TrustRadius: an HG Insights company

Splunk Enterprise

Score8.5 out of 10

476 Reviews and Ratings

Get a Demo

What is Splunk Enterprise?

Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Splunk Enterprise has to offer, as determined by TrustRadius' reviewers.
Based on 476 ratings of Splunk Enterprise's features
View all features

Top Performing Features

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.5

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 9

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

Areas for Improvement

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 7.9

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.5

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 7.4

Reviews

What users are saying about Splunk Enterprise.
View all reviews

Splunk Enterprise Review

Incentivized
Nitin Umbardand
Director Cybersecurity Business in Information Technology at Benelec Infotech Pvt Ltd (51-200 employees employees)

Use Cases and Deployment Scope

Splunk technology is used for business and web analytics, application management, compliance, and security. It correlates, captures, and indexes real-time data, from which it creates alerts, dashboards, graphs, reports, and visualizations.

Pros

  • robust log management and aggregation capabilities, efficiently handling and retaining logs for extended periods.
  • It is a power full tool to help tracing calls, using filters and customizable indexes.
  • It enables organizations to build artificial intelligence (AI) into their data strategies and gain operational intelligence from their machine data.

Cons

  • Deploying Splunk can become expensive when managing large volumes of data.
  • The tool’s dashboards are not as reliable as other tools such as Tableau.
  • The cost associated with Splunk Enterprise Security is high, and many users express concerns about the licensing model and overall expenses.

Return on Investment

  • it offers flexible and scalable data ingestion, supporting diverse data sources and formats, enhancing the organization's data analysis capabilities.
  • cost associated with Splunk Enterprise Security is high, the licensing model and overall expenses.
  • Platform agnostic tracking and monitoring of systems
  • Developers can quickly get up and running on Splunk without requiring large-scale development or major spending on hardware. This provides a great return on investment (ROI) and a rapid time-to-value return.

Usability

Alternatives Considered

IBM Security QRadar SIEM, Gurucul SIEM and Securonix Next-Generation SIEM

Other Software Used

SentinelOne Singularity, Infoblox DDI (BloxOne)

Splunk Enterprise

Incentivized
Verified User
Engineer in Engineering (10,001+ employees employees)

Use Cases and Deployment Scope

Splunk Engerprise is used to collect various security logs but for our organization we usually send account login information to Splunk Enterprise to gather analytics of how many people logged in, unsuccessful logins, and also account logouts. Daily reports are generated and are presented at our daily team meetings for management.

Pros

  • Splunk Enterprise is able to store large amounts of logs
  • Splunk Enterprise able to search efficiently through it's log database
  • Splunk Enterprise is able to create reports of user lockouts

Cons

  • Splunk Enterprise does not integrate well will all vendors
  • Splunk Enterprise's virtual machine option has log limitations
  • Splunk Enterprise could offer better connectivity with the cloud

Return on Investment

  • Splunk Enterprise can generate a user lockout report of thousands
  • Splunk Enterprise can correlate account lockouts with password spray attacks
  • Splunk Enterprise can detect compromise in an account

Usability

Alternatives Considered

IBM Security QRadar EDR, Cisco Firepower 4100 Series, Palo Alto Panorama and Cisco Secure Firewall Management Center

Other Software Used

Cisco Secure Firewall Management Center, Palo Alto Panorama, Forescout Platform

Splunk Enterprise You are awesome

Incentivized
Verified User
Manager in Information Technology (1001-5000 employees employees)

Use Cases and Deployment Scope

Splunk Enterprise is used for overall machine log collection, transform the data for better analysis and then use them for various analytical capabilities like dashboarding, monitoring, alerting and reporting.

Data is collected from various sources and is transformed to get a overall operational visibility and quantify key metrices like availability, latency, throughput and identify patterns in application, infrastructure and network logs. The overall visibility helps us to easily identify common issues, proactively capture points of failures, identify network attacks and resolve issues quickly to improve customer satisfaction. It also gives us a chance to improve our services by identifying areas which can be optimized by refactoring code, updating configs or move to better underlying technologies.

