We just raised a $30M Series A: Read our story
2018-01-16T14:09:00Z

What is your primary use case for Splunk?

1501

Hi Everyone,

What is your primary use case for Splunk?

Thanks for sharing your thoughts with the community!

ITCS user
Guest
9191 Answers

author avatar
Top 5LeaderboardReal User

Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).

2021-05-11T18:16:03Z
author avatar
Top 5Real User

#1 is InfoSec
#2 is BI
#3 is IoT

2020-02-19T13:58:48Z
author avatar
Top 5LeaderboardReal User

We are resellers. We provide solutions to our clients. Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development. We are concentrating on assisting in the development of a security monitor as well as analysis. If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.

2021-11-10T22:30:30Z
author avatar
Top 5Real User

I have some experience with the solution, since I am working with customers who are interested in part time help monitoring their network and have been helping them fine-tune the rules in the solution's platform. The way the primary task works is to watch for and then respond to the threat. Should there be a need, I usually work with a team in fine-tuning the rules on this platform. We are providing the products. I recently started working primarily on the Playbooks of the Splunk Phantom, so I've been creating some of these to help the customer automate the process of responding to the threats.

2021-10-28T14:58:00Z
author avatar
MSP

We typically use it for centralized log management and SIEM functionality. I am using the most recent version of it.

2021-10-22T20:34:52Z
author avatar
Top 5LeaderboardReal User

We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.

2021-10-18T20:29:35Z
author avatar
Top 20Real User

We primarily use the solution for security and operations monitoring.

2021-09-10T12:40:05Z
author avatar
Top 20Real User

We typically use Splunk to collect and check all the logs and events around the diverse network environment which includes, firewall, switches, and routers. For example, we have traffic that needs to go from one part of the network to another and if we think there is a firewall blocking it along the path, rather than log in to all the firewalls to see what is happening, we simply go into Splunk and the check traffic going across the parts of the network to see where it is being dropped and what is the likely reason it has been dropped.

2021-08-30T22:50:57Z
author avatar
Top 5Real User

We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.

2021-07-22T21:41:06Z
author avatar
MSP

I use this solution for data visualization.

2021-06-24T05:16:42Z
author avatar
Top 20Real User

We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.

2021-04-26T07:36:34Z
author avatar
Top 5Real User

We are using Splunk for cybersecurity operations.

2021-04-19T15:09:49Z
author avatar
Top 20Reseller

We primarily use the solution for monitoring and security. We can use the solution to try to find some correlational data. For example, in banks, there is usually a protocol whereby users cannot withdraw more than a certain amount of money from an ATM. However, we find that, when people are on holiday, they are trying to withdraw more than the allowed amount. It's a use case we can deploy in our country. You can set certain rules and watch the data in order to gain insights.

2021-04-16T06:22:53Z
author avatar
Top 5LeaderboardReal User

We are a solution provider and Splunk is something that we provide as a service to our customers.

2021-03-05T11:09:33Z
author avatar
Top 10Real User

We are using Splunk as a SIEM tool. We're using it for monitoring.

2021-02-17T09:35:39Z
author avatar
Top 5LeaderboardReal User

We have multiple use cases, almost 200 plus use cases. An example, travel activities where you log in.

2021-01-22T16:57:51Z
author avatar
Top 5LeaderboardConsultant

My reason for implementing it was just to learn more about the product. I wanted to learn about the Splunk programming language, how to pipe searches, add logs, verify the logs, create fields, extract data into fields, build dashboards, and to get hands-on experience with the product.

2021-01-04T14:26:19Z
author avatar
Real User

The primary use case of this solution is to monitor Cyber Mission databases. I create the diagrams to create an architecture that is then implemented. However, creating these diagrams are for my own learnings since these implementations are usually already available in the cloud office logs.

2020-12-27T09:14:00Z
author avatar
Top 20Real User

We primarily use the solution for monitoring our infrastructure.

