Splunk Cloud Platform Reviews

I have experience with Splunk Cloud Platform. We use it for log monitoring, debugging, and various other purposes.

Since I joined as a software developer, I have been working with Splunk Cloud Platform for around two years. It is the main tool we use during production issues. We monitor it not only in production issues, but also when we move code to UAT, QA, or XAT environments. We first monitor and check Splunk logs to ensure everything is functioning correctly and to identify what is going wrong.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

One unique feature with Splunk Cloud Platform is that it can be used not only for log creation but also for creating dashboards. I have created one dashboard myself for visually representing data. This dashboard checks various clients and services to see how many hits we have seen. I made it as a pie chart, and when we click on one of those sections, we are able to see how many hits that service has received. For that particular service, we can check how many users have contributed to that hit. When we send that visualization to higher management, they make decisions based on what service to focus more on. The decisions matter and vary according to management priorities.

The Search Processing Language of Splunk Cloud Platform has a steep learning curve. To extract the correct amount of logs needed, you must understand the exact mnemonics. Writing efficient SPL queries requires time to become accustomed to the language. Only after you have a good grasp of the basics of Splunk Cloud Platform and understand how to trace logs will you be able to use it perfectly.

Handling a large volume of logs requires proper filtering strategies. Logs keep coming in very large quantities, but you need to know how to properly filter them. Proper filtering strategies must be understood and implemented.

The setup and configuration for Splunk Cloud Platform is complex, especially from a developer perspective. Although it was relatively easy for me, the setup and configuration were handled by the platform team, which had to deal with the complexity in the initial phases.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

Splunk Cloud Platform does not require any maintenance on my end as a developer. We only use it for checking logs. Maintenance is handled by the platform team. Sometimes Splunk experiences downtime for a few minutes, which we are notified about via email, sometimes during weekends. I am not certain what happens during those phases, but as developers, we are unable to use it for that short period of time, sometimes around half an hour during midnight hours on weekends. Otherwise, it functions well.

I have been using this solution for two years.

Splunk Cloud Platform has fairly good stability. However, I have noticed that the Show Source feature, which displays detailed versions of logs, sometimes takes a little time. Whenever the system needs to show 100 lines or 1,000 lines, that takes some time usually. When a large number of logs sometimes enter the system, we sometimes see lag. Especially during the Show Source function, when checking the detailed logs of any particular log, I have seen this issue sometimes. Otherwise, everything is fine.

Splunk Cloud Platform is quite scalable. All services and event-based streaming, such as Kafka, have all logs flowing through Splunk Cloud Platform. We have seen that it handles this well and is great at scaling to meet our needs.

I have not contacted the technical support of Splunk Cloud Platform yet. Even when we are unable to get something resolved, we have our seniors and experts in our team and adjacent teams who help us understand where we are going wrong with the queries and other issues. I have not personally contacted the technical support yet.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

I have not used any alternatives to Splunk Cloud Platform since I joined my organization. We have been using Splunk only for observability and tracking and monitoring. So far there are no other alternatives that we have tried out in our organization.

From a developer perspective, I am involved in coding, checking logs, monitoring, observability, and other related tasks. The platform team takes care of the setup and configurations, which is complex initially. The pricing aspect is handled by management and not something I am directly involved in. I would rate this product a 9 out of 10.

Public Cloud

My main use case for Splunk Cloud Platform is monitoring servers for logs in case of outages.

A specific example of how I use Splunk Cloud Platform for server monitoring and outage prevention is that the servers' logs are monitored for errors that could cause the server to go down.

In my daily tasks, Splunk Cloud Platform is also used for security, to detect attacks.

The best features that Splunk Cloud Platform offers include its ability to detect fraud, outages, slowness, suspicious access, operational failures, or intrusion attempts.

What makes work easier for the team is that they have a centralized tool in which they can identify these attempts and thus be able to act on the people who are trying to do it.

The team has leveraged this tool to respond to incidents by having everything centralized in Splunk Cloud Platform instead of going out to look for separate logs from each team.

The main advantage of having the logs centralized in Splunk Cloud Platform is that I don't have to access different places to get them.

Splunk Cloud Platform has positively impacted my organization by reducing the time for investigations of outages or attacks on servers.

The time I have managed to reduce in investigations thanks to Splunk Cloud Platform is about 25%, since having everything centralized is the first starting point to look for that information.

If Splunk Cloud Platform could be made less complex, it would be beneficial since Splunk specialists are required to perform the installation.

My experience with Splunk Cloud Platform's app ecosystem is that it's a bit complex and support from a Splunk specialist is required to manage updates.

I perceive the scalability capability of Splunk Cloud Platform in relation to my organization's demand fluctuations as a bit challenging.

The use of native models versus third-party integrations within Splunk Cloud Platform's environment is a bit complex, as a specialist is required to do the mappings between third-party integrations and native models.

I have been using Splunk Cloud Platform for more than 3 years.

I consider Splunk Cloud Platform to be stable.

I rate the scalability of Splunk Cloud Platform an eight.

The hardest part that leads me to give it an eight in scalability is the licensing.

I rate Splunk Cloud Platform's customer support an 8 out of 10.

No tool was used before Splunk Cloud Platform.

