Splunk Cloud Platform Reviews

I use the solution to create alerts for different servers. I also create dashboards in Splunk.

We have a lot of servers. It was hard to track which were down as we didn't have a monitoring platform. Splunk changes that. It receives data and if it doesn't get any data, it creates an alert so we are notified if something is down.

We also use it for making reports to help make management easier. 

The monitoring of servers for high CPU utilization helps us out. If there are offline servers or high utilizations, we can see the incidents and optimize our processes. 

The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way. 

The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support. 

We can monitor multiple cloud environments, including Azure and AWS. 

It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.

We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.

We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability. 

The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems. 

The cloud has helped us with decision-making. It helps make maintenance decisions very easy.

It's very resilient. 

Testing can handle a lot of logs, however, we are unsure if the speed will be affected.

When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.

There are some issues with Splunk blocking some shared mailboxes. 

Support could be improved. 

I have been using the solution for five years.

The Splunk cloud is very stable. I've never experienced crashing. If there are issues, they will notify us. It doesn't take long to resolve issues at all. Things tend to be resolved in an hour or so. 

The solution is very scalable. 

I haven't experienced the extensibility, or the ability to extend the system, however, my understanding is that it is very good. We have yet to upgrade it.

When we have high-priority tickets, it's hard getting help efficiently. We'd prefer to call. It takes time to get someone to help. We've had to submit tickets via the portal, and they asked us to call instead. It's hard to get above P1.

It would be ideal to get a specific phone number or email so that we do not have to wait hours to get help.

We do have different Splunk support services where we talk to them bi-weekly, and at that point, we can talk about any high-priority issues. They do try to help us with queries. 

Positive

We previously used Splunk on-premises. 

I do not have any experience with the initial setup. Since it is a cloud deployment, Splunk handles the maintenance mainly.

I'm not aware of the exact pricing. That said, my understanding is that it is very reasonable. However, every application has a price. We need separate licenses for everything. They don't have any bundles. 

For the first few years, I used the solution on-premises, and then I moved over to the cloud. 

I use the classic dashboard; I don't yet use the studio. 

It has not yet affected our security posture. 

We have not yet explored federated search. 

I'd rate the solution ten out of ten.

If a user is planning to use the Cloud Platform is to consider the pricing. It's fast to access and there is no downtime. It's very good from a user perspective. I'm happy with it. It's helpful.

Users should work to maximize the power of Splunk to get the most out of it. Leverage the applications, including security. 

We collect almost everything that we log and push it into the Splunk Cloud Platform. That is pretty much our use case. It is mostly for our cyber monitoring tool, firewalls, normal cyber logs, Windows event logs, etc.

Splunk Cloud Platform has helped improve our organization's business resilience a little bit. It is a big organization, and I am just a little part of it. Its impact on the whole business has been a little bit.

We use ES for correlation, incident handling, and things like that. It reduces the mean time to resolve a little bit as compared to the other SIEMs that we were using. We are not using SOAR right now, but that is where we want to be.

I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform. We do not have to worry about maintaining the infrastructure that is out there. We just push things up and maintain our infrastructure on-premises. This is important for us because we just do not have the manpower and resources to manage all the infrastructure. 

We used to use another SIEM with which we constantly had to replace hardware and things like that, so it is a good benefit to have that cloud infrastructure there whether it is coming from a SaaS environment or we just build it in the cloud.

One thing that is a stickler for us is the ability to download apps. I guess it depends on what kind of license you have. It allows some of them if I want, but this is something that we need on a day-to-day basis. When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud.

Another issue is that if I build my own app to some configuration, I cannot load it up there myself. They have to vet it, which is important but it takes a long time to do all that.

We have been using this solution for a little less than one year.

It is very stable.

Scalability does not apply to our environment. Because it is a cloud, scalability is relative to how much you can afford. It scales itself if your data increases because it is a cloud environment. 

Splunk's support is very good, but because the cloud environment was pretty new, I ran into a couple of stumbling blocks with the support for the Splunk Cloud Platform. However, it started to get a lot better. Currently, it is a lot better than when I first started. At that time, a lot of the support staff was probably new to the whole cloud environment, and I realized that. We were the first DOD department to go into the cloud, so it was tough in the beginning with their support. I would rate them a nine out of ten.

Positive

We were using ArcSight. The decision to switch to Splunk did not come from me. It was the decision of the company itself. It was a requirement. We could not track the up/down status with the other SIEM. Splunk can do that better. That was one thing. 

