We just raised a $30M Series A: Read our story

Splunk Valuable Features

Practice Head-CyberSecurity at a tech services company with 1,001-5,000 employees

The most valuable aspect of the solution is the dashboard. It's very intuitive. 

The reporting is excellent. The team and the SOC analyst are able to easily track the alerts and the correlation is very good compared to other SIEM tools. 

View full review »
Principal Enterprise Architect at Aurenav Sweden AB

Splunk handles a high volume of data that we have, and it does it really well.

For what we're using it for, we're happy with its functionality.

The reporting aspect is good and it does what I need it to do.

From an operational standpoint, it helps us on the operations side and it also shows where we're having issues.

It connects to a lot of stuff. We can collect information from a lot of sources.

View full review »
CS
Data Center Architect at a outsourcing company with 201-500 employees

The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard.

View full review »
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,873 professionals have used our research since 2012.
IT Security Consultant at Microlan Kenya Limited

What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis. I recently have become involved in the Playbooks, since it is painful for the client to respond to the threat, be it positive or negative. As such, I currently see the Phantom component of the solution to be of great value. Otherwise, most other features seem to be similar to Netwitness, such as the monitor log, network, and endpoint capabilities. Importantly, the solution lacks endpoint options, as these are currently deployed on Cisco, which is okay, as it works fine with that bad side of the endpoint security. This translates into them building queries, rules and then Playbooks. 

The main advantage of the solution is that it provides an easy setup platform in the new environment. When set up afresh, it is also easy to build queries. Historical queries can be used to site for a new event, which makes it easy to use, deploy and understand.

View full review »
SK
Senior Consultant at sectecs

The Splunk programming language allows you to pipe searches into another searches.

What I really like is that even if you have already collected the data, you can extract data and  add fields which improves building searches. This is not the case with Elasticsearch, where this needs to be done upfront.

View full review »
RM
Audit Remideation/Financial Manager at a tech services company with 1,001-5,000 employees

The logs on the solution are excellent. Mostly I see just the reports or the outcome, however, with the log portion, where you could actually take log entries and pass them through the system in order to create events or conditions, and get reports. You can set up your conditions to the logs that you invested into Splunk, and get the reports or the output that you want. 

View full review »
DG
CSSP Manager at a tech services company with 51-200 employees

Splunk is good at log collection and log management.

View full review »
RB
Automation Specialist, Analytics at a computer software company with 10,001+ employees

Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data. 

The ease of deploying the agent is great in Splunk. One can easily deploy the Universal Forwarder which can extract any amount of information and put it into an indexer. The flexibility of ingesting any kind of data is good with Splunk.

In regards to action-oriented tasks, If an alert is triggered where I have to perform a certain action in the form of executing a Python script or invigorating a PowerShell script — this is easy to do with Splunk. 

The Splunkbase is great. There are thousands of apps that are already available, I can install those apps with full-connectivity and use them to extract any form of data. The community in the Splunkbase is also really strong. 

The ease of integration with third-party tools is great. In the Splunkbase, there are so many apps that are easy to integrate with. 

The user interface is really good. There is a machine learning toolkit — I like it a lot. They have use cases in place so that people with little experience in machine learning can go through these examples of use cases and gain a better understanding. 

View full review »
BA
Solutions Consultant at a tech services company with 1,001-5,000 employees

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

View full review »
Technical Account Manager at Trustaira

The solution's capability is its most valuable aspect.

The initial setup is very straightforward.

The solution has proven to be quite stable.

We've found the solution to be very mature.

The integration capabilities are excellent. They have apps that integrate quite well with Palo Alto and Cisco, for example.

View full review »
RU
Senior Solutions Architect at a manufacturing company with 51-200 employees

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

View full review »
Consultant at Splunxter, Inc.
  • Core Splunk
  • Saved searches
  • Dashboards (SimpleXML) 

With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM.

View full review »
MS
Senior security consultant at a comms service provider with 51-200 employees

One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us. 

View full review »
AK
Senior Informatica Administrator at a computer software company with 10,001+ employees

The logging features are useful as are the dashboards and alerts in addition to the organization of data. It has options for creating dashboards and alerts. You can also create queries in the SQL language. Splunk is a user-friendly solution.

View full review »
Principal Systems Engineer at a computer software company with 10,001+ employees

It's the completeness of the solution that we like the most. It has a solution for backend log analytics, but also one for mobile applications.

View full review »
Managing Director at Hayyan Horizons

The log aggregation is great.

The solution offers good data analytics.

The dashboards are very helpful.

The initial setup is simple and straightforward. 

The solution is low-maintenance.

It's a stable product.

We have found that the solution scales well. 

View full review »
SK
Assistant Vice President at a financial services firm with 10,001+ employees

The models that we use are pretty mature at this point, which means we can be assured we are given the best use cases right out of the box.