If Splunk Cloud Platform could be made less complex, it would be beneficial since Splunk specialists are required to perform the installation.

My experience with the pricing, implementation costs, and licensing of Splunk Cloud Platform is that the licensing is expensive, but since the investment is being made, it has to be used.

There has been a bit of return on investment with the time savings, but because of the licensing, we have broken even.

Splunk Cloud Platform's subscription model has a big impact on my organization's financial planning regarding data platform investments, as all of that has to be taken into consideration to plan for the following year, taking into account growth.

My experience with the pricing, implementation costs, and licensing of Splunk Cloud Platform is that the licensing is expensive, but since the investment is being made, it has to be used.

Before choosing Splunk Cloud Platform, I evaluated other options such as Datadog, Dynatrace, and Elastic.

I would rate Splunk Cloud Platform an eight on a scale from 1 to 10.

I give Splunk Cloud Platform an eight because the licensing is expensive and can become complex.

My advice to others who are considering using Splunk Cloud Platform is to take into account the learning curve, the implementation curve—which are both quite steep—and the licensing costs, so that it doesn't consume their entire budget.

Since I'm installed in the cloud, I can only speak about the cloud when it comes to the visibility that this solution provides.

I am not using the AI solutions at the moment, so I cannot comment on the zero-configuration functionality for artificial intelligence models in Splunk Cloud Platform.

Private Cloud

Amazon Web Services (AWS)

Splunk Cloud Platform serves as our main platform to bring all our log and machine data into one place so that we can easily monitor, troubleshoot, and investigate issues. On a daily basis, we collect data from different sources including applications, servers, security tools, and cloud services. Whenever an issue occurs, instead of checking multiple systems manually, we use Splunk Cloud Platform to search events, compare timelines, and understand exactly what happened. For example, if an application error or suspicious activity occurs, we can quickly check related logs, identify the affected systems or users, and take action faster. Beyond troubleshooting, we also use it for dashboards, alerts, security monitoring, and operational insights so that our team can detect problems earlier rather than reacting after users are affected.

The most valuable features I found in Splunk Cloud Platform are mainly the search capabilities, dashboards, and alerting system. The biggest advantage for me is the SPL search capability. When investigating issues, I can quickly filter millions of events, connect different logs together, and find the root cause without manually going through multiple systems. Another feature I really value is custom dashboards. We create dashboards for system health, security events, and application monitoring which give the team a quick overview of what is happening. Real-time alerting is also very useful because we do not have to continuously watch logs, and Splunk Cloud Platform automatically notifies us when unusual activity or failure happens. Since it is a cloud platform, we do not spend much time managing servers or upgrades, which allows us to focus more on analysis and solving issues.

The biggest benefit we have seen from Splunk Cloud Platform is that it has made troubleshooting and monitoring much faster. Previously, when issues happened, we had to check multiple systems separately to collect logs and understand the problem. Now with Splunk Cloud Platform, everything is available in one place so we can quickly search across different data sources and find the root cause. Another benefit is better proactive monitoring. With dashboards and alerts, we can identify unusual behavior or failure earlier instead of waiting for users to report problems. It has also reduced operational workload because Splunk Cloud Platform manages the cloud infrastructure, updates, and maintenance, allowing our team to spend more time improving security and reliability rather than managing the platform itself.

The overall experience is positive, but there are a few areas where I think Splunk Cloud Platform can improve. One area is the learning experience for new users. Splunk Cloud Platform is very powerful, but understanding SPL queries, data models, and advanced features takes time. More guided recommendations or AI-assisted query building would make onboarding easier. Another area involves cost visibility and optimization. Since the environment generates a lot of data, having simpler ways to understand usage patterns and optimize ingestion would help teams manage expenses better. I also feel that some advanced configuration and troubleshooting options could be made more self-service in the cloud environment so that teams can make changes faster without depending on support. These are not major issues, but improving them would make Splunk Cloud Platform even easier to adopt and manage.

I would not say that there are any missing functionality features, as Splunk Cloud Platform already covers most of our monitoring and analytics requirements. However, there are some areas that would improve the experience. One thing I would suggest is more built-in intelligence for query creation and troubleshooting. SPL is very powerful, but having more AI-based suggestions for building searches and optimizing queries would help users work faster. Another area is automated data optimization recommendations, such as suggestions on which logs are less valuable, which searches are expensive, or where we can improve performance. Additionally, more ready-made dashboards and use case templates for common scenarios would help teams get value faster without building everything manually. Overall, the core functionality is strong, but more automation and guidance will make Splunk Cloud Platform even better.

I have been working with Splunk Cloud Platform for around 1.5 to 2 years.

Overall, we have not faced any major performance issues with Splunk Cloud Platform. The platform has been stable and handles large amounts of data quite well. Search performance, dashboards, and alerts generally work smoothly even when working with high volumes of logs from different data sources. The only times performance can be affected is when searches are not optimized. Running very broad queries across a large time range can take longer, for example. However, this is usually improved by following best practices such as optimizing SPL queries, using the proper index, and managing data correctly. From my experience, performance depends not only on the platform but also on how well the data and searches are designed. Overall, it has been reliable for our cases.

