Splunk Cloud Platform Reviews

I work on corporate investigations and incident response. I use Splunk Cloud Platform to investigate user frauds, cases related to malware investigations, and anomalies.

In terms of the benefits of the product, I would say it is my go-to tool. Regarding getting all the data from Windows event logs, and considering the other reporting tools we have in our company like Forcepoint, Proofpoint Email Protection, Office 365, or Microsoft Defender, we have to search and get all the data in one place and to do so, Splunk Cloud Platform is super valuable.

The solution's most valuable features are search, reporting, and dashboards.

Splunk Cloud Platform is useful in our organization's monitoring of multiple cloud environments involving cloud services like AWS. I cannot speak about the ease or difficulty of using the tool to monitor multiple cloud environments since I am not on the administration side.

Considering the product's ease of use, the tool offers me the ability to search all the data and get it in a format before giving it to an investigator so that they can get it in a format they can understand.

The expensive nature of the product is an area of concern that needs to be considered for improvement.

I have been using Splunk Cloud Platform for twelve to fourteen months.

The product has been pretty stable for me. I have never seen any outages in the tool, and it has been a pretty solid solution.

I have no experience with the solution's technical support team.

I was not using any other solution in the past.

I don't know anything about the product's deployment phase.

I know that Splunk Cloud Platform is an expensive product.

I rate the tool a ten out of ten.

We utilize the Splunk Cloud Platform for log ingestion related to security and troubleshooting purposes.

Splunk Cloud Platform helps us with our security incident response. The cloud security logs are integrated with all the cloud providers.

The federated search feature enables us to search between Europe and the US, from one Splunk instance to another, all from a single location. This federated search simplifies how we handle data, making it easy to swiftly search for and manage information.

We monitor several cloud environments and find it easy to utilize the Splunk Cloud Platform for this purpose. Each cloud provider offers its own prebuilt dashboard, or customers can create their own.

The Splunk Cloud Platform offers excellent visibility into multiple environments. In the past, we utilized hybrid integrations, and they seamlessly worked right out of the box.

The reporting functionality provided by the Splunk Cloud Platform resembles that of the on-premise platform. It is readily available without requiring integration or the installation of reporting visualizations.

From a security standpoint, the Splunk Cloud Platform provides us with comprehensive visibility into all security logs. This enables us to implement security incident responses with great efficiency. Additionally, we have discovered that internal employees, such as product teams, are utilizing the platform as intended for various other use cases. For instance, it has proven valuable in troubleshooting performance issues and monitoring within Kubernetes. As such, we are leveraging a wide array of use cases within the company.

Splunk is a highly mature software that has been in the market for many years, which greatly influenced our decision-making process. Another factor was the user-friendly nature of the latest version, making it easy to initiate. We don't require a large workforce for installing components; it's as simple as out-of-the-box. Consequently, minimal time investment is needed for training.

The Splunk Cloud Platform assists us in accessing data to meet critical compliance and privacy regulations. For instance, this is particularly important for regulations such as GDPR and HIPAA. We are utilizing Splunk Cloud with a specific focus on HIPAA compliance, allocating extra attention to this aspect. In the case of GDPR, Splunk offers a range of built-in capabilities. For instance, it allows for log masking. Moreover, there are novel features available in Splunk Cloud, such as ingest actions. This feature is exceptionally useful as it enables us to mask the data before it's ingested into Splunk. Consequently, this approach ensures our adherence to compliance regulations, exemplified by GDPR.

The Splunk Cloud Platform has had a significant impact on our organization's security posture. It serves as our primary visibility tool and is the main source of trust for all login activities. Without Splunk, we would lose essential visibility and access to security updates. Currently, Splunk stands as one of the primary tools we utilize due to its utmost importance.

The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based.

The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps.

The Splunk Cloud Platform is not a very mature solution; it has only been on the market for four or five years. While they have made significant improvements, there are still limitations, such as the absence of CLI access. Therefore, there are several limitations that still exist with the CLI. 

The standard support has room for improvement. 

I have been using Splunk Cloud Platform for four years.

The Splunk Cloud Platform offers 99.9 percent availability, ensuring that we never experience downtime.

I would give Splunk Cloud Platforms' scalability an eight out of ten.

Technical support needs more knowledgeable people.

Neutral

We used Sumo Logic in the past, but it wasn't an enterprise-grade solution, so it couldn't support the scale we required. Additionally, Sumo Logic lacked support for many integrations. The Splunk Cloud Platform fulfills our scaling requirements and integration needs. Moreover, our team possesses skills that align well with Splunk, making it a better fit for us.

