Splunk Cloud Platform Reviews

We use Splunk Cloud for monitoring various ticketing tools, servers, applications, URLs, and client transactions. We're monitoring the transactions and data flow. 

Splunk has sped up our response and reduced the time we spend manually monitoring any logs for ticketing tools or servers. It saves us around 2 hours daily. 

We can onboard multiple data types for monitoring from various ports and use Splunk to monitor laptops or other devices directly. If everything is stored in our database, we can also monitor that and see who is logging in and when. You can monitor which files are being used most and which ones aren't. We can also check for any fraudulent activity in the system. The reporting is highly detailed.

Splunk is best when used for real-time monitoring. We can use AI and machine learning, too. Splunk plans to launch new observability features soon. The federated search feature has helped us eliminate redundancy in data servers and discontinue servers that aren't being used much. We can remove those servers from the environment to cut costs. 

We can use Splunk to monitor multiple environments. The ease of monitoring depends on the source, application, or cloud environment size. 

Sometimes, integrating with other systems is difficult, and it isn't feasible to connect with other applications, but it's easy most of the time. I rate Splunk 7 out of 10 for its ability to integrate with other systems. 

Every time they launch new versions, we experience a few bugs. The most recent version had a couple of bugs in the databases. We contacted the vendor and got assistance solving these bugs, so the environment is more stable. 

I have used Splunk Cloud for 4 years. 

I rate Splunk 8 out of 10 for stability. It has some bugs, but that is common in any product. At least, Splunk resolves bugs quickly. 

Splunk's scalability is nice. 

I rate Splunk's technical support 9 out of 10. 

Positive

Splunk is easy to deploy. We have it deployed across data centers at multiple locations. Splunk requires some maintenance after deployment. 

Splunk is a bit pricey, but it's reasonable for the features offered. 

I rate Splunk Cloud Platform 8 out of 10. I would definitely recommend Splunk to others. 

We use the Splunk Cloud Platform to log all the network devices, whether it's switches, routers, firewalls, wireless controllers, wireless access points, and applications such as MuleSoft or Adobe AEM. 

The team I manage is small and we don't have much time to maintain the on-prem infrastructure with patches and updates. With Splunk Cloud, we don't have to worry about patches or upgrades. It's always up to date with the latest and greatest features. That's the biggest benefit for us so far. It saves us time and headaches that come along with all the upgrades, patching, and administration of the Platform in general.

Splunk Cloud Platform has more features than the on-premise Splunk Enterprise version that we previously used. My team seems to like the GUI better.

Splunk Cloud Platform's ability to provide end-to-end visibility into our cloud-native environment is extremely important because we don't have any tool that has that feature.

It has sped up our mean time to resolve by 40 to 50 percent compared to the on-premise version of Splunk.

Our on-premises setup used an outdated Splunk version on aging Red Hat seven hardware. Upgrading would have required new Red Hat eight systems and consultant deployment expertise. By going to the cloud, we don't have to worry about hiring consultants or upgrades. That saved us time and money. The pricing that we were given was the same as renewing our maintenance and support for our on-prem version. So it was a no-brainer decision.

As soon as we migrated, my team liked the GUI because it made them more efficient. There are more functions and features that are not available with the on-premise version of Splunk.

We use Splunk Cloud primarily as a troubleshooting tool, so the most valuable features are the analysis and visualization.

Areas of improvement for Splunk Cloud Platform are difficult to say because we're still learning about the platform. I want to have the ability to process the ingestion before it is sent to the back end and Splunk just announced that the feature is coming, so now it just needs to be released.

I have been using the Splunk Cloud Platform for three months.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is easily scaled on the cloud.

The few times we reached out to technical support, they were helpful and able to address the issues.

Positive

We previously used Splunk Enterprise and wanted to stick with Splunk because we feel it is the best product. So switching to the Splunk Cloud Platform was an easy decision for us.

The deployment was not difficult. We had consultants helping us. We thought it was going to take three weeks to migrate from on-premises to the Cloud, and it took half that time. It was a lot easier than we anticipated. And we were able to do most of the work ourselves without using the consultants.

We used Bitzios Consulting to help us with the implementation.

By moving to the Splunk Cloud Platform we saved on having to hire consultants to build a new environment and install it on-premises.

The price for Splunk Cloud Platform is the same as our maintenance costs for Splunk Enterprise on-premises.

I would rate Splunk Cloud Platform nine out of ten. Splunk Cloud offers several advantages in terms of ease of use. Since it's cloud-based, there's no need to worry about infrastructure maintenance, availability, or scalability. New features are automatically available, eliminating the need for manual upgrades and potential downtime that can occur with on-premise installations.

