Not Splunk but I have a lot going out to the ELK stack running internally.
A couple of examples with export of wire-data from Extrahop are to visualise and chart Alerts (using the Syslog functionality for notifications) or using triggers with Open Data Stream to send out events of interest. For example, the following dashboard shows all web traffic on our network by server, HTTP method, Status Code down to URI. Clicking on anything enables me to very quickly drill in to specific servers, methods, status codes and diagnose problems or provide evidence to vendors. Whilst this is all available in Extrahop, I find Kibana makes it easier and a lot quicker to visualise at a high level and then drill down to the required detail, combining custom filters if required: -
However, real value comes when you then start to bring in additional info as well as the wire-data, for example Windows Event Logs, Cisco Syslog, Processor/RAM from the servers and chart them together on the same dashboard. e.g. DB.tProcess may indicate that the SQL Server is slow responding to queries but through Kibana you could chart CPU alongside tProcess.
Am still working on developing this but I see it as the Single Pane of Glass solution to overall performance going forward.