The Initial deployment was very straightforward because we had the skills. But I would not say that this is straightforward without the skills. We need to learn at least the basics. 

The deployment took six months to create this multi-tenant environment because it's a highly specialized setting. It's distinct from a typical Splunk deployment that might only take a day or two. However, the process of configuring, migrating all the data from Sumo Logic to the new Splunk Cloud, and setting up the multi-tenant system along with product dashboards, required approximately six months of effort on our part.

We utilize Splunk in a multi-tenant manner, wherein we allocate costs back to the product teams in each department based on their usage. We are a healthcare company engaged in the development of healthcare applications tailored for doctors and hospitals. Splunk plays a pivotal role in assisting us with this endeavor. I would estimate that we have experienced a return on investment of approximately 30 to 40 percent.

The cost of the Splunk Cloud Platform is high, and in addition to the standard licensing fee, we also have a premium support fee.

Now, we are paying less because, instead of being charged based on ingestion, we are paying for SVCs, which stands for Splunk Virtual Compute. This implies that our costs have decreased. Despite ingesting a larger volume of logs, our expenses are lower than they were before. However, it's important to note that if our usage of the tool increases, our expenses will also increase. Therefore, this represents a distinct licensing model from Splunk's.

I would give Splunk Cloud Platform an eight out of ten. Splunk Cloud has shown significant improvement over the past four years, and I highly recommend it.

We operate two distinct Splunk Cloud platforms: one in Europe and another in the US. These platforms are linked through a federated search. This setup ensures that specific data, such as European data stored in the AWS cloud, is directed to the European Splunk platform, while data from the US Cloud is directed to the US Splunk platform. However, it's worth noting that all users primarily log into the Splunk US Cloud. From this point, they have the capability to transmit data to the Splunk Europe platform.

We have around 400 users. 

The maintenance is primarily conducted by Splunk on the backend, and any on-premises maintenance we perform has been reduced by 80 percent.

The value that Resilience provides for SIEM solutions is significant for us. Therefore, if we inquire with various customers, they might provide different perspectives. However, concerning security, this holds substantial value. I would assert that it's the primary tool in our arsenal; indeed, we do possess other security tools, but the most frequently utilized one, which also delivers the utmost value, is undoubtedly Splunk.

The method to expand a SIEM system is achieved by extending the licenses. This expansion enables greater capabilities, increased log retention, and the ability to process more logs. In our specific scenario, we were previously restricted by the capacity of the ingest license. Our log ingestion was limited to, for instance, one terabyte per day. However, with the introduction of this new licensing model that's based on CPU usage, we now have the flexibility to ingest any amount of data while paying according to our actual tool usage. Consequently, if we intend to expand for additional servers, we simply need to contact Splunk and communicate our requirement for increased server capacity to enhance system performance. This process is streamlined because we aren't required to take any additional actions ourselves.

I would highly recommend Splunk Cloud because we don't require personnel for maintenance or server installation and management, as all these backend tasks are taken care of. Additionally, for those who are currently using a competitor of Splunk for SIEM purposes, I would also recommend transitioning to Splunk if they have the budget for it.

Splunk Cloud Platform is a product I use since my company has different platforms on Splunk, like Splunk ITSI and Splunk Enterprise Security. Splunk ITSI and Splunk Enterprise Security are the two packages known as paid packages under Splunk Cloud Platform, and my company also has an ad-hoc search head. Splunk ITSI is totally related to the infrastructure monitoring that my company does, and from it, we derive the service analyzers, episodes, and alerts and see if we want to integrate anything with ServiceNow, Jira, or any other monitoring tools we have. The product can be integrated with other tools, while my company can also use its alerting feature and its ability to notify the consumers with particular alerts, so the total infrastructure is covered under SIEM, making it possible to attach to security information. My company also created a couple of use cases, like in the case of continuous resetting of a password more than three or four times, then there will be a security incident that would be created so that if any end user is doing it as malpractice, like, phishing or something, my company can detect it and inform the user that you have crossed the four limits, and there is some attack happening owing to which we need to reset the password. Based on the aforementioned process, SIEM monitoring will be handled through its application. The aforementioned areas consist of the use cases related to the tool, along with a couple of more activities, like onboarding a user onto Splunk, creating apps for them, creating dashboards, creating alerts, and creating a couple of use cases for them as per their requirements.

In my organization, Splunk Cloud Platform has improved the issue revolving around transactions. If there are any issues with the transactions, then my company notifies the end users that their transactions failed, after which they can fix the issues so that there are no issues with the transaction part, especially regarding the application availability. The tool makes it possible to fix issues without any downtime.

