# Splunk Enterprise Security Reviews
**Vendor:** Cisco  
**Category:** [Security Information and Event Management (SIEM) Software](https://www.g2.com/categories/security-information-and-event-management-siem)  
**Average Rating:** 4.3/5.0  
**Total Reviews:** 246
## About Splunk Enterprise Security
Splunk Enterprise Security (ES) is a data-centric, modern security information and event management (SIEM) solution that delivers data-driven insights for full breadth visibility into your security posture so you can protect your business and mitigate risk at scale. With unparalleled search and reporting, advanced analytics, integrated intelligence, and prepackaged security content, Splunk ES accelerates threat detection and investigation, letting you determine the scope of high-priority threats to your environment so you can quickly take action. Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Our extensive ecosystem of Splunk, partner, and community-built integrations as well as flexible deployment options ensure your technology investments are working in tandem with Splunk ES whilst meeting you wherever you are on your cloud, multi-cloud, or hybrid journey.


## Splunk Enterprise Security Pros & Cons
**What users like:**

- Users find Splunk Enterprise Security **easy to use and configure** , simplifying management even for beginners in SIEMs. (15 reviews)
- Users value the **strong integration with multiple systems** provided by Splunk Enterprise Security for enhanced visibility. (13 reviews)
- Threat Detection (13 reviews)
- Features (12 reviews)
- User Interface (11 reviews)
- Users appreciate the **clear and comprehensive visibility** provided by Splunk Enterprise Security through its customizable dashboards. (10 reviews)
- Log Management (10 reviews)
- Users commend the **responsive customer support** of Splunk Enterprise Security, enhancing their overall experience and satisfaction. (9 reviews)
- Cybersecurity (8 reviews)
- Integrations (8 reviews)

**What users dislike:**

- Users find **Splunk Enterprise Security expensive** , especially as data volume increases, impacting overall budget management. (17 reviews)
- Users find the **complex setup** of Splunk Enterprise Security challenging, needing extensive expertise and resources for implementation. (8 reviews)
- Complex Implementation (6 reviews)
- Complexity (6 reviews)
- Difficult Learning (6 reviews)
- Users face **integration issues** with Splunk Enterprise Security, requiring expertise and resources for effective onboarding. (6 reviews)
- Users face a challenging **learning curve** with query writing, impacting new analysts&#39; ability to adopt Splunk effectively. (5 reviews)
- Users note that **resource-intensive features** of Splunk Enterprise Security require careful planning and substantial infrastructure investment. (5 reviews)
- Training Required (5 reviews)
- Poor Customer Support (3 reviews)

## Splunk Enterprise Security Reviews
  ### 1. Powerful Visibility and Investigations with Splunk Enterprise Security

**Rating:** 4.0/5.0 stars

**Reviewed by:** Akil S. | Technical Blogger, Small-Business (50 or fewer emp.)

**Reviewed Date:** April 27, 2026

**What do you like best about Splunk Enterprise Security?**

What I liked most is the visibility it gives once everything is set up. It becomes a solid central place for monitoring and investigations, and correlating logs across systems actually helps catch things faster.
The built-in detection rules and dashboards are a good starting point, and integrations are flexible enough to bring in data from pretty much anywhere. Performance is reliable too, as long as your queries are optimized.
It does take some effort to tune alerts and get real value, but once that’s done, it makes day-to-day security workflows a lot more structured and efficient.

**What do you dislike about Splunk Enterprise Security?**

The biggest issue is the complexity. Setup and onboarding take time, and you really need someone experienced to get it running properly. It is not beginner friendly at all.
Pricing can also get expensive fast since it is based on data ingestion, so you have to constantly manage what logs you are sending in.
The UI feels a bit clunky in places, and navigating during investigations is not always smooth. On top of that, alerts need a lot of tuning. Without it, you end up with too much noise, which affects response time.
Overall, its Ai is powerful, but it takes effort, expertise, and budget to actually make it work well.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Before using Splunk ES, we struggled with scattered logs and limited visibility. Investigating incidents meant jumping across multiple tools, which slowed everything down.