From my experience, Splunk Cloud Platform scales very well as the organization grows. As we add more applications, users, or data sources, we can continue bringing that data into Splunk Cloud Platform without worrying about managing additional infrastructure. The platform allows us to expand gradually. We can start with important logs and later add more sources based on business needs. The biggest improvement we noticed is that even with increasing data volume, the team still has one central place to search, monitor, and analyze information, which helps maintain visibility as the environment becomes more complex. Because Splunk Cloud Platform manages the cloud-side capabilities and updates, scaling becomes much easier compared to maintaining everything ourselves.

My experience with customer service and technical support has been positive overall. The support team is knowledgeable, especially when it comes to troubleshooting platform issues, configuration questions, or best practices. The documentation and community resources are also very helpful because many common problems already have detailed solutions available. For normal issues, responses are usually quick and we are able to resolve things without much delay. For more complex technical problems involving custom configuration or deeper investigation, it can take a little longer and requires escalation to a specialized team. Overall, I would say the support experience is reliable, and the combination of official support, documentation, and community makes it easier to manage Splunk Cloud Platform.

I have also worked with and evaluated tools such as CrowdStrike Falcon LogScale and Elastic Stack for similar log management and analytics use cases. Falcon LogScale is very strong when it comes to fast searching and threat hunting, especially for security-focused work. It provides very quick performance and is lightweight for analyzing large amounts of data. Elastic Stack is also flexible and provides good search and visualization capabilities for teams looking for more customization. Where Splunk Cloud Platform stands out is its overall maturity, ecosystem, and ability to support multiple teams and use cases from a single platform. It is not only for security; we can use it for operations, application monitoring, troubleshooting, and business insights. The strong integration, dashboard, SPL capabilities, and managed cloud experience were the main reasons Splunk Cloud Platform was a better fit for our environment.

The initial setup of Splunk Cloud Platform was quite straightforward compared to traditional on-premises deployment. Since Splunk Cloud Platform manages the cloud infrastructure, we did not have to spend time setting up servers, storage, or handling backend maintenance. Most of our efforts focused on connecting data sources, configuring inputs, creating indexes, and setting up dashboards and alerts. The basic deployment was smooth, but the important part was planning the data onboarding properly, deciding what logs to collect, how to structure them, and setting permissions for different teams. There was a small learning curve in the beginning, especially around SPL queries and optimization. Once the foundation was ready, managing and expanding Splunk Cloud Platform became much easier. Overall, the setup experience was smooth and manageable.

We mainly handle Splunk Cloud Platform setup in-house with our internal team because it is a managed cloud platform. The infrastructure side is already handled by Splunk. Our team focused on the actual implementation work, including connecting data sources, setting up indexes, configuring dashboards, and creating alerts and managing user access. For some best practices and documentation, we referred to Splunk resources, but day-to-day configuration and customization we managed internally. Overall, having an in-house setup worked well because the cloud model reduced a lot of infrastructure complexity.

We looked at a few alternatives such as Elastic Stack, Datadog, and CrowdStrike Falcon LogScale before going with Splunk Cloud Platform. Each tool had its own strengths. Datadog was good for cloud monitoring, Elastic provided flexibility, and Falcon LogScale performed very well in high-speed log searches. The reason we preferred Splunk Cloud Platform was that it gave us a more complete solution. We needed something that could handle security monitoring, operational troubleshooting, dashboards, and analytics together instead of using different tools for different teams. Another important factor was Splunk's maturity and ecosystem. The availability of integrations, apps, documentation, and community support made this option more attractive. For our use case, Splunk Cloud Platform provided the right balance of scalability, reliability, and flexibility.

My advice would be to plan your data strategy before starting with Splunk Cloud Platform. Splunk Cloud Platform is very powerful, but the value you get depends on how well you organize your data sources, indexes, and use cases. Do not try to bring every log into Splunk Cloud Platform from day one. Start with the most important systems, create useful dashboards and alerts, and then expand gradually. I would also recommend investing some time in learning SPL and best practices because that is where you can really unlock the power of Splunk Cloud Platform. Overall, Splunk Cloud Platform is a great solution, especially for organizations that need strong visibility and analytics without spending time managing infrastructure. I rate this product a 9 out of 10.

I am also an end user of Splunk Cloud Platform. My usual use cases for Splunk Cloud Platform are to search logs and search data as I need for my security incidents. Searching logs and data for security incidents is my main use case.

The most valuable features or capabilities of Splunk Cloud Platform that I have found so far are mainly the search and the indexing engine, and I also find the data management of Splunk better. I have used both Splunk Enterprise and Splunk Cloud Platform, and I feel that the data management on Splunk Cloud Platform is handled by the Splunk team with much better expertise than its Enterprise Platform, where we had to manage storage and everything ourselves.

The effectiveness of Splunk Cloud's search capabilities in uncovering operational insights is pretty good. Once you know Splunk Query Language, or SPL, it is way better than any other data management tool, especially when analyzing and monitoring security logs, as it makes searching and minimizing threats much easier for me.

I use Splunk Cloud's alerting mechanisms to send alerts to my email, whether something happens in real-time or through scheduled Splunk query alerts for operational tasks like security incidents or operational warnings, such as when my storage is 90% full.

