Splunk Cloud Platform Reviews

We pull in information from cloud resources like AWS and Azure, and we just recently got into GCP. Just pulling data directly from there was a little bit easier than trying to do it from on-prem. We can now do that a little easily.

We have a lot of cases where business units that were not even in Splunk got compromised for whatever reason. We could get security logs from those and import them directly, more quickly, and easily with Splunk Cloud. We have had several use cases directly with that. In our company, we do not monitor logs from laptops. We have had issues with users getting compromised on our laptops. We could get the data logs from there.

I also use it to monitor my universal forwarders so that I can see what versions they are on. We had CVEs coming out on the universal forwarders. We had to replace them. I have dashboards to keep track of our progress as we are migrating and upgrading all those agents.

The biggest, heaviest use of Splunk Cloud Platform for us right now is people going and looking at our firewall logs to find the denies and to find out which firewall is being blocked. We are a medium-sized company. We are so segmented with all the PCI and SOC 2 compliance audits that we have. We have segmented everything. We have so many firewalls that there is always another firewall down the line that is blocking. The firewall team is in there every day and all day long, and then we have other teams that go in there to see if the issue that they are having with their app is a firewall issue or not.

I have done health checks several times now, and those have been very valuable in getting more information about what is going on in my platform. There are also recommendations on what is going on in my environment. Sometimes when it says something, I already know that, and when I explain why, it knows that I am aware of it. It knows that it has to be that way for compliance reasons or there are certain break glass accounts that we have to have in case our Okta is offline. It points out things like that. 

One of the things we had to do was find out how much Splunk on-prem was costing us because we had so many different groups. We had the storage group, and then we had the hardware team. The indexers and the search heads were physicals. That was being handled by the data center teams, which bought all the hardware, and then we had the virtual servers. Everything else was virtual. That was still owned by us, which is fine, but then we had storage, so we did not know the full cost. As I am trying to migrate from one data center to another, the teams do not want to buy. They do not want to migrate hardware. They want to buy new hardware, which, of course, is a cost to their department. They are a group but not our group, so we wanted to go to Splunk Cloud. We had to first find out how much the total cost of Splunk was for our company so that we could show that moving to Splunk Cloud was going to save the company money, which it did. It saved at least a million dollars a year. We are oversized in some areas, and we are running pretty close in the other areas. It is saving us money in the long term.

We monitor multiple cloud environments. We have data in multiple clouds. We have AWS, Azure, and GCP, as well as our own on-premise that is technically a cloud or our own personal private cloud. We are a cloud customer for our clients. We are in four different environments. It has been fairly simple to monitor multiple cloud environments using Splunk Cloud Platform. The documentation and the TAs have been updated and tell you which piece is what. You see no difference between a client ID, tenant ID, a secret, a key, and the tokens. That has been very handy. We had an incident where there was an S3 bucket somewhere, and one of our teams was unable to communicate with the Cloud Infrastructure team. It was set up as a file share only instead of another type, which was not available in the TA. That was not an option, so that became a challenge. We had to work with them, and they basically had to rebuild that bucket because you cannot just add it as a function to that bucket. They made a whole new bucket and put the logs in there. That was a challenge, but other than that, it has been very smooth and easy. We have had teams that had incidents. They took all the data and put it into an S3 bucket, and it took that right in.

Splunk Cloud Platform has helped reduce our mean time to resolve because they can get the data in faster. I have even automated things. We have a Python script. I can take CSV files and send them to the endpoint and just pop them with all the data they need to do their evaluations, such as if they went to bad sites. They can see all that information. I can get that in quickly. With on-prem, I could do that, but it had to run through so many hoops because of the PCI requirements that our company has. It is still PCI-compliant, but it is just so much easier to work with. I know we have had mean times of 60 days. We are reducing it to one or two weeks now, so it is getting a lot better.

