Splunk Cloud Platform Reviews

Correlation searches and search indexing queries in Splunk Cloud Platform are very valuable and quite useful for my daily work.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's integrations with third-party tools have had quite an easy impact on my daily operations. Initially, the outdated threat intelligence led to notable IP addresses going undetected. However, after integrating Talos and VirusTotal, we can quickly determine whether an investigation requires immediate attention or a deeper analysis, which has saved us considerable time. When we implement the SOAR solution in August, I expect we can provide even more details about integration with third-party intelligence platforms.

Splunk Cloud Platform's user interface is quite simple and needs to be updated; it feels as if I am using a platform from two thousand fifteen. However, I do appreciate the new feature for starting investigations, which allows us to save our work for later analysis.

I would like to see improvements in the UI, and while I recall that Cisco has acquired parts of Splunk, I would love to see more integration with threat intelligence platforms like VirusTotal, which are widely used. Currently, to implement VirusTotal, we have to purchase it, whereas we use Talos, but we mostly rely on AbuseIPDB and VirusTotal in the SOC.

I have been dealing with Splunk Cloud Platform for two and a half years.

I have no problems with technical support at all. We connect with them often, and when we have issues, we raise a ticket and schedule a call. Generally, we find a resolution during that same call, which is quite efficient.

I would rate their technical support as eight out of ten.

There is still some room for improvement regarding response time and first-level support quality. While responses are typically received the same day, the analysis process can take time.

Initially, the setup was tough for us, but now that we have become familiar with Splunk Cloud Platform, I find it quite simple. However, newcomers may still face difficulties.

Regarding Splunk Cloud Platform's machine learning tools, we are not currently exploring the XDR solution or SOAR solution part but are planning to move from SIM to SOAR this coming August. We have implemented Cisco Talos as a threat intelligence platform, and we also included VirusTotal.

I have created approximately one hundred reports for different users since we fetch data from various sources. Each team has different requirements, whether it is for Trend Micro, M365, Zscaler, or Okta, and I have organized these reports on a dedicated dashboard. It is quite useful for them, and they regularly come up with new requests that we incorporate into the dashboard.

When it comes to pricing, I would say it is a bit more than fair—more than competitive. Compared to Microsoft, which is cheaper, Splunk Cloud Platform is a bit expensive. However, relative to Trend Vision One or CrowdStrike, the pricing is comparatively lower.

We have a lot of documentation available, which I feel is adequate. Each solution, including CrowdStrike and Trend Micro, has its documentation, and it is about how well one handles it based on their experience.

My overall review rating for Splunk Cloud Platform is eight out of ten.

Public Cloud

I am also an end user of Splunk Cloud Platform. My usual use cases for Splunk Cloud Platform are to search logs and search data as I need for my security incidents. Searching logs and data for security incidents is my main use case.

The most valuable features or capabilities of Splunk Cloud Platform that I have found so far are mainly the search and the indexing engine, and I also find the data management of Splunk better. I have used both Splunk Enterprise and Splunk Cloud Platform, and I feel that the data management on Splunk Cloud Platform is handled by the Splunk team with much better expertise than its Enterprise Platform, where we had to manage storage and everything ourselves.

The effectiveness of Splunk Cloud's search capabilities in uncovering operational insights is pretty good. Once you know Splunk Query Language, or SPL, it is way better than any other data management tool, especially when analyzing and monitoring security logs, as it makes searching and minimizing threats much easier for me.

I use Splunk Cloud's alerting mechanisms to send alerts to my email, whether something happens in real-time or through scheduled Splunk query alerts for operational tasks like security incidents or operational warnings, such as when my storage is 90% full.

Splunk Cloud Platform's ingest and visualization features have helped me improve my data reporting significantly, as data ingestion and visualization are great, especially for creating dashboards from various sources like endpoints, firewalls, and web applications.

Operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

In my opinion, there isn't much to improve in Splunk Cloud Platform, but one suggestion would be to integrate AI or provide a more graphical query builder to reduce the learning curve for new users wanting to learn SPL.

I have been working with Splunk Cloud Platform for around eight months.

I rate Splunk Cloud Platform a ten out of ten for stability and reliability, as I have found it truly reliable while using it on AWS and as a SaaS platform, given the capability for high availability and multiple indexers ensuring data continuity.