Another thing was the way Splunk can put things like MITRE ATT&CK into their platform. The way it handles rules and things like that makes it a lot better with the processing power. Splunk is search-based, whereas ArcSight is real-time. It fires the minute an event comes up, whereas Splunk has a separate way of doing it. They run a search every hour or so. It is not resource intensive. A lot of times, I can only turn on a minimum amount of rules, especially correlation rules, in ArcSight. I used to have about 300 or so in ArcSight. I probably have about 400 or 500 in Splunk, so the hardware processing power is a lot better.

I was involved in its deployment. Its complexity level was 50/50, but that was expected because of the lack of training initially. We had an awesome team from Splunk that helped us out. They were there for us for at least a month. They helped us and then trained us on the environment. By the time they left, we were good to go.

The return on investment is not in a monetary sense. Things are a lot less stressful in our environment. We are able to see things that we were not able to see before. It gives us a little calm because we know if something is up or down. We are able to see things that we could not see before in other SIEMs. So, there is a reduction in the stress level. 

We have seen a time to value. I can do plenty of things a lot faster than I could previously.

We evaluated Sentinel, QRadar, and LogRhythm. All of them were very good SIEMs, but we had a lot of challenges when it came to getting them certified on government L5. IBM has its own private cloud. They do not use AWS. We did not have that issue with Sentinel, but it is not as robust. Even though it is at a high level in terms of industry-level SIEM, it could not meet our requirements. It is still a challenge. Sentinel is the only one that is a competition to Splunk if you talk about cloud, not on-premises. It is native to the cloud.

It is awesome. I love it. Anything is possible in Splunk. I have gone through a lot of challenges with use cases. When I needed to figure something out, I got it resolved sooner or later. I either got Splunk support or I went to the community and looked it up. I have never run into anything that I could not do with Splunk. It is very good.

Overall, I would rate the Splunk Cloud Platform a nine out of ten. 

We use it for security investigations and alerting.

The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance. 

The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.

I have been using it for about two years.

From what I've seen so far, stability has been great.

The actual technical reps we've had have been fair. I'd rate them a seven on a scale from one to ten.

Neutral

We previously used LogRhythm. We switched to Splunk. It was an on-prem setup, so it was tough to maintain. It wasn't very reliable, and we always had to deal with hardware issues.

I haven't been hands-on with the deployment, but Splunk's deployment has been smooth. We also have Enterprise Security, which has been a little more difficult.

We have not calculated in dollars, but it has definitely saved us time.

We evaluated other options. I wasn't directly involved in all the decision-making processes, but from a user standpoint, it was the cost and the future possibilities of adding SOAR that made Splunk Cloud Platform seem like the best option for us.

I would rate it an eight out of ten, mainly due to the difficulty we've had with the Enterprise Security side.

The Splunk Cloud platform is for anyone who wants to save money and doesn't want to manage an on-prem infrastructure. I like the Cloud platform because we don't have to handle any maintenance. Any server downtime, upgrades, or patches are no longer our responsibility, which is great. That's the biggest advantage of Splunk Cloud.

Before COVID-19, the Splunk Cloud platform was much more difficult to manage. I've heard it causes a lot of frustration. Thankfully, it's come a long way since then. Now, it's user-friendly and allows app and add-on installations without worrying about accidental breakdowns.

I wouldn't have released Splunk Cloud myself when they did but the shift to remote work during COVID-19 drove everyone to the cloud, making the Splunk Cloud platform a great solution. While the updates focus on features, patches, and maintenance, there's nothing about the Splunk Cloud platform itself that I love other than the fact that we can use it in the cloud without the hassle of any on-prem requirements.

The importance of having one cloud platform depends on an organization's data goals, but at the end of the day, we onboarded the data because it's important. So as long as we have a use case, it's high up there.

Splunk Cloud Platform has improved our mean time to resolve incidents 100 percent. The cloud eliminates the need for upgrades to multi-cluster environments and the risk of errors during configuration, which can cause major problems. While we are not responsible for any Cloud maintenance, Splunk's support is helpful for escalations. Their clear communication about maintenance minimizes the need for their involvement.

While I can't speak to personal cost savings, moving to Splunk Cloud likely saves on storage costs compared to on-premises setups. This is especially valuable because many organizations use Splunk alongside other security products for specific needs. However, some competitors offer better data storage and faster results as add-ons for Splunk. Overall, the biggest cost savings come from eliminating the need for in-house server maintenance, storage management, and future data migrations. This reduces headaches and frees up IT resources, even if the migration itself wasn't a major issue.

I like the idea of being able to list the IPs that we want without having to open up a ticket to get it done so that way if anything changes we can add a new IP. The platform itself is the most valuable because if we're using the product, we're paying a lot for it. So we're searching our data and doing the triage we need to with the events. In reality, our biggest benefit of the Splunk Cloud Platform is not having the hassle on-prem.