Splunk Cloud Platform has helped improve our organization’s business resilience. That was something with which I have had issues with the on-prem. I have had issues with an index. It could be a hardware issue, a software issue, or an OS issue. By having Splunk Cloud Platform, everything has been a lot more stable. I do not have as many worries or problems there. I have fewer things. I can even troubleshoot on my side if it is a heavy forwarder. That is on me, but there are a whole lot fewer things to look at and worry about. It took away a lot of headaches.

In terms of Splunk’s ability to predict, identify, and solve problems in real-time, real-time is a touchy word because being real-time means you are indexing directly. There are a few people in my company who have or are allowed real-time access, but it is pretty close. It is pretty much within seconds. You have access to all that data, so it has been handy. I had to explain to the teams how searches work in the background. If you are running a search every 5 minutes, it sounds great, but if there is any kind of delay in the data, you can miss something, so 15 minutes is a little better, but still, you are seeing things within minutes and getting alert about them. We connect to Microsoft Teams and Slack. We are sending things to ServiceNow for the monitoring team. It is 24/7, so if they need something to watch 24/7, there is a group. They are now tied into ServiceNow, so they can get all that data right there in one place for that team, pulling it from different monitoring tools besides Splunk. It is handy to be able to just pop it all in there quickly.

The firewall stuff is huge. Everybody is in there. All day long, people are hitting that dashboard searching for firewall blocks or denies. Sometimes, they access it just to see if it is connecting because we do drop a lot of data. A great thing about Splunk is that we can drop some of the data if we need to when it is ingesting. We do not keep all the connects, but we can see whenever a connection is closed. We can see that the connection had been made successfully and then closed. We are able to see that one way or the other. We can see whether things are being blocked or it is able to connect. That information is handy now. We have a complex network, and there are times when we have routing issues. We can see that there is no route in the logs and say that it is a routing issue. They then bring the network team. The firewall is the front point for all that, but the network team has to work closely.

Just the fact that it is cloud-based is valuable. We are still on the classic one. I am waiting for the VE to come to the GCP. That is where our stack is. It is in GCP. They say it is coming somewhat soon. We will see when that is.

There is the flexibility of not having to manage all the indexes and searches myself. I was doing that with on-prem before. That was quite a bit of work. When you have an issue with an upgrade, you have to upgrade all of that. They are handling that on the backend now. I still have to do my heavy forwarders and my deployment servers, but it is a much lighter load for me on my end as an admin.

For one of the areas I am working on right now, they did an update this week which gave me back something. It was a feature that I have been using, but they took it away last conference. They just gave it back to me now, and I had to go through the setup again to make it work with our Okta. We have had issues with the maintenance windows. Sometimes I get informed about those at the last minute. They are getting better about informing us when they are going to do maintenance, but there were times when they did maintenance, and then I came in the next day and something was broken. They have gotten a lot better about that. I am still working on a couple of issues. They have cases open for them, so they know about them. They are working on them. The communication is getting better. That was an area that had a lot of feedback. I can see that they are accepting the feedback and taking it to heart, which is great.

Some of the Victoria Experience that was rolled out is not yet fully everywhere.

The AI assistant is going to be good, but we are on GCP, so I am worried about how fast it is going to get rolled out and if it is going to be nine months late for the GCP customers or not. That would be a bad thing because that would put a black eye on the whole marketing part of that. The same thing is with the Victoria Experience. They already have a black eye on that one. It has been two years since it came out and they still do not have it on GCP, so they need to get that fixed up. I would like to see the AI assistant feature as it rolls out. That helps with me wanting to roll out ITSI and the O11y suite with them bringing that AI assistant over there. I have teams right now that hit me up. They have been using some kind of AI assistant. We have Microsoft CoPilot. It is allowed in our company now. They tell us not to use ChatGPT right now because it is not approved for whatever reason. I have had some of our people hit me up who are not Splunk users but they have access to some dashboards and want to do a little bit of searching. If they use generic AI to find out how to do a generic Splunk search, it is not going to work in my environment at all. They will wonder why this is not working. That is because the AI does not know our environment. It will be handy to have an AI assistant that knows our environment.

