Splunk Enterprise reviews

Pluspunten

The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

Minpunten

It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

Pluspunten

Splunk makes it easy to search through various data including logs. In the past I have had to pour through logs in order to find the one lines among the 100 of thousands of lines. Splunk allows me to search through those logs in a matter of seconds vs the hours it used to take.

Minpunten

Most of enterprise setup is done through the command line. It would be nice to have cluster configuration (index creation) as part of the UI.

Pluspunten

Splunk Visually represents the logs mainly from production servers in the web UI .

People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query.

It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively.

we can access all types of logs including XML and JSON.

we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues.

This tool is boon for production support team in any enterprise company.

Minpunten

Licensing cost is quite higher for enterprise usage.

Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)

Pluspunten

Love the ease of being able to log various performance statistics for our applications whether it’s documenting response times or any failures

Minpunten

Some things like figuring out the ways plunk structures it’s queries for search is difficult. Seems like documentation is not very straightforward

Pluspunten

It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

Minpunten

It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

Pluspunten

Splunk is a great enterprise-class tool for log analysis and troubleshooting of IT systems.
Its graphics capabilities allow you to easily see trends that would otherwise go unnoticed.
With a single click, you can retrieve information dating back months ago.
Splunk is able to handle any type of input file and this allowed us to get very rapid prototyping cycles.
Compared to the competition, it has integrated AD authentication, which fits in perfectly with our corporate security.
The software is very fast, even on second-tier hardware.

Minpunten

The license fee is a little too high.
Some sections of the support site contain outdated information.
Since the Splunk syntax has changed over the years, it's quite easy to find information that is no longer relevant.
The "basic" charting options are somewhat limited, and the "advanced graphic" syntax requires a charting guru.

Pluspunten

The software includes various configuration possibilities to organize and aggregate the logs of different systems. Very useful tool for monitoring IT infrastructure activities.

Minpunten

At the moment we have found no negative aspects.

Pluspunten

Various insights are derived from otherwise neglected system and process logs. Library of functions is readily available to read the logs , perform string operations and scan the file.
Information can be represented using numerous charts , bars and graphs. Very useful in production monitoring and alerting using email option

Minpunten

I feel debugging is difficult. drop down or drag and drop functions should be made available because it's difficult to keep track and remember syntax of functions and it's usage.

Pluspunten

After going through the free online training I was able to get this product up and running to consume Linux audit logs. Writing SPL wasn't too difficult, at least for basic scenarios. The regular expression generator is especially helpful!

Minpunten

The configuration resides across many different levels (default, local, and then again within the apps). Having levels of configuration is a bit of a nightmare to manage.

Pluspunten

Splunk has very strong query language event complex commands like Join, subquery or aggregate which much the same with SQL query with good report UI to display result. Set Splunk system is easy with install Splunk server and its agent in every node then configure logs location to collect. It provides many built-in Apps to collect logs from other popular tools such as AWS, Salesforce, Kafka...

Minpunten

Splunk query language is quite hard to learn for new user and its query error is too generic for troubleshooting.

Pluspunten

- Free to use for small 500MB or less daily ingress, quite nice for small use cases and learning
- No development work required to deploy and provide value.
- Deployment flexibility: client agents are available to use, or clientless configurations for multiple OS platforms. It's also very easy to deploy, not just flexible. its a very simple affair.
- Segmentation of logs: You can create separate instances of of logs to aggregate, based on organization needs. And those instances can have their own individual storage policies to optimize consumption of storage resources.
- Configuration design: Thoughtful and mature documentation and design of the application regarding enterprise-class scaling on network storage.
-POWERFUL tools: The user interface lends itself to learning more about your organization from the logs you collect, through metrics of trends of the logs being gathered. There are also specific modules/add-ons for popular applications to provide more value and event-based monitoring, all without having to develop in-house dashboards and intelligence of those logs.
- Customization: You can create your own queries of logs, and event-based alerts.
- Web-based GUI that clean is powerful
- Sales/Technical Reps are top notch in fielding questions and evaluating environment for deployment. They were extremely helpful in helping our organization develop procedures and scaling our environment for expansion with our existing infrastructure.

Minpunten

- Price: This product is not free for more than the minimal use. Pricing can be very expensive, relative to open source offerings. That is the trade-off you pay for not having in-house development of open source offerings. As this product is priced based on gigabytes of indexed logs, it is important to understand the scope of licensing necessary for your environment to determine if it is a good fit for your organization.
- Watch your saved queries and hardware resources: Users have the ability to create and save queries. Like in database queries, some are more efficient than others. Large inefficient queries can be very resource-intensive. If you notice slowness in day-to-day queries, or navigation in the UI, or resource use in contention, keep an eye on saved queries and user practices.

Pluspunten

Splunk allows us to see exactly what is going on in production! I work on commerce for a fortune 100 company, and we use Splunk to monitor our apps in real time. Splunk gives you the ability to perform queries like you would with SQL against your log statements in real time. You will learn that you can place strategic log statements in your code that allows you to identify situations in production and be proactive at solving them. For example, you can log your customer's session cookie ID, and track any given customer's activity on your website via your app logs. It gives you dials and charting capabilities to monitor even the slightest drops in customer activities due to flaws in code or slowing network calls.

Minpunten

PRICE. The software is so powerful, and they seem to leverage this in the pricing of the licenses.