I mainly work with Splunk SIEM and Splunk ITSI, and these are the two major products recommended for all consumers. If it is related to security, I recommend Splunk SIEM, and if it is related to infrastructure monitoring, I recommend Splunk ITSI to others. I used to take care of the observability part as well with the aforementioned tools. For observability purposes, I use Splunk-related applications. I also do the onboarding of the data into Splunk with the help of observability functionality.

If I focus on the observability part of the product, I see that it is an area that doesn't offer more integrations compared to what Splunk Cloud Platform or Splunk Enterprise offers. When it comes to the integrations with the other platforms, there is a little bit of a lag in the observability part, making it an area where improvements are required.

I have been using Splunk Cloud Platform for 5 years. My company has a partnership with Splunk.

It is a stable solution. Cisco has acquired Splunk recently, so I think it will be a more stable product in the coming days.

It takes a lot of time for the support team to resolve issues. In short, it takes a lot of time for Splunk's support team to troubleshoot an issue, meaning they are unable to resolve issues within a certain time frame. I rate the technical support a 6-7 out of 10.

The product's deployment phase was straightforward, especially compared to the ones I have dealt with in the past.

The solution is deployed on a hybrid cloud model.

For deployments starting from scratch, I deal with the documentation part. I prefer to look through Splunk's recommendations on the limits of how much the server configuration should be while trying to meet the configuration requirements of the consumer. In general, I deal with whatever configuration files are needed and how the consumers want to approach it, like if it should be a heavy forwarder or universal forwarder or if they don't want to directly ingest data to the indexer bypassing the heavy forwarder. Basically, I try to understand the consumer requirements before taking care of the deployment part.

For a limited deployment involving four to five servers, only a single person is required. If the deployment involves twenty to thirty servers, the number of people required to deploy the product will have to be increased depending on the requirements, and my company will also have to manage everything. The number of people required for deployment is based on the capacity at which my company plans to do the deployment.

My company has the entire Splunk Enterprise package, and we have many universal forwarders set up at fifty different locations. In around twenty locations, universal forwarders have been set up. My company also has fifteen indexes that directly send data to indexers. My company also has four heavy forwarders that collect information from applications like Azure. My company uses add-ons with the heavy forwarders in Splunk.

I was involved in the product's deployment phase.

My company has a license for Splunk Cloud Platform. My company also has a license for Splunk Enterprise. There are two packages that my company has access to when it comes to Splunk, and I am also aware of the configurations and setup phases related to the tool, from scratch to production.

Splunk Cloud Platform has improved our company's incident response time. For example, if any event is ingested into Splunk, within less than a minute, we trigger an incident to the end user based on the assignment group in ServiceNow.

There are many benefits attached to the tool in the areas of machine learning and predictive analysis. In Splunk ITSI, there is predictive analysis, which can be used for protection with the alert capabilities, especially if there is an alert storm coming up. My company can directly detect particular alerts from the trail to the attack and notify the end user about it. With the machine learning toolkit, my company does anomaly detection with the help of Splunk SIEM platform. With Splunk ITSI, my company does predictive analysis. The aforementioned area covers the two different platforms my company uses, along with two different approaches and the tool's machine learning capabilities.

My company interacts with our consumers. For example, if I am a consumer of Azure products, I would want to onboard all the data from Azure, even if it consists of user data. I recommend that more space be set on a particular index so that Azure data can be used. My company has all data related to Azure about its users and the changes if you have a license or if you have Azure Event Hubs, including any other things that it may have. I recommend more space in Azure, but if it is a network-related application like Aruba, I recommend that it has a little bit less space compared to Azure. The scalability of Splunk Cloud Platform can impact our company's data management, though I recommend the space required for a tool based on the use cases.

I am aware of the federated search features in the product. If a search is not running up, then my company needs to check whether any permission related to the search has any issue or if anything is going wrong, after which my company needs to check and fix those searches. I have not used much of the tool's federated search features.

My organization monitors multiple cloud environments with the tool's help. It is easy to monitor multiple cloud environments using the product. For example, if my company takes into account Splunk ITSI with service analyzers, then we define how one service is related to GCP. One service will be under the cloud services offered by Azure, while another service will be related to AWS. My company can divide the services based on locations and KPIs. My company monitors the total locations of the cloud so that we can get more insights from the service breakdown, which is why I recommend the use of Splunk ITSI. I used to work more with Splunk ITSI, a reason why I recommend it to others, as it is easy to understand and handle, even if you have 1,000 or 20,000 applications. With Splunk ITSI service breakdown, it is very easy to handle applications.