I would rate Splunk Cloud Platform a nine out of ten for scalability. I think it's scalable due to the ease of integrating and deploying multiple indexers for data processing, although it does require some technical knowledge to configure properly for smooth operation.

I do not often communicate with the technical support of Splunk Cloud Platform. I often visit Splunk's documentation portal for troubleshooting and assistance with my queries, and I find it quite good. They offer videos to help users learn how to use Splunk and Splunk Query Language.

I feel that Splunk's documentation is highly maintained, regular updates seem to happen, and I don't have any suggestions for improvement as it is currently at its best.

Positive

I did not use a different solution for the same use cases prior to Splunk Cloud Platform. I only used Wazuh for security data logging but would not compare it to Splunk due to its broader capabilities.

I did participate in the initial setup and deployment of Splunk Cloud Platform, but I wasn't part of the decision-making aspect. The initial setup process for deploying Splunk Cloud Platform was quite easy as we only needed to identify our data sources and determine the appropriate ingestion method, followed by some technical configuration, assuming we knew how our data was structured.

I might not be the right person to comment on the return on investment in terms of cost, but operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

I did not evaluate other options or vendors before choosing Splunk Cloud Platform. I did not participate in the decision-making process for choosing Splunk Cloud Platform, as I have worked operationally with it but was not involved in procurement.

I have not used Splunk Cloud's machine learning tools. I do not personally integrate Splunk Cloud Platform with third-party tools; however, I know that my separate team has integrated quite a few tools, leveraging Splunk's vast library known as Splunk Enterprise Applications.

I have been working with Splunk Enterprise Platform, which is the on-premises version of Splunk Cloud Platform, and it is almost the same except for the maintenance efforts required and the deeper learning curve. I wouldn't say there's room for improvement in Splunk Enterprise Platform purely regarding the search engine, as it largely depends on the resources allocated to the indexer for its performance. I have been working with Splunk Enterprise Platform for approximately three to four months.

Public Cloud

Amazon Web Services (AWS)

We use Splunk Cloud Platform for security and want to implement it as a SIEM solution. We also want to replace our old legacy SIEM solution because we are adopting a cloud solution instead of an on-premises solution. Another use case is that we want to use this tool in our managed service offering. We do not use the solution to resell licenses to our customers, but rather to provide services to them. We appreciate the powerful integration that Splunk Cloud Platform offers, making it easy to integrate with any sources and any data. It is able to handle data that resides in an S3 bucket or elsewhere, not just ingested directly into the SIEM itself. We are also looking at Splunk Cloud Platform's strategy, which is very interesting because of the integration they will have regarding Agentic AI and automation. A unique solution for orchestration and automation, called SOAR in cybersecurity, combined with SIEM in a unique platform is a very interesting strategy from our point of view.

It is Enterprise Security in the cloud. This is a cloud solution.

Splunk Cloud Platform is a very mature solution and an enterprise-grade solution that brings the work we have to do with customers to an enterprise-grade level. It is something that we can manage from a single pane, and it is quite easy to deploy. I see a benefit that is not strictly related to the features that Splunk Cloud Platform offers, but it depends on the company belonging to Cisco now because we are a Cisco partner and Splunk Cloud Platform is a pillar, a vertical technology in the security area of the partnership. The benefit of partnering with Splunk Cloud Platform falls into the Cisco partnership and the benefits we can have in this important partnership we have as a company.

Compared to my previous situation, the first benefit of this solution is the speed and the effort reduction in terms of onboarding new customers and maintaining the entire platform. I will not have any more effort for system upgrades and infrastructure maintenance. This is one of the biggest benefits I can have from the solution. I save a lot of money because I do not have to spend resources anymore to maintain and operate the infrastructure and the systems.

I think it is really effective, and we are still at the beginning. The capability to search for insights is very powerful and also supported by AI and machine learning. The capabilities are increasing day by day, and new features are being released and will be released soon.

I am not able to answer right now, but I am confident they will be able to predict a trend because they promise they are able to do this using machine learning algorithms and Agentic AI features. They say they will be able to predict the behavior of your network or your infrastructure. I am really confident about this, and I hope it will be true because I need this.