I have been using Splunk Cloud Platform for a year and a half.

It has been quite stable. The fact that we are on GCP has been causing some pain. That is the only thing.

That has been very nice. When we renewed our last contract, we had seen that our long-term storage or archive storage was not enough, so we had increased it. It is nice to have enough visibility. It tells you that you are getting close to over or you are over, so you can see where you are. The new improved monitoring console that just came out has more information in there for that. That to me is even more valuable, so I am happy to see the new console they have released.

For the most part, their technical support has been pretty handy. Sometimes you get someone a little bit newer, and they may ask some basic questions because they do not know our knowledge level. If we are putting a case in, we have already tested steps a, b, and c. We have already tested all those, and we already know. We would not put the case in otherwise. However, in some of the cases, you get in there, and they immediately bump it up to the next level. They can recognize and see quickly that it is a problem, and they are able to bump it up. I like the fact that they are able to do that somewhat quickly and escalate things a little faster than in the past when we were on-prem. With us being on Splunk Cloud, they are able to see the issues faster and verify them faster. I would rate their technical support an eight out of ten. They are doing pretty well.

When it comes to customer service, the only issue we have seen is that they changed the sales team three times in the last two years. That has been frustrating. I meet them all at Splunk conferences, and I feel like half the Splunk people there know who I am because they have been our support team for some reason or another. Their teams are great, but it takes time. There is a transition time for them to get everything moved from one person to another because they have to finish up the team that they were with while adding in the new team that they are moving to. I understand that it takes time, but it is getting frustrating on our side. They can give us at least a year before they switch the team again.

We had used Enterprise Security before, but one team was using Splunk core with their own built-up dashboards and other things. They were not using the Enterprise Security pieces and parts specific to that, so we decided to not use that temporarily, but it might return because whatever they have switched to is not particularly helpful. It is not as helpful as we were hoping.

We worked with a third-party provider. We were in a bit of a hurry to get it done. We were able to do it quickly. 

Because we were getting GCP, we were getting help from Google, and they ended up paying for the service provider who was helping us migrate. We paid for it upfront, but then Google paid it back to us as a part of the contract we had with them. The good news was that we were able to get it done quickly, but it was quite a rush to do that. It went fairly smoothly. There were a few blocks, but we were able to migrate.

It took us a full six months to move from on-prem to cloud. Moving the data took me a couple of days, but getting everything fully migrated and tested and making sure that all the teams were fully in there took a full six months, which for our company was pretty much lightning speed. It normally takes two to three years or something like that.

We had a Splunk partner called TekStream.

We are seeing cost efficiencies with the move from on-prem to the cloud. We found out how much on-prem was costing us. It is not just the cost of the storage or the hardware. There is also the cost of the time of those people who do the setups of all that. We definitely saved quite a bit of money.

We have greatly seen an ROI. We have been able to add more and more data that we were dropping before because we did not have the license. We started opening that up. We have some more events from Windows event logs and some more things related to the firewall. We do not have to drop all that. We can bring some of that in now.

We were on ingest. We were on-prem, and when we switched to the cloud, we went to an SVC model, and that has been a huge help. We are now able to ingest more data than before. I was known as Doctor No because I had to say no so many times because we were on an ingest model and we were maxed out. I am not that way anymore. A lot of times, our use cases are one-shot because security needs the data. With our SVC model, we do not worry about it as much. I know that it is saving us huge amounts of money because of the SVC model.

Unfortunately, we did not evaluate any other tools, and that was the issue. We were handed down a tool to use, and that is something that our team did not like, and we have made that very clear. That is why we say that Enterprise Security might come back. We will see.