The visibility of the tool in multiple environments can be explained with the help of an example, where, if my company considers Splunk Cloud Platform, the visibility will be less compared to what we get from Splunk Enterprise. Splunk Cloud Platform is totally managed by Splunk's support team, so if anyone needs to do anything, my company needs to raise a request for a change in the tool, though we can modify a couple of services, like a couple of applications using ACS, which was introduced by Splunk. With ACS, if you want to update, create a token, or modify anything from the HEC token information, you can do it with the particular services offered by the solution. Considering the aforementioned area, I recommend that 30 percent of the work be done with ACS, and 70 percent of the work needs to seek assistance from Splunk's support team. Our company handles Splunk Enterprise, and we have 100 percent visibility on it compared to Splunk Cloud Platform.

The integration of the product with other services is possible. I have integrated it with ServiceNow, Jira, Slack, and Microsoft Teams, and I can say that it has been okay till now. It is good to integrate Splunk Cloud Platform with other tools. If we take a cloud service like GCP into consideration as an example and say that it is not working properly, then there will be an incident directly assigned to the support team based on the integration with ServiceNow. If you want to notify all the consumers in a scenario where GCP is not working properly through particular notifications with Slack channel particular notifications, then one can inform all the thousand consumers in a particular company about it, and it is possible with a single integration.

My company uses the tool for alert reporting. For example, if the top management of an organization is looking for the availability of websites, especially a couple of websites that are critical to their applications, then my company monitors such applications with the data in the report from the last thirty days or seven days, to ensure that availability of a particular website is 100 percent. If anything goes wrong as per the reports from the previous seven days, then the availability is reduced to 80 or 95 percent, which is based on how much time it was down, and it will be then notified to the consumer or top management, stating that the availability got reduced, and how there is need to fix a couple of applications in the back-end so that the availability can be increased. The top management will be made aware of the things that have been going on for the last seven or forty days. In general, a report is good for notifying the top management or consumers so that they can make decisions or check if their licenses or server capacity needs to be increased. With the alerting report feature, my company can be confident that the top management or consumers know about a particular issue in the tool that we can fix as soon as possible, but there will be a cost involved in doing so every time. If the consumer or top management is aware of the issues in the tool with the help of the alerting report feature, then they can make a decision.

I am currently not aware of how the product has an impact on decision-making.

The product has helped my organization with data compliance and privacy regulations since we were able to set up the terms and conditions with Splunk. In general, it is good when it comes to the terms and conditions revolving around the security part.

Maintenance is required to upgrade the applications, so we need a downtime of no more than fifteen minutes.

The product offers value in terms of resilience. Whenever my company faces difficulties, it is the solution we use for all our monitoring purposes.

In terms of the extensibility of the product, I feel it is a good solution.

Everything is supported by Splunk support, though it may take some time to find and resolve certain issues. If Splunk's support team resolves issues within a certain time frame, I can provide a nine out of ten rating for Splunk's technical team. Splunk Enterprise is totally handled by our company, so I can give it a nine out of ten.

I recommend Splunk Enterprise to others, especially when compared to Splunk Cloud Platform. If any notifications are needed, it can be done with no downtime, and it can even be completed within a week. If we want Splunk's support team to do the same aforementioned procedure for our company, then it may take a little bit more time.

I rate the overall tool a 7-8 out of 10.

We use Splunk Cloud Platform to ingest data from on-prem environments. Most people have Splunk Enterprise Security running on a server, but Splunk developed the Splunk Cloud Platform to ingest the data into the cloud. It works like Splunk Enterprise, but you must download apps to get some features. Our clients are mostly large enterprises in the financial industry. 

Splunk Cloud Platform improves our visibility and decision-making. Splunk helps us meet compliance standards. It's certified for multiple standards, such as PCI, GDPR, and HIPAA.

The Cloud Platform interface is cleaner than Splunk Enterprise's monitoring console. You can easily understand what's happening with your indexes. It's more refined than Splunk Enterprise's console, but they have the same feel and function. 

It's easy to monitor multiple cloud environments because you can create custom dashboards for any use case you may have. It offers good visibility because it integrates with the ITSI app, providing a clear overview of your environment. 

Integrating Splunk with other components on the cloud and network resources is effortless because it can collect data from various sources, including stored data from long-term storage.

Splunk's reporting offers a good visualization of your data. You can visualize the statistics based on your searches. It produces some helpful graphs that enable you to easily compare what's happening in your search. It's very comprehensive. 

The only disadvantage of Splunk Cloud compared to Splunk Enterprise Security is that you only have two options for long-term storage: AWS S3 Buckets and GCP.