Splunk Cloud Platform's ingest and visualization features have helped me improve my data reporting significantly, as data ingestion and visualization are great, especially for creating dashboards from various sources like endpoints, firewalls, and web applications.

Operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

In my opinion, there isn't much to improve in Splunk Cloud Platform, but one suggestion would be to integrate AI or provide a more graphical query builder to reduce the learning curve for new users wanting to learn SPL.

I have been working with Splunk Cloud Platform for around eight months.

I rate Splunk Cloud Platform a ten out of ten for stability and reliability, as I have found it truly reliable while using it on AWS and as a SaaS platform, given the capability for high availability and multiple indexers ensuring data continuity.

I would rate Splunk Cloud Platform a nine out of ten for scalability. I think it's scalable due to the ease of integrating and deploying multiple indexers for data processing, although it does require some technical knowledge to configure properly for smooth operation.

I do not often communicate with the technical support of Splunk Cloud Platform. I often visit Splunk's documentation portal for troubleshooting and assistance with my queries, and I find it quite good. They offer videos to help users learn how to use Splunk and Splunk Query Language.

I feel that Splunk's documentation is highly maintained, regular updates seem to happen, and I don't have any suggestions for improvement as it is currently at its best.

Positive

I did not use a different solution for the same use cases prior to Splunk Cloud Platform. I only used Wazuh for security data logging but would not compare it to Splunk due to its broader capabilities.

I did participate in the initial setup and deployment of Splunk Cloud Platform, but I wasn't part of the decision-making aspect. The initial setup process for deploying Splunk Cloud Platform was quite easy as we only needed to identify our data sources and determine the appropriate ingestion method, followed by some technical configuration, assuming we knew how our data was structured.

I might not be the right person to comment on the return on investment in terms of cost, but operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

I did not evaluate other options or vendors before choosing Splunk Cloud Platform. I did not participate in the decision-making process for choosing Splunk Cloud Platform, as I have worked operationally with it but was not involved in procurement.

I have not used Splunk Cloud's machine learning tools. I do not personally integrate Splunk Cloud Platform with third-party tools; however, I know that my separate team has integrated quite a few tools, leveraging Splunk's vast library known as Splunk Enterprise Applications.

I have been working with Splunk Enterprise Platform, which is the on-premises version of Splunk Cloud Platform, and it is almost the same except for the maintenance efforts required and the deeper learning curve. I wouldn't say there's room for improvement in Splunk Enterprise Platform purely regarding the search engine, as it largely depends on the resources allocated to the indexer for its performance. I have been working with Splunk Enterprise Platform for approximately three to four months.

Public Cloud

Amazon Web Services (AWS)

Correlation searches and search indexing queries in Splunk Cloud Platform are very valuable and quite useful for my daily work.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's integrations with third-party tools have had quite an easy impact on my daily operations. Initially, the outdated threat intelligence led to notable IP addresses going undetected. However, after integrating Talos and VirusTotal, we can quickly determine whether an investigation requires immediate attention or a deeper analysis, which has saved us considerable time. When we implement the SOAR solution in August, I expect we can provide even more details about integration with third-party intelligence platforms.

Splunk Cloud Platform's user interface is quite simple and needs to be updated; it feels as if I am using a platform from two thousand fifteen. However, I do appreciate the new feature for starting investigations, which allows us to save our work for later analysis.

I would like to see improvements in the UI, and while I recall that Cisco has acquired parts of Splunk, I would love to see more integration with threat intelligence platforms like VirusTotal, which are widely used. Currently, to implement VirusTotal, we have to purchase it, whereas we use Talos, but we mostly rely on AbuseIPDB and VirusTotal in the SOC.

I have been dealing with Splunk Cloud Platform for two and a half years.

I have no problems with technical support at all. We connect with them often, and when we have issues, we raise a ticket and schedule a call. Generally, we find a resolution during that same call, which is quite efficient.

I would rate their technical support as eight out of ten.

There is still some room for improvement regarding response time and first-level support quality. While responses are typically received the same day, the analysis process can take time.

Initially, the setup was tough for us, but now that we have become familiar with Splunk Cloud Platform, I find it quite simple. However, newcomers may still face difficulties.

Regarding Splunk Cloud Platform's machine learning tools, we are not currently exploring the XDR solution or SOAR solution part but are planning to move from SIM to SOAR this coming August. We have implemented Cisco Talos as a threat intelligence platform, and we also included VirusTotal.

I have created approximately one hundred reports for different users since we fetch data from various sources. Each team has different requirements, whether it is for Trend Micro, M365, Zscaler, or Okta, and I have organized these reports on a dedicated dashboard. It is quite useful for them, and they regularly come up with new requests that we incorporate into the dashboard.

When it comes to pricing, I would say it is a bit more than fair—more than competitive. Compared to Microsoft, which is cheaper, Splunk Cloud Platform is a bit expensive. However, relative to Trend Vision One or CrowdStrike, the pricing is comparatively lower.

We have a lot of documentation available, which I feel is adequate. Each solution, including CrowdStrike and Trend Micro, has its documentation, and it is about how well one handles it based on their experience.

My overall review rating for Splunk Cloud Platform is eight out of ten.

