TrustRadius Insights for Splunk Enterprise are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Valuable Log Gathering and Summarization: Users have expressed positive opinions about Splunk's ability to gather and summarize log messages from multiple sources. Many reviewers find this feature valuable, as it allows them to easily access and analyze log data in a centralized location without the need for manual aggregation.
Simplicity and Advanced Search Capabilities: Splunk's reporting functionality is highly regarded by users for its simplicity and advanced search capabilities. Several reviewers appreciate how easy it is to use Splunk's reporting features, while also being able to perform complex searches that provide detailed insights into their data.
Effective Web Traffic Catching and Dashboards: The effectiveness of Splunk in catching web traffic and providing helpful dashboards is another aspect praised by users. Many reviewers highlight how Splunk's web monitoring capabilities enable them to track website activity effectively, while the intuitive dashboards allow for quick visualization and analysis of important metrics.
Splunk Engerprise is used to collect various security logs but for our organization we usually send account login information to Splunk Enterprise to gather analytics of how many people logged in, unsuccessful logins, and also account logouts. Daily reports are generated and are presented at our daily team meetings for management.
Pros
Splunk Enterprise is able to store large amounts of logs
Splunk Enterprise able to search efficiently through it's log database
Splunk Enterprise is able to create reports of user lockouts
Cons
Splunk Enterprise does not integrate well will all vendors
Splunk Enterprise's virtual machine option has log limitations
Splunk Enterprise could offer better connectivity with the cloud
Likelihood to Recommend
Splunk Enterprise is well suited for large enterprise solutions for a company with many systems and endpoints to dump large amounts of security logs. Splunk Enterprise has plenty of storage to keep the logs of security events well over 30 days and has the ability to generate reports of user login and lockouts.
Splunk Enterprise is used for overall machine log collection, transform the data for better analysis and then use them for various analytical capabilities like dashboarding, monitoring, alerting and reporting.
Data is collected from various sources and is transformed to get a overall operational visibility and quantify key metrices like availability, latency, throughput and identify patterns in application, infrastructure and network logs. The overall visibility helps us to easily identify common issues, proactively capture points of failures, identify network attacks and resolve issues quickly to improve customer satisfaction. It also gives us a chance to improve our services by identifying areas which can be optimized by refactoring code, updating configs or move to better underlying technologies.
Pros
Collection of logs from multiple sources like cloud, network, applications in different formats and aggregating to get a clear business picture.
Splunk Enterprise design is intuitive and seems to be developed by a multidisciplinary team which makes it easier to read logs in their raw format, extract new fields, develop dashboards and alerts. Autoextracted fields, dashboard sharing, simple alert design are some of examples which are very well thought and designed.
Splunk Enterprise is fast, even though it handles loads of data , the parsing and indexing done at core level helps us to quickly sift through data , this makes it critical in troubleshooting and fixing issues on priority.
We have apps for specific use cases like networking, threat detection, machine learning, NLP . Splunk Enterprise also allows to create customized apps to cater to team or organization specific use case. These can also be used to limit which users can access the data in the respective apps
Cons
Splunk Enterprise remains high cost tool specially if the amount of data ingested is huge.
Built in AI capabilities should be improved
Takes some time to learn SPL, Splunk Enterprise own language for queries. However once mastered make the overall usage very easy.
Likelihood to Recommend
Splunk Enterprise is a goto tool for anyone working with multiple sources of machine data. I really like how logs are pre-parsed to highlight all required fields and more can be extracted if required. We dont have to write complex code to extract json or xml data which is a real pain area in some of the similar softwares. Dashboards can be scheduled on email to stakeholders as daily reports and can also be exported and imported as XML.
We can also create macros which are small code blocks which can be resused at multiple places.
VU
Verified User
Manager in Information Technology (1001-5000 employees)
Primarily used for logging and track application error events.
Splunk is super good in terms of search and how fast results are populated with easy to use queries. There's a great deal of community support to find whatever required setup the org needs to achieve results.
Pros
Indexing and search jobs
Scheduled automation
Dashboards and bird's eye views
Cons
UI improvements
More amicable license terms
Better integration with other third party vendors.
Likelihood to Recommend
Log reporting
Error troubleshooting
<div>Dashboards</div><div>Alerting and integration to messaging apps.</div>
VU
Verified User
Engineer in Information Technology (201-500 employees)
Splunk technology is used for business and web analytics, application management, compliance, and security. It correlates, captures, and indexes real-time data, from which it creates alerts, dashboards, graphs, reports, and visualizations.
Pros
robust log management and aggregation capabilities, efficiently handling and retaining logs for extended periods.
It is a power full tool to help tracing calls, using filters and customizable indexes.
It enables organizations to build artificial intelligence (AI) into their data strategies and gain operational intelligence from their machine data.
Cons
Deploying Splunk can become expensive when managing large volumes of data.
The tool’s dashboards are not as reliable as other tools such as Tableau.
The cost associated with Splunk Enterprise Security is high, and many users express concerns about the licensing model and overall expenses.
Likelihood to Recommend
it offers robust log management and aggregation capabilities, efficiently handling and retaining logs for extended periods.Optimizing searches to improve speed can be tricky and impractical.
Challenges exist in managing data onboarding and integration, especially when dealing with diverse and numerous data sources
Splunk enterpirse serves as a central hub for machine-generated data across entire organization. It is deployed on-premise, allowing us to ingest, index and manage data from thousands of sources. we primarily use Splunk for multiple purposes like - 1) centralized loggin and monitoring. 2) searching and analysis. 3) proactive alaering and visualization. Splunk is critial for solving major business challenges related to visibiliy, efficiency and risk management. like -Lack of operational visibility. - Slow incident response and troubleshooting. - Ineffective threat detection.