We started using Splunk Cloud Platform in January 2024, so it has only been a few months. 

I rate Splunk Cloud 10 out of 10 for stability. Okay. Splunk is trying to push more people to the cloud, so they've made it really stable. 

I rate Splunk 10 out of 10 for scalability. Scalability depends on whether your on-prem deployment is stable and deployed properly, as the Splunk Cloud Platform is an extension of Splunk Enterprise Security. It's easy to build another use case. or add servers, so I feel it's highly scalable. 

I rate Splunk support nine out of 10. We provide frontline support to our clients, but we periodically pass them on to the vendor. 

Positive

We previously used IBM and Fortinet. We prefer Splunk because of its integration. You can integrate multiple solutions and customize it for your environment depending on your use case. 

Deploying Splunk Cloud Platform is pretty straightforward once you have the enterprise environment set up on-prem. You download the cloud app and extension. The deployment time depends on the size of your environment. It takes about a day for a small environment. A large-scale deployment can take up to a week if you have multiple tiers and a disaster-recovery site. 

After deployment, the product requires continuous engagement with the Splunk team. You must continue to fine-tune it to ensure everything runs smoothly. However, there isn't much maintenance once it is tuned and deployed properly. 

Splunk is a bit more expensive than some solutions, but customers can derive more value from it due to the features it has.

I rate Splunk Cloud Platform nine out of 10. I recommend ingesting data into the cloud if possible. Even if you have an on-prem environment, it still helps to ingest data into the cloud. 

My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards. 

We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.

Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline. 

For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.

According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.

The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

Alert scheduling, dashboard creation, and log monitoring are the most valuable features. 

Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

For monitoring security logs, it's the best tool.

I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.

I have been using Splunk Cloud for more than three years. 

It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.

It's deployed across multiple locations.

It does require maintenance. It depends on what Splunk vendor is being used.

The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.

Overall, I would rate the solution a seven out of ten, with ten being best. 

All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.

I would recommend it to others. 

I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.

Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.

The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

I don't know how much the product has helped my organization improve business resilience.

I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

So far, it meets my needs, so I don't need to see any additional features in the tool.

I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.

I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.

I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.

I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.

I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.

The product was deployed before I joined the organization.

The solution is deployed on a hybrid cloud model, and my company has opted for AWS.

I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.

I don't know about the ROI part.

I don't know about the pricing, setup cost, and licensing part.

I rate the solution a ten out of ten.

We use Splunk Cloud for monitoring various ticketing tools, servers, applications, URLs, and client transactions. We're monitoring the transactions and data flow. 

Splunk has sped up our response and reduced the time we spend manually monitoring any logs for ticketing tools or servers. It saves us around 2 hours daily. 

We can onboard multiple data types for monitoring from various ports and use Splunk to monitor laptops or other devices directly. If everything is stored in our database, we can also monitor that and see who is logging in and when. You can monitor which files are being used most and which ones aren't. We can also check for any fraudulent activity in the system. The reporting is highly detailed.

Splunk is best when used for real-time monitoring. We can use AI and machine learning, too. Splunk plans to launch new observability features soon. The federated search feature has helped us eliminate redundancy in data servers and discontinue servers that aren't being used much. We can remove those servers from the environment to cut costs. 

We can use Splunk to monitor multiple environments. The ease of monitoring depends on the source, application, or cloud environment size. 

Sometimes, integrating with other systems is difficult, and it isn't feasible to connect with other applications, but it's easy most of the time. I rate Splunk 7 out of 10 for its ability to integrate with other systems. 

Every time they launch new versions, we experience a few bugs. The most recent version had a couple of bugs in the databases. We contacted the vendor and got assistance solving these bugs, so the environment is more stable. 

I have used Splunk Cloud for 4 years. 

I rate Splunk 8 out of 10 for stability. It has some bugs, but that is common in any product. At least, Splunk resolves bugs quickly. 

Splunk's scalability is nice. 

I rate Splunk's technical support 9 out of 10. 

Positive

Splunk is easy to deploy. We have it deployed across data centers at multiple locations. Splunk requires some maintenance after deployment. 

Splunk is a bit pricey, but it's reasonable for the features offered. 

I rate Splunk Cloud Platform 8 out of 10. I would definitely recommend Splunk to others. 

We leverage the Splunk Cloud Platform to effectively manage the vast amounts of machine-generated data, thereby ensuring application management security compliance.

We implemented the Splunk Cloud Platform to enhance our customer experience and optimize the data storage costs. We can convert the log data into numerical data points when requested.

The Federated search helps retrieve data in a better way.