Splunk Cloud's SVC licensing model lacks transparency. Customers are unsure of how SVC consumption translates to costs, and there's no easy way to identify what's driving SVC usage within the platform. While some external applications provide limited insight, Splunk Cloud itself doesn't offer a clear view into SVC consumption. This lack of clarity makes it difficult to explain cost spikes to customers, as the cause could be anything within the platform.

I have been using the Splunk Cloud Platform for four years.

The Splunk Cloud Platform is stable.

I have some concerns about the SVC licensing model for deployments under 1 terabyte, and it's separate from Splunk Cloud. The bigger challenge customers face is managing the surge of data and historical information they ingest. This can lead to situations like an admin setting up numerous queries and then leaving, making users hesitant to disable them for fear of breaking something. While this can happen with any product with unchecked admin access, Splunk and Splunk Cloud themselves function as intended for large-scale environments. Ultimately, it's up to the customer to manage their Splunk instance effectively.

Many people complain about back-and-forth interactions with Splunk support. It feels like a repetitive loop of explaining the problem, being asked for information and questioning why it's needed. There's frustration on both sides: support needs details to diagnose the issue, while users might feel it's a simple problem and supplying extra information is unnecessary. This can be true for any customer support experience.

Splunk Cloud deployment complexity varies by use case. Starting fresh is simple: install, configure, and point data to the cloud. However, migrating from on-premises to the cloud with existing data can be complex. Deciding what data to migrate and the migration process itself adds significant challenges, although these are likely to become easier over time.

Splunk Cloud's value is clear: it eliminates maintenance headaches and simplifies connection, offering a hassle-free experience.

The lack of transparency around the SVC licensing makes it difficult to explain the costs to our clients.

I would rate the Splunk Cloud Platform nine out of ten. The rating is not because of customer service. I am strictly looking at the product. I've worked with it for seven years. I've been on over 70 engagements with other customers over those years, and I rarely find a use case that a customer can't solve when it comes to an architect-type scenario, which is great. It's the same thing for data. For the most part, if you know you have data and can get it written down to a file, you can adjust it, which is phenomenal. The on-prem infrastructure consists of only 12 CPUs and 12 RAM if it's hardware, and then you double it if it's virtual. Overall that's very inexpensive to stand up major components. I'm not including storage or any other sizing that can get more complicated. Overall, it doesn't ask much from actual servers if you want to host it on-prem. Even managing it yourself on-prem, is not terrible. The commands are still there, the resources are there to do it yourself. You have community groups out there that help you with questions. There are tons of providers out there that can get you from point A to point B. 

I have always used Splunk but I am open to learning Chronicle soon depending on industry trends. While I believe Splunk remains the top SIEM tool. According to Gartner, competitors like Azure and Oracle are emerging. However, I have not needed to look for other solutions.

We are onboarding everything on it. We have infrastructure, applications, and network-related things on it.

The availability has improved. There is the ease of upgrades. We are able to show value quicker with some of our add-ons and things like that because of the stability in the base.

It is extremely important to me that Splunk Cloud Platform has end-to-end visibility into our cloud-native environment.

Splunk Cloud Platform has definitely helped reduce our mean time to resolve. It is a little hard to measure. It has at least saved 3% of our time.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools. There is ease on resources.

There is definitely the ease of the infrastructure administration. It frees up a lot of time.

I would love to be able to manage my own apps. 

I have been using Splunk Cloud Platform for two years.

Stability and scalability have been the main benefits of this solution.

We have had some confusion around some of our requests, but I understand. We have to work through and get proper responses.

Neutral

We were using on-prem Splunk.

There was a professional service involved. I came into the team right at the time of the cutover. They were pushed into the cloud because things had gotten so out of control on-prem, so we had to clean that up first, and then finish the migration. It was kind of bumpy, but we got through.

We are using AWS. It is managed by Splunk.

We had Aquila as our partner for help with implementation.

We are definitely starting to see an ROI. We have been focused on metrics because we are trying to get very comprehensive and overall monitoring of the environment both from the security standpoint and the infrastructure standpoint.

We have not yet seen any cost efficiencies by switching to Splunk Cloud Platform. We are still maturing it out.

As far as the pricing goes, it was what was expected. It is a premium product. There were no surprises there.

We did not evaluate other solutions. We have always been with Splunk.

We are not monitoring multiple cloud environments, but it seems it would be easy to monitor them.

Overall, I would rate Splunk Cloud Platform an eight out of ten. There is always room for improvement, but it has been good.

