primary use case?
What is most valuable?
I appreciate the API, the protocols, and the workflows as it functions as a SIEM solution. The main function is correlation.
The best features I value about Splunk Enterprise Platform include a great correlation rule that allows me to edit and generate alerts based on any event in an easy and fast way. I can accomplish this in a short period of time, and afterward, I can see incidents based on the correlation rule in a very professional and effective way.
I value the incident management and the correlations.
Splunk Enterprise Platform helps in detecting anomalies and preventing outages. The main core function for any SIEM is to have correlation. For example, if you receive user activity on a VPN logging in from Egypt, then after a while you receive logs from the firewall showing the same user logging in with a VPN from Ukraine, it is not logical that the user would move from Egypt to Ukraine in just five minutes. Splunk Enterprise Platform will create an incident and detect this as a credential compromise because we have a successful login from another location. This is the magic of correlation. We receive many events, we correlate these events, and then we can create an incident. After that, we have Splunk SOAR to take actions in an automation process to stop this incident without any management or any actions from the team.
The end-user experience is enhanced by the security product, as we have a return on investment on lower security incidents. After we implemented it with the SOC and Splunk SOAR, we can stop phishing and spam. The end-user experience will not see many phishing domains; they will be reduced. Security incidents will be reduced. Network performance will be very good after we implement it because we can detect who is scanning our network and creating a bottleneck on the network. We can stop and detect this with Splunk, whether it is SIEM from Splunk or SIEM with SOAR.
What needs improvement?
I use the machine learning toolkit with Splunk Enterprise Platform. The machine learning is very good on Splunk, but it sometimes makes searching for events become slow, so we have stopped using it. I think this needs improvement on Splunk.
The machine learning has room for improvement.
I think threat management needs improvement when compared to other vendors.
I compare Splunk Enterprise Platform with other solutions and vendors and see a very good point on pricing. We have Splunk at a very high cost, but I can say that other vendors working with mid-size customers can compete against Splunk. However, compared to Splunk, it is very expensive compared to other vendors. I think after the acquisition from Cisco, we can get discounts for licensing, and I believe Cisco will reconsider the pricing for Splunk Enterprise Platform.
I would prefer to see improved pricing for Splunk Enterprise Platform.
My thoughts on the pricing are that it is not cheap.
I have thoughts on the advanced threat detection, and I see that it is integrating with threat intelligence, and I believe this needs improvement.
For how long have I used the solution?
I have been using this solution for about two years. We have deployed many services from Splunk here in Egypt. Most of it is a SIEM solution from Splunk. We also have SOAR from Splunk, and we are running it on the largest bank here in Egypt. Most of the portfolio from Splunk that I have worked with was over approximately two years.
What do I think about the scalability of the solution?
Regarding scalability, Splunk Enterprise Platform, like any SIEM solution, provides scalability. Whenever we receive more logs, we can easily scale. I rate this aspect as a ten.
How are customer service and support?
I rate the technical support as very good.
How was the initial setup?
The deployment was not easy, nor was it complex. It requires a professional and certified engineer to deploy the product, as many SIEM solutions do. One cannot easily deploy a SIEM solution. You have to work on correlations and personalize the dashboard. There is a lot of configuration for any SIEM solution, not only Splunk Enterprise Platform.
What other advice do I have?
I would advise others looking to implement this product to totally recommend it. I recommend this both before and after the acquisition. I totally recommend acquiring Splunk Enterprise Platform portfolio, whether it is Splunk SOAR, Splunk Cloud, or Splunk Enterprise Platform. I rate this solution a ten overall.
Centralized, Reliable, and Easy to Use Daily
What do you like best about the product?
I love how fast and flexible Splunk is. The search and reporting tools make it really easy to dig through logs, spot issues, and monitor system performance. It integrates well with other tools we use, and honestly, we use it every single day.
What do you dislike about the product?
It can get expensive as your data grows, and some of the more advanced features take a while to learn. But once you get the hang of it, it’s extremely powerful.
What problems is the product solving and how is that benefiting you?
Before Splunk, finding the root cause of an issue could take hours. Now, everything’s centralized, so we can troubleshoot faster, catch problems before they escalate, and keep systems running smoothly. It’s become a critical part of our daily workflow
Essential, Feature-Rich SIEM Tool for IT Security
What do you like best about the product?
Easy to use SIEM tool with lots of features that is necessary in the IT security sector.
What do you dislike about the product?
Splunk has met all my requirements so far.
What problems is the product solving and how is that benefiting you?
Helps with detecting and identifying security events.
Outstanding Observability and Log Management Across All Platforms
What do you like best about the product?