Splunk Cloud Platform simplifies monitoring across multiple cloud environments, providing real-time insights into operational flow. It also streamlines data conversion, reducing the data-driven process for the company.

Splunk Cloud Platform's machine learning and AI capabilities simplify data management and provide clear visibility into multiple environments.

The AI makes it easy to integrate with other systems and applications in our environment.

The Splunk Cloud Platform reporting provides good insight.

Splunk Cloud Platform significantly boosted our performance and cost-effectively optimized data sets, delivering immediate benefits.

Thanks to the Splunk Cloud Platform we can make decisions within the organization much faster.

Splunk Cloud Platform empowers our organization to access data efficiently, ensuring compliance with privacy and regulations through actionable insights.

Splunk Cloud Platform strengthens our security, particularly in handling complex processes.

The data management and instant search features are the most valuable ones for us, as they allow us to instantly retrieve information needed for reports and security compliance.

Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting. It has been over a year since any significant updates were added to the Splunk Cloud Platform.

I have been using the Splunk Cloud Platform for one year.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is scalable.

Splunk Cloud Platform's resilience is good.

The initial deployment was straightforward. The deployment took around four hours and required two people.

We evaluated Victoria Experience but it was not suitable for our environment.

I would rate Splunk Cloud Platform an eight out of ten.

We have around 150 users.

No maintenance is required from our end.

I recommend Splunk Cloud Platform. It helps monitor all the respective functions.

The primary use cases of Splunk Cloud Platform are security log monitoring and compliance.

The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go. Splunk has multiple features, but the cloud feature comes with that. It is built for a smaller organization, but that's how organizations grow. The solution is good for a new budding organizational group.

Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS.

I would like to see more integrations because integration is related to bringing in more data. More integrations would increase the visibility and customer's point of scope. Customers are initially tied to one platform and stick to it because of its feasibility. Integration becomes a major challenge when they want to bring in different solutions.

Once they have different integrations from Splunk, they need not worry about security, things to monitor, or what compliance they must meet. Everything will be physical, and integration will bring in a lot of things.

I have been working with Splunk Cloud Platform for one and a half years.

Splunk Cloud Platform is a stable solution.

Splunk Cloud Platform's technical support is good. The support's technical capabilities are always great because everyone who is capable joins in and contributes. However, at a high level, we understand there is always a gap in automation. We have process automation that can be resolved or detected by customers.

The flaws in our cloud can be fixed. We can send an integration update to the customer and tell them that you must fix this so everything works fine. For a download-compatible system, you can update an older heavy forwarder version to a newer version to grasp the maximum out of it.

Positive

I have worked with a lot of other products, but not as a cloud solution. I have designed cloud solutions for other products like what Splunk currently has. I have worked with IBM, which has its own cloud platform, cloud monitoring solutions, and security solutions. Similarly, we have other market solutions that will act as a security solution, but they are in different behaviors. We have designed one for other customers, which monitors other cloud and hybrid solutions.

Splunk is currently at the top rating because I haven't explored other ones. I started exploring Microsoft Sentinel, which is a good competition for the Splunk Cloud Platform, and it's a healthy competition. I would like to see a very light-flavored source solution integrated with the Splunk Cloud. Once people start tasting source solutions, they will surely explore them more because that's how hunger is created. Other solutions already have the source solution in them. For example, Sentinel has its own source solution, which they give as an integrated part.

Splunk Cloud Platform’s initial setup was quite easy.

The Splunk team was involved in the solution's deployment.

Splunk Cloud Platform's pricing is a little on the higher end. When smaller organizations start their journey of onboarding log sources or security solutions, they think Splunk is quite worth it. But when they start growing, they feel it's quite eating up their budget on security. So, it is fine for smaller organizations. It all depends on how the discounts are provided.

Splunk Cloud Platform is used in our customer's company. The solution is deployed on the Spunk Cloud in our organization.

Splunk Cloud Platform is a very good product in the market, and you can use it wisely. Compared to other products for the cloud solution, you can use Splunk Cloud Platform for a wide range of tools. Splunk Cloud Platform is the best product to onboard for a new startup or a working good industry with a very small number of people. You don't have to sit in an office and work. You can work it from anywhere and integrate the log sources. That's how easy it is.

The cloud is not for a bigger organization. The one which is sitting in the environment can be used. For example, if you have one terabyte of ingestion per day, that is not what we expect a bigger organization to ingest on a cloud. It would become quite expensive to store, manage, and process.