End-to-end visibility is something that we are working on. I have talked with the Gigamon vendor. We have Gigamon to do packet captures, but we want the metadata from that to come into Splunk so that we have longer retention times at least on some of that metadata. We do not necessarily have the package, and that is okay, but we can at least see the trending of some of the things a little bit longer than we are currently. It gives more visibility to more teams. I have 350 users in my Splunk Cloud Platform. On the network side, we have the network teams with 20 to 30 people looking at things over there, so it gives visibility into more of the organization. That is one of the big benefits. We can see the network layer and then all the way up to the App layer. When we want to get the O11y suite, we already have AppDynamics. We will be integrating that pretty soon. It will probably be the next month when we get that integrated in. The other piece is going to be getting the network cleared up. We are also seeing issues with GCP with some applications that we have migrated there. We will be able to see whether it is a slowdown in the cloud provider or not. Having this visibility and the end-to-end data and being able to correlate it is pretty helpful.

Splunk's unified platform can help consolidate networking, security, and IT observability tools. That is what we are working towards, and that is exactly what we are hoping for. I am hoping to bring in ITSI and the O11y suite. We already have AppDynamics. We are going to be able to pull that in which will start helping with that full visibility, but to fully integrate that, I am going to bring the O11y suite as well because eventually, I see AppDynamics moving in that direction. 

I would rate Splunk Cloud Platform a nine out of ten because it is very good. It is pretty stable. 

We use Splunk Cloud Platform for data aggregation and correlation for centralized logging and monitoring.

Splunk Cloud Platform has helped our organization reduce risk and allow for threat investigation to catch potential malicious traffic before it causes damage.

The most valuable feature of Splunk Cloud Platform is the ability to correlate events together and combine the data into one event.

The benefits we saw from using Splunk Cloud Platform are the time to detect and the ability to investigate faster.

Our organization monitors multiple cloud environments. Splunk Cloud Platform's direct cloud connection capabilities make data transfer easy.

Splunk Cloud Platform's end-to-end visibility into your cloud-native environment is key for security posture.

Splunk Cloud Platform has helped reduce our mean time to resolve by a significant portion.

Splunk Cloud Platform has helped improve our organization’s business resilience.

We have seen time to value using Splunk Cloud Platform. We immediately saw time to value after implementing the solution.

The consolidation of tools gives one place to look for logs and events. I wish there were more ways to consolidate the consoles.

Splunk Cloud Platform is easy to use, and users can quickly understand and do pretty much anything that their minds can create.

Splunk Cloud Platform should have better integrations with its suite of tools. Splunk Cloud Platform should include a more seamless connection with ES.

I have been using Splunk Cloud Platform for eight years.

The solution provides good stability.

As long as you have money, scaling the solution is easy.

Our direct customer support team is very responsive. However, it's very hit or miss with Splunk tickets and trying to reach out. Most likely, we get escalated because they can't help us. It's very hard to work through issues that need to be resolved quickly via email. The conversations back and forth take a long time, and technical support takes a while to resolve urgent issues.

Neutral

The Splunk engagement in the deployment was helpful, but there were many issues after implementing everything. So, it was smooth but with many hiccups.

Splunk Cloud Platform is an expensive solution.

Overall, I rate the solution an eight out of ten.

We use Splunk Cloud Platform to ingest data from on-prem environments. Most people have Splunk Enterprise Security running on a server, but Splunk developed the Splunk Cloud Platform to ingest the data into the cloud. It works like Splunk Enterprise, but you must download apps to get some features. Our clients are mostly large enterprises in the financial industry. 

Splunk Cloud Platform improves our visibility and decision-making. Splunk helps us meet compliance standards. It's certified for multiple standards, such as PCI, GDPR, and HIPAA.

The Cloud Platform interface is cleaner than Splunk Enterprise's monitoring console. You can easily understand what's happening with your indexes. It's more refined than Splunk Enterprise's console, but they have the same feel and function. 