There is something that they say will be improved, and I am still waiting for it. This is the Agentic AI elements inside the platform that I mentioned before. There is something present today, but the full feature is not released yet. From my point of view, it is a bit late. It is okay for me because we are adopting it and we can work on this, and it is acceptable for my timing. However, from a market perspective, they are a bit late. Competitors in some cases are earlier adopters. But I am sure they will release a very powerful tool, as per the Cisco approach. They want to win when they start doing something, and I am confident they will release a very powerful tool.

I have been working with it for one month.

It is still a bit early to answer. We have just seen it on paper, and we have to check it.

In my previous experience, I had enterprise security, but on-premises a few years ago, three years ago. It was integrated with another SOAR from another vendor.

It is something that we can manage from a single pane. It is quite easy to deploy.

Compared to my situation, it does not have any meaning because I have something legacy now. However, it is a good price on the market. It depends because if you look at the list price, it is a bit expensive from my point of view. But once you are in the partnership with Splunk Cloud Platform and with Cisco, you can have good discounts, you can make the deal and discuss, and they are willing to help you as a partner in finding the solution and finding your target. So it is good from my point of view. But if you look at the list price, it is expensive.

We evaluated QRadar, FortiSIEM, and Palo Alto SIEM. We chose Splunk Cloud Platform because of a combination of different aspects, not just for price or features. It is the whole combination of the features, the benefits, the cost, the partnership, and there is no one aspect leading the choice. It is a mix and a combination.

Today, we are working with the SIEM solution, which is quite a legacy term. Saying SIEM is not really effective. It is the Enterprise Security solution, and we are now in the process to implement it. We are adopting the solution and are at the beginning. We have studied a lot, we are training people, and we are changing and modifying our process as per what the technology allows us to do. We are also evaluating the observability solution. We are working on two different paths, and one is at a more mature stage, while the other one is at an evaluation stage.

We are setting up alerts as expected.

We are integrating Splunk Cloud Platform SIEM solution with our SOAR solution, which is today from another vendor and not Splunk Cloud Platform. Then we will see tomorrow what we want to do if we want to use the unique platform, the unique Splunk Cloud Platform with SOAR, Agentic AI, SOC automation, and everything, or if we want to keep using our actual SOAR. We are integrating Splunk Cloud Platform with this SOAR.

My recommendation is to look at the future and look at the strategy. Do not look at the features today but look at the features tomorrow and not just at the technical features but at the whole strategy to integrate in one single platform all the capabilities that a SIEM solution or a log gathering solution might have. Putting together orchestration, observability, security, this kind of strategy is what an integrator should evaluate in my opinion.

I would rate this product an 8 out of 10.

Public Cloud

Other

I used Splunk Cloud Platform for fraud detection. The first thing is fraud detection, and the second thing is understanding data better because of the data visualization that it has. The display that it has compared to a simple type of visualization is much clearer compared to any kind of thing you might notice on a super dense Wireshark.

Data Visualization and IT Alerting and Incident Management are the main valuable features, primarily to get a better idea of what's going on.

When you do data reporting using Splunk Cloud Platform, because you have everything in front of you and it's so detailed and easy to read once you have the data. Another thing that makes it clear is because of the amount of evidence you have in front of you, the data is a lot more valuable. It's less of a human claim and more of evidence presented in front of you when you're trying to make any kind of claim on a certain thing going on.

I really do like about Splunk Cloud Platform the real-time alert where you can search for anything and the data is still stored there because at the end of the day, we are finally in a generation of cloud where everything is stored on a cloud platform to the point that you can search anything, as long as you do it in the appropriate way, you will find the results. It's in a good visual status with good visibility. I appreciate this feature.

To be honest, I don't think it's beginner-friendly. It takes time and multiple meetings to actually understand how to create different types of alerts or how to search for them. It's quite similar to how you might search on SQL, but that's asking another set of skills to have. I know there are tutorials on the website, but I feel if they rolled out more free courses on such things that provide a link to a free course for beginner training, I feel people would be interested in it.

I ended up getting access around three to four months back. I was part of a team that was using it, so we got on a call together while I was observing them and using it while giving my input for a project.