Public Cloud

Other

We use Splunk Cloud Platform for security and want to implement it as a SIEM solution. We also want to replace our old legacy SIEM solution because we are adopting a cloud solution instead of an on-premises solution. Another use case is that we want to use this tool in our managed service offering. We do not use the solution to resell licenses to our customers, but rather to provide services to them. We appreciate the powerful integration that Splunk Cloud Platform offers, making it easy to integrate with any sources and any data. It is able to handle data that resides in an S3 bucket or elsewhere, not just ingested directly into the SIEM itself. We are also looking at Splunk Cloud Platform's strategy, which is very interesting because of the integration they will have regarding Agentic AI and automation. A unique solution for orchestration and automation, called SOAR in cybersecurity, combined with SIEM in a unique platform is a very interesting strategy from our point of view.

It is Enterprise Security in the cloud. This is a cloud solution.

Splunk Cloud Platform is a very mature solution and an enterprise-grade solution that brings the work we have to do with customers to an enterprise-grade level. It is something that we can manage from a single pane, and it is quite easy to deploy. I see a benefit that is not strictly related to the features that Splunk Cloud Platform offers, but it depends on the company belonging to Cisco now because we are a Cisco partner and Splunk Cloud Platform is a pillar, a vertical technology in the security area of the partnership. The benefit of partnering with Splunk Cloud Platform falls into the Cisco partnership and the benefits we can have in this important partnership we have as a company.

Compared to my previous situation, the first benefit of this solution is the speed and the effort reduction in terms of onboarding new customers and maintaining the entire platform. I will not have any more effort for system upgrades and infrastructure maintenance. This is one of the biggest benefits I can have from the solution. I save a lot of money because I do not have to spend resources anymore to maintain and operate the infrastructure and the systems.

I think it is really effective, and we are still at the beginning. The capability to search for insights is very powerful and also supported by AI and machine learning. The capabilities are increasing day by day, and new features are being released and will be released soon.

I am not able to answer right now, but I am confident they will be able to predict a trend because they promise they are able to do this using machine learning algorithms and Agentic AI features. They say they will be able to predict the behavior of your network or your infrastructure. I am really confident about this, and I hope it will be true because I need this.

There is something that they say will be improved, and I am still waiting for it. This is the Agentic AI elements inside the platform that I mentioned before. There is something present today, but the full feature is not released yet. From my point of view, it is a bit late. It is okay for me because we are adopting it and we can work on this, and it is acceptable for my timing. However, from a market perspective, they are a bit late. Competitors in some cases are earlier adopters. But I am sure they will release a very powerful tool, as per the Cisco approach. They want to win when they start doing something, and I am confident they will release a very powerful tool.

I have been working with it for one month.

It is still a bit early to answer. We have just seen it on paper, and we have to check it.

In my previous experience, I had enterprise security, but on-premises a few years ago, three years ago. It was integrated with another SOAR from another vendor.

It is something that we can manage from a single pane. It is quite easy to deploy.

Compared to my situation, it does not have any meaning because I have something legacy now. However, it is a good price on the market. It depends because if you look at the list price, it is a bit expensive from my point of view. But once you are in the partnership with Splunk Cloud Platform and with Cisco, you can have good discounts, you can make the deal and discuss, and they are willing to help you as a partner in finding the solution and finding your target. So it is good from my point of view. But if you look at the list price, it is expensive.

We evaluated QRadar, FortiSIEM, and Palo Alto SIEM. We chose Splunk Cloud Platform because of a combination of different aspects, not just for price or features. It is the whole combination of the features, the benefits, the cost, the partnership, and there is no one aspect leading the choice. It is a mix and a combination.

Today, we are working with the SIEM solution, which is quite a legacy term. Saying SIEM is not really effective. It is the Enterprise Security solution, and we are now in the process to implement it. We are adopting the solution and are at the beginning. We have studied a lot, we are training people, and we are changing and modifying our process as per what the technology allows us to do. We are also evaluating the observability solution. We are working on two different paths, and one is at a more mature stage, while the other one is at an evaluation stage.

We are setting up alerts as expected.

We are integrating Splunk Cloud Platform SIEM solution with our SOAR solution, which is today from another vendor and not Splunk Cloud Platform. Then we will see tomorrow what we want to do if we want to use the unique platform, the unique Splunk Cloud Platform with SOAR, Agentic AI, SOC automation, and everything, or if we want to keep using our actual SOAR. We are integrating Splunk Cloud Platform with this SOAR.

My recommendation is to look at the future and look at the strategy. Do not look at the features today but look at the features tomorrow and not just at the technical features but at the whole strategy to integrate in one single platform all the capabilities that a SIEM solution or a log gathering solution might have. Putting together orchestration, observability, security, this kind of strategy is what an integrator should evaluate in my opinion.

I would rate this product an 8 out of 10.

Public Cloud

Other

I used Splunk Cloud Platform for fraud detection. The first thing is fraud detection, and the second thing is understanding data better because of the data visualization that it has. The display that it has compared to a simple type of visualization is much clearer compared to any kind of thing you might notice on a super dense Wireshark.

Data Visualization and IT Alerting and Incident Management are the main valuable features, primarily to get a better idea of what's going on.