We have AWS and GCP but are using the Splunk Cloud Platform to monitor only the AWS for now.

While we currently use Splunk Cloud, we don't have Splunk security. We plan on implementing Splunk security and that's also going to integrate with all of our Cisco equipment. For now, I can't say that Splunk's unified platform has helped consolidate networking, security, and IT observability, but soon, it will because we'll be able to have one source, one point of reference for all of our logging and security information instead of managing separate tools for different tasks. Once we implement Splunk Security, it will be one single pane of glass where we will have everything.

I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.

The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.

Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.

In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.

Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.

My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.

Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.

I think the stability is pretty good. I haven't noticed any outages.

I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.

When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.

Neutral

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.

The product's deployment phase was easy.

The solution is deployed using the cloud services offered by AWS.

My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.

I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.

My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.

In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.

There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.

I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.

I rate the tool a seven to eight out of ten.

Our Splunk Cloud Platform centralizes logs from all OT assets, allowing OT business units to request various insights. These insights can include how often assets cycle down, memory storage usage, or data consumption over time. They can then configure dashboards to receive alerts based on these specific metrics.

The biggest benefit I have seen using the platform is the alerts because most of our sites are remote in the middle-of-nowhere deserts. If something goes down, they don't have direct eyes on them. Thanks to Splunk's automated alert that notifies us if something is down, we can quickly respond to it before it affects any other systems.

We do have several cloud environments that we're using because we got the Splunk Cloud Platform last month. We are integrating them all into one location, so we are still determining the ease of monitoring all the cloud environments using the Splunk Cloud Platform. Before having Splunk, it was a huge issue because we had to go to different locations. Having it all in one location under Splunk will make it much better for us.

It is important, especially for our cloud team to have end-to-end visibility into our cloud-native environments through Splunk Cloud Platform. The more visibility we have the better it is.

Splunk Cloud Platform has significantly reduced our mean time to resolve because instead of us having to go out to the site or having somebody on the site tell us a few hours later there is an issue, it could be within minutes now that we can resolve the issue. After all, as soon as it goes down, we get the logs, we get notified, and then we can immediately go in and check it out. So it is a significant amount of time that Splunk is helping us reduce for resolution.

Splunk Cloud Platform's ability to predict, identify, and resolve problems in real time has been huge, especially because our business units are operational technologies. They generate revenue for us. That's how our business stays afloat because we're in the energy sector. So If something goes down or if they want a quick dashboard, the biggest thing we're to be using as well besides the alerts is the dashboards showing how quickly we're remediating vulnerabilities and showing where they are vulnerable. That's going to be huge for the business side and will help us a lot.

Splunk Cloud Platform helps consolidate network security and IT observability tools. The cyber group gets all the alerts, but we can direct it to which person we want to send the alert to. That's good because they can go to IT, which is where we're at, Cyber, which can potentially help fix the problem, and then networking too in case something goes down. That is one of the requests is if an on-site asset goes down, the network team can see why it's off the network. So it's good that it spreads out everywhere, and whoever can help fix it can be on top of it.

Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.

The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people. 

I have been using the Splunk Cloud Platform for one month.

Splunk Cloud Platform is stable.

Splunk Cloud Platform can handle terabytes of data.

The support has always been great for the few times I have used it.

Positive

The deployment is super easy. We deployed the Splunk Forwarder file and from there, we have a batch file, a PowerShell file, and it runs in the background. The users don't even know it's being installed.

The implementation was completed in-house.

In regards to a return on investment, the metrics are the biggest thing. Data is everything. The business units enjoy the dashboards that Splunk Cloud presents. And it is quick to present them.

Splunk Cloud Platform fell within our budget so we pulled the trigger and implemented it.

I would rate Splunk Cloud Platform ten out of ten. All the applications I need are readily available in a user-friendly dropdown menu. Exploring them is a breeze, and the platform's speed is impressive.

We mainly use it for the purposes of analyzing application logs to get a bit of understanding of what is normal application performance and then use that to highlight errors and inconsistencies when they occur.

Resilience is incredibly important to us. We are in the medical field. It is insurance. When people are using our service, we should be able to provide that. Having that resilience is key for us because we are helping people. The resilience that Splunk offers has been valuable in that regard. There is peace of mind for us and our customers.