It's easy to monitor multiple cloud environments because you can create custom dashboards for any use case you may have. It offers good visibility because it integrates with the ITSI app, providing a clear overview of your environment. 

Integrating Splunk with other components on the cloud and network resources is effortless because it can collect data from various sources, including stored data from long-term storage.

Splunk's reporting offers a good visualization of your data. You can visualize the statistics based on your searches. It produces some helpful graphs that enable you to easily compare what's happening in your search. It's very comprehensive. 

The only disadvantage of Splunk Cloud compared to Splunk Enterprise Security is that you only have two options for long-term storage: AWS S3 Buckets and GCP.

We started using Splunk Cloud Platform in January 2024, so it has only been a few months. 

I rate Splunk Cloud 10 out of 10 for stability. Okay. Splunk is trying to push more people to the cloud, so they've made it really stable. 

I rate Splunk 10 out of 10 for scalability. Scalability depends on whether your on-prem deployment is stable and deployed properly, as the Splunk Cloud Platform is an extension of Splunk Enterprise Security. It's easy to build another use case. or add servers, so I feel it's highly scalable. 

I rate Splunk support nine out of 10. We provide frontline support to our clients, but we periodically pass them on to the vendor. 

Positive

We previously used IBM and Fortinet. We prefer Splunk because of its integration. You can integrate multiple solutions and customize it for your environment depending on your use case. 

Deploying Splunk Cloud Platform is pretty straightforward once you have the enterprise environment set up on-prem. You download the cloud app and extension. The deployment time depends on the size of your environment. It takes about a day for a small environment. A large-scale deployment can take up to a week if you have multiple tiers and a disaster-recovery site. 

After deployment, the product requires continuous engagement with the Splunk team. You must continue to fine-tune it to ensure everything runs smoothly. However, there isn't much maintenance once it is tuned and deployed properly. 

Splunk is a bit more expensive than some solutions, but customers can derive more value from it due to the features it has.

I rate Splunk Cloud Platform nine out of 10. I recommend ingesting data into the cloud if possible. Even if you have an on-prem environment, it still helps to ingest data into the cloud. 

We use the Splunk Cloud Platform for phishing correlations, sifting through data loss prevention information in P2, and threat reporting.

The Splunk Cloud Platform has improved our observability. We can see a lot more information both good and bad, but at least we have the information.

It is important that Splunk Cloud Platform has visibility into our cloud-native environments. It comes to observability. And with the visibility, we're able to link, especially with our cloud environment, with Azure the correlations for threat reporting, correlations for account breaches, and correlations for compromised data ex-filtration that's going in and out.

Splunk Cloud Platform has improved our mean time to resolution. It stepped down our investigation times. An investigation that used to take ten minutes is now down to five or six minutes per incident.

It offers real-time threat detection by continuously analyzing incoming logs and correlations. These trigger pre-defined alerts, and any suspicious activity will be reported within five or six minutes.

Splunk Cloud has saved costs through time savings. I can focus that time on other tasks improving productivity.

We saw time to value within the first month of implementing the Splunk Cloud Platform.

Splunk Unified Platform helps consolidate networking, security, and IT observability tools. We're primarily focusing on the security area and building out the correlations. We haven't moved to the infrastructure side yet. That is something we have on our company roadmap. 

The most valuable feature is the SPL because without it we wouldn't be able to correlate and build our use cases and manage what we have for our data inside Splunk.

The Splunk Cloud Platform deployment process could be improved to reduce the time required.

I have been using Splunk Cloud Platform for three years.

I have not experienced any downtime with the Splunk Cloud Platform.

Splunk Cloud Platform is highly scalable.

The customer support is quick and helpful.

Positive

We had an old SIEM through our MSSP Trustwave and through them, we migrated to Splunk.

We made the switch to Splunk because of the usability, and observability. We can build out the product a lot better. We're able to customize it and mold it to our environment.

The deployment took 30 days to complete.