2020-12-19T13:28:50Z
author avatar
Top 5MSP

I'm the CSSP manager and we are customers of Splunk.

2020-12-16T06:34:38Z
author avatar
Top 20Reseller

We use Splunk for security and also PCI compliance. We have installed and implemented this solution for several clients in Bolivia with our team. We have received training from Splunk directly, and we have also provided training to our clients. We deploy two versions: one for on-premise and one for the cloud. Most of our customers purchase Splunk because they required a tool for gathering and collecting all of the logs from the infrastructure in order to make a correlation between data and to spot patterns surrounding security incidents.

2020-12-15T22:53:44Z
author avatar
Top 5LeaderboardReal User

We are using Splunk to look at the logs, and see what is happening.

2020-12-15T15:05:19Z
author avatar
Top 5Real User

We use a lot of sales metrics. We use machine learning models to provide sales forecasting. We create database connections and run a query on the database. The next step is to place the data into Splunk. We create indexes to get the data into the Splunk dashboard.

2020-12-09T16:02:00Z
author avatar
Top 5LeaderboardReal User

We use Splunk for log analysis and security monitoring.

2020-12-07T22:17:33Z
author avatar
Top 20Real User

I use Splunk on-and-off — I started with in-house projects, then moved up to commercial projects.

2020-12-02T20:10:59Z
author avatar
Top 20Real User

We use Splunk on-premise. We mostly use it for log analysis and fraud detection. We are also testing using it in machine learning and other solutions. We have 10 people managing Splunk and we have approximately 150 people using the product in total.

2020-12-02T19:50:00Z
author avatar
Real User

The solution is primarily used to monitor the operating system for threats, specifically related to login threats. If someone trying to log-in, or somebody trying to break into the system, the idea is it will check that and catch things. It's mainly for external threats to the operating system.

2020-11-27T18:12:28Z
author avatar
Top 5LeaderboardReal User

Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk.

2020-11-23T21:49:36Z
author avatar
Top 20Real User

It's the primary place where I'd go to do an investigation if I want to see what's going on within an endpoint, or on a network, or with a user.

2020-11-23T17:00:05Z
author avatar
Top 5Real User

We are a software development company and Splunk is one of the products that we have implemented for our clients. It is used for log analytics as well as the mobile SDK for checking the stability of mobile applications.

2020-11-19T12:12:05Z
author avatar
Top 5MSP

Since we have an IT services company, we have been using Splunk for the deployment to the customer locations as well. Sometimes the customer will come back to us and say that we need to have a SIEM tool, and when we do the benchmarking, we'll do a couple of deployments on the Splunk side and at the customer's locations as well. As an example use case, we deployed Splunk to a banking institution a few years ago. There the use case was basically this: the customer wanted to set up a security operation center, and they wanted to have a pretty large deployment in terms of the number of endpoints and number of switches and routers. There were many regional branch offices and they have data centers and therefore, many assets in terms of endpoints. They had 30% of their assets are running on the cloud and they needed a complete solution from an incident monitoring and management perspective. That's why we deployed Splunk. They wanted to reduce the MTTR, and meantime resolution, and maintain detection. They didn't want to add more SOC analysts into their SOC as the organization scaled up. They have a plan to scale from 5,000 endpoints into 15-20,000 endpoints. They're very particular about deploying the SOC operation center. Splunk has since acquired Phantom as a SOAR platform. Therefore, we have tried to manage the security automation using Phantom with the help of Splunk deployments. It helps us meet the customer's requirements.

2020-11-18T18:48:43Z
author avatar
Top 5Real User

We are using the mobile SDK to check the stability of mobile applications.