We have multiple cloud vendors that are being utilized in Splunk. It has been useful. Splunk is able to handle a lot of things out of the box. There is a good bit of value in being able to make sense of multiple types of logs in one environment and being able to cross-reference them. It has just taken a lot of effort out of that.

We have integrated it with other tools. At the moment, it has been with Cribl as a pipeline tool so that we can be agnostic with Splunk in some regards. Cribl handles the logs being sent to Splunk, and then from there, if there is anywhere else where we want to send them, Cribl can handle that too. That has been our main integration. The ease of integration varies. Splunk offers out-of-the-box support for some tools and applications. Integration with them has been quite simple. Other things have been a bit more difficult. Integration can be more difficult if it does not have a Splunk base, but there is a good range of things that are available out of the box.

Its reporting has been excellent. We have integrated it with tools like ServiceNow, so we are able to create an instance for teams and integrate it with our NOC. The reporting has been incredibly valuable.

I come from a monitoring background. I knew from the get-go the value that we could get from Splunk, but we actually started to see its value once we started enforcing logging standards. It made it very easy for us to validate if something was or was not following our standards.

It has been great from the compliance perspective. It began to show value to some of our customers when they were able to search multiple applications because of the standards and compliance built into it.

It has had an impact on the decision-making processes in our organization. It has been mainly around compliance. Given it is a financial and medical sector, decisions have been made around what information we are storing in the logs and how we are managing the data that comes directly from Splunk.

It has been good for helping our organization access data for compliance and privacy regulations. It has been useful for pinpointing things. We are able to ensure that we are abiding by those standards. It has been incredibly useful in that space.

Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve.

It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it.

I have been using this solution for two years.

I have not had any issues related to stability.

This is outside of my department, but it seems like it would be easy to scale up. However, there is a cost concern. That always seems to be the linchpin when people discuss Splunk. It comes at a cost.

When it comes to extensibility, they make it relatively simple, but it is an expensive tool. There are always going to be conversations that need to be had.

The quality of the answer has been good. We have had to leverage the support only a small number of times. We found the actual portal to get support difficult. Some members of the team were not able to raise certain types of requests. However, when we got through to support, we had no issues.

Neutral

Prior to Splunk, we had a mixture of things. LogViewer and Graylog were used. Some folks had their logs locally. There was not one central system. 

I was not directly involved in decision-making, but some of the things that I called out as useful were the analytical tools that Splunk offers. We can very quickly get to the root cause by using its query language. It provides a lot of power with little effort. That is what initially drew me to it.

Moving to Splunk allowed standardization. That is the key. It does not matter which part of the company you are from. Splunk has given us a mechanism to say that we expect the logs to look like this, and we all are going to abide by that. It has made standardization a lot easier. Previously, you would not know what you were getting while dealing with a logging problem.

I was involved in its deployment only in a small cluster. I was mainly involved in setting up standards around logging. It was challenging. It was dense, but it was manageable. The feature set of Splunk allowed us to know what we could or could not do.

The main part of maintenance is the ingestion of new logs. New teams and applications get stood up every day, or a new cloud vendor comes in, so there is some maintenance involved there.

We had Splunk technical support. We had a mixture of people from other departments. We had some folks from security, and we had some folks from operations. There were 15 regular faces and 2 Splunk contractors. We involved other teams on an ad hoc basis, but the core team had 15 people.

Overall, we had 20 to 30 people who directly worked with Splunk in some way or for some period of time. We also had to involve all of the teams to get their feedback and educate them on how to use Splunk.

I do not personally deal with that side, but from discussions, I know that it is one of the more expensive tools. I do not have anything to compare it with.

New users should focus on the Splunk free courses. They are an excellent resource. If you are a customer, you should take up the search and reporting classes. That is probably going to be what 99% of people are using it for day to day. If you are a sysadmin user or someone setting up the instance, there are free classes for managing licenses and ingesting data. I would highly recommend them. The free classes are a great start, and if you think it would be valuable, take some of the paid classes as well. They are incredibly detailed.

When it comes to security, we definitely have a stricter attitude when things are going to the cloud because they are not fully in our control. Going to the cloud is always a little bit scary, but we have put in a refined approach for the data going into Splunk.

I have not made much use of federated search. I have come across it, but it is not something I have leveraged.

I would rate this solution a seven out of ten. What it does, it does well, but I do have qualms with it here and there. There are obvious features that are missing from time to time, but I am happy with what is there.

My manager typically requests dashboards, alerts, and scheduled reports. Based on their specific requirements, I create reports and dashboards that visualize the data. We leverage the Splunk Cloud Platform to fulfill these needs.

