Splunk Enterprise Reviews

The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

The ablitity to configure and tweak the use cases. Building Intelligence into forensics. The AI feature is gud but needs more enhancements.

The log management needs to be efficient , If the auditing logs is enabled then a huge influx of logs are pumed into splunk but no meaningful meaning can be derived.

- Ability to search logs across processes and services
- Ability to develop dashboards to Monitor critical metrics
- Ability to set up alerts based on threshold values

- Need to regex well in order to use the tool to its full ability
- Ability to extract values out of the log statements could be simpler
- Alerts usually end up being over alerting or false alerts.

Best tracking and data analysis tool which help to monitor and manage the server and system component in very effective way. Real time Visualization helps to take the quick decision so that desired action can be taken to avoid failure.Best data collection in the forms of log and which helps to define the best set of automation jobs to fix the issue.

There are few components or observation like,1. most of the time observes the slowness in the performance.2. Sometime observe the delay in the issue or updated log reflection on the portal. 3. Need more storage to manage and maintain the lo g which impact organizational costing and budget.

Splunk comes with lot of in-built templates for each and every feature like log visualisation, dashboarding, traces,etc This makes the developers life lot easier. I can't think of any other logging tool that is snappy as well as accurate.
I love the fact how easily I can plug it in my docker-compose to push container logs.

Even though, it offers numerous features for different needs, each feature has its own learning curve. For instance log visualisation needs querying skills, which may be in natural language but it takes bit of time to get familiar.

Splunk is very easy to use due to high community support and many video tutorials available online for new users to learn.
Functionalities are robust and simple to use. Data retrieval and visualisation is nice and easy if you know the right querying process.
Machine Learning supports enhances performance for the cloud, especially. It collect wide variety of data and still it amaze you the way it retrievs it.

There are many tools available in market which are potential competitors of this tool and that too at reasonable pricing. Splunk offers more functionalities but costs you too much if you look at the work it does.
Complex queries may require large CPU usage and may even freeze or atleast slow down the system for a while. Need to be specific while querying the data.

Through its robust log analysis and ability to collect data from different sources, we can easily perform analysis on various data and predict any future operational hazards. Splunk enterprise efficiently monitors our log activities and and gives results to any queries at faster speed than most SIEM tools.

The searches can be complex at times and the messages on query errors aren't always specific.

If you need real-time grokking into your infrastructure, look no further than Splunk. I love love love the dashboards. It’s easy to tell a story with your data, and the live search is so FAST!

SPL is a little hard to get used to, but once you get the hang of it, it’s not so bad. I recommend downloading their community edition for some great examples of queries and dashboards.

The tool can collect all sorts of data from diffuse sources and preform advanced analytics on it. It has powerful monitoring capabilities useful in threat identification and maintaining the health of our IT infrastructure. Splunk enterprise helps us to foresee, trends through machine learning which has been a crucial to making informed business decisions.

Training new users is tough, the learning curve is very steep and it gets overwhelming for them. The installation and configuration process is very long and needs a lot of time.

Sofware is really excellent and best suited for small and large scale business who would like their systems, interfaces, server space and database health check to be performed.

Sometimes the Splunk alerts creates multiple tickets in ITSM tool during issue. Hence it may result in spending sometime for closure of open incidents.

Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.

Splunk Visually represents the logs mainly from production servers in the web UI .

People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query.

It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively.

we can access all types of logs including XML and JSON.

we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues.

This tool is boon for production support team in any enterprise company.

Licensing cost is quite higher for enterprise usage.

Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)

Several of our applications are distributed across multiple systems. It is the same software running on each server but doing the same job for different users. Each server would generate its own log files. When things went wrong, we used Splunk to be able to see what was going on on each server. Click a few buttons and you get two logs from two different servers listed together coordinated by time. But that leads you to discover that the issue came from a separate upstream or downstream server, then bring in those logs too . . . all coordinated by time. Don't get me wrong, the IT guys love these tools for their own enterprise reasons, but as a server stack developer, this was a resource I used OFTEN.