Now everything is centralized, so we can monitor, detect, and investigate from one place. Correlating events across systems has made it easier to spot real threats instead of isolated alerts, which has improved response time quite a bit.

It also helped reduce manual effort. Instead of digging through raw logs, we rely on dashboards and alerts, which saves time during day-to-day monitoring.

That said, the ROI depends on how well it is set up and tuned. Once optimized, it definitely makes security operations more structured and efficient.

  ### 2. Splunk ES- Scalable SIEM for Large Enterprise

**Rating:** 4.5/5.0 stars

**Reviewed by:** Naushad T. | Lead Technical Specialist - EDR, Enterprise (> 1000 emp.)

**Reviewed Date:** February 17, 2026

**What do you like best about Splunk Enterprise Security?**

The best thing about Splunk is the deep visibility it provides across the environment, along with its strong ability to correlate large volumes of security data into true positive, actionable alerts. This really helps make investigations/incident response faster and more efficient.

**What do you dislike about Splunk Enterprise Security?**

The initial implementation is complicated and requires significant expertise, time, and resources. In our case, we had to extend the contract to a third party to onboard Splunk ES in our environment.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

It’s a great SIEM tool to have in a cybersecurity platform for a larger organization like us. It has really helped our SOC with real-time monitoring and alerting for security incidents, onboarding and improving visibility across multiple log sources, and enabling faster investigation and response to threats.

  ### 3. Unmatched Visibility and Customization for Security Operations

**Rating:** 5.0/5.0 stars

**Reviewed by:** Muhammad R. | Technical Consultant Manager, Enterprise (> 1000 emp.)

**Reviewed Date:** December 07, 2025

**What do you like best about Splunk Enterprise Security?**

What I like most about Splunk Enterprise Security is its ability to give clear and comprehensive visibility across the entire environment. The correlation searches, use cases, and dashboards make it easier to identify patterns and prioritize threats. As someone who works in SOC operations and consulting, the flexibility to customize detections and build my own dashboards is a huge advantage and everything feels scalable, structured, and analyst-friendly.

**What do you dislike about Splunk Enterprise Security?**

What I dislike about Splunk Enterprise Security is that some of its features can be quite resource intensive. The platform is powerful, but it sometimes requires significant tuning and infrastructure capacity to keep everything running smoothly. Additionally, certain configurations or customizations can take more time than expected. It’s not a major drawback, but it does require proper planning and optimization.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Splunk Enterprise Security helps solve the challenge of getting clear, real-time visibility across a wide range of security logs and events. It centralizes everything from correlation searches to threat intel also I can quickly identify what really matters.

For me, the biggest benefit is efficiency. Instead of manually piecing together data from different sources, Splunk ES provides structured dashboards, risk-based alerting, and prioritized insights. This allows me to respond faster, reduce noise, and focus more on meaningful analysis rather than repetitive tasks.

  ### 4. Strong Correlation Analytics That Spot Threats Fast

**Rating:** 4.5/5.0 stars

**Reviewed by:** Chris S. | Recruiting Consultant, Enterprise (> 1000 emp.)

**Reviewed Date:** April 09, 2026

**What do you like best about Splunk Enterprise Security?**

Strong correlation searches and analytics help spot threats quickly, not hours later.

