Splunk Enterprise Features

Data visualization, Analytics skills with AI-powered and can handle data in TB/per day without any interruptions in services. Live dashboards, developing use-cases and their capabilities (correlation).

complex architecture and efficient skills are required, financial is also not feasible for small and medium customers. no inbuilt query builders for beginners to understand the platform.

- Ability to search logs across processes and services - Ability to develop dashboards to Monitor critical metrics - Ability to set up alerts based on threshold values

- Need to regex well in order to use the tool to its full ability - Ability to extract values out of the log statements could be simpler - Alerts usually end up being over alerting or false alerts.

The ablitity to configure and tweak the use cases. Building Intelligence into forensics. The AI feature is gud but needs more enhancements.

The log management needs to be efficient , If the auditing logs is enabled then a huge influx of logs are pumed into splunk but no meaningful meaning can be derived.

The ability to use this software for security operations, data analysis, creating dashboards, generating tickets and everything else

Splunk uses its own SPL, which is not very easy to learn. However, there are lots of documentation that Splunk provides to its customers. There is paid training available which is useful for beginners to learn.

Best tracking and data analysis tool which help to monitor and manage the server and system component in very effective way. Real time Visualization helps to take the quick decision so that desired action can be taken to avoid failure.Best data collection in the forms of log and which helps to define the best set of automation jobs to fix the issue.

There are few components or observation like,1. most of the time observes the slowness in the performance.2. Sometime observe the delay in the issue or updated log reflection on the portal. 3. Need more storage to manage and maintain the lo g which impact organizational costing and budget.

Splunk is great for monitoring, logging, and analyzing the large volume of data on the servers. Our support teams use Splunk to collect data/logs from the servers and troubleshoot product related issues. We introduced Splunk few years ago in our organization and it helped improve our defect/issue analysis and problem solving abilities

While Splunk is not too complex, it also requires a certain level of skillset to decipher the information. It may take a while to figure things out if you are a new user, or someone with limited technical knowledge

The tool can collect all sorts of data from diffuse sources and preform advanced analytics on it. It has powerful monitoring capabilities useful in threat identification and maintaining the health of our IT infrastructure. Splunk enterprise helps us to foresee, trends through machine learning which has been a crucial to making informed business decisions.

Training new users is tough, the learning curve is very steep and it gets overwhelming for them. The installation and configuration process is very long and needs a lot of time.

Sofware is really excellent and best suited for small and large scale business who would like their systems, interfaces, server space and database health check to be performed.

Sometimes the Splunk alerts creates multiple tickets in ITSM tool during issue. Hence it may result in spending sometime for closure of open incidents.

Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.

Splunk Visually represents the logs mainly from production servers in the web UI . People who Usually has no access to logs in production servers, will access the logs through splunk UI with very simplified and friendly search query. It has lot of features like you can query for particular date and time range with specific characters. The search engine is very fast which will bring the query response effectively. we can access all types of logs including XML and JSON. we can create a custom dashboard with custom query for each projects and can relatively trigger the email to the support team in case of any issues. This tool is boon for production support team in any enterprise company.

Licensing cost is quite higher for enterprise usage. Query response time will be slow when you are searching for relatively longer history(Eg. 3 months old data)

Several of our applications are distributed across multiple systems. It is the same software running on each server but doing the same job for different users. Each server would generate its own log files. When things went wrong, we used Splunk to be able to see what was going on on each server. Click a few buttons and you get two logs from two different servers listed together coordinated by time. But that leads you to discover that the issue came from a separate upstream or downstream server, then bring in those logs too . . . all coordinated by time. Don't get me wrong, the IT guys love these tools for their own enterprise reasons, but as a server stack developer, this was a resource I used OFTEN.

I never fully grokked their SQL like language. I could do basic things daily without issue. However, I often had to hit the documentation to do anything more than a simple "find this" query.

1) Accepts multiple data formats like CSV, JSON, XML 2) Does the hard work for us i.e converting machine data to a human-readable format. 3) Can create customized alerts to serve our business purpose. 4) Searching on the based on queries is pretty simple. 5) We can create dashboards to analyze and visualize our search results. 6) Can export the log content to our Personal computers. 7) Setting up plugins and integrating with any tool that needs monitoring is pretty easy. 8) Technical support for the Splunk is very quick as they have a dedicated staff for that.

I did not find any flaws with this software.

Splunk can give you extreme insights into how your systems and software are functioning. Not only is the search very flexible and powerful, the customizable dashboards give a status report at a glance into trends, problems and performance. You can also set up email alerts when errors occur limiting the need to have Splunk opened on your machine all the time.

Splunk has a learning curve. They have extensive documentation but it isn't intuitive and some features are buried pretty deep. We have an onsite expert who holds bimonthly meetings to answer questions in a group forum.