It is good for smaller organizations because they have around 25, 30, or 100 GB of ingestion per day. If you want to grow bigger and bigger, you can use a hybrid model. If that model is available, that would be great for bigger organizations. For example, the cloud is integrated into the cloud, and on-premise is integrated into data centers. That should work fine.

Splunk does the solution's maintenance. From our side, the local integration material has to be maintained as per the cloud instance. It all depends on the customer. If the customer is fully on the cloud, it should not be a problem. We still have to upgrade heavy forwarders, universal forwarders, and deployment servers. However, the rest is taken care of by Splunk itself.

Our customers monitor multiple cloud environments, which are distinguished in their environment. It is integrated in a different format and not directly integrated. Monitoring multiple cloud environments using the Splunk Cloud Platform’s dashboards is quite easy and reliable.

It's a standard thing. I don't know about other comparative tools, but the first time I used Splunk Cloud Platform, it was quite good enough and can be used for the current organization.

I rate Splunk Cloud Platform's integration with other systems and applications in our environment a seven to eight. This is an average rating where you can see that the growth still has to be achieved. Splunk Cloud Platform should work on its integration with third-party products.

Splunk Cloud Platform has different types of formats, and those are enough. The rest of the reporting, like the presentation, should be done by itself. No one gives those. The reporting that Splunk Cloud Platform currently provides is enough.

It depends on the industry, but for financial or banking industries, Splunk Cloud Platform plays a major role in decision-making. If I want to rate it, you have to consider ten out of ten as Splunk or any other tool before they make any decision. If they have Splunk already, they should consider Splunk as a major partner to integrate and bring in more services apart from bringing any other solutions. That will create a multiple-glass observation, which will not be an easy decision. If one of our customers has Splunk, they must consider it a priority before bringing in any other solution.

Splunk Cloud Platform helps our organization access data for compliance and privacy regulations. Right now, Splunk is so feasible that it can integrate with any tool, anytime, and in any data format. So, it should not be a problem. Anyone brings in data in any format, Splunk Cloud Platform will surely meet it. The only thing is they need a good engineer to design it properly so that it brings in data properly.

An organization that does not have a security posture review is considered a zero, not a negative. We don't know when it becomes negative. The day they bring Splunk into the environment, it will obviously increase their visibility. Every time the security posture increases, they get to know the flaws.

Their observation of 24/7 monitoring, compliance, log monitoring, and forensics will come into the picture. They can enable everything in a single solution or product.

Splunk Cloud Platform is a resilient model. SIEM tools can perform post-detection. SIEM is not an EDR tool because it doesn't automatically detect something. A SIEM tool is used for compliance and audit. It is helpful for future investigation because it can record logs and keep them aside.

However, a SIEM tool does not have an automatic detection module. Although it has a prediction model, it does not have an auto-detection or blocking model. It cannot be a resilient tool, but it can be a vigilant tool.

Overall, I rate Splunk Cloud Platform a nine out of ten.

We use it for security monitoring and application monitoring.

We monitor multiple cloud environments. We monitor AWS and Oracle Cloud. It is easy to get all the data into Splunk from our AWS and Oracle Cloud. The integration is comparatively easy when it comes to on-prem versus Splunk Cloud.

It has end-to-end visibility into our cloud-native environment, which is pretty important for us. About 80% of our infrastructure is on AWS. It is pretty important for our digital resiliency to monitor our AWS and Oracle Cloud platforms end to end.

It definitely reduces our mean time to resolve, but I am not sure exactly how much time it has reduced because as a Splunk Cloud customer, we provide our platform to our application teams. 

We have Splunk Enterprise Security and our regular Splunk Enterprise. We use Splunk Enterprise Security for monitoring all our security use cases and our regular Splunk Enterprise for application monitoring. We have our own custom digital apps that we monitor on the enterprise cloud, and all our enterprise security monitoring happens on the Splunk Enterprise Security app. There are so many custom applications that we currently support. 

We do digital transaction monitoring, so when a customer sends some money to a different customer, we monitor the end-to-end transaction of that customer when it happens on the digital platform. It is pretty important for our L1 and L2 teams to monitor that end-to-end transaction. 

With Splunk in place, we can identify the bottlenecks where transactions are getting held and immediately take necessary actions to release the transaction and reach the customer. That improves the transaction time frame. There is improvement in terms of how many analysts are monitoring how many transactions and how fast transactions are happening from end to end. It improves our performance and customer experience. It is also easy to monitor end to end transactions.

They can offer more self-service capability to their customers. Currently, most of the things happen behind the Splunk Cloud Platform. As a customer, I do not have an opportunity to see my platform. If they can offer more self-service to see the health of my endpoints and stack, it would be appreciated. 