**What do you dislike about Splunk Enterprise Security?**

It’s expensive, especially since pricing is based on data ingestion. Costs can climb quickly as your environment grows.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Centralizes data and logs from multiple sources

  ### 5. the best SIEM

**Rating:** 3.5/5.0 stars

**Reviewed by:** Luis S. | Presales, Small-Business (50 or fewer emp.)

**Reviewed Date:** May 30, 2024

**What do you like best about Splunk Enterprise Security?**

Easy-to-use platform that integrates with different devices

**What do you dislike about Splunk Enterprise Security?**

The licensing model based on event consumption and the new owner

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Detection of security events and their mitigation

  ### 6. Robust SIEM Solution with Strong Ecosystem Support

**Rating:** 4.5/5.0 stars

**Reviewed by:** Verified User in Financial Services | Mid-Market (51-1000 emp.)

**Reviewed Date:** June 02, 2025

**What do you like best about Splunk Enterprise Security?**

✅ Powerful Search and Correlation Capabilities
Splunk Enterprise Security excels at log aggregation, correlation, and threat detection. The Search Processing Language (SPL) allows advanced querying that lets our team pinpoint suspicious activity across multiple systems.

✅ Strong Integration with Multiple Systems
One of the key strengths is its ability to integrate with a wide range of third-party systems - firewalls, endpoint detection tools, identity providers, and cloud environments like AWS, Azure, and GCP. It pulls everything into a central platform, which is critical for visibility.

✅ Splunkbase Ecosystem
The Splunkbase app ecosystem is extensive. We’ve used certified add-ons and community-built integrations for tools like Palo Alto Networks, CrowdStrike, Okta, and Microsoft 365. This dramatically reduces the time required to normalize and enrich logs.

✅ Flexible Dashboards and Alerts
Splunk ES provides customizable dashboards and correlation rules, making it easier to tailor detection mechanisms to our organization's needs. The MITRE ATT&CK integration is also a big plus for mapping threats and to evaluate how our detection coverage maps against possible threats.

✅ Scalability
We’ve scaled Splunk ES from ingesting a few hundred GBs a day to multiple TBs without much performance degradation, though it requires careful planning and tuning.

**What do you dislike about Splunk Enterprise Security?**

❌ Learning Curve
The flexibility of SPL is a double-edged sword. New analysts often struggle with query writing and alert customization unless they have a strong background in Splunk or scripting. However, there is now an AI solution which will convert natural language to complex SPL syntax.

❌ Expensive at Scale
Pricing is based on ingest volume, which might be expensive as data grows. Without smart data hygiene practices and archiving, costs can grow easily.

❌ Heavy Resource Requirements
On-premise deployments require significant compute and storage resources. High availability and disaster recovery setups can become complex and costly. However, Splunk Cloud takes care of much of this work if purchased.

❌ Limited Out-of-the-Box Content for Certain Use Cases
Although it comes with prebuilt dashboards and correlation rules, some use cases (like insider threat or advanced cloud threat detection) require additional tuning, enterprise specific knowledge or external tools to be truly effective.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Splunk Enterprise Security (ES) is helping us solve several core challenges in our security operations, especially around visibility, threat detection, and incident response. Prior to adopting Splunk ES, we had fragmented logging from various sources - firewalls, endpoint tools, cloud services, identity providers - which made correlation and investigation extremely difficult.

With Splunk ES, we’ve centralized all of our log and event data into one platform, allowing our SOC team to correlate activity across the entire environment in near real time. This has significantly improved our ability to detect lateral movement, credential misuse, and advanced persistent threats.

Splunk’s ability to ingest from virtually any source - thanks to its wide compatibility and support via Splunkbase - means we’ve been able to quickly integrate with vendors like Palo Alto, Okta, CrowdStrike, and AWS without building everything from scratch. That’s cut down our integration time by weeks.

Additionally, Splunk ES has enabled us to automate alerting and prioritize threats more effectively using risk scores and MITRE ATT&CK mappings. This has reduced alert fatigue and allowed our analysts to focus on the most relevant threats first.

From a compliance standpoint, we’re now able to generate reports and demonstrate continuous monitoring for frameworks like PCI-DSS, ISO 27001, and NIST with far less manual effort.

The biggest benefit has been improved incident response times - we’ve reduced our mean time to detect (MTTD) and mean time to respond (MTTR) substantially because analysts have a unified view and powerful tools at their fingertips.