Ease of use, you can extract any kind of information using commands provided by the software vendor. The other good thing about this software is the easy implentation on the servers, and the configuration is basic.

For people that are not used to use command lines, it might be a liitle bit difficult on the beggining.

Splunk Light is ideal for independent on-premise organization. Augment endpoint logging. Can find and store logs from a wide range of resources. Customization of dashboards. Making applications dependent on your requirements.

Complex generally design. Long execution time. The instrument needs to incorporate AI to comprehend the framework logs and alarming ought to be founded on the auto learning.

The best thing about this software is i love its UI part and its dashboard where it provides the logs of all the enterprise application every business which has large amount of the transactions being held are required to maintain this tool and its logging and search frequency are very much loved and dash board has very colourful UI and easily understandable

There is no least about this software but we are looking for some more enhanced featured like optimisation and all

The software includes various configuration possibilities to organize and aggregate the logs of different systems. Very useful tool for monitoring IT infrastructure activities.

At the moment we have found no negative aspects.

log analysis, text patterns, statistics and graphing

Too much of programming, not easy for laymans to write queries.

As a software engineer, Splunk helps me debug issues in my microservice applications. The Splunk forwarders are efficient and quickly collect logging from multiple server instances. The timestamp resolution is precise making it easier to track down race conditions. The reporting and pivot tables are powerful ways to visualize frequency of api calls once you learn the syntax.

Splunk forwarders that collect the data from applications can sometimes hang and need to be restarted. The amount of traffic that can be collected has maximum caps based on your subscription.

It very easy to jump in and learn. Installation, configuration, and administration is very easy. Use of the product such as Search/Dashboard can seem daunting at first but is actually very simple. Splunk has very good documentation and community support. I am always able to find answers to my questions by using Splunk Answers and/or the IRC channel.

Licensing and pricing in general. Managing the license usage can be annoying and paying for more can be costly. There have been quite a few times where small issues with our log intensive systems have caused license violations. Scenarios like this are usually avoidable with small changes to the Splunk configuration but it can be tedious.

Splunk is provides a single tool for log aggregation, log analysis, and visualizations. Threat hunting, applying threat intelligence, and incident response are easily repeatable; pushing organizations to proactive security processes.

Splunk is expensive, especially when an organizations is exploring and building new security or data use cases. It also requires a lot of engineering maintenance, making the quality of the data highly-dependent on the skill(s) of those supporting it. Many organizations do not maximize its benefit because it is poorly managed or supported by low-skilled employees.

It an intelligent business tool that provided me an opportunity to customize and build report from large volume of data from different departments within the 13 Africa countries in telecommunication sectors. The platform allows data to be consolidated accordingly to the organization need and produces visualized reports of dashboard features. I also noted that the system can analyst unstructured large volume of data speedily and is reliable and web based allowing for user flexible accessible from any part of the world if you have internet. The systems have been reliable and secured from the time (2 years) I started using it without any system intermittent, system errors and cyber-attack.

The system is built and use-able with structured and unstructured organization though the price in foreign currency could hamper small and medium organization to use it especially in most Africa country where the local currency has depreciated against the major trading foreign currency.so the Forex pricing is a challenge. The navigation of the platform will require minor training though if the user is computer proficient, they would management with minor challenge and interpretation of the data. So, first time user it can be difficult to use it It will depend on internet for access and internet tend to be pricey in most African country and therefore could increase the business cost for small and medium enterprise. It can increase business cost if not fully used

- Free to use for small 500MB or less daily ingress, quite nice for small use cases and learning - No development work required to deploy and provide value. - Deployment flexibility: client agents are available to use, or clientless configurations for multiple OS platforms. It's also very easy to deploy, not just flexible. its a very simple affair. - Segmentation of logs: You can create separate...

Read more

- Price: This product is not free for more than the minimal use. Pricing can be very expensive, relative to open source offerings. That is the trade-off you pay for not having in-house development of open source offerings. As this product is priced based on gigabytes of indexed logs, it is important to understand the scope of licensing necessary for your environment to determine if it is a good fit for your organization. - Watch your saved queries and hardware resources: Users have the ability to create and save queries. Like in database queries, some are more efficient than others. Large inefficient queries can be very resource-intensive. If you notice slowness in day-to-day queries, or navigation in the UI, or resource use in contention, keep an eye on saved queries and user practices.

I really like the platform, the data collection is ideal and the reports are detailed, it is the most appropriate SIEM service to monitor our IT infrastructure, it is an ideal software to take preventive measures, it is easy to customize the dashboards, the monitoring is constant and it gives us security in real time, the alerts are accurate and it helps us understand what is happening and fix it before it becomes serious.

It is a somewhat expensive service but with more powerful features than other free SIEM systems, and it is a bit complex to set up and use for inexperienced users, so a lot of help should be sought from experienced staff and support team at first.