Pluspunten

Splunk is more than a tool or a product, it is a big data platform. Splunk can be used as a simple log aggregator all the way to a Big Data engine to find efficiency in operations of the Internet of Things. Splunk is less about its abilities, and more about your imagination about what you can do with Splunk. That is the beauty of the platform. Splunk shines in providing operational intelligence about systems and processes. Finding out how your systems are operating, how your processes are functioning leads to quick resolution of problems and points to where budgets are best spent.

Minpunten

Splunk is deceptively easy to set up and use. But like learning to play chess, you can learn the moves in half an hour, but take a lifetime to master. Splunk quickly provides value, but requires imagination and creativity as well as wide ranging knowledge of systems and processes to move to the next level. Not every organization needs that kind of talent to get a great return from Splunk, but the companies who compete and win will.

Pluspunten

1) Accepts multiple data formats like CSV, JSON, XML
2) Does the hard work for us i.e converting machine data to a human-readable format.
3) Can create customized alerts to serve our business purpose.
4) Searching on the based on queries is pretty simple.
5) We can create dashboards to analyze and visualize our search results.
6) Can export the log content to our Personal computers.
7) Setting up plugins and integrating with any tool that needs monitoring is pretty easy.
8) Technical support for the Splunk is very quick as they have a dedicated staff for that.

Minpunten

I did not find any flaws with this software.

Pluspunten

We use this tool primarily as a repository for syslog messages for infrastructure. It allows us to quickly analyze the logs and patterns to determine issues based on patterns. In addition it alerts very well from text based trigger alerts. These features are very easy to use and dependable.

Minpunten

I do not have any cons for this software. Mainly as a user it does exactly what I need it to do with no overhead and confusing interfaces.

Pluspunten

The fature of scrpint/coding your own app inside the Splunk is very useful. I developed a lot of dashboards for our infrastructure, customized alarms, email notfications helps you to see what is happening in the system. It definetely deserves the money our company have had paid.

Minpunten

When you have a real big infrastructure, Splunk user interface gets a bit slow. Waiting for search results a bit annoying.

Pluspunten

Integrates with almost all the software seamlessly..where there is a software application that produces log, splunk can be easily integrated.
Gives very powerful insights into the logs
Alerts can be setup on the logs, and notifications sent out which is great again for managing the health of your application

Minpunten

The query language, though powerful, has a learning curve. Particularly as one goes towards complex queries. If it could be made closer to natural language, it would be so much smoother to learn. Hope that will happen sometime in future.

Pluspunten

Fast consolidation of disparate logs in an easy to search way for troubleshooting. I can find problems within my organization very quickly. Sales team was very responsive in getting me a trial license to estimate my needs.

Minpunten

Set up takes some time and planning. The Licensing scheme can be pretty expensive and until you've got it up and running it can be hard to estimate how much license you need.

Pluspunten

The power of it. It's a very good tool that does amazing things. Nothing comes close to it. We used it for full view of data, full transaction. Security appliance consolidation.

Minpunten

There is a learning curve and a new language you have to learn, but it's intuitive and you can pick it up pretty quickly.

Pluspunten

I'm not sure from where to start in this case.

We use splunk for many things but mostly to analyze the traffic on the network / firewalls. It provides us with a nice overview of what's going on. It makes it very easy to spot spikes on the network and it will provide you also with deep analyzes.

For us it's an indispensable tool, probably the best tool we have.

Minpunten

To search for something is not always easy, however there are a lot of forums online, so finding help is not that difficult.

Pluspunten

Splunk can give you extreme insights into how your systems and software are functioning. Not only is the search very flexible and powerful, the customizable dashboards give a status report at a glance into trends, problems and performance. You can also set up email alerts when errors occur limiting the need to have Splunk opened on your machine all the time.

Minpunten

Splunk has a learning curve. They have extensive documentation but it isn't intuitive and some features are buried pretty deep. We have an onsite expert who holds bimonthly meetings to answer questions in a group forum.

Pluspunten

First of all you don't need to login to your servers. Just configure splunk forwarder on all of your server and have peace of mind. During outages you dont have to panic and just rely on Splunk and be sure that you will have your root cause visible in splunk.

Minpunten

Kernel huge page issues, Search head clustering, Index clusetering. These features are as good as costly too. For SHC and IC it does need all same config hosts.

Pluspunten

Splunk integrates with almost all popular enterprise software products including VMware, AWS, Azure, etc. Most customers use it primarily to do log analysis but it can also perform data analytics for business reporting. The UI is very straightforward and enables you to quickly search through large datasets using SPL. We were able to quickly locate the source of the issues by using Splunk to triangulate logs from several different components. There is a Splunk Cloud version with a free trial if you are aiming to do some integration work and testing. Finally, like all monitoring tools, Splunk offers AI and machine learning for even better predictive analytics.

Minpunten

Splunk is expensive and probably not for smaller startup companies. The pricing is tiered and is subscription-based so if you start to ingest a lot of data, look out. It can eat into most of your IT budget and Splunk by itself doesn't handle all the Day 2 operations that are needed.

Pluspunten

The best thing about this software is i love its UI part and its dashboard where it provides the logs of all the enterprise application every business which has large amount of the transactions being held are required to maintain this tool and its logging and search frequency are very much loved and dash board has very colourful UI and easily understandable

Minpunten

There is no least about this software but we are looking for some more enhanced featured like optimisation and all

Pluspunten

The server logs are all stored in the same location and you can easy subdivide them by application. So different servers or processes or whatever can be in different buckets. This makes troubleshooting easier.

Minpunten

Sometimes depending on far back you are trying to go the product can be a little sluggish. Beyond that nothing.