  ### 7. Splunk in a security environment

**Rating:** 4.0/5.0 stars

**Reviewed by:** Jordan M. | security engineer, Enterprise (> 1000 emp.)

**Reviewed Date:** August 04, 2025

**What do you like best about Splunk Enterprise Security?**

Splunk is easy to use/configure and to find what i need.  plus, the splunk employees with whom we work are very talented and skilled

**What do you dislike about Splunk Enterprise Security?**

they got bought by cisco and we are waiting for integrations to get better

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

finding problems within nour logs

  ### 8. Unmatched data mining, analysis, and Security monitoring by Splunk ES

**Rating:** 4.5/5.0 stars

**Reviewed by:** Anugrah Pratap S. | Technical Lead, Enterprise (> 1000 emp.)

**Reviewed Date:** November 12, 2024

**What do you like best about Splunk Enterprise Security?**

Splunk ES is very helpful in seamless integration and automation, Data analytics, Investigation, Log source onboarding, dashboard, SPL, ease of search, use-case modification/fine-tuning, you name it. Every task and job in Splunk ES is perfect. Its vendor support is very responsive. Splunk ES has ease of implementation and integration.

**What do you dislike about Splunk Enterprise Security?**

Apart from cost, no one dislikes Splunk ES. Due to its costly services, most organizations use other cloud-native security solutions. Recently, one of our clients also proposed another security solution over Splunk ES. so that's cost is the main disadvantage of Splunk ES in my opinion.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Splunk ES has provided a very good services to us. Our SOC team was enjoying working on Splunk ES due to its sailient features. We didn't required extra human efforts to help our engineers to do investigate or analyze any security alerts. Due to its Splunk processing language and everything come-up in one go that helps most of the time. That's why our engineers doing their job without breaching the SLA.

  ### 9. Easy to integrate, understand the workflows and to manage.

**Rating:** 5.0/5.0 stars

**Reviewed by:** Ernesto M. | IT Security Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** December 17, 2024

**What do you like best about Splunk Enterprise Security?**

Splunk ES is easy to manage and understard even if you are new with SIEMs. The workflows are easy to follow and the language the splunk uses is easy to learn. Also, it has integration with anything so you can ingest logs from pretty much everything you can think of.

**What do you dislike about Splunk Enterprise Security?**

Might be very expensinve depend of how much data you are ingesting.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Correlate all logs, create use cases and content rules and have visibility over all log sources and security events.

  ### 10. Splunk User Behavior Analytics  Review

**Rating:** 5.0/5.0 stars

**Reviewed by:** RUDRA P. | Security Professional, Information Technology and Services, Enterprise (> 1000 emp.)

**Reviewed Date:** July 30, 2024

**What do you like best about Splunk Enterprise Security?**

Splunk User Behavior Analytics establishes baseline behaviors for users, devices, and applications using unsupervised machine learning algorithms. It then looks for deviations to identify insider risks and unknown threats. This can be easily integrated with other tools and is easy to use. Has good customer support. Can be implemented on cloud and can be used from anywhere in current hybrid work environment. We have been using it since last 3 years.

**What do you dislike about Splunk Enterprise Security?**

There is nothing which is least helpful in this tool hence i do not have any dislike for Splunk User Behavior Analytics.

**What problems is Splunk Enterprise Security solving and how is that benefiting you?**

Instead of taking hours, can carry out tasks using IT and security tools in seconds. Many playbooks are included with Splunk to assist you in addressing the most important use cases. Splunk makes it easier to divide up, assign, and document tasks, which promotes a well-organized and cooperative investigation process.