2020-11-13T19:55:12Z
author avatar
Top 5LeaderboardReseller

Focused on log collection and analysis.
IT Operations - Predict and prevent problems with log (trap/syslog/Windows Events/ AD logs/etc.) monitoring experience
Security - Assists with threat detection, investigation and response
IoT - Minimize unplanned downtime and avoid high costs by centralising logs from a variety of IoT devices/appliances.
Business Analytics - Explore and visualize business processes for increased transparency

2020-03-18T11:56:44Z
author avatar
Top 5LeaderboardReal User

Information Security Solution with Log management (Primary)
Analytics (Secondary)

2020-02-18T06:25:08Z
author avatar
Real User

Log collection and search.

2019-03-27T11:05:00Z
author avatar
Real User

Testing for insider threat behavior.

2019-03-26T19:17:00Z
author avatar
Real User

Our primary use case is for monitoring and cybersecurity.

2019-03-14T11:34:00Z
author avatar
Real User

We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.

2019-03-10T16:43:00Z
author avatar
Real User

We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.

2019-03-06T07:41:00Z
author avatar
Real User

* Log collection and analysis * Reporting for the whole enterprise environment.

2019-02-27T20:49:00Z
author avatar
Real User

We use it to do SIEM.

2019-02-14T07:37:00Z
author avatar
Reseller

Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.

2019-02-14T07:37:00Z
author avatar
Real User

* SIEM * Security information * Event management

2019-02-10T10:06:00Z
author avatar
Real User

Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.

2019-02-07T12:28:00Z
author avatar
Reseller

We use it for security incident event management and for IT service intermediates.

2019-02-07T12:28:00Z
author avatar
Real User

Our primary use case of this solution is as a centralized lab collection.

2019-02-05T07:16:00Z
author avatar
Real User

Splunk is our central locale for cybersecurity and protection.

2018-12-13T11:34:00Z
author avatar
Real User

* Log mining * Log analysis

2018-12-11T08:31:00Z
author avatar
Real User

We use it for log aggregation. If you have a large number of devices, you need to aggregate log data to make more sense of it for parsing, troubleshooting, and metrics. This is all we use it for. If I need to track logs for certain application, I will push all of those logs to Splunk so I can run reports on those logs. It is more about what you are trying to do with it and what you need from it.

2018-12-11T08:31:00Z
author avatar
Real User

We use it for logging and troubleshooting.

2018-12-11T08:31:00Z
author avatar
Real User

The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.

2018-12-11T08:31:00Z
author avatar
Real User

We use it for application log monitoring. It is a logging product. Our application generates log files, then we upload them to Splunk. We run their agent on our EC2 instances in AWS, then we view the logs through their product, and it is all stored on their infrastructure.

2018-12-11T08:31:00Z
author avatar
Real User

We use it mostly for log monitoring, and also for trying to raise alarms.

2018-12-11T08:31:00Z
author avatar
Real User

It is mostly centralized logging, a whole bunch of BI metrics, and an aggregation point, which we have adulterated for some PCI data. It does meet our use case for the most part.

2018-12-11T08:31:00Z
author avatar
Real User

We use it for logging, essentially for auditing and troubleshooting errors in production and finding out what happened. I have used the product personally for five years and at my current company for a year and a half.

2018-12-11T08:31:00Z
author avatar
Real User

We primarily use it for SIEM.

2018-12-11T08:31:00Z
author avatar
Real User

We use it for searching logs in a production environment.

2018-12-11T08:30:00Z
author avatar
Real User

We use it for log analysis and alerting, and our stock analysts use it. I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.

2018-12-11T08:30:00Z
author avatar
Real User

In the beginning, we just wanted to collect the logs from the different devices, like the nano storage, Linux, Windows, and VMware. We tried to get the uniform solution to collect and analyze all of the system logs.

2018-12-10T08:57:00Z
author avatar
Real User

It helps increase our productivity.

2018-11-18T07:31:00Z
author avatar
Real User

My primary use case for Splunk is for log file visualization and monitoring alert management.

2018-09-25T09:23:00Z
author avatar
LeaderboardConsultant

I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant. In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.