Additionally, my teammates may approach me for insights. I analyze the data and provide them with these insights, which they then use for team meetings and further data analysis. This ultimately helps them make informed decisions.

Splunk Cloud Platform improves our incident response time by enabling the retrieval of large data volumes. The platform offers impressive search speeds, and we don't need additional SQL commands to optimize response times.

We saw immediate benefits from the Splunk Cloud Platform. Being able to access and analyze logs provided valuable insights.

Splunk's impact on decision-making is significant. I have access to all the data I need, and it is always reliable.

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

I have been using Splunk Cloud Platform for 2 years.

It is reliable. In my experience working with virtual machines, any search lags are likely due to the VMs themselves, not Splunk.

I would rate the stability 8 out of 10.

Splunk Cloud Platform is horizontal scaling. So it is easy to scale based on the data we are using.

I would rate the scalability of Splunk Cloud Platform 9 out of 10. 

Deploying Splunk Cloud Platform requires knowledge of the Splunk architecture, the deployment server, and the components.

We have seen a return on investment.

The certifications are costly.

I would rate Splunk Cloud Platform 8 out of 10.

The maintenance required is minimal.

The resilience of Splunk is good.

I recommend the product.

Splunk Cloud Platform is a powerful tool for handling big data. To get the most out of it, understanding both the developer and administrator sides is beneficial. The platform offers broad compatibility with various technologies and allows for easy scaling to accommodate your needs.

I work on corporate investigations and incident response. I use Splunk Cloud Platform to investigate user frauds, cases related to malware investigations, and anomalies.

In terms of the benefits of the product, I would say it is my go-to tool. Regarding getting all the data from Windows event logs, and considering the other reporting tools we have in our company like Forcepoint, Proofpoint Email Protection, Office 365, or Microsoft Defender, we have to search and get all the data in one place and to do so, Splunk Cloud Platform is super valuable.

The solution's most valuable features are search, reporting, and dashboards.

Splunk Cloud Platform is useful in our organization's monitoring of multiple cloud environments involving cloud services like AWS. I cannot speak about the ease or difficulty of using the tool to monitor multiple cloud environments since I am not on the administration side.

Considering the product's ease of use, the tool offers me the ability to search all the data and get it in a format before giving it to an investigator so that they can get it in a format they can understand.

The expensive nature of the product is an area of concern that needs to be considered for improvement.

I have been using Splunk Cloud Platform for twelve to fourteen months.

The product has been pretty stable for me. I have never seen any outages in the tool, and it has been a pretty solid solution.

I have no experience with the solution's technical support team.

I was not using any other solution in the past.

I don't know anything about the product's deployment phase.

I know that Splunk Cloud Platform is an expensive product.

I rate the tool a ten out of ten.

We utilize the Splunk Cloud Platform for log ingestion related to security and troubleshooting purposes.

Splunk Cloud Platform helps us with our security incident response. The cloud security logs are integrated with all the cloud providers.

The federated search feature enables us to search between Europe and the US, from one Splunk instance to another, all from a single location. This federated search simplifies how we handle data, making it easy to swiftly search for and manage information.

We monitor several cloud environments and find it easy to utilize the Splunk Cloud Platform for this purpose. Each cloud provider offers its own prebuilt dashboard, or customers can create their own.

The Splunk Cloud Platform offers excellent visibility into multiple environments. In the past, we utilized hybrid integrations, and they seamlessly worked right out of the box.

The reporting functionality provided by the Splunk Cloud Platform resembles that of the on-premise platform. It is readily available without requiring integration or the installation of reporting visualizations.

From a security standpoint, the Splunk Cloud Platform provides us with comprehensive visibility into all security logs. This enables us to implement security incident responses with great efficiency. Additionally, we have discovered that internal employees, such as product teams, are utilizing the platform as intended for various other use cases. For instance, it has proven valuable in troubleshooting performance issues and monitoring within Kubernetes. As such, we are leveraging a wide array of use cases within the company.

Splunk is a highly mature software that has been in the market for many years, which greatly influenced our decision-making process. Another factor was the user-friendly nature of the latest version, making it easy to initiate. We don't require a large workforce for installing components; it's as simple as out-of-the-box. Consequently, minimal time investment is needed for training.

The Splunk Cloud Platform assists us in accessing data to meet critical compliance and privacy regulations. For instance, this is particularly important for regulations such as GDPR and HIPAA. We are utilizing Splunk Cloud with a specific focus on HIPAA compliance, allocating extra attention to this aspect. In the case of GDPR, Splunk offers a range of built-in capabilities. For instance, it allows for log masking. Moreover, there are novel features available in Splunk Cloud, such as ingest actions. This feature is exceptionally useful as it enables us to mask the data before it's ingested into Splunk. Consequently, this approach ensures our adherence to compliance regulations, exemplified by GDPR.