We can just plug into the applications and everything is set up. There's very little configuration necessary.

The integrations that are offered with different tools are all very good. They offer integrations for all levels of security and have offerings from some of the other major solutions in the space.

The initial setup is pretty straightforward.

View full review »
ID
Senior Network Engineer at a tech services company with 51-200 employees

The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.

View full review »
SJ
Engineer at a financial services firm with 201-500 employees

The flexibility of the solution is quite good.

The product is stable.

It offers good scalability if you are willing to pay.

The technical support on offer is responsive.

View full review »
SD
Assistant Manager System at a financial services firm with 10,001+ employees

The ease of log connection has been great. 

Its compatibility with other SIEMS is very useful. 

They have many basic use cases that we like. 

The cloud version of the solution is especially scalable.

The product has been quite stable so far.

The initial setup is very easy.

View full review »
JY
Assistant Manager ICT - Projects at a financial services firm with 1,001-5,000 employees

The additional vendors we've brought on board, particularly the Elastic, have been quite beneficial.

It's a solid platform.

View full review »
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees

This is a straightforward solution, easy to configure and difficult to mess up. 

View full review »
SS
Consultant at a financial services firm with 5,001-10,000 employees

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

View full review »
TG
Sr. Cyber Security and Solutions Architect at a government with 10,001+ employees

The most valuable aspect of the solution is the ability to capture the different data streams. We also appreciate the reporting in that aspect of Splunk. If we can grow now, with any security arena, it's going to be proactive, not reactive. It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust.

View full review »
Principal Systems Engineer at a computer software company with 10,001+ employees

The completeness of the solution is what we like the most.

View full review »
Senior Cyber Security Expert at a security firm with 11-50 employees

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

View full review »
Regional Head at a tech services company with 51-200 employees

It's basically one of the best SIEM products on the market.

The scalability is great.

We have found the solution to be stable. 

Technical support is helpful. They respond in a timely manner. 

View full review »
General Manager at Intersoft S.A.

The correlation capabilities are the first value that our clients say they like with Splunk. Another benefit is that they can connect to any device or log from any device from anywhere.

It's easy, the tool is very easy to install and set up. 

View full review »
SO
Founder at a marketing services firm with 11-50 employees

Splunk can quickly be deployed and it's not difficult to learn the solution. 

View full review »
Information Security Analyst at a tech services company with 1,001-5,000 employees

Its integration is most valuable. Its UI is also pretty much easy.

View full review »
AV
IT System Developer/Admin at a manufacturing company with 10,001+ employees

The features I have found most valuable are the dashboards. 

I monitor the complete capacity that users are using in the company.

View full review »
LK
Network Operations Center Engineer at a tech company with 51-200 employees

I like that the solution is easy to use and stable. 

View full review »
HF
Product Manager, CyberSecurity at a tech services company with 201-500 employees

Because I'm security focused, I prefer the security features such as Splunk Phantom and Splunk Enterprise Security.

View full review »
HK
Telecom Tech at a university with 501-1,000 employees

We enjoy the whole solution. It is meeting our requirements, especially the SIM solution. 

The alerts are very user-friendly.

We can easily configure things as required in relation to our use cases.

The search functionality is good. It works like Google. 

Onboarding is quite easy.

The scalability is good.

Product-wise, the performance is good. 

View full review »
Senior Information Technology System Analyst at YASH Technologies

There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.

View full review »
VW
Security Professional at a tech services company with 501-1,000 employees

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

View full review »
JB
Sr. IT Manager at a government with 10,001+ employees

The most valuable feature is the log aggregation, being able to scan through all of the logs.

View full review »
Data Scientist at a tech vendor with 201-500 employees

The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature. 

View full review »
JS
Product Manager, FX Solutions at a tech services company with 10,001+ employees

The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.

View full review »
FH
Technical Architect, Cloud Operations at a computer software company with 5,001-10,000 employees

I am just a user, and from a user's perspective, it does the job.

It has quite extensive support in terms of integration. If you want to do anything, there are tools for that.

View full review »
MK
Technical manager at a tech services company with 11-50 employees

The most valuable features are how stable and easy to use Splunk is. 

View full review »
HK
President at a non-profit with self employed

The solution allows easy gathering and ingestion of the data.

View full review »
JB
Sr. IT Manager at a government with 10,001+ employees

The most valuable feature is that it's very good for log aggregation.

View full review »
RK
SOC Analyst at a wholesaler/distributor with 10,001+ employees

The solution has plenty of features that are good.

View full review »
AM
Senior Technical Lead at a financial services firm with 10,001+ employees

We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.

View full review »
SA
CyberSecurity Consultant at a tech services company with 51-200 employees

The solution is very fast and succinct. 

View full review »
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,873 professionals have used our research since 2012.