What advice do you have for others considering Splunk?
Thanks for sharing your thoughts with the community!
Cost and vegetative growth in the medium/long term. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". The quantity of "use-case" is not so big when compared with others tools (and for example, you dont have specific use-cases divided by industry-segments". Before choose any tool and define your BOC (Business Operation Center), read about datamart/datawarehouse concepts and models (design and archicture too) defended by Inmon & Kimball. You'll saving a lot of $ in future.
It works well when searching logs. If you looked to try to do things beyond this, the problem that we ran into is that we treated it as the hammer which hits all nails. That is not really feasible, and there are other tools out there that can do more specialized things. User administration is key. Trying to prevent users from being able search records all the time is a huge problem. You need a tight approval process on dashboards, making sure the dashboards are queried in the most efficient way possible. The on-premise version that we had was not scalable at all. It was very difficult to use. We have EC2 instances in the cloud with Splunk installed, which is more scalable and easier to use. It now works much better.
Splunk's website is quite useful. You can find a lot of information on it. I would recommend to use it and try to figure out the product's features and what you can actually do with Splunk. You can do a lot of things with Splunk, but you need to know what to do first. I have used both the AWS and on-premise versions, but in two different environment, so I am unable to compare the versions.
Make sure it fits your use case. Be clear about what you want to achieve, get out of the product, and how you want to integrate it. Once you tie the solution into your systems, it is not trivial or easy to walk away from. Therefore, due diligence needs to be made to understand what your requirements are before choosing a product. Some companies may not even want to host, and prefer to go the managed services route. We have it integrated with every product that I can think of. We use both the AWS and on-premise versions. The AWS hosted version typically caters to all the microservices that we run on AWS, so there is a clear segregation between on-premise and cloud. In terms of usability and experience, both of them have been similar. We have seen a few bottlenecks on the cloud, but that can probably be attributed more on the user side of the house in terms of the way we write our applications and the type of payloads that we sent this month. This is an optimization which is ongoing from our end. Other that, we have been fairly happy with Splunk and what we get out of it.
We use Splunk and we also sell and support it for our clients. Normally our policy is to keep software updated to the latest version. The main issue is that we do enterprise architecture and network and security operations. We recommend certain platforms to clients. We don't always sell Splunk directly to them due to the fact that, since we're being hired to help them make choices, we need to be neutral. In the cases where it doesn't make sense, we don't sell it. We just help clients make decisions. I don't know which version of the solution we're using. I'm an architect; I'm not on the operations level. I'm not the one who actually uses it. Our operations use it. I get dashboard results and I do reports that are based on it, however, I'm not the one actually running it. We have a NOC and a SOC and others use it a lot more individually. They have a lot more interaction than I do. I'm getting reports out of it. Others are actually connecting to it, using it as a tool. I'm not a tool user. I'm an information user. All Splunk is, is data collection and it can sort things out on a dashboard. However, a lot of what Splunk does is collect data and you have to decide what kind of information you're going to let it collect. When we're doing design operations we have to really pay attention to what we're doing, so we don't actually slow things down or impede things. The reason we use Splunk is we put a lot of data into it. With Splunk, you need to really be careful about what you're monitoring and how you use it, to get keep the results working. It's a good tool if you know what you're doing and what you need to be logging. You need to be aware of what you're logging to ensure it isn't going to cause problems with your performance. I wouldn't recommend it for somebody who's coming in new. Of the clients we have using it, I don't know if any of them don't have professional IT running it. It's important to really understand what's going on. I'd rate the solution at an eight out of ten. In certain environments, it could be a bit complex. It's not something you could just drop into an organization, you need to be trained to use it. You need the experience to use it properly.
I rate Splunk a seven out of ten.
We're a partner and a customer. I'm using the latest version of the solution. I would highly recommend the solution. It's the best product out there. It's definitely easy to set up. The use cases are multiple. It's not restrictive in terms of the efficiency of the platform. Just make sure that you have enough resources or good counsel from people who can help with the use cases. If you do the sky would be the limit. It is a good solution. I'd rate the solution at a ten out of ten.
Splunk is easy to use and not having the need to log into every single network device for management is helpful. I rate Splunk a seven out of ten.
I think this is a good solution and rate it a seven out of 10.
My advice to others is not to be intimidated by the solution and to give it a try. It will become easier over time. I rate Splunk an eight out of ten.
When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. I rate Splunk an eight out of ten.
I would recommend this solution to others. I would rate Splunk an eight out of ten.
I would rate Splunk a seven out of ten.
We are resellers. We use a variety of deployment models, including private cloud and hybrid. This solution is the best security solution. If a company is looking for the best, they have to buy Splunk. It is a very good and very mature solution. It is very easy to integrate with some other service or security solutions. If they have specific solutions that need to be integrated for monitoring purposes, it should be a problem. For example, it integrates very well with Cisco. I'd rate the solution at a ten out of ten. We are quite happy with its capabilities.
