Splunk Enterprise Security Reviews & Product Details

The best thing about Splunk is the deep visibility it provides across the environment, along with its strong ability to correlate large volumes of security data into true positive, actionable alerts. This really helps make investigations/incident response faster and more efficient. Review collected by and hosted on G2.com.

The initial implementation is complicated and requires significant expertise, time, and resources. In our case, we had to extend the contract to a third party to onboard Splunk ES in our environment. Review collected by and hosted on G2.com.

What I like most about Splunk Enterprise Security is its ability to give clear and comprehensive visibility across the entire environment. The correlation searches, use cases, and dashboards make it easier to identify patterns and prioritize threats. As someone who works in SOC operations and consulting, the flexibility to customize detections and build my own dashboards is a huge advantage and everything feels scalable, structured, and analyst-friendly. Review collected by and hosted on G2.com.

What I dislike about Splunk Enterprise Security is that some of its features can be quite resource intensive. The platform is powerful, but it sometimes requires significant tuning and infrastructure capacity to keep everything running smoothly. Additionally, certain configurations or customizations can take more time than expected. It’s not a major drawback, but it does require proper planning and optimization. Review collected by and hosted on G2.com.

Easy-to-use platform that integrates with different devices Review collected by and hosted on G2.com.

The licensing model based on event consumption and the new owner Review collected by and hosted on G2.com.

✅ Powerful Search and Correlation Capabilities

Splunk Enterprise Security excels at log aggregation, correlation, and threat detection. The Search Processing Language (SPL) allows advanced querying that lets our team pinpoint suspicious activity across multiple systems.

✅ Strong Integration with Multiple Systems

One of the key strengths is its ability to integrate with a wide range of third-party systems - firewalls, endpoint detection tools, identity providers, and cloud environments like AWS, Azure, and GCP. It pulls everything into a central platform, which is critical for visibility.

✅ Splunkbase Ecosystem

The Splunkbase app ecosystem is extensive. We’ve used certified add-ons and community-built integrations for tools like Palo Alto Networks, CrowdStrike, Okta, and Microsoft 365. This dramatically reduces the time required to normalize and enrich logs.

✅ Flexible Dashboards and Alerts

Splunk ES provides customizable dashboards and correlation rules, making it easier to tailor detection mechanisms to our organization's needs. The MITRE ATT&CK integration is also a big plus for mapping threats and to evaluate how our detection coverage maps against possible threats.

✅ Scalability

We’ve scaled Splunk ES from ingesting a few hundred GBs a day to multiple TBs without much performance degradation, though it requires careful planning and tuning. Review collected by and hosted on G2.com.

❌ Learning Curve

The flexibility of SPL is a double-edged sword. New analysts often struggle with query writing and alert customization unless they have a strong background in Splunk or scripting. However, there is now an AI solution which will convert natural language to complex SPL syntax.

❌ Expensive at Scale

Pricing is based on ingest volume, which might be expensive as data grows. Without smart data hygiene practices and archiving, costs can grow easily.

❌ Heavy Resource Requirements

On-premise deployments require significant compute and storage resources. High availability and disaster recovery setups can become complex and costly. However, Splunk Cloud takes care of much of this work if purchased.

❌ Limited Out-of-the-Box Content for Certain Use Cases

Although it comes with prebuilt dashboards and correlation rules, some use cases (like insider threat or advanced cloud threat detection) require additional tuning, enterprise specific knowledge or external tools to be truly effective. Review collected by and hosted on G2.com.

Splunk is easy to use/configure and to find what i need. plus, the splunk employees with whom we work are very talented and skilled Review collected by and hosted on G2.com.

they got bought by cisco and we are waiting for integrations to get better Review collected by and hosted on G2.com.

Splunk ES is very helpful in seamless integration and automation, Data analytics, Investigation, Log source onboarding, dashboard, SPL, ease of search, use-case modification/fine-tuning, you name it. Every task and job in Splunk ES is perfect. Its vendor support is very responsive. Splunk ES has ease of implementation and integration. Review collected by and hosted on G2.com.

Apart from cost, no one dislikes Splunk ES. Due to its costly services, most organizations use other cloud-native security solutions. Recently, one of our clients also proposed another security solution over Splunk ES. so that's cost is the main disadvantage of Splunk ES in my opinion. Review collected by and hosted on G2.com.

Splunk ES is easy to manage and understard even if you are new with SIEMs. The workflows are easy to follow and the language the splunk uses is easy to learn. Also, it has integration with anything so you can ingest logs from pretty much everything you can think of. Review collected by and hosted on G2.com.

Might be very expensinve depend of how much data you are ingesting. Review collected by and hosted on G2.com.

The simplified UX is what makes Splunk/Splunk Enterprise Security (ES) seperate from all other competitors. The vast range of data connectors in Splunkbase, simplified architecture, granular level of customization options, out of the box data models and complete coverage of MITRE Att&ck are some of the prime features and services offered by Splunk ES. The data model acceleration, notable events, dashboards and wide range of apps & addons makes searching and data transformation tasks really easy. The customer support is great for any type of issues you might be facing. Review collected by and hosted on G2.com.

The licensing model and cost is bit difficult to understand and manage. Review collected by and hosted on G2.com.

The ease of integration, visualisation and alert creation. Data handling and customisation. Minimalistic maintenance Review collected by and hosted on G2.com.

There are nothing much to dislike here. But I can say search speed will be a bit of issue for me when it is overloaded unless we are using optimal queries Review collected by and hosted on G2.com.

It is easy to use and quick to collect multiple event and data log with best intrusion dection capability. Easy to integrate and quick to customize dashboard and the initial implementation process is also very easy. Review collected by and hosted on G2.com.

Advanced security settings not easy especially when new with the system. The support team deseves merit for being helpful and always available when in need. Review collected by and hosted on G2.com.