Opiniones de Splunk Enterprise

Splunk nos ha permitido fortalecer nuestras capacidades de visibilidad sobre una amplia variedad de eventos (de ciberseguridad y funcionales), dada su flexibilidad nativa para consumir, correlacionar y alertar a partir de distintas fuentes. Con ello, hemos podido detectar y reaccionar oportunamente ante aquellos eventos que representan posibles amenazas para nuestros objetivos.

Algunas funcionalidades requieren componentes adicionales.

es una herramienta de facin configuracion e implementacion, aparte de ser intuitiva.

hay veces que se traba la interfas cuando se sastura el equipo.

Capas de procesar gran volumen de datos a partir de múltiples fuentes, rápido y eficaz en el análisis . Nos ha permitido mejorar y fortalecer todos nuestros procesos internos de la empresa y optimizar nuestros objetivos

Es un software bastante caro y no para pequeñas empresas, a no ser que te dediques a ello. Puede requetir implementar algunos complementos adicionales.

Real time use. The ingestion of data and more.

Nothing yet.. maybe performance at times.

- Ability to search logs across processes and services
- Ability to develop dashboards to Monitor critical metrics
- Ability to set up alerts based on threshold values

- Need to regex well in order to use the tool to its full ability
- Ability to extract values out of the log statements could be simpler
- Alerts usually end up being over alerting or false alerts.

Powerful and versatile data mining tool with excellent integration capabilities.

Challenging initial setup and learning curve, particularly with query language and high cost.

Splunk Enterprise offers real-time data analysis tools makes it possible for my institution to see and take immediate action against security risks, performance difficulties, and other operational concerns.

Splunk Enterprise is really expensive and it is a huge part in our annual budget because we require add-ons.

Security Information and Event management, log analytics, custom dashboards and workspaces

Auto upgrade management and notifications for Add-ons. Leaning more towards config file based implementation instead of UI based implementation

The easy of setup and integration makes this one of my favorites As well as the real time dashboard

Not much i don't like yet, but maybe the interface can do with an update

Splunk Enterprise's versatility is highly valued by its users, as it is capable of analyzing and managing data from a variety of sources, including machine data, logs, and structured and unstructured data formats. This makes it a valuable tool for organizations with diverse data management needs. In addition, users appreciate the software's efficiency in processing and analyzing large volumes of data quickly, allowing them to make faster and more informed decisions. This is particularly important for organizations that need to respond to data in real-time, as Splunk Enterprise's speed and efficiency can help them stay ahead of the curve.

Splunk Enterprise to be complex and difficult to use, particularly for those who are not familiar with data analysis and management tools. The software has a range of features and capabilities, which can be overwhelming.

Splunk is great for monitoring, logging, and analyzing the large volume of data on the servers. Our support teams use Splunk to collect data/logs from the servers and troubleshoot product related issues. We introduced Splunk few years ago in our organization and it helped improve our defect/issue analysis and problem solving abilities

While Splunk is not too complex, it also requires a certain level of skillset to decipher the information. It may take a while to figure things out if you are a new user, or someone with limited technical knowledge

The system is highly intuitive to use. It is faster than other solutions I've used on the market and has a huge library of 3rd party plugins to get more from the system. It is easy to create scheduled searches, dashboards, reports etc. but there are a number of additional plugins (at an extra cost) to help with security, single pane of glass and metric collection.

It offers challenges for a decentralized working model. Where Splunk is centrally managed, it is easy to ensure that best practices are maintained. Where the system is opened up for an entire department to utilize and on-board their logs, it becomes more difficult. However, with some creative thinking and good process, this issue can be overcome.

Several of our applications are distributed across multiple systems. It is the same software running on each server but doing the same job for different users. Each server would generate its own log files. When things went wrong, we used Splunk to be able to see what was going on on each server. Click a few buttons and you get two logs from two different servers listed together coordinated by time. But that leads you to discover that the issue came from a separate upstream or downstream server, then bring in those logs too . . . all coordinated by time. Don't get me wrong, the IT guys love these tools for their own enterprise reasons, but as a server stack developer, this was a resource I used OFTEN.

I never fully grokked their SQL like language. I could do basic things daily without issue. However, I often had to hit the documentation to do anything more than a simple "find this" query.

Dashboards feature is amazing, I use it much. Alerts and queries are easy to set up. Mostly it works fast so it's kind of Dev friendly so it's easy to onboard the new guys

Alerts should have a better way to manage it. There should be a way to promote alerts to different environments - so we will be able to set the Dev/Stg/Prod
Sometimes some things that we want to do take a while searching on the internet for a solution - they might think how to do it better - maybe some examples or better documentation

I think Splunk is first and best software in the field, easy to use, does what it had promised,

pricing could be better, they could be more flexible, support is a bit slow

I'm not sure from where to start in this case.

We use splunk for many things but mostly to analyze the traffic on the network / firewalls. It provides us with a nice overview of what's going on. It makes it very easy to spot spikes on the network and it will provide you also with deep analyzes.

For us it's an indispensable tool, probably the best tool we have.

To search for something is not always easy, however there are a lot of forums online, so finding help is not that difficult.

Advanced security analytics to quickly detect malicious threats within our networks and devices with rapid response and effective alert prioritization to accelerate investigation.

Great integration to collect multiple data easily and in built-threat intelligence that helps to accelerate our investigations. Full of incredible features, there is nothing to dislike.