Plan your requirements properly from the beginning so that you can get the most value in a shorter space of time. On a scale from one to ten, I would rate Splunk at six.
A few years ago, I would have definitely recommended Splunk, but nowadays, better alternatives are available. We are currently exploring a few other alternatives, so I won't recommend Splunk as of now. I would rate Splunk a seven out of ten.
This is a product that I recommend for anybody who wants and advanced SIEM solutions. Of the three that I have used including QRadar and ArcSight, Splunk is the one that I prefer. I would rate this solution a nine out of ten.
I would recommend this solution to others, but it should meet their needs and architecture. I would rate Splunk a nine out of ten.
I would definitely recommend Splunk. It is quite a decent tool, and it is there in a lot of enterprises. I would rate Splunk an eight out of ten.
As we recently purchased the solution, we are using the latest version right now. I would recommend the solution to other users. I would rate the solution at an eight out of ten. If the solution offered a better price and better support services, I would likely rate it higher. However, for the most part, we have been satisfied with the product and its capabilities.
I would recommend this solution. I rate Splunk a six out of ten.
This is a solution that I could recommend for somebody who wants a really powerful product. It is not an end to end orchestrated SIEM yet. This is a product that I would generally recommend, although I would not do so if the customer is really budget-driven. I would rate this solution a six out of ten.
It is important to define different guidelines to integrate Splunk in development, QA, and production deployments. Additionally, define the applications that will be used and the configuration of the databases to collect the data. If this is not done, there will be a lot of issues due to, for example, master access or permissions to use the database collector and blocks.
We use a mixture of public and private cloud deployments. I would definitely recommend the solution, having seen it work for others so well. Its ease of usage and its man integrations make it a great product. The way you can access whatever you need on the solution is very similar to a Google bar where you can search for anything you need. It's just a super quick responsive, product. Overall, I would rate it a perfect ten out of ten. We have no complaints.
It's important to prepare. You can't just get a solution and start to implement it. A big part of that needs to be preparation, and in IT, we're not great at that. I would go with Elastic, a similar product but better. The licensing is a little different but it gives you a little more freedom to do things. It's really flexible with what you can do and versatile in how you can use it. Splunk is still top when it comes to log collection. If you wanted anything more than that, you should probably look into using several different products. There isn't really one product that you're going to find that's going to give you that coverage and I just like the versatility of using several different products. There are some other things you can use that actually do a better job at the correlation part. I would rate this solution a seven out of 10.
I would recommend Splunk to any company: small, medium, and large. Splunk is a great tool but you should get a partner who knows what they are doing, implementation-wise. On a scale from one to ten, I would give Splunk a rating of nine.
I would rate Splunk and eight out of ten.
I would rate Splunk as 8 out of 10.
I would rate this solution a seven out of ten.
I would definitely recommend using Splunk. They have free learning models available. There are models available on their learning page where you can gain a better understanding of how to use Splunk. Within one month alone, you can at least understand how to operate Splunk, whereas, with other tools, it can take a lot of time to understand. On a scale from one to ten, I would give Splunk a rating of nine. The only downside is the cost. Price is the only factor; sometimes, companies shy away from Splunk because of the price.
I would definitely recommend Splunk. We will review performance within two years of our three-year contract and then decide at that point what other aspects we need to consider. I would rate Splunk 8 out of 10.
We're just a customer. We don't have a business relationship with Splunk. We're using the latest version of the solution. I'd advise those considering the solution to do some basic training before jumping into using the solution. It will help you understand how everything is supposed to work. I'd rate the solution at an eight out of ten, due to the fact that it's more flexible than other solutions. I like the idea of taking a log, any log, and putting it into a tool and creating your events and your conditions in order to get the output that you're looking for. It's more scalable and flexible than other options on the market.
If you're going with this solution, make sure that when implementing the ports are open. If they're not open, it creates problems with the server. Other than that, this is a very stable and very easy to configure product. We can easily deploy and easily use. Other similar solutions are difficult to configure, Splunk is the simplest. I've used three or four monitoring tools and Splunk is the easiest. If a company can afford it, this is a good product. We are planning to shift to another product because of the cost. We're searching for an open source or cheaper product. I would rate this solution a nine out of 10. They lose one point for the price and lack of infrastructure support.
We're just users. We don't have a business relationship with Splunk. We're on a variation of version seven. I'm not sure of the exact one. It's not quite the latest. I'd advise new users, if they have the budget for it, to go and take the training that they offer. Or, for casual users, you just want to spend as much time watching YouTube videos as you can. It will help lessen the learning curve. As a solution, it's still pretty much industry standard. I would give it a nine out of ten overall, even though I have my gripes with it.
Splunk is a good product but I would definitely tell people to analyze their requirements to see if Splunk fits their use case, or not. The licensing model is very complicated, so if there is a product that has a better licensing model then it would probably be good to start with that. Then, later on, if the product is not working well enough, then they can switch to Splunk. At that point, they will have knowledge of the data they are using and will understand the costs that they might incur while using it. The only way that I would suggest somebody use this as their first solution is if they already had all of the data that is required to get a cost estimate. I would rate this solution a seven out of ten.