2018-09-09T05:40:00Z
author avatar
User

* Cybersecurity defense * Web app monitoring * VMware monitoring

2018-07-20T12:19:00Z
author avatar
Vendor

We use Splunk for a few different use cases: * We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards. * We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams. * We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.

2018-06-13T17:13:00Z
author avatar
Real User

Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.

2018-06-03T09:17:00Z
author avatar
Consultant

We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.

2018-05-15T08:36:00Z
author avatar
User

* IT Ops * Security * Compliance Many IT groups and non-IT groups use the product to gain insights into their environments.

2018-05-10T14:32:00Z
author avatar
Vendor

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

2018-05-04T19:57:00Z
author avatar
Real User

We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.

2018-05-03T13:55:00Z
author avatar
Real User

I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset.

2018-04-30T21:49:00Z
author avatar
Real User

Splunk provided me a platform to analyze both infrastructure loads and application performance for quick troubleshooting saving a load of time. Versatile apps at Splunkbase helped me to better configure and enhance visualization of the KPIs in my application.

2018-04-30T12:38:00Z
author avatar
Real User

* Log monitoring and alerts * Looking up information * Dashboards for nice, fast information about various application servers.

2018-04-25T07:36:00Z
author avatar
Real User

Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.

2018-04-23T21:12:00Z
author avatar
Real User

Primary use is business intelligence.

2018-04-22T15:34:00Z
author avatar
Real User

We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times.

2018-04-21T12:36:00Z
author avatar
Real User

Security analysis to identify issues and for use in incident handling. Correlating logs across over 1000 servers with different operating systems and applications logs to provide security insights.

2018-04-21T05:48:00Z
author avatar
Real User

The primary use case is to analyse and monitor big data, creating various dashboards, alerts, etc.

2018-04-21T05:15:00Z
author avatar
Real User

* Monitoring IT and other processes for a large university. * Leveraging alerts and dashboards to detect and predict security breaches and other events.

2018-04-21T03:20:00Z
author avatar
Real User

Security and incident management, which is helpful when organizing the data from different systems and running analysis on all the data together.

2018-04-21T00:21:00Z
author avatar
Top 5Real User

Security. We have built SIEM solutions three times from the ground up (not ES) using Splunk for some of the largest companies in the world.

2018-04-20T18:39:00Z
author avatar
Real User

We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top.

2018-04-19T21:37:00Z
author avatar
User

We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.

2018-04-19T21:32:00Z
author avatar
Real User

We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.

2018-04-19T18:45:00Z
author avatar
Real User

IT service analytics: * Server machine data * Monitoring data * Alerting data * ITSI KPIs * Real-time reporting * Month-over-month reporting.

2018-04-19T18:11:00Z
author avatar
Real User

We use Splunk for operations, application monitoring, and security. We are both cloud and on-premise based, so it has been very versatile for us.

2018-04-19T16:11:00Z
author avatar
User

Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.

2018-04-19T14:36:00Z
author avatar
Vendor

Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.

2018-04-19T13:49:00Z
author avatar
Real User

Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.

2018-04-19T13:05:00Z
author avatar
Real User

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.

2018-03-29T12:02:00Z
author avatar
Real User

* Searches the logs for all network devices and server. * Monitors clients' hardware, networking, and security operations. * It is good for the administrator to use it when maintaining the whole IT Infrastructure.

2018-03-26T05:49:00Z
author avatar
Real User

Our primary use case of Splunk has been on the implementation side for clients. Splunk has proven, on multiple occasions, to be extremely useful in the proactive monitoring of clients' hardware, networking, and security operations. Some use cases that we have implemented include, but are not limited to, proactive account lockouts based on machine learning of a typical person's average number of failed login attempts, aggregation of a servers logs in order to predict downtime/maintenance/hardware failures quite accurately, as well as helping administrators of all sorts to gain a full picture of their environments under a single screen.

2018-01-16T14:09:00Z
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.