Opiniones de Splunk Enterprise

Splunk nos ha permitido fortalecer nuestras capacidades de visibilidad sobre una amplia variedad de eventos (de ciberseguridad y funcionales), dada su flexibilidad nativa para consumir, correlacionar y alertar a partir de distintas fuentes. Con ello, hemos podido detectar y reaccionar oportunamente ante aquellos eventos que representan posibles amenazas para nuestros objetivos.

Algunas funcionalidades requieren componentes adicionales.

es una herramienta de facin configuracion e implementacion, aparte de ser intuitiva.

hay veces que se traba la interfas cuando se sastura el equipo.

Capas de procesar gran volumen de datos a partir de múltiples fuentes, rápido y eficaz en el análisis . Nos ha permitido mejorar y fortalecer todos nuestros procesos internos de la empresa y optimizar nuestros objetivos

Es un software bastante caro y no para pequeñas empresas, a no ser que te dediques a ello. Puede requetir implementar algunos complementos adicionales.

Easy to install agents on servers, it can parse any form of data easily, Splunk can detect anomalies quite easily and the UBEA feature is amazing.

The cost of this solution is high, and customer service is bad. Apart from that Splunk SPL language is difficult to learn.

- Ability to search logs across processes and services
- Ability to develop dashboards to Monitor critical metrics
- Ability to set up alerts based on threshold values

- Need to regex well in order to use the tool to its full ability
- Ability to extract values out of the log statements could be simpler
- Alerts usually end up being over alerting or false alerts.

The search feature allows for quick searching of signatures for new KBs

It feels very clunky to set up, explained by the whole certification track just for using splunk..

Real time use. The ingestion of data and more.

Nothing yet.. maybe performance at times.

Splunk Enterprise offers real-time data analysis tools makes it possible for my institution to see and take immediate action against security risks, performance difficulties, and other operational concerns.

Splunk Enterprise is really expensive and it is a huge part in our annual budget because we require add-ons.

Security Information and Event management, log analytics, custom dashboards and workspaces

Auto upgrade management and notifications for Add-ons. Leaning more towards config file based implementation instead of UI based implementation

The easy of setup and integration makes this one of my favorites As well as the real time dashboard

Not much i don't like yet, but maybe the interface can do with an update

Splunk Enterprise's versatility is highly valued by its users, as it is capable of analyzing and managing data from a variety of sources, including machine data, logs, and structured and unstructured data formats. This makes it a valuable tool for organizations with diverse data management needs. In addition, users appreciate the software's efficiency in processing and analyzing large volumes of data quickly, allowing them to make faster and more informed decisions. This is particularly important for organizations that need to respond to data in real-time, as Splunk Enterprise's speed and efficiency can help them stay ahead of the curve.

Splunk Enterprise to be complex and difficult to use, particularly for those who are not familiar with data analysis and management tools. The software has a range of features and capabilities, which can be overwhelming.

The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

Several of our applications are distributed across multiple systems. It is the same software running on each server but doing the same job for different users. Each server would generate its own log files. When things went wrong, we used Splunk to be able to see what was going on on each server. Click a few buttons and you get two logs from two different servers listed together coordinated by time. But that leads you to discover that the issue came from a separate upstream or downstream server, then bring in those logs too . . . all coordinated by time. Don't get me wrong, the IT guys love these tools for their own enterprise reasons, but as a server stack developer, this was a resource I used OFTEN.

I never fully grokked their SQL like language. I could do basic things daily without issue. However, I often had to hit the documentation to do anything more than a simple "find this" query.

Dashboards feature is amazing, I use it much. Alerts and queries are easy to set up. Mostly it works fast so it's kind of Dev friendly so it's easy to onboard the new guys

Alerts should have a better way to manage it. There should be a way to promote alerts to different environments - so we will be able to set the Dev/Stg/Prod
Sometimes some things that we want to do take a while searching on the internet for a solution - they might think how to do it better - maybe some examples or better documentation

I think Splunk is first and best software in the field, easy to use, does what it had promised,

pricing could be better, they could be more flexible, support is a bit slow

Fast consolidation of disparate logs in an easy to search way for troubleshooting. I can find problems within my organization very quickly. Sales team was very responsive in getting me a trial license to estimate my needs.

Set up takes some time and planning. The Licensing scheme can be pretty expensive and until you've got it up and running it can be hard to estimate how much license you need.

Splunk Enterprise is a great tool for security analytics, IT operations, and business intelligence. I especially like the way it can help me identify potential threats and improve our IT infrastructure.

The pricing for Splunk Enterprise may be out of reach for some small businesses.