I haven't really faced much of it, but my usage was pretty less intensive, so I can't really talk about it for everyone. From my perspective, because of my light amount of research and light usage of it, I would say it's been pretty good. I haven't experienced any stability issues.

Splunk Cloud Platform is a good tool, but it's not the easiest to transfer between different teams because there's a lot of training involved in it. While I do the tool and I do feel it's really useful, if you ever notice in this current industry, people are wanting employees to learn Splunk Cloud Platform, or at least they want applicants who apply for a certain role to have known Splunk Cloud Platform because of not only how new it is or how recent it is after the cloud integration, but also just that it takes time to learn and takes time to be efficient at it.

When you work in a corporation, you have people dedicated just for that.

Negative

I've used Splunk Cloud Platform very briefly, not too much. I use ServiceNow, Confluence for documentation, and Keyfactor for generating certificates.

It's kind of hard for me to say because I came from a corporation where Splunk Cloud Platform was already a part of the user group where I got access to it, so I didn't have to do any of that.

Any IT person would rather use the command prompt. Using a simple command prompt and trying to see based on the elevated access they have, you can always check what's going on. Wireshark itself is a really good tool and a really good alternative to have any kind of packet capture and read through the data to understand what's going on.

Splunk Cloud Platform is different because it offers real-time alert. Wireshark is something that you have to let things be and then later catch and see, while Splunk Cloud Platform updates on its own. It has a lot better visuals overall.

Regarding whether Splunk Cloud Platform's ingest and visualization features have helped improve data reporting and the overall alerting mechanisms, I haven't had the chance to use it for myself, but from the time when I was researching them for the project that I was working on, it seemed to be really effective in at least the fraud department of the team to understand any type of price alerts when something is going on.

Regarding how easy or difficult it was for me to learn how to use it, I would say on a scale of easy with one being the easiest and ten being the hardest, I would say it was around a four or five. I've used other tools before, and I've used other things such as Wireshark and some others a lot before, so I had a much better grasp than a lot of beginners might have. Recently in a meeting where we were trying to teach a beginner about this, the main person who uses it had to go through multiple rounds of meetings to show them how to use it. While watching that, I realized the gap in knowledge between someone who's in IT for years versus someone who's trying to be more hands-on but is unfamiliar with the tool.

Public Cloud

Other

I use Splunk Cloud Platform as our overall tool to gain insight from our platform, for our security use cases, and to build a framework that shows what is happening in our organization or what is happening in our applications, the current status, or if we are facing any issues with our systems. I ingest various types of logs from different systems to Splunk Cloud from our forwarders and build dashboards and alerts on top of that. My primary use case is to understand our architecture or our overall environment, including what is happening and whether there are any vulnerabilities, or to conduct analysis on our applications. If there are any performance issues, I can learn about them from the dashboards that we have built and can optimize our architecture or overall application performance.

What I like about Splunk Cloud Platform is that it gives me flexibility and freedom in that I do not need to worry about the actual architecture of Splunk. I do not need to install it anywhere manually, and I only need to worry about what data I need to ingest and how I will create a dashboard on top of that. It provides support so I do not need to worry about the platform. It functions as Software as a Service, so I can directly use it and if I am facing any issue, Splunk support is available to help me anytime.

I do not have any limitations with Splunk Cloud Platform. I can access it from my own private network or anywhere, and I can access it from the public network as it is on a cloud. That is also a plus point for me.

In terms of assessing the effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights, its storage capability is excellent. Previously, we were managing it at an enterprise level, but it was costly to us because of data redundancy and the availability zones. With Splunk Cloud Platform, we do not need to worry about data backup, which is a very good point.

The alerts have helped us in proactive issue resolution. If we are currently getting any error, we will get notified in the next 15 minutes or 30 minutes according to the schedule of the search.

Splunk Cloud Platform's ingest and visualization features have helped improve our data reporting, truly the best available in terms of customizability. We have two options, classic and Dashboard Studio for dashboard purposes. In classic, we get options to build custom dashboards using custom JavaScript. We can insert our own graphics to provide better visuals where insights to our management team will not be dependent on the numerical base. We have charts to showcase our current situation, which will be really great for management.