When you do data reporting using Splunk Cloud Platform, because you have everything in front of you and it's so detailed and easy to read once you have the data. Another thing that makes it clear is because of the amount of evidence you have in front of you, the data is a lot more valuable. It's less of a human claim and more of evidence presented in front of you when you're trying to make any kind of claim on a certain thing going on.

I really do like about Splunk Cloud Platform the real-time alert where you can search for anything and the data is still stored there because at the end of the day, we are finally in a generation of cloud where everything is stored on a cloud platform to the point that you can search anything, as long as you do it in the appropriate way, you will find the results. It's in a good visual status with good visibility. I appreciate this feature.

To be honest, I don't think it's beginner-friendly. It takes time and multiple meetings to actually understand how to create different types of alerts or how to search for them. It's quite similar to how you might search on SQL, but that's asking another set of skills to have. I know there are tutorials on the website, but I feel if they rolled out more free courses on such things that provide a link to a free course for beginner training, I feel people would be interested in it.

I ended up getting access around three to four months back. I was part of a team that was using it, so we got on a call together while I was observing them and using it while giving my input for a project.

I haven't really faced much of it, but my usage was pretty less intensive, so I can't really talk about it for everyone. From my perspective, because of my light amount of research and light usage of it, I would say it's been pretty good. I haven't experienced any stability issues.

Splunk Cloud Platform is a good tool, but it's not the easiest to transfer between different teams because there's a lot of training involved in it. While I do the tool and I do feel it's really useful, if you ever notice in this current industry, people are wanting employees to learn Splunk Cloud Platform, or at least they want applicants who apply for a certain role to have known Splunk Cloud Platform because of not only how new it is or how recent it is after the cloud integration, but also just that it takes time to learn and takes time to be efficient at it.

When you work in a corporation, you have people dedicated just for that.

Negative

I've used Splunk Cloud Platform very briefly, not too much. I use ServiceNow, Confluence for documentation, and Keyfactor for generating certificates.

It's kind of hard for me to say because I came from a corporation where Splunk Cloud Platform was already a part of the user group where I got access to it, so I didn't have to do any of that.

Any IT person would rather use the command prompt. Using a simple command prompt and trying to see based on the elevated access they have, you can always check what's going on. Wireshark itself is a really good tool and a really good alternative to have any kind of packet capture and read through the data to understand what's going on.

Splunk Cloud Platform is different because it offers real-time alert. Wireshark is something that you have to let things be and then later catch and see, while Splunk Cloud Platform updates on its own. It has a lot better visuals overall.

Regarding whether Splunk Cloud Platform's ingest and visualization features have helped improve data reporting and the overall alerting mechanisms, I haven't had the chance to use it for myself, but from the time when I was researching them for the project that I was working on, it seemed to be really effective in at least the fraud department of the team to understand any type of price alerts when something is going on.

Regarding how easy or difficult it was for me to learn how to use it, I would say on a scale of easy with one being the easiest and ten being the hardest, I would say it was around a four or five. I've used other tools before, and I've used other things such as Wireshark and some others a lot before, so I had a much better grasp than a lot of beginners might have. Recently in a meeting where we were trying to teach a beginner about this, the main person who uses it had to go through multiple rounds of meetings to show them how to use it. While watching that, I realized the gap in knowledge between someone who's in IT for years versus someone who's trying to be more hands-on but is unfamiliar with the tool.

Public Cloud

Other

I use Splunk Cloud Platform as our overall tool to gain insight from our platform, for our security use cases, and to build a framework that shows what is happening in our organization or what is happening in our applications, the current status, or if we are facing any issues with our systems. I ingest various types of logs from different systems to Splunk Cloud from our forwarders and build dashboards and alerts on top of that. My primary use case is to understand our architecture or our overall environment, including what is happening and whether there are any vulnerabilities, or to conduct analysis on our applications. If there are any performance issues, I can learn about them from the dashboards that we have built and can optimize our architecture or overall application performance.

What I like about Splunk Cloud Platform is that it gives me flexibility and freedom in that I do not need to worry about the actual architecture of Splunk. I do not need to install it anywhere manually, and I only need to worry about what data I need to ingest and how I will create a dashboard on top of that. It provides support so I do not need to worry about the platform. It functions as Software as a Service, so I can directly use it and if I am facing any issue, Splunk support is available to help me anytime.

I do not have any limitations with Splunk Cloud Platform. I can access it from my own private network or anywhere, and I can access it from the public network as it is on a cloud. That is also a plus point for me.

In terms of assessing the effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights, its storage capability is excellent. Previously, we were managing it at an enterprise level, but it was costly to us because of data redundancy and the availability zones. With Splunk Cloud Platform, we do not need to worry about data backup, which is a very good point.

The alerts have helped us in proactive issue resolution. If we are currently getting any error, we will get notified in the next 15 minutes or 30 minutes according to the schedule of the search.

Splunk Cloud Platform's ingest and visualization features have helped improve our data reporting, truly the best available in terms of customizability. We have two options, classic and Dashboard Studio for dashboard purposes. In classic, we get options to build custom dashboards using custom JavaScript. We can insert our own graphics to provide better visuals where insights to our management team will not be dependent on the numerical base. We have charts to showcase our current situation, which will be really great for management.