Trustwave and Splunk helped us implement the Splunk Cloud Platform. I was highly satisfied with Trustwave. They were the ones that sold us on Splunk initially.

We have seen ROI through metrics, data points, observability, and time saved. The observability provides visibility into our environment, allowing us to see real-time events and threats in our network and act on them faster.

The pricing was negotiated through Trustwave and for our first contract in three years, we got a good deal.

I would rate the Splunk Cloud Platform ten out of ten. I'm satisfied with what Splunk offers and where it's going, I see the growth path and am happy with that. Splunk answered a lot of what I would like to see in the platform and shortly they will be implementing those things. The platform is stable, can be accessed from anywhere, is easy to use, provides the information we need, and is super powerful.

Our security team uses the Splunk Cloud Platform heavily. We index that data that is relevant to security for over a year. Most of our indexes, we only keep for 30 to 45 days. But for security, we keep it for a year here. It is an essential tool for our security team in investigating incidents and looking at the potential compromises, and exploits, of all those types of things. That's one example.

I'm one of two Splunk Engineers in the organization and almost every department uses Splunk. We create dashboards for different organizations. For example, We have temples all over the world. We produce statistics for the temples about how many people have visited each day, and how many sessions were done in different languages. That type of thing is all done through Splunk dashboards. Our missionary department has over 80,000 missionaries all over the world, statistics about what they are doing and the applications they are using are all done through Splunk.

Splunk Cloud Platform helped remove a lot of that administrative work, but also, it's much easier on the cloud for us to ramp up our SVC units if we see more demand and to be able to add more storage to our indexers. That's one thing for us as administrators that helps to be able to ramp it up quickly. When we were using Splunk Enterprise, that was a much more involved process, but now with Splunk Cloud, it's much easier to ramp that up. My partner and I are good at making sure that all of our users are using Splunk efficiently. We give them training regularly to make sure that their queries are well written, that they're not using indexes they shouldn't be, and that they're using the proper commands to be able to get the information they want. We do have to do this periodically because more and more of our users are using Splunk frequently, and we'll have to talk to a Splunk rep to increase our SVCs. For us, as administrators, that's very helpful.

We monitor multiple cloud environments using Splunk Cloud. It's been quite easy for us. We have an in-house Cloud Foundry and we use AWS and Azure quite a bit. We haven't had problems integrating or monitoring with any of those platforms. It's been great for us.

The end-to-end visibility that Splunk Cloud Platform has in our cloud-native environments is important. We do a lot of correlation across the entire enterprise. We need to have good visibility into all of our logs across all of our cloud Platforms, and in-house on-premise stuff, which we're getting with Splunk.

We use a lot of different monitoring tools, not just Splunk. We use Nagios, ThousandEyes, AppDynamics, and Dynatrace. Splunk is an important part of that. It is a mission-critical application for us. The alerts we set up in Splunk are ones we can't do with the other tools. Every one of those tools is a key piece of what we do as a monitoring team, but what we love about Splunk is that we can create alerts that we can't do with the other tools. That has helped us reduce our mean time to resolution.

The Splunk Cloud Platform has helped improve our organization's business resilience. Splunk helps predict, identify, and solve problems in real-time. What we love about Splunk is its flexibility to pull out data that we can't see in other applications or that the commercial office software has not produced itself. But through the logs and being able to adjust it to Splunk and being able to write the queries that we need to, we can pull that data out, and it helps us to be much more efficient in predicting potential problems because we know our applications well and know the red flags to watch for. We can create the alerts needed to predict when something can potentially go down or have problems.