In terms of benefits, if we were needing two persons for SAP to analyze if we have any issues, now we just need one person doing multiple tasks. We have built an automation system, or a dashboard, which gives us insight so that we do not need to go and look up every service. Splunk Cloud Platform really impacted our workflow and increased our productivity.

In Splunk Cloud Platform particularly, there is nothing specific that I would like to see improved or enhanced, but the cost is currently very high. If that part could get a little bit cheaper, then that would be really great.

In terms of enhancement for Splunk Cloud Platform, I would say if we could create add-ons or if we get the capability to build add-ons directly through cloud, not talking about the add-on builder framework, but something editor-like where we will directly edit our conf files from any specific app or TA provided by Splunk Cloud Platform itself. If we get that feature, it will be really beneficial. Instead of doing configuration from the UI, we would prefer to get access to back-end conf files and do it manually because when we were using enterprise, we had pretty much hands-on experience with that.

I have been using Splunk Cloud Platform for around two years.

I would evaluate customer service and technical support of Splunk as really good. They provide on-call support and they reply to cases that we open, so the support is really good and collaborative.

We have not previously used a different product. We have tried other tools, but they were very limited to the use cases that we are trying to capture. I chose to go with Splunk Cloud Platform because it has vast capabilities.

The initial setup with Splunk Cloud Platform was really straightforward because, as it is a cloud platform, Splunk provided us the complete package where we do not need to worry about our infrastructure or configuration. If we need any help, they are always available, so it was very straightforward.

The implementation was done by the Splunk team.

We evaluated products like Dynatrace or DataDog, which were very specific. They were providing us only observability-specific tasks. However, we have some VML logs or firewall logs for which we would not get that much analysis from those products. That is why we chose to go with Splunk Cloud Platform.

We use Splunk default alert actions and we have installed third-party integrations, such as ServiceNow integration, where we are creating ServiceNow incidents or ServiceNow tickets from our alerts.

The impact of Splunk Cloud Platform's integrations with third-party tools on our daily operations is very helpful for our overall infrastructure monitoring. We have third-party integrations, such as SAP or Dell Boomi. To ensure that our SAP and site integration are running smoothly and none of its API is getting high or something unusual, we can easily detect that instead of going into SAP and analyzing.

We have our own machine learning logic where we are creating alerts based on our machine learning algorithm. If we are missing any data from the forwarders, then we have a built-in threshold mechanism where if the data from the last seven days is coming around 80 GB, then the next day it should be getting related to that. If we are not getting that, then we will get alerts. I have not particularly used Splunk ML Toolkit.

From the features perspective, I would say if we were getting calls from back two or three months, I was waiting for the Otel feature in Splunk Cloud Platform. Now we have support of Otel in the current latest Splunk version, so we are planning to upgrade Splunk Cloud Platform to the latest. The feature that I was looking for is now currently available, so I do not have anything specific at the moment.

In terms of pricing, the cost is high, but we are getting pretty much value out of what we are paying and what should be available to us in the market. In terms of that, it is really good with no question on that.

My advice to other organizations considering Splunk Cloud Platform is to make sure you use it as much as you can. There is a really big community of Splunk that you can explore to see what data you can ingest. There is a possibility you are already using other services from which you can get logs into Splunk and build analysis on top of that. Do not limit yourself to any specific use cases. I have seen some organizations only ingest specific logs, such as firewall logs or DNS logs. But they have different types of machines and applications running for their infrastructure. They can ingest logs from those as well and build analysis on top of that. There are pre-built add-ons that provide that functionality to them and they do not need to worry about development. So use it as extensively as possible. Overall, I would rate this product a nine out of ten.

Public Cloud

Other

In our organization, we use Splunk Cloud Platform for log management, operational visibility, security monitoring, and for ingesting logs and fast data. We focus on creating dashboards and configuring alerts for the overall visibility of our systems and for the monitoring and observability aspect.

I appreciate that Splunk Cloud Platform accepts all of my data. All of my data from different firewalls and applications gets to the one platform. Another valuable feature is the SPL query. After my data is centralized, I can use SPL queries for better analyzing and searching my data so I can detect anomalies or threats or for incident response. If any of my deployments fail, I can quickly respond to the incident.