In terms of benefits, if we were needing two persons for SAP to analyze if we have any issues, now we just need one person doing multiple tasks. We have built an automation system, or a dashboard, which gives us insight so that we do not need to go and look up every service. Splunk Cloud Platform really impacted our workflow and increased our productivity.

In Splunk Cloud Platform particularly, there is nothing specific that I would like to see improved or enhanced, but the cost is currently very high. If that part could get a little bit cheaper, then that would be really great.

In terms of enhancement for Splunk Cloud Platform, I would say if we could create add-ons or if we get the capability to build add-ons directly through cloud, not talking about the add-on builder framework, but something editor-like where we will directly edit our conf files from any specific app or TA provided by Splunk Cloud Platform itself. If we get that feature, it will be really beneficial. Instead of doing configuration from the UI, we would prefer to get access to back-end conf files and do it manually because when we were using enterprise, we had pretty much hands-on experience with that.

I have been using Splunk Cloud Platform for around two years.

I would evaluate customer service and technical support of Splunk as really good. They provide on-call support and they reply to cases that we open, so the support is really good and collaborative.

We have not previously used a different product. We have tried other tools, but they were very limited to the use cases that we are trying to capture. I chose to go with Splunk Cloud Platform because it has vast capabilities.

The initial setup with Splunk Cloud Platform was really straightforward because, as it is a cloud platform, Splunk provided us the complete package where we do not need to worry about our infrastructure or configuration. If we need any help, they are always available, so it was very straightforward.

The implementation was done by the Splunk team.

We evaluated products like Dynatrace or DataDog, which were very specific. They were providing us only observability-specific tasks. However, we have some VML logs or firewall logs for which we would not get that much analysis from those products. That is why we chose to go with Splunk Cloud Platform.

We use Splunk default alert actions and we have installed third-party integrations, such as ServiceNow integration, where we are creating ServiceNow incidents or ServiceNow tickets from our alerts.

The impact of Splunk Cloud Platform's integrations with third-party tools on our daily operations is very helpful for our overall infrastructure monitoring. We have third-party integrations, such as SAP or Dell Boomi. To ensure that our SAP and site integration are running smoothly and none of its API is getting high or something unusual, we can easily detect that instead of going into SAP and analyzing.

We have our own machine learning logic where we are creating alerts based on our machine learning algorithm. If we are missing any data from the forwarders, then we have a built-in threshold mechanism where if the data from the last seven days is coming around 80 GB, then the next day it should be getting related to that. If we are not getting that, then we will get alerts. I have not particularly used Splunk ML Toolkit.

From the features perspective, I would say if we were getting calls from back two or three months, I was waiting for the Otel feature in Splunk Cloud Platform. Now we have support of Otel in the current latest Splunk version, so we are planning to upgrade Splunk Cloud Platform to the latest. The feature that I was looking for is now currently available, so I do not have anything specific at the moment.

In terms of pricing, the cost is high, but we are getting pretty much value out of what we are paying and what should be available to us in the market. In terms of that, it is really good with no question on that.

My advice to other organizations considering Splunk Cloud Platform is to make sure you use it as much as you can. There is a really big community of Splunk that you can explore to see what data you can ingest. There is a possibility you are already using other services from which you can get logs into Splunk and build analysis on top of that. Do not limit yourself to any specific use cases. I have seen some organizations only ingest specific logs, such as firewall logs or DNS logs. But they have different types of machines and applications running for their infrastructure. They can ingest logs from those as well and build analysis on top of that. There are pre-built add-ons that provide that functionality to them and they do not need to worry about development. So use it as extensively as possible. Overall, I would rate this product a nine out of ten.

Public Cloud

Other

In our organization, we use Splunk Cloud Platform for log management, operational visibility, security monitoring, and for ingesting logs and fast data. We focus on creating dashboards and configuring alerts for the overall visibility of our systems and for the monitoring and observability aspect.

I appreciate that Splunk Cloud Platform accepts all of my data. All of my data from different firewalls and applications gets to the one platform. Another valuable feature is the SPL query. After my data is centralized, I can use SPL queries for better analyzing and searching my data so I can detect anomalies or threats or for incident response. If any of my deployments fail, I can quickly respond to the incident.

Operational insights are crucial because my application logs are there, my firewall logs are generating there, and any new deployment from the CI/CD is there. This generates logs there. If any deployment has failed or if any application is failing, it increases my overall operational efficiency and helps my team with incidents.

The search capabilities of Splunk Cloud Platform are very powerful and can give me deep analysis of the events. The dashboards and the visual capabilities of Splunk Cloud Platform are also excellent. Dashboard Studio allows me to highly customize and create visually rich dashboards. The infrastructure features such as Smart Store and proactive monitoring help me in my day-to-day operations of the company.

We use Splunk Cloud Platform's alerting mechanism. We have integrated an API with ServiceNow, which works well for us.

The third-party tool integration with Splunk Cloud Platform is beneficial for us. We were using third-party tools before Splunk Cloud Platform. When we introduced Splunk Cloud Platform to our organization, it was very helpful that it could be integrated with third-party tools, so we did not need to change our tools. Splunk Enterprise tools for security and other functions can also be integrated with this platform. That is also a good feature for us.