Their support also needs improvement. I have had issues with the support team. When I run into issues, it is always hard to get hold of them and get things done with the support team. Other than that, product-wise, it is very good.

I have been using the Splunk Cloud Platform for more than four years.

Its stability is 99.5%, but I have had pretty bad incidents in the last couple of years. Last month, we had an outage for the whole day. Support-wise, I am not happy.

In typical cloud infrastructure, you can add your EC2 on demand based on the load of your customers, but with the Splunk Cloud, that is not the case. They assign a fixed number of searches and indexes. They have named it as a cloud, but it is still an on-prem instance sitting in their cloud, so in terms of scalability, I do not see much advantage with Splunk Cloud because, at the end of the day, you get approval from your Splunk account team or a management team to add a new instance into your cluster. 

The support that we get from Splunk is not always great. Whenever we have issues, we have to chase them to get the answers. When we have an incident, identifying the root cause of that incident with the Splunk Cloud support team is always a pain. The Splunk team should improve their customer support experience. I love the product, but the only issue is getting support. I would rate them a three out of ten.

Negative

We had IBM QRadar, and we moved from IBM QRadar to Splunk Cloud. Cost-wise, Splunk is a premium solution. We pay more, but we get a better experience with Splunk Cloud Platform. It is easy to manage. There is a better user experience. When it comes to identifying issues, it is pretty easy with Splunk. Cost-wise, we have not saved much, but in terms of resiliency and digital experience, we get a lot from Splunk.

We get a lot of capabilities with Splunk Cloud and Splunk Enterprise Security. We also do application monitoring, and we wanted to embed both solutions into one. That is the whole reason we got Splunk.

We have a bunch of tools, not just Splunk, in our ecosystem. Splunk is one of our tools for monitoring purposes. We have other tools for alert management, global alert repository, etc. In our ecosystem, Splunk serves the main purpose of detecting and bringing the issues to our analysts to resolve them. Splunk plays a vital role.

I was initially involved in the whole migration process. We used to have the Splunk on-prem instance, and only application teams were utilizing it. We bought the Splunk Cloud Platform, and we merged both the application and security into the Splunk Cloud Platform.

Cloud deployment is pretty easy because you do not have to manage any of your infrastructure. They take care of that. 

We could see its time to value in roughly one year to sixteen months. We started the migration and moved to the cloud, and in a year to sixteen months, we could see a return on investment.

The ROI is in terms of the mean time to resolve the issues. We could do all of our security monitoring and enterprise security. We integrated security monitoring with our SOAR platform. We have so many L1 and L2 teams using Splunk day in and day out to monitor the transactions. They definitely have more visibility and reduced mean time to resolve the issues. They can identify an issue pretty fast. 

Currently, we have the ingest-based license. They are offering SVC-based licenses as well, but I am not a fan of SVC-based licensing. At the end of the day, I want to predict my budget and how much I am going to pay to the vendor so that I can plan my yearly budget.

I would always suggest going with the ingest-based license because you can control how much you want to ingest. It feels like you will be paying less when you switch to SVC-based licensing, but this is not true because you cannot control your users and what kind of searches they want to run. If you go for that, you will need a whole lot of manual effort to control your users.

We evaluated Elasticsearch. We evaluated Exabeam. We evaluated one more solution. Among all the solutions in the market, Splunk is the best.

The good thing with Splunk is that you can search your data across all the indexes pretty fast. The way the processing language works with Splunk is awesome. Most of my analysts can search the data as quickly as possible, whereas, with the other solution, there was always a lag while searching for data. With Elasticsearch, you have very limited capability to search across the whole platform. It is very easy with Splunk. The secret sauce of Splunk is the way they index the data. That is the main difference between Splunk and its competitors.

I would rate the Splunk Cloud Platform a nine out of ten. The product is good. The only issue is the support.

The primary benefit that I get from attending the Splunk Conference is to be able to see all the new features that Splunk is releasing and how to use them and implement them in my infrastructure, platform, or ecosystem. I also get to know how other organizations are using Splunk to solve their use cases. Another thing is that we have so many vendors utilizing Splunk as their base and building so many new products. I visited one of the booths, and I was very impressed with their booth. They are doing all the content validation, security validation, and simulation of attacks. They are using their tool, and they have integrated it with Splunk. They are bringing all the data into Splunk to showcase how to maintain the hygiene of the content. That impressed me a lot. When I attend Splunk conferences, I get to see how others are utilizing Splunk as their base and building new tools out of that. It gives me some ideas of how to implement it in our organization. Of course, we cannot implement everything, but at least we can see the best fit for our platform.