We're partners. We have a business relationship with Splunk. We're using the latest version of the solution. Overall, I would rate the solution at a seven out of ten. I'd advise potential new users to ensure they do proper sizing before deploying the product. If it's a very large deployment, the number of endpoints will be quite sizeable. You need to figure out the correct number of endpoints as well as endpoint devices, switches, routers, etc. It's also a good idea to look at use cases. Splunk is very strong in some use cases. It's important to look into deployment scenarios and check out the use cases before deploying anything. My biggest takeaway after working with the solution is that the environment is very important. You need to be clear about the problem you are addressing and it takes a lot of planning at the outset.
I would definitely suggest sending people to analyze or evaluate Splunk. Because the licensing model is very complicated to understand, it would be better to start with another product that provides a better licensing model. Later, if the product is not working well, they can consider using Splunk and may have a better understanding of the cost. For me, I would not recommend Splunk as their first solution unless they have all of the data that is required. I would rate Splunk a seven out of ten.
I would advise to get Splunk professional services from Splunk.
Splunk is great product, especially for my organization.
Because it was a trial version, I was the only one who used it in our company. I kept some snapshots from our trial with the Splunk system and we are preparing a proposal to submit to our manager in Vietnam. If in the near future we have enough money to purchase the system, we will invest in this system for our company.
I would rate it an eight out of ten. Splunk is more efficient than other solutions but it's also more expensive.
I would rate this solution a perfect ten out of ten.
As a logging solution, I would say it's probably an eight or nine. If you're talking about the SIEM I'd say it's probably about a five. For logging, I think they would have to change the costing model. The costing model is way out of line. It's built for very large organizations.
I would rate this solution a nine out of ten. I rated it a nine because every tool will have its drawbacks but ultimately it's a very good tool in comparison to HP ArcSight. If we can add on a scalability feature it would significantly improve the solution. I would advise someone considering this solution to use it at least for a year to get a hands-on and technical understanding because it's a good product. Then decide whether or not to move forward with Splunk - but I would advise to stick with Splunk.
I will rate it as a security product an eight out of 10. There's no product which is perfect unless you go back and you create a psychic of the solutions.
I would rate this solution an eight out of ten. To make it a ten they should have more integration with outside vendors.
Do your homework and make sure it fits your needs. The product is pretty good. We are pretty satisfied with it. It does what it does. We host the product on AWS, but we did not purchase it on the AWS Marketplace.
Implement something and watch how much data you are sending to it, then have some way to shut it off without redeploying your app in case things get hairy. We use the cloud version of the product.
Go with Splunk. A lot of people know how to use it because they have experience with it. It works well. While it has some pain points, it provides reports and data visibility. It integrates great with Opsgenie, PagerDuty and Slack. We love the Slack integration, as works great with the Slack alerts. We use the on-premise version in our data centers and we use the AWS version. We are just starting to migrate to the AWS hosted version, and I have not seen a difference.
Explore Splunk. The product has a lot of depth. It works with multiple products which are scheduling systems to ERPs to legacy, and it works perfectly fine. I use the on-premise version. I have not had the opportunity to explore the AWS on Splunk version yet.
Build your environment a lot bigger than you think you will need it, because you fill it up quickly. We log somewhere in the neighborhood of two to four terabytes a day per data center. We use both AWS and SaaS versions. With the SaaS version, you don't have as much control, but it functions the same, so there is no real difference. Though, the AWS version is probably easier to scale, because it is AWS.
It is a great product. We have a lot of different tools to do this type of debugging. Yet, it is one of the first ones that I will reach for, and I think that is a good sign. It works well and is the industry standard for log searching. It probably has other features too. Therefore, if you use it, I would recommend the training, so you know what you are doing. I am using the on-premise version.
I would recommend trying different stuff based on your company's needs and log types. We like the product.
It is easy to use, and easy to implement.
When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed. But, the instance was resolved.
We are a Splunk Partner, since after much deliberation, we decided to choose Splunk as a component of one of our on-premise software offerings.
There are three top SIEM solutions in the world: Splunk, LogRhythm, IBM QRadar. I think Splunk is the best. I would rate Splunk at eight out of 10. The vendor needs to work on this solution to make it better and better. I would recommend this solution but it depends on the situation, the country, the support from the vendor.
It is a great product overall. I would like to see improvements on the Enterprise Security app/SIEM functionality.
Pick it up and jump into the community! It can help get you started a lot faster.
Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk.
We build many of our own apps by leveraging the logic in others.
You can also get GREAT help at answers.splunk.com.
The recent acquisition of Phantom makes the future seem bright with more automated responses.
I love this product.
I have been using Splunk to increase my security experience.
If you have an R&D department within your company that is looking for something new to increase the efficiencies and effectiveness of your company's operations, I would highly recommend having them get the free trial to test out.
Which is better and why?
Let the community know what you think. Share your professional opinion!