We have seen cost efficiency by switching to the Splunk Cloud Platform. The biggest part for my partner and me is that Splunk Admins saves us time. I used to be the guy who would patch all of our enterprise indexers, servers, and distribution servers. That would take me quite a bit of time. Even though we had automated scripts that would do a lot of that, it still took a fair chunk of time to go out and do the maintenance and patching required. That freed up a lot of our time, made us a lot more efficient, and allowed us to work on other projects we couldn't do before. I do front-end development for some other products, but I didn't have the time before, and switching to Splunk Cloud has freed us up. Being able to ramp up our SVCs and storage is much easier than it was before. We had to spin up virtual servers, provision them, and ensure licensing. With Splunk Cloud, it's much faster and easier. The total cost of ownership has improved.

Before we started using Splunk Cloud, we were using Splunk Enterprise. My partner and I were spending quite a bit of our time keeping the servers patched, up to date, and running the way that we wanted them to. Now that's all gone with Splunk Cloud. That has freed up a lot of our time so that I can spend most of our time helping people, learning SPL, and helping them with their dashboards, alerts, and reports. Splunk Cloud has helped us to be able to focus on getting more information out of our data. Whereas before, we were doing mostly administrative stuff. Now we don't have to do that anymore.

We're interested in learning more about the new AI features, especially the natural language to SPL conversion. While we jokingly worry these features might replace us, our main focus is helping users understand Splunk and build dashboards. We're curious how these AI features will integrate into our work, how many people will use them, and if there will still be a need for our Splunk expertise. Overall, we're excited to see how AI will impact our work.

I have been using Splunk Cloud Platform for three years.

Splunk Cloud Platform has been extremely stable. In some of the major upgrades, like, when we switched over to version nine there were a few hiccups that caused performance slowdown, but as far as stability, it's been great. In the last year, it's been extremely stable and very performant. It's just in the months after some of the changes over to version nine, we had a few problems, but nothing since then.

We have no concerns about scalability. We frequently upgrade the number of SVC units we require. We're using Splunk Cloud enterprise-wide. We're getting more and more departments using Splunk or asking to use it. Everything is on Splunk on a basic level. Security is a big deal. All our virtual servers, cloud environments, and everything that ties into security are already being adjusted to Splunk. As far as the application level, people want to get more information out of their application or data. We don't have problems, questions, or concerns about scalability. We know it's there.

We have a big instance in the cloud, and we have occasionally had a few issues here and there that took some time to resolve. For the most part, the customer service and resolution of issues have been very responsive from Splunk. We just had a handful of issues here and there but for the most part, the support has been good.

Positive

We have been using Splunk for many years. Before Splunk Cloud, we were using Splunk Enterprise.

The deployment was straightforward because we migrated from Splunk Enterprise on-premises to the Splunk Cloud Platform.

We used an in-house Splunk consultant who worked with us for six to nine months to transition from Enterprise. He was efficient but it was a big process. It took at least six months to fully transition over because of our big footprint.

We saw a return on investment when we switched to the cloud platform from Enterprise. We were able to consolidate everything with the cloud.

We were involved in the renewal process, and our organization does reviews of all our partnerships that we have every two to three years to ensure they are meeting our needs, there isn't a better solution out there, and we won't save money by going somewhere else. It's usually a four to six-week process when reviewing software and partnerships, and every time we go through Splunk, the review only lasts one day. We love Splunk and we're not switching.

I would rate Splunk Cloud Platform ten out of ten.

Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity and ensure security. In cybersecurity, it is important to protect against all malwares, and the platform is effective in searching vulnerabilities or searching threats.

Splunk Cloud Platform's ingest and visualization features help with data reporting. The platform's alerting mechanism is valuable, as there is software that makes alarms in case of attacks. Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity as a question of security to ensure the security.

I think that Splunk Cloud Platform is good, and I rate it seven or eight.

We have worked with Splunk Cloud Platform for approximately three years. We have also been working with Splunk Observability Cloud for approximately three years.

Splunk Cloud Platform is a good platform for us.

The technical support of Splunk is good as well, and they are helpful.

Positive

Implementation has some benefit for the company.

We think that the price of the product is quite reasonable.