I never fully grokked their SQL like language. I could do basic things daily without issue. However, I often had to hit the documentation to do anything more than a simple "find this" query.

1) Accepts multiple data formats like CSV, JSON, XML
2) Does the hard work for us i.e converting machine data to a human-readable format.
3) Can create customized alerts to serve our business purpose.
4) Searching on the based on queries is pretty simple.
5) We can create dashboards to analyze and visualize our search results.
6) Can export the log content to our Personal computers.
7) Setting up plugins and integrating with any tool that needs monitoring is pretty easy.
8) Technical support for the Splunk is very quick as they have a dedicated staff for that.

I did not find any flaws with this software.

I think Splunk is first and best software in the field, easy to use, does what it had promised,

pricing could be better, they could be more flexible, support is a bit slow

We have been using splunk for over 5 years now. nothing beats splunk in the market place. The only concern we have the pricing and the resource to support it. it's just too expensive

Too expensive and it's too hard to manage. You have to find a very qualified and very expensive resource to support it.

Splunk can give you extreme insights into how your systems and software are functioning. Not only is the search very flexible and powerful, the customizable dashboards give a status report at a glance into trends, problems and performance. You can also set up email alerts when errors occur limiting the need to have Splunk opened on your machine all the time.

Splunk has a learning curve. They have extensive documentation but it isn't intuitive and some features are buried pretty deep. We have an onsite expert who holds bimonthly meetings to answer questions in a group forum.

Ease of use, you can extract any kind of information using commands provided by the software vendor. The other good thing about this software is the easy implentation on the servers, and the configuration is basic.

For people that are not used to use command lines, it might be a liitle bit difficult on the beggining.

Splunk Light is ideal for independent on-premise organization.
Augment endpoint logging.
Can find and store logs from a wide range of resources.
Customization of dashboards.
Making applications dependent on your requirements.

Complex generally design.
Long execution time.
The instrument needs to incorporate AI to comprehend the framework logs and alarming ought to be founded on the auto learning.

Splunk is great for monitoring, logging, and analyzing the large volume of data on the servers. Our support teams use Splunk to collect data/logs from the servers and troubleshoot product related issues. We introduced Splunk few years ago in our organization and it helped improve our defect/issue analysis and problem solving abilities

While Splunk is not too complex, it also requires a certain level of skillset to decipher the information. It may take a while to figure things out if you are a new user, or someone with limited technical knowledge

We are using this tool for monitoring our services log. It is easy to monitor the data using this. For each service, you can configure which log file should be shown on the UI(web). On UI, it provides lot of features like finding pattern in logs, doing analysis and generating reports and much more.

Learning is slow. Initially, it takes time to understand the reports and pattern it finds out of the log. But it's worth learning it.

User friendly and an awesome dashboard to manage your logs and analyze your apps.

It can be a little expensive but it's worth.

Various insights are derived from otherwise neglected system and process logs. Library of functions is readily available to read the logs , perform string operations and scan the file.
Information can be represented using numerous charts , bars and graphs. Very useful in production monitoring and alerting using email option

I feel debugging is difficult. drop down or drag and drop functions should be made available because it's difficult to keep track and remember syntax of functions and it's usage.

All in one solution to collect logs, analysis, diagnose and report. The application has a nice console where it shows all the necessary information with some very nice graphics and information.

Free for 500M/day but a bit expensive if you need to collect more, or have the need to have more users logging in.

1.Ease of use
2.support ad-hoc query and then analytic.
3. defining field extractor is simple and you can use it to search again.
4. It's a powerful ecosystem

1., it's slow and maybe make system unresponsive when you search data over long time range, or large amounts of data
2. there are too much CPU cost when index too much items on Windows machine.
3. price becomes high as you scale.