Splunk Enterprise is an excellent end-to-end observability tool for log management, metrics, and traces, as well as for performing AIOps to manage IT infrastructure. It supports all major cloud platforms, including Azure, GCP, AWS, and VMware, along with legacy infrastructure hosting platforms such as Linux, on-premises VMware, and Hyper-V.
What do you dislike about the product?
Daily Log Data size cap is bit low for the Enteprise Organizations running thousands of workloads. Renewal costs are high. Need formal training to support and manage the Platform.
What problems is the product solving and how is that benefiting you?
Log management, E2E Observability Platform , URL monitoring, Digital User experience monitoring, SLO,SLA improvement. Root Cause Analysis during incidents.
Effortless Setup and Configuration
What do you like best about the product?
Easy of use and setting up configurations
What do you dislike about the product?
License cost is heavy and which required most of the storage and when dealing with large data, performance will be degraded
What problems is the product solving and how is that benefiting you?
Monitoring
Citizen programming facilitates efficient threat detection and enhances business logic
What is our primary use case?
I focus on threat detection against stock trading systems. I am in charge of five to seven stock trading companies' B2C systems for detecting threat attacks. Our customers include several stock trading companies, banks and and large mobile careers in Japan.
How has it helped my organization?
We built a threat detection system for our client company, one of the biggest security company in Japan, using Splunk Enterprise Platform. We started a new business on this platform to provide threat detection systems to stock trading system companies and banks, expanding our customer base.
What is most valuable?
One valuable feature of Splunk Enterprise Platform is citizen programming, which allows users to manage and compute huge stream-based datasets easily using SPL language. The second feature is its ability to perform matrix-like stream calculations concurrently, improving upon traditional SIEM tools. Finally, Splunk's Machine Learning Toolkit is offered without charge, allowing users to incorporate machine learning in their business logic, aiding in procedures like threat hunting.
What needs improvement?
Splunk could improve by enhancing its graphical view functionality. Compared to other BI tools, Splunk's graphic features are limited; part of customers desire detailed, rich visual effects, like world maps showing threat attacks as animations. Additionally, the deep learning capabilities need enhancing, especially on Splunk Cloud, where customers find it challenging to use deep learning tools without setting up backend computing resources.
For how long have I used the solution?
I have over 14 years of experience with Splunk Enterprise Platform, beginning my first evaluation in 2011.
What do I think about the stability of the solution?
I would rate the stability of Splunk Enterprise Platform as a seven. While it requires managing configuration files and processing scale-out operations manually, limiting its auto-scaling capabilities, it still performs adequately.
What do I think about the scalability of the solution?
I rate the scalability of Splunk Enterprise Platform as an eight. Some products can automatically scale, but Splunk Enterprise requires manual configuration changes to achieve scale, which is slightly outdated compared to modern technologies.
How are customer service and support?
I rate Splunk Japan's customer service as an eight. Although I generally provide support myself and do not often rely on Splunk support, this rating reflects general consultant feedback.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Elastic Search and Kibana, but switched to Splunk for ease of use and to define business entities such as branches, channels, and stock accounts.
How was the initial setup?
Standalone Installation was very easy. Designing and capacity planning for a distributed cluster environment was not easy.
What about the implementation team?
I am a Splunk consultant and implement customer solutions myself.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing of Splunk as nine out of ten. The pricing model is based on ingesting data sizes, not user count, and includes a free tier for up to 500 MB of daily data, differentiating it from user-based pricing BI-tools.
Which other solutions did I evaluate?
I evaluated ArcSight and Manage Engine and made our selection.
# After using Splunk for several years, I conducted further evaluations, but our selection remained unchanged.
# Datadog was ideal for bug traceback during APM operations.
# Exabeam was ideal for use case-centric threat detection.
What other advice do I have?
Overall, I rate Splunk Enterprise Platform ten out of ten. I am dissatisfied with Splunk’s graphics view and deep learning capabilities; they could be better, especially on Splunk Cloud. While I was able to enhance the platform using technologies like JavaScript, most of my clients struggle.However, it will be sufficient for the next few years with it's strong Machine Learning capability.
Also, it would be preferable for Splunk SOAR to include sequential Splunk task execution and MCP/A2A support features.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Splunk is great tool for the Security Incident monitoring and Investigation
What do you like best about the product?
It provides real-time insights and monitoring, which is crucial for identifying and addressing issues promptly. The search processing language (SPL) is powerful and flexible, allowing users to perform complex queries and analyses. Splunk is very user friendly, easy to implement and integrate.
What do you dislike about the product?
Cost is the one thing that i will keep under dislike but they have mow come up with diffrent licensing model that is competing with others.
What problems is the product solving and how is that benefiting you?
Splunk is effectively helping you monitor data from various log sources and conduct security incident investigations.
showing 1 - 10