We have clients that use Splunk, but we do not use Splunk ourselves. As a person with deployment experience, I find it difficult to answer the question about implementation because we are obliged to have a platform. There are many platforms, and the implementation is not simple, but we have no special difficulties with Splunk. We think that integration of Splunk Cloud Platform with third-party tools is easy to implement. 

I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.

The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.

Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.

In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.

Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.

My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.

Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.

I think the stability is pretty good. I haven't noticed any outages.

I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.

When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.

Neutral

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.

The product's deployment phase was easy.

The solution is deployed using the cloud services offered by AWS.

My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.

I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.

My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.

In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.

There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.

I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.

I rate the tool a seven to eight out of ten.

We use the Splunk Cloud Platform to log all the network devices, whether it's switches, routers, firewalls, wireless controllers, wireless access points, and applications such as MuleSoft or Adobe AEM. 

The team I manage is small and we don't have much time to maintain the on-prem infrastructure with patches and updates. With Splunk Cloud, we don't have to worry about patches or upgrades. It's always up to date with the latest and greatest features. That's the biggest benefit for us so far. It saves us time and headaches that come along with all the upgrades, patching, and administration of the Platform in general.

Splunk Cloud Platform has more features than the on-premise Splunk Enterprise version that we previously used. My team seems to like the GUI better.

Splunk Cloud Platform's ability to provide end-to-end visibility into our cloud-native environment is extremely important because we don't have any tool that has that feature.

It has sped up our mean time to resolve by 40 to 50 percent compared to the on-premise version of Splunk.

Our on-premises setup used an outdated Splunk version on aging Red Hat seven hardware. Upgrading would have required new Red Hat eight systems and consultant deployment expertise. By going to the cloud, we don't have to worry about hiring consultants or upgrades. That saved us time and money. The pricing that we were given was the same as renewing our maintenance and support for our on-prem version. So it was a no-brainer decision.

As soon as we migrated, my team liked the GUI because it made them more efficient. There are more functions and features that are not available with the on-premise version of Splunk.

We use Splunk Cloud primarily as a troubleshooting tool, so the most valuable features are the analysis and visualization.

Areas of improvement for Splunk Cloud Platform are difficult to say because we're still learning about the platform. I want to have the ability to process the ingestion before it is sent to the back end and Splunk just announced that the feature is coming, so now it just needs to be released.

I have been using the Splunk Cloud Platform for three months.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is easily scaled on the cloud.

The few times we reached out to technical support, they were helpful and able to address the issues.

Positive

We previously used Splunk Enterprise and wanted to stick with Splunk because we feel it is the best product. So switching to the Splunk Cloud Platform was an easy decision for us.

The deployment was not difficult. We had consultants helping us. We thought it was going to take three weeks to migrate from on-premises to the Cloud, and it took half that time. It was a lot easier than we anticipated. And we were able to do most of the work ourselves without using the consultants.

We used Bitzios Consulting to help us with the implementation.

By moving to the Splunk Cloud Platform we saved on having to hire consultants to build a new environment and install it on-premises.

The price for Splunk Cloud Platform is the same as our maintenance costs for Splunk Enterprise on-premises.

I would rate Splunk Cloud Platform nine out of ten. Splunk Cloud offers several advantages in terms of ease of use. Since it's cloud-based, there's no need to worry about infrastructure maintenance, availability, or scalability. New features are automatically available, eliminating the need for manual upgrades and potential downtime that can occur with on-premise installations.

We have AWS and GCP but are using the Splunk Cloud Platform to monitor only the AWS for now.

While we currently use Splunk Cloud, we don't have Splunk security. We plan on implementing Splunk security and that's also going to integrate with all of our Cisco equipment. For now, I can't say that Splunk's unified platform has helped consolidate networking, security, and IT observability, but soon, it will because we'll be able to have one source, one point of reference for all of our logging and security information instead of managing separate tools for different tasks. Once we implement Splunk Security, it will be one single pane of glass where we will have everything.