Pros

  • Collection of logs from multiple sources like cloud, network, applications in different formats and aggregating to get a clear business picture.
  • Splunk Enterprise design is intuitive and seems to be developed by a multidisciplinary team which makes it easier to read logs in their raw format, extract new fields, develop dashboards and alerts. Autoextracted fields, dashboard sharing, simple alert design are some of examples which are very well thought and designed.
  • Splunk Enterprise is fast, even though it handles loads of data , the parsing and indexing done at core level helps us to quickly sift through data , this makes it critical in troubleshooting and fixing issues on priority.
  • We have apps for specific use cases like networking, threat detection, machine learning, NLP . Splunk Enterprise also allows to create customized apps to cater to team or organization specific use case. These can also be used to limit which users can access the data in the respective apps

Cons

  • Splunk Enterprise remains high cost tool specially if the amount of data ingested is huge.
  • Built in AI capabilities should be improved
  • Takes some time to learn SPL, Splunk Enterprise own language for queries. However once mastered make the overall usage very easy.

Return on Investment

  • Its a terrific tool to improve operational excellence, issue identification and troubleshooting is so easier the team can quickly fix production issues
  • Splunk Enterprise offers scalability which offers high uptime. In my last 5-6 years of Splunk Enterprise usage i never found Splunk Enterprise crashing due to workload.
  • Learning curve is steep, Splunk Enterprise can invest in their own code assist features to develop queries as per use case

Usability

Alternatives Considered

Dynatrace, IBM Instana and Datadog

Other Software Used

Dynatrace, Jenkins, GitHub

Splunk could use some spark

Verified User
Engineer in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

Primarily used for logging and track application error events.

Splunk is super good in terms of search and how fast results are populated with easy to use queries. There's a great deal of community support to find whatever required setup the org needs to achieve results.

Pros

  • Indexing and search jobs
  • Scheduled automation
  • Dashboards and bird's eye views

Cons

  • UI improvements
  • More amicable license terms
  • Better integration with other third party vendors.

Return on Investment

  • Great for monitoring different applications
  • Enabling faster response times for production issues
  • Ease of use and easy to deploy

Usability

Alternatives Considered

SolarWinds Hybrid Cloud Observability, LevelBlue Cybersecurity Consulting and Professional Services, AlienVault OSSIM (discontinued) and New Relic

Other Software Used

New Relic, SolarWinds Hybrid Cloud Observability, LevelBlue Cybersecurity Consulting and Professional Services

Splunk Enterprise The Powerhouse with a Price and a Purpose

Incentivized
Verified User
Consultant in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

Splunk enterpirse serves as a central hub for machine-generated data across entire organization. It is deployed on-premise, allowing us to ingest, index and manage data from thousands of sources. we primarily use Splunk for multiple purposes like - 1) centralized loggin and monitoring. 2) searching and analysis. 3) proactive alaering and visualization. Splunk is critial for solving major business challenges related to visibiliy, efficiency and risk management. like -Lack of operational visibility. - Slow incident response and troubleshooting. - Ineffective threat detection.

Pros

  • Flexible, schema-on-read architecture. Splunk is uniquely adept at ingesting unstructured, semi-structured and structured data without a predefined schema.
  • Massive data volume scalability
  • Reliable universal forwarders- which are highly reliable and resource-efficent agents that collect data from anysystem.

Cons

  • cost and pricing structure - a frequent area of concern, especially for organizations with rapidly growing data volumes. Ingest-based licensing. High total cost of ownership.
  • Learning curve and user experience -despite its power, Splunk presents a steep learning curve for new users particualry around its Search processing language.
  • Storage and data retention - for long term data retention, Splunk's native architecture presents performance and cost trade-offs.

Return on Investment

  • Positive impacts on business objective (high ROI) are - Reduced downtime. By centralizing log and machine data, it enables teams to troubleshoot and resolve IT issues much faster, often reducing MTTR by 50-80 %.
  • Another positive impact is Preventive maintenance - real time monitoring and anomaly detection allow organizations to identify issues before they cause critical system failures.
  • Negative impacts on business objectives (risk of low ROI) - high TCO - Ingestion-based pricing risk - this licensing model can be a major challenge.

Usability

Alternatives Considered

Microsoft Sentinel

Other Software Used

Tableau Desktop, Microsoft Power BI

Related Products

Products similar to Splunk Enterprise that may also meet your needs.
All comparisons
SolarWinds Loggly
CompareLearn more
Sematext Infrastructure Monitoring module
CompareLearn more
LogRhythm NextGen SIEM Platform
CompareLearn more