Operational insights are crucial because my application logs are there, my firewall logs are generating there, and any new deployment from the CI/CD is there. This generates logs there. If any deployment has failed or if any application is failing, it increases my overall operational efficiency and helps my team with incidents.

The search capabilities of Splunk Cloud Platform are very powerful and can give me deep analysis of the events. The dashboards and the visual capabilities of Splunk Cloud Platform are also excellent. Dashboard Studio allows me to highly customize and create visually rich dashboards. The infrastructure features such as Smart Store and proactive monitoring help me in my day-to-day operations of the company.

We use Splunk Cloud Platform's alerting mechanism. We have integrated an API with ServiceNow, which works well for us.

The third-party tool integration with Splunk Cloud Platform is beneficial for us. We were using third-party tools before Splunk Cloud Platform. When we introduced Splunk Cloud Platform to our organization, it was very helpful that it could be integrated with third-party tools, so we did not need to change our tools. Splunk Enterprise tools for security and other functions can also be integrated with this platform. That is also a good feature for us.

One improvement I would suggest is in the cost part. Splunk Cloud Platform cost is generally generated on high data volume. It can be relatively expensive for a smaller company. Our company is in the mid-term range, but the cost could be improved. Additionally, the learning curve for SPL is a little bit hard for beginners, otherwise it is fine.

I have been personally using Splunk Cloud Platform for the last one year, but my company has been using it for the last two to three years. However, I recently joined three months ago.

Technical support for Splunk Cloud Platform is good and proactive. In some cases, the initial responses may not fully address the issue. However, through escalation, the support team usually provides effective solutions and is very helpful.

We first used Grafana and Prometheus for the monitoring and observability. We had used open source tools as well. For the security and better visibility, my organization switched to Splunk Cloud Platform.

Splunk Cloud Platform is a public cloud SaaS deployment. The initial setup was very fast and we do not need to maintain any infrastructure or backend infrastructure. This is a huge benefit for us.

Splunk Cloud Platform handles the platform deployment. From the user side, the main task was only to install forwarders and configure data ingestion, which was also quite a simpler task.

The ROI with Splunk Cloud Platform is on the higher part. It has improved the efficiency of our overall organization. The incident response time to any failure has increased more than 50 percent. The overall visibility of the system, architecture, and infrastructure has increased. All of our data is going on the one platform. These are all the ROIs which we get from Splunk Cloud Platform.

We have not used Splunk Cloud Platform's machine learning tools yet, but we are planning to use them for threat detection and anomalies, so it can detect that threat by itself through automation. We are planning to use it in the future.

Splunk Cloud Platform has improved the efficiency and reduced the manual effort for us. It has improved faster detection and the response time has decreased significantly. The data pipeline optimization feature reduces the ingestion volume for us. These metrics are very helpful for us, and it also reduces the cost through data pipeline optimization.

My advice would be to fully utilize Splunk Cloud Platform by ingesting as much data as possible and to invest time in learning SPL and best practices for leveraging the Splunk community. My overall rating for this product is 9 out of 10.

Public Cloud

Amazon Web Services (AWS)

We use both Splunk Cloud Platform and Splunk Enterprise Security. We operate as an MSP and are also a customer for the on-premise solution. We use Splunk Cloud Platform for monitoring purposes, and we use Enterprise Security for the incident monitoring tool, which is a premium solution for both Splunk on-premise and Splunk Cloud.

The best features of Splunk Cloud Platform are that you do not have to manage anything and do not have to worry about anything. It is scalable, easy to use, and reliable.

Regarding the machine learning tools in Splunk Cloud Platform, machine learning is great, but it requires specially trained people who understand it and have already worked with machine learning, making it challenging for those who do not have that expertise.

The price of Splunk Cloud Platform is very high, but you get all the advantages when you do not overpay for that. Some customers choose cheaper vendors, but for me, it is a perfect solution with many integrations, ready-to-go rules, and dashboards. It is feature-based.

Regarding the ingestion and visualization features in Splunk Cloud Platform, any device or system that can produce logs can be ingested into Splunk. There is no problem with many different possibilities to ingest the logs, making it a really great tool. Regarding the dashboards, there are also many possibilities to create them. If you know XML, you can write directly in XML and have your own custom dashboards, or you can do it via templates. These are great features.