One improvement I would suggest is in the cost part. Splunk Cloud Platform cost is generally generated on high data volume. It can be relatively expensive for a smaller company. Our company is in the mid-term range, but the cost could be improved. Additionally, the learning curve for SPL is a little bit hard for beginners, otherwise it is fine.

I have been personally using Splunk Cloud Platform for the last one year, but my company has been using it for the last two to three years. However, I recently joined three months ago.

Technical support for Splunk Cloud Platform is good and proactive. In some cases, the initial responses may not fully address the issue. However, through escalation, the support team usually provides effective solutions and is very helpful.

We first used Grafana and Prometheus for the monitoring and observability. We had used open source tools as well. For the security and better visibility, my organization switched to Splunk Cloud Platform.

Splunk Cloud Platform is a public cloud SaaS deployment. The initial setup was very fast and we do not need to maintain any infrastructure or backend infrastructure. This is a huge benefit for us.

Splunk Cloud Platform handles the platform deployment. From the user side, the main task was only to install forwarders and configure data ingestion, which was also quite a simpler task.

The ROI with Splunk Cloud Platform is on the higher part. It has improved the efficiency of our overall organization. The incident response time to any failure has increased more than 50 percent. The overall visibility of the system, architecture, and infrastructure has increased. All of our data is going on the one platform. These are all the ROIs which we get from Splunk Cloud Platform.

We have not used Splunk Cloud Platform's machine learning tools yet, but we are planning to use them for threat detection and anomalies, so it can detect that threat by itself through automation. We are planning to use it in the future.

Splunk Cloud Platform has improved the efficiency and reduced the manual effort for us. It has improved faster detection and the response time has decreased significantly. The data pipeline optimization feature reduces the ingestion volume for us. These metrics are very helpful for us, and it also reduces the cost through data pipeline optimization.

My advice would be to fully utilize Splunk Cloud Platform by ingesting as much data as possible and to invest time in learning SPL and best practices for leveraging the Splunk community. My overall rating for this product is 9 out of 10.

Public Cloud

Amazon Web Services (AWS)

We use both Splunk Cloud Platform and Splunk Enterprise Security. We operate as an MSP and are also a customer for the on-premise solution. We use Splunk Cloud Platform for monitoring purposes, and we use Enterprise Security for the incident monitoring tool, which is a premium solution for both Splunk on-premise and Splunk Cloud.

The best features of Splunk Cloud Platform are that you do not have to manage anything and do not have to worry about anything. It is scalable, easy to use, and reliable.

Regarding the machine learning tools in Splunk Cloud Platform, machine learning is great, but it requires specially trained people who understand it and have already worked with machine learning, making it challenging for those who do not have that expertise.

The price of Splunk Cloud Platform is very high, but you get all the advantages when you do not overpay for that. Some customers choose cheaper vendors, but for me, it is a perfect solution with many integrations, ready-to-go rules, and dashboards. It is feature-based.

Regarding the ingestion and visualization features in Splunk Cloud Platform, any device or system that can produce logs can be ingested into Splunk. There is no problem with many different possibilities to ingest the logs, making it a really great tool. Regarding the dashboards, there are also many possibilities to create them. If you know XML, you can write directly in XML and have your own custom dashboards, or you can do it via templates. These are great features.

One area that has room for improvement in Splunk Cloud Platform is support. The support knowledge base is the primary concern for me because we had several cases working with support teams, and they could not resolve our problem.

I have been using Splunk Cloud Platform for about three years.

I rate the stability of Splunk Cloud Platform as ten plus.

I also rate the scalability of Splunk Cloud Platform as ten.

I would rate support for Splunk Cloud Platform about six out of ten.

When assessing the effectiveness of the search capabilities in Splunk Cloud Platform, I notice that searches are slow, which is the main disadvantage of Splunk, but the rest is really great and the most mature. The alerting mechanisms in Splunk Cloud Platform are configured as well as possible, so you can get all the information that you need. They are really great.

As a certified Splunk Architect, I consider Splunk the best solution when comparing it with competitors including Elastic, Sumo Logic, Datadog, and Microsoft.

Regarding integration with third-party tools, Splunk provides federated searches, allowing you to search data even without integrating Splunk with other features such as AWS or data lakes. This is separate pricing, but it is still possible and works really well. However, the downside is that you need to buy additional SOAR if you want to automate certain things such as blocking an IP or user or removing a user or revoking their session.

Approximately thirty to forty people work with Splunk Cloud Platform.

Splunk Cloud Platform is hosted on Splunk Cloud, though this is a tricky question since we also have on-premise Splunk installed in the cloud of client infrastructure. I am discussing only Splunk Cloud Platform here.

My advice for Splunk is that it is the best SIEM solution for me. Based on your needs, you will need a POC. It is good enough for small, medium, or enterprise clients, but you will also need to invest in people who need to learn how to write searches and work with the solution because it is not easy. If you have appropriate people, it will be worth its cost. The learning curve for Splunk Cloud Platform depends on which level you want to achieve, but the downside is that most of their really good trainings are not free, so you will need to invest in learning. I give this review an overall rating of ten.