Splunk Enterprise reviews

Through its robust log analysis and ability to collect data from different sources, we can easily perform analysis on various data and predict any future operational hazards. Splunk enterprise efficiently monitors our log activities and and gives results to any queries at faster speed than most SIEM tools.

The searches can be complex at times and the messages on query errors aren't always specific.

Splunk is provides a single tool for log aggregation, log analysis, and visualizations. Threat hunting, applying threat intelligence, and incident response are easily repeatable; pushing organizations to proactive security processes.

Splunk is expensive, especially when an organizations is exploring and building new security or data use cases. It also requires a lot of engineering maintenance, making the quality of the data highly-dependent on the skill(s) of those supporting it. Many organizations do not maximize its benefit because it is poorly managed or supported by low-skilled employees.

- Ability to search logs across processes and services
- Ability to develop dashboards to Monitor critical metrics
- Ability to set up alerts based on threshold values

- Need to regex well in order to use the tool to its full ability
- Ability to extract values out of the log statements could be simpler
- Alerts usually end up being over alerting or false alerts.

Splunk appsStrength and capabilitiesIntegration with most solutions

Resource utilizationLimited local partner support

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

The ablitity to configure and tweak the use cases. Building Intelligence into forensics. The AI feature is gud but needs more enhancements.

The log management needs to be efficient , If the auditing logs is enabled then a huge influx of logs are pumed into splunk but no meaningful meaning can be derived.

Its been a while since I started using Splunk Enterprise. I love its ability to cumulate data and logs from multiple sources and correlate them to help find incidents and their root cause. It consolidates logs and manages them form a central place. It is a great tool for log analysis as it segregates data and provides in depth profiling. Splunk enterprise also automates alerts and indexes on logs received.

It has a complex architecture making the learning curve quite steep

Splunk is great for monitoring, logging, and analyzing the large volume of data on the servers. Our support teams use Splunk to collect data/logs from the servers and troubleshoot product related issues. We introduced Splunk few years ago in our organization and it helped improve our defect/issue analysis and problem solving abilities

While Splunk is not too complex, it also requires a certain level of skillset to decipher the information. It may take a while to figure things out if you are a new user, or someone with limited technical knowledge

The tool can collect all sorts of data from diffuse sources and preform advanced analytics on it. It has powerful monitoring capabilities useful in threat identification and maintaining the health of our IT infrastructure. Splunk enterprise helps us to foresee, trends through machine learning which has been a crucial to making informed business decisions.

Training new users is tough, the learning curve is very steep and it gets overwhelming for them. The installation and configuration process is very long and needs a lot of time.

Sofware is really excellent and best suited for small and large scale business who would like their systems, interfaces, server space and database health check to be performed.

Sometimes the Splunk alerts creates multiple tickets in ITSM tool during issue. Hence it may result in spending sometime for closure of open incidents.

Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.

Splunk Visually represents the logs mainly from production servers in the web UI .

People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query.

It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively.

we can access all types of logs including XML and JSON.

we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues.

This tool is boon for production support team in any enterprise company.

Licensing cost is quite higher for enterprise usage.

Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)

Dashboards feature is amazing, I use it much. Alerts and queries are easy to set up. Mostly it works fast so it's kind of Dev friendly so it's easy to onboard the new guys

Alerts should have a better way to manage it. There should be a way to promote alerts to different environments - so we will be able to set the Dev/Stg/Prod
Sometimes some things that we want to do take a while searching on the internet for a solution - they might think how to do it better - maybe some examples or better documentation

We use this tool primarily as a repository for syslog messages for infrastructure. It allows us to quickly analyze the logs and patterns to determine issues based on patterns. In addition it alerts very well from text based trigger alerts. These features are very easy to use and dependable.

I do not have any cons for this software. Mainly as a user it does exactly what I need it to do with no overhead and confusing interfaces.

Fast consolidation of disparate logs in an easy to search way for troubleshooting. I can find problems within my organization very quickly. Sales team was very responsive in getting me a trial license to estimate my needs.

Set up takes some time and planning. The Licensing scheme can be pretty expensive and until you've got it up and running it can be hard to estimate how much license you need.

-Easy to use tool
-Simple graphical interface which makes it easy for a new user to understand the features easily
-Real time data analysis can be carried out

When we try to search for data which is more than 30 days old, then sometimes we see slowness

When you need to store, correlate, and search large amounts of data, especially System Log data, there is no tool that even comes close to Splunk. It's power and flexibility is amazing.

Very expensive. Difficult to implement until all moving parts are understood. Steep learning curve for beginners.

Splunk integrates with almost all popular enterprise software products including VMware, AWS, Azure, etc. Most customers use it primarily to do log analysis but it can also perform data analytics for business reporting. The UI is very straightforward and enables you to quickly search through large datasets using SPL. We were able to quickly locate the source of the issues by using Splunk to triangulate logs from several different components. There is a Splunk Cloud version with a free trial if you are aiming to do some integration work and testing. Finally, like all monitoring tools, Splunk offers AI and machine learning for even better predictive analytics.

Splunk is expensive and probably not for smaller startup companies. The pricing is tiered and is subscription-based so if you start to ingest a lot of data, look out. It can eat into most of your IT budget and Splunk by itself doesn't handle all the Day 2 operations that are needed.

Advanced security analytics to quickly detect malicious threats within our networks and devices with rapid response and effective alert prioritization to accelerate investigation.

Great integration to collect multiple data easily and in built-threat intelligence that helps to accelerate our investigations. Full of incredible features, there is nothing to dislike.

We are using this tool for monitoring our services log. It is easy to monitor the data using this. For each service, you can configure which log file should be shown on the UI(web). On UI, it provides lot of features like finding pattern in logs, doing analysis and generating reports and much more.

Learning is slow. Initially, it takes time to understand the reports and pattern it finds out of the log. But it's worth learning it.

User friendly and an awesome dashboard to manage your logs and analyze your apps.

It can be a little expensive but it's worth.

Various insights are derived from otherwise neglected system and process logs. Library of functions is readily available to read the logs , perform string operations and scan the file.
Information can be represented using numerous charts , bars and graphs. Very useful in production monitoring and alerting using email option

I feel debugging is difficult. drop down or drag and drop functions should be made available because it's difficult to keep track and remember syntax of functions and it's usage.

All in one solution to collect logs, analysis, diagnose and report. The application has a nice console where it shows all the necessary information with some very nice graphics and information.

Free for 500M/day but a bit expensive if you need to collect more, or have the need to have more users logging in.

1.Ease of use
2.support ad-hoc query and then analytic.
3. defining field extractor is simple and you can use it to search again.
4. It's a powerful ecosystem

1., it's slow and maybe make system unresponsive when you search data over long time range, or large amounts of data
2. there are too much CPU cost when index too much items on Windows machine.
3. price becomes high as you scale.

Splunk has excellent abilities to search and data-mine your logs.
In addition, you can build dashboards on top of aggregated data in order to save precious time each time you want to have a look at your system's performance without querying from scratch.

There are times in which the service experienced performance issues. Sometimes they were so severe which meant you're "blind" since you can't access your logs.