## Splunk Enterprise Security Discussions
  - [What is the difference between Splunk Enterprise and Splunk Enterprise Security?](https://www.g2.com/discussions/what-is-the-difference-between-splunk-enterprise-and-splunk-enterprise-security) - 1 comment

- [View Splunk Enterprise Security pricing details and edition comparison](https://www.g2.com/products/splunk-enterprise-security/reviews/splunk-enterprise-security-review-474586?section=pricing&secure%5Bexpires_at%5D=2026-05-28+14%3A44%3A05+-0500&secure%5Bsession_id%5D=89d28cba-3011-45d8-a895-a39c6ca23161&secure%5Btoken%5D=f5e3a73d42ee995262dfb71d77541a91cc20b4cf10ca14fd961da306f0b83e2c&format=llm_user)
## Splunk Enterprise Security Integrations
  - [AWS CloudTrail](https://www.g2.com/products/aws-cloudtrail/reviews)
  - [Bob](https://www.g2.com/products/buildonme-llc-bob/reviews)
  - [Cisco Duo](https://www.g2.com/products/cisco-duo/reviews)
  - [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews)
  - [CyberArk Privileged Access Manager](https://www.g2.com/products/cyberark-privileged-access-manager/reviews)
  - [Dataminr](https://www.g2.com/products/dataminr/reviews)
  - [GitHub](https://www.g2.com/products/github/reviews)
  - [Google Workspace](https://www.g2.com/products/google-workspace/reviews)
  - [incident.io](https://www.g2.com/products/incident-io/reviews)
  - [Iru](https://www.g2.com/products/iru/reviews)
  - [Okta](https://www.g2.com/products/okta/reviews)
  - [Palo Alto Networks Next-Generation Firewalls](https://www.g2.com/products/palo-alto-networks-next-generation-firewalls/reviews)
  - [Sophos Endpoint](https://www.g2.com/products/sophos-endpoint/reviews)
  - [Teqtivity](https://www.g2.com/products/teqtivity/reviews)
  - [Vectra AI Platform](https://www.g2.com/products/vectra-ai-platform/reviews)
  - [VirusTotal](https://www.g2.com/products/virustotal/reviews)
  - [Zoom Workplace](https://www.g2.com/products/zoom-workplace/reviews)

## Splunk Enterprise Security Features
**Threat Detection & Triage - AI SOC Agents**
- Anomaly Detection & Correlation
- False‑Positive Suppression
- AI‑Driven Alert Triage

**Response**
- Resolution Automation
- Resolution Guidance
- System Isolation
- Threat Intelligence
- Incident Investigation

**Network Management**
- Activity Monitoring
- Asset Management
- Log Management

**Investigation & Enrichment - AI SOC Agents**
- Autonomous Case Investigation
- Contextual Enrichment from Multiple Sources
- Attack Path Mapping

**Records**
- Incident Logs
- Incident Reports

**Incident Management**
- Event Management
- Automated Response
- Incident Reporting

**Response & Remediation - AI SOC Agents**
- Mean Time Reduction Metrics
- Playbook‑Free Dynamic Workflows
- Automated Response Execution

**Management**
- Incident Alerts
- Incident Case Management
- Workflow Management

**Security Intelligence**
- Threat Intelligence
- Vulnerability Assessment
- Advanced Analytics
- Data Examination

**Agentic AI - Security Information and Event Management (SIEM)**
- Autonomous Task Execution
- Multi-step Planning
- Proactive Assistance
- Decision Making

**InfoSec Experience & Governance - AI SOC Agents**
- Conversational Analyst Interface
- Manual Feedback Learning Loop
- Explainability & Audit Trail

**Generative AI**
- AI Text Generation
- AI Text Summarization

## Top Splunk Enterprise Security Alternatives
  - [IBM QRadar SIEM](https://www.g2.com/products/ibm-ibm-qradar-siem/reviews) - 4.4/5.0 (280 reviews)
  - [Microsoft Sentinel](https://www.g2.com/products/microsoft-sentinel/reviews) - 4.4/5.0 (272 reviews)
  - [LogRhythm SIEM](https://www.g2.com/products/exabeam-logrhythm-siem/reviews) - 4.2/5.0 (137 reviews)