One area that has room for improvement in Splunk Cloud Platform is support. The support knowledge base is the primary concern for me because we had several cases working with support teams, and they could not resolve our problem.

I have been using Splunk Cloud Platform for about three years.

I rate the stability of Splunk Cloud Platform as ten plus.

I also rate the scalability of Splunk Cloud Platform as ten.

I would rate support for Splunk Cloud Platform about six out of ten.

When assessing the effectiveness of the search capabilities in Splunk Cloud Platform, I notice that searches are slow, which is the main disadvantage of Splunk, but the rest is really great and the most mature. The alerting mechanisms in Splunk Cloud Platform are configured as well as possible, so you can get all the information that you need. They are really great.

As a certified Splunk Architect, I consider Splunk the best solution when comparing it with competitors including Elastic, Sumo Logic, Datadog, and Microsoft.

Regarding integration with third-party tools, Splunk provides federated searches, allowing you to search data even without integrating Splunk with other features such as AWS or data lakes. This is separate pricing, but it is still possible and works really well. However, the downside is that you need to buy additional SOAR if you want to automate certain things such as blocking an IP or user or removing a user or revoking their session.

Approximately thirty to forty people work with Splunk Cloud Platform.

Splunk Cloud Platform is hosted on Splunk Cloud, though this is a tricky question since we also have on-premise Splunk installed in the cloud of client infrastructure. I am discussing only Splunk Cloud Platform here.

My advice for Splunk is that it is the best SIEM solution for me. Based on your needs, you will need a POC. It is good enough for small, medium, or enterprise clients, but you will also need to invest in people who need to learn how to write searches and work with the solution because it is not easy. If you have appropriate people, it will be worth its cost. The learning curve for Splunk Cloud Platform depends on which level you want to achieve, but the downside is that most of their really good trainings are not free, so you will need to invest in learning. I give this review an overall rating of ten.

Currently, I am working with Splunk Cloud Platform and other things for my clients.

I have been working with Splunk Cloud Platform for around 2 years now while integrating it.

What I appreciate about Splunk Cloud Platform is that it's an AI-driven SIEM platform, and for data fusion stock, we require Splunk Cloud Platform because none other than Splunk Cloud Platform can have this data-driven stock implemented; it allows you to get into the data repository.

The real-time search capability of this product enhances operational decision-making, and it's very convincing; this aspect is very convincing from Splunk Cloud Platform's side.

The disadvantage of Splunk Cloud Platform is that its integration process should be improved.

The challenges I have encountered while integrating Splunk Cloud Platform include that integration is a bit difficult due to the coding required for the integrations.

I have been working with Splunk Cloud Platform for around 2 years now while integrating it.

I would say that it was a bit difficult to deploy Splunk Cloud Platform; the user interface is easy, but deployment is difficult because it needs coding to integrate things.

I think it's a scalable solution; it's pretty much scalable.

I can rate the technical support of Splunk Cloud Platform as eight; they are quite helpful.

Positive

We are system integrators, but the client chose another vendor instead of NNTT.

The deployment took around 3 to 4 months.

Three people took part in deployment from my side.

It was indeed a huge deployment; it was one of the banks in Pakistan, so we required three resources to get it done.

Splunk Cloud Platform has impacted operational costs; it's a bit expensive, but it provides value for money.

If I were to rate the price for the product from 1 to 10, I would rate it nine.

I am currently working with the solution, but I need to know from which NNTT.

The interface is okay; its interface is good, and user interface is good.

I would recommend Splunk Cloud Platform to other users and organizations because it adds value to the organization; you can do different things with it because it's a pure analytical tool, not only a SIEM tool.

I am mostly focused on Splunk Cloud Platform because I chose this vendor due to the feature set that was offered by Splunk Cloud Platform; it was not being offered by any other vendor.

Splunk Cloud Platform is the vendor I am referring to, not NNTT.

Maintenance for Splunk Cloud Platform has been done manually, not automatically.

Usually, one person takes part in maintenance.

Regarding the number of users for Splunk Cloud Platform, it involves discussing the number of organizations or the number of people working in those organizations.

In general, I would rate Splunk Cloud Platform a nine.

Public Cloud

Other