Pros
Flexible, schema-on-read architecture. Splunk is uniquely adept at ingesting unstructured, semi-structured and structured data without a predefined schema.
Massive data volume scalability
Reliable universal forwarders- which are highly reliable and resource-efficent agents that collect data from anysystem.
Cons
cost and pricing structure - a frequent area of concern, especially for organizations with rapidly growing data volumes. Ingest-based licensing. High total cost of ownership.
Learning curve and user experience -despite its power, Splunk presents a steep learning curve for new users particualry around its Search processing language.
Storage and data retention - for long term data retention, Splunk's native architecture presents performance and cost trade-offs.
Likelihood to Recommend
Scenarios where Splunk is well suited - 1) Security information and event management is and industry-leading SIEM solution. one of the use case for this is -A global financial org needs to monitor threats after breach and maintain audit trails for regulatory compliance.
Scenarios where Splunk is less appropriate - Startups and small business with limited budgets. - Long term, low-access data archival.
VU
Verified User
Consultant in Information Technology (10,001+ employees)
I have used Splunk for log ingestion, indexing, snoop alerting, searching, and troubleshooting production issues. Understand API response times to find bottlenecks and improve performance. It is a great product for tying logs from various microservices, as long as they follow a similar pattern and have a unique ID to tie them together.
Pros
Log Indexing.
Searching
Custom log report/dashboard capability.
Cons
Room for improvement in export capability.
Better reporting.
Splunk metrics via API.
Likelihood to Recommend
Log ingestion, indexing. Much needed while troubleshooting issues. Performance improvements, API throughput monitoring. Continuous monitoring via Splunk snoop alerting. Integration with enterprise ITSM.
VU
Verified User
Vice-President in Information Technology (5001-10,000 employees)
Splunk Enterprise is basically used for log management in our organisation. All the unix server,windows server, backups, db and other asset logs are written into Splunk Enterprise. These logs are mostly used for troubleshooting, audit purposes and sometimes to figure out the trend of particular occurance. In one of the case I have seen that feed is sent to Splunk Enterprise and then tickets are being created from that feed, which is one of unique use case I have seen
Pros
Log Management
Prepare reports for audit
trend analysis
Troubleshooting
Monitoring
Cons
Representation of data like different visual
Agentless communication.
Direct connection to database and pull the feed
More features in interface
Likelihood to Recommend
In log management i have experienced that Splunk Enterprise is very very useful. Most of auditors are relying on Splunk Enterprise for various evidences Based upon market trends and increasing popularity of Splunk Enterprise in financial institutions it is very good tool for log Management, troubleshooting, data analytics and trend to create various reports.
We use Splunk Enterprise for event bus where teams communicate to each other via Pub/Sub. Its topic conventions are making it easier for us to use wildcard subscriptions, filter on specific events etc. Having exclusive and non-exclusive queues are also a nice separation to spread the load or helping to keep the order depending on which you choose.
Pros
Easy queue definitions and subscriptions
Delivery guarantee of events
UI is helpful to monitor things a bit
Cons
UI doesn't show stuck events/messages, would be nice to see them directly.
Permission management to the queues would be simpler and more granular
Likelihood to Recommend
Splunk is well suited if you want to be robust but not 100% correct. It is fast and convenient.
However if you like to pass messages including users payment details etc. I definitely suggest something else where you as consumer can decide what to do with messages. To me it is a bit weird that publishers can set whether a message can go to DLQ or not.
VU
Verified User
Engineer in Product Management (10,001+ employees)
Splunk Enterprise is our main tool for data analytics, observability and monitoring. Our company produces petabytes of data, so splunk provides an awesome tool to not only monitor the logs that are produced by our services bit also to create dashboards for monitoring and alerting. We regularly create alerts using splunk queries and use them to find out of there is something wrong with our products. It addresses the following business problems:Loss of revenue, by means of making sure we are not giving customers degraded experience. Data driven decision making: Allows business analysts to analyze splunk dashboards and make sure that they can do appropriate analysis and take appropriate decisions for revenue growth.
Pros
Configurable and sophisticated way of alerting on certain conditions observed via logs
Ability to create amazing dashboards to showcase current performance and allows us to monitor system health.
ability to do anomaly detection using AIOps and Machine learning to find out proactively if there is anything wrong with the system
Cons
Difficult to learn SPL (Search processing language) for newcomers to splunk. Should have made it easy to understand
Splunk is mainly log-centric, so to add stuff like distributed tracing we need to purchase premium applications (like Splunk APM)
Dashboard creation can be a bit messy experience for people that dont know how to do it fast. The drag-and-drop model seems outdated and UI can certainly do better in terms of usability.
Likelihood to Recommend
I will give it 9. And its best suited for large organizations with high stakes and lot of data. Which precisely need near complex, real-time monitoring, and alerting. Especially in places where some errors, if left unattended can cause customer and revenue loss. It is useful where cost is secondary to having the capability of this sort of monitoring.
It may be less suitable for startups which dont have a lot of data, and are cost sensitive. It is also not very suitable if we dont have requirement for precision dashboarding and monitoring.
It is a very ease to use tool. You can write custom query and visualize date by building customer dashboards. It is a center repository for all Infrastructure devices. It can integrate with service now to generate a customer alert. It has apps for the different vendors which can be also easily deployed.
Pros
Data parsing
Data sorting
Data visualization
Cons
Out of box dashboard
Out of box queries
Likelihood to Recommend
Splunk Enterprise is well suited for end to end integration. You can configure application and infrastructure to minimize the troubleshooting time. We use Splunk Enterprise for custom alerting with Google chat. BGP up and down or interface up and down. It can not parse the ACI logs as expected. Expensive tool to have.
VU
Verified User
Account Manager in Information Technology (1001-5000 employees)