On Splunk Cloud, I mainly look for errors in applications or issues that come up with our internal applications. I have also used it to create dashboards and display customer data to customers in an effective way so that they have insights into their data.

There is less overhead now for infrastructure management. There are fewer issues that we have to worry about on the infrastructure side. This has freed up more of our resources' time to work toward initiatives on the Splunk platform itself. It is hard to measure the time savings. If one resource was working on it, that resource could save anywhere between 15 to 20 hours a week.

It must have reduced our MTTR, but I have been with Splunk for as long as I have been in my current environment, so I do not have anything to compare it with.

It helped improve our organization’s business resilience. The solution helps us find where errors are and potentially where threats are a lot faster. We can more effectively push out alerts not only to our team but also to the teams across the enterprise. It is nice to have on hand.

It is quite effective at helping us identify problems very quickly. We do not participate in real-time searches within our Splunk environment, but close to real-time is possible, and it is quite effective.

Not having to manage Splunk Cloud's infrastructure is valuable. Being able to deploy within the cloud and not having to manually manage our configs on the infrastructure side and set up our own architectures has been the biggest help.

Other than that, the new Dashboard Studio has been a pretty big win, but I do not know whether that is more cloud-specific or not. Dashboard Studio has a cleaner look for customers that want to see their data but not necessarily search. For the customers that want to see their data, having an easy and effective way to drag and drop to see where things are going to be if they want to change them has been pretty beneficial.

They can streamline the process of creating custom apps. I do not have a lot of experience with it. It was not very difficult for me to do so, but there is probably a better way to present the ability for people to push their own custom apps to the platform and go through Splunk's manual and automatic reviewing process.

I have been using this solution for about three years.

I have not seen any downsides when it comes to uptime and availability. Being in the cloud reduces downtime, especially compared to being on-prem where if something goes wrong, you will have to go in and fix that infrastructure yourself.  I have not necessarily seen significant downtime with Splunk Cloud or on-prem at this time.

I quite enjoy the fact that if we need more indexes or search heads, it is very easy to plug and play with Splunk Cloud. With the infrastructure model that we had before, we would have to go in, set up a new search head out to the cluster, and add a new indexer to the cluster if we needed it. It will have more benefits going forward as we move more and more into the cloud.

I have worked with Splunk support, and I would rate them an eight out of ten. It depends on where you are and what project you are working on at the time. It would be quite beneficial to work with them if you have a specific project that you are working on, and they have some insight into it. I do not work with support too often myself. Usually, one of our Splunk Infrastructure managers works with them, but there is always room for improvement. Availability in terms of making the time to gain insight into specific projects and problems that we are having is an area that can be improved.

Positive

My company has been with Splunk for quite some time now. We are well integrated at this point, and we are in the process of migrating over to Splunk Cloud specifically. We used Splunk on-prem for a while. We are currently in a hybrid situation, and we are making our way toward being completely on the cloud.

I help from time to time with the migration process, but I am not necessarily in charge of the total migration functions that we currently have today. The most I have done in terms of deploying to the cloud was creating a custom alert action for the cloud environment, which is one of my biggest contributions so far. I am not completely in charge of it, but from time to time, I will assist in the migration process. It is a bit of a learning curve, but once you get more and more familiarized with the cloud and how to benefit from it by using features like federated search, it becomes easier. It is somewhere in between in terms of complexity.

We would have seen an ROI. I do not have a specific number, but assuming that we did not have Splunk Cloud, we would have to manage our own infrastructure. Not having to manage nearly as much infrastructure and not having to have the personnel to manage that infrastructure on a regular basis, frees up that time for them to do what they are really designed to do. This has definitely added value.

I am a little bit familiar with the pricing and licensing model. I am not sure about the particular pieces of the actual price that we have, but I do like the idea of going towards a more CPU-based approach rather than the ingesting approach. This CPU-based approach gives us the ability to ingest more data if we need it.

The biggest value that I get from attending Splunk conferences is the insights from everybody here. You have people from many different companies doing very different things and deploying very different models within their different Splunk instances. You get an idea of where everybody lands and maybe grab some ideas that you would not necessarily have thought of by looking at it from the inside of someone who is in a completely different field than you are.

There is definitely a big difference between Splunk Cloud and on-prem. For me, one of Splunk on-prem's biggest features is being able to deploy my own custom applications internally, which is something that is a bit of a process with Splunk Cloud. So, given the information that I have, I would rate it a seven out of ten.

It's a better pricing model. The main aspect is that we don't have to manage our infrastructure. Since we migrated, we've found we don't have as many outages. 