The Splunk Cloud Platform has had a significant impact on our organization's security posture. It serves as our primary visibility tool and is the main source of trust for all login activities. Without Splunk, we would lose essential visibility and access to security updates. Currently, Splunk stands as one of the primary tools we utilize due to its utmost importance.

The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based.

The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps.

The Splunk Cloud Platform is not a very mature solution; it has only been on the market for four or five years. While they have made significant improvements, there are still limitations, such as the absence of CLI access. Therefore, there are several limitations that still exist with the CLI. 

The standard support has room for improvement. 

I have been using Splunk Cloud Platform for four years.

The Splunk Cloud Platform offers 99.9 percent availability, ensuring that we never experience downtime.

I would give Splunk Cloud Platforms' scalability an eight out of ten.

Technical support needs more knowledgeable people.

Neutral

We used Sumo Logic in the past, but it wasn't an enterprise-grade solution, so it couldn't support the scale we required. Additionally, Sumo Logic lacked support for many integrations. The Splunk Cloud Platform fulfills our scaling requirements and integration needs. Moreover, our team possesses skills that align well with Splunk, making it a better fit for us.

The Initial deployment was very straightforward because we had the skills. But I would not say that this is straightforward without the skills. We need to learn at least the basics. 

The deployment took six months to create this multi-tenant environment because it's a highly specialized setting. It's distinct from a typical Splunk deployment that might only take a day or two. However, the process of configuring, migrating all the data from Sumo Logic to the new Splunk Cloud, and setting up the multi-tenant system along with product dashboards, required approximately six months of effort on our part.

We utilize Splunk in a multi-tenant manner, wherein we allocate costs back to the product teams in each department based on their usage. We are a healthcare company engaged in the development of healthcare applications tailored for doctors and hospitals. Splunk plays a pivotal role in assisting us with this endeavor. I would estimate that we have experienced a return on investment of approximately 30 to 40 percent.

The cost of the Splunk Cloud Platform is high, and in addition to the standard licensing fee, we also have a premium support fee.

Now, we are paying less because, instead of being charged based on ingestion, we are paying for SVCs, which stands for Splunk Virtual Compute. This implies that our costs have decreased. Despite ingesting a larger volume of logs, our expenses are lower than they were before. However, it's important to note that if our usage of the tool increases, our expenses will also increase. Therefore, this represents a distinct licensing model from Splunk's.

I would give Splunk Cloud Platform an eight out of ten. Splunk Cloud has shown significant improvement over the past four years, and I highly recommend it.

We operate two distinct Splunk Cloud platforms: one in Europe and another in the US. These platforms are linked through a federated search. This setup ensures that specific data, such as European data stored in the AWS cloud, is directed to the European Splunk platform, while data from the US Cloud is directed to the US Splunk platform. However, it's worth noting that all users primarily log into the Splunk US Cloud. From this point, they have the capability to transmit data to the Splunk Europe platform.

We have around 400 users. 

The maintenance is primarily conducted by Splunk on the backend, and any on-premises maintenance we perform has been reduced by 80 percent.

The value that Resilience provides for SIEM solutions is significant for us. Therefore, if we inquire with various customers, they might provide different perspectives. However, concerning security, this holds substantial value. I would assert that it's the primary tool in our arsenal; indeed, we do possess other security tools, but the most frequently utilized one, which also delivers the utmost value, is undoubtedly Splunk.

The method to expand a SIEM system is achieved by extending the licenses. This expansion enables greater capabilities, increased log retention, and the ability to process more logs. In our specific scenario, we were previously restricted by the capacity of the ingest license. Our log ingestion was limited to, for instance, one terabyte per day. However, with the introduction of this new licensing model that's based on CPU usage, we now have the flexibility to ingest any amount of data while paying according to our actual tool usage. Consequently, if we intend to expand for additional servers, we simply need to contact Splunk and communicate our requirement for increased server capacity to enhance system performance. This process is streamlined because we aren't required to take any additional actions ourselves.

I would highly recommend Splunk Cloud because we don't require personnel for maintenance or server installation and management, as all these backend tasks are taken care of. Additionally, for those who are currently using a competitor of Splunk for SIEM purposes, I would also recommend transitioning to Splunk if they have the budget for it.