This allows our admins to focus more on the day-to-day onboarding instead of wasting time dealing with outages.

Our organization monitors multiple cloud environments. We monitor AWS. We have other logging platforms that monitor our infrastructure as well.

It's very important for our organization that Splunk Cloud Platform has end-to-end visibility into our cloud-native provider environments. With the increasing changes in technology, being able to consistently get insights into those new data sources in a quick amount of time is everything.

Moreover, we have seen a reduction in our mean lead time to resolve (MTTR). Our enterprise has some of those dashboards for incidents. Splunk is mainly used to resolve those incidents and identify what's wrong. Over year over year, these times are lower. And Splunk has helped with that. There's other operational things that are probably helping too, Splunk plays a big part, so it is helpful.

I like the Splunk Monitor console. I like how Splunk continually updates it with new features. We don't have to do anything on our end, we just get access to that. 

Splunk has some good dashboards that show us search or user search activity. There are some things that could cause the environment to go awry, like skip searches or searches that are more intensive. 

By being able to identify those, we could reach out to those customers and work with them on improving their standard practice. Since moving to SaaS, we're able to focus more on that.

There's one specific use case I work with. I work with some Splunk experts, and it lacks workload management rules.

It can identify specific dashboards e.g., or all-time searches. When I try to track back to the user, I don't have additional information within those logs to help me know, "This is the dashboard this guy accessed."

Instead of relying on those particular workload management logs, I have to do an investigation that takes time. It takes too much time when it shouldn't.

It's only been a full year so far. We migrated recently.

Stability has been so far, so good. Data is growing, not just for us but for everyone. From what we've seen, it looks like it's handling it accordingly.

We frequently engage with support now since we have a lot of incidents. They consistently ask for feedback on our support cases. We recently had something that was very urgent. Splunk was able to escalate it accordingly and get back to us with a solution. It means a lot to my management.

We've been with Splunk for several years now.

For the cloud, the deployment is easy. 

We just have the standard. We download our packages, upload them via the cloud, upload our apps, and use the App Inspect. 

Before on-prem, we had some CI/CD pipelines to deploy on-prem. Those change calls lasted up to an hour and a half just to verify the change was successful and that everything was coming in as expected. 

Cloud is just uploaded and deployed in a matter of minutes. That's a big plus. It saves us time and a lot of hassle. 

We use our valuable time and do not waste effort. We just work on more important things like onboarding new data sources as log data continues to grow.

By being able to have more time to onboard data sources with customers, we provide our company more visibility and value into our entire environment.

I have no major gripes other than some detailed grievances, so I would rate it an eight out of ten. 

To gain deep visibility into our entire cloud infrastructure, we deployed the Splunk Cloud Platform. This tool allows us to monitor, analyze, and investigate all aspects of our cloud environment.

Splunk Cloud Platform integrates seamlessly with other systems, including Slack. This allows us to receive real-time alerts triggered within the tool. We can then analyze the output and take timely action to resolve the issue, ensuring continued security.

Splunk Cloud Platform improved our security posture. We could easily and efficiently obtain detailed analyses of any log, including UPC flow logs and others, promptly. The benefits of Splunk Cloud Platform were visible within two days.

Splunk Cloud Platform does a good job helping to maintain the complaints and privacy regulations within our infrastructure.

Splunk Cloud Platform excels at correlating data from a wide range of sources, including applications, websites, and servers. It efficiently handles the challenge of managing large volumes of data. This has secured our data and demonstrably improved our security posture.

The ability to correlate data and then present it in a meaningful and valuable way is crucial. Splunk offered this functionality, providing us with insights into threats, vulnerabilities, and all the identity information we fed into it. We sought a SIEM tool because we lacked a solution that could effectively analyze recent data. We needed a tool that could not only ingest our data but also correlate it and present it in an easily understandable format.

The cost of Splunk Cloud Platform is high and has room for improvement.

The current visuals on the dashboard could be more impactful.

We conducted a POC of Splunk Cloud Platform 6 months back.

During our POC, I did not encounter any stability issues with the Splunk Cloud Platform.

I would rate the resilience offered by Splunk Cloud Platform 8 out of 10.

I would rate the scalability of Splunk Cloud Platform 9 out of 10.

The technical support is good.

Positive

The initial deployment was straightforward. Two people were required for the deployment.

The Splunk Cloud Platform is expensive.

Splunk Cloud Platform performed well in the POC but the cost was higher than other tools.

We chose Palo Alto Networks over Splunk due to its combined advantage of cost-effectiveness and superior threat analysis capabilities.

I would rate Splunk Cloud Platform eight out of ten.