Splunk Cloud Platform Reviews

My manager typically requests dashboards, alerts, and scheduled reports. Based on their specific requirements, I create reports and dashboards that visualize the data. We leverage the Splunk Cloud Platform to fulfill these needs.

Additionally, my teammates may approach me for insights. I analyze the data and provide them with these insights, which they then use for team meetings and further data analysis. This ultimately helps them make informed decisions.

Splunk Cloud Platform improves our incident response time by enabling the retrieval of large data volumes. The platform offers impressive search speeds, and we don't need additional SQL commands to optimize response times.

We saw immediate benefits from the Splunk Cloud Platform. Being able to access and analyze logs provided valuable insights.

Splunk's impact on decision-making is significant. I have access to all the data I need, and it is always reliable.

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

I have been using Splunk Cloud Platform for 2 years.

It is reliable. In my experience working with virtual machines, any search lags are likely due to the VMs themselves, not Splunk.

I would rate the stability 8 out of 10.

Splunk Cloud Platform is horizontal scaling. So it is easy to scale based on the data we are using.

I would rate the scalability of Splunk Cloud Platform 9 out of 10. 

Deploying Splunk Cloud Platform requires knowledge of the Splunk architecture, the deployment server, and the components.

We have seen a return on investment.

The certifications are costly.

I would rate Splunk Cloud Platform 8 out of 10.

The maintenance required is minimal.

The resilience of Splunk is good.

I recommend the product.

Splunk Cloud Platform is a powerful tool for handling big data. To get the most out of it, understanding both the developer and administrator sides is beneficial. The platform offers broad compatibility with various technologies and allows for easy scaling to accommodate your needs.

Splunk Cloud Platform was very useful for us. With the on-prem setup, we had to maintain all the servers and take care of the upgrades, whereas with Splunk Cloud Platform, we did not have to bother about that. Everything was handled by the Splunk support team.

It was sufficient for us to monitor multiple cloud environments. The visibility that it provided into multiple environments was good.

We used Splunk Cloud Platform for business processes and security. It helped us a lot. On the business side, as a banking organization, it was helpful for reports and alerts. On the security side as well, Splunk was helpful. We could see any security breach. It was also helpful for smooth operations. If any issue happened or any server was down, it automatically alerted us.

Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side.

We integrated it with other applications in our environment. It integrates well. We did not face any issues on the integration side.

The reporting offered by Splunk Cloud Platform is also good.

I faced a few minor issues with Splunk Cloud Platform. In the case of knowledge objects, even a Splunk admin does not have access to delete them.  If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects. 

Everything else was good. It already had all the features. We did not require any new features.

I used this solution for almost ten months in my previous organization. Currently, I am not using it. I last used it about five months ago.

It was stable. We did not see many issues. Any issues were on the physical servers, not on the Splunk Cloud side.

It is scalable. We had more than 2,000 users in our organization. It was being used by more than 150 departments.

Onboarding end-users was easy. I was a Splunk admin, and I was also an end-user. I could provide access to other end-users directly.

Their technical support was good. I would rate them a five out of ten because we worked in the Australian time zone, and the tech support team that we usually got did not have much knowledge. They took time to resolve issues.

Neutral

In our organization, we used multiple products. We had Dynatrace and other products, but we mostly preferred Splunk. It was more user-friendly than others, and we could search everything easily. We could create dashboards. Other products were more difficult.

It took us a long time to switch from on-prem to the cloud. It took almost four to five months.

We took the help of the Splunk team for migration, but after that, we did not take their help. We took care of onboarding and other things. It was easy. If any issue came up, we contacted the Splunk support team.

I do not have much idea about the price. We previously used 1 GB at the cost of $600. Both on-prem and cloud licenses have the same price. There is no difference. 

It did not impact the cost because the costs of the on-prem license and the cloud license are the same. We did not have any issues with that. Overall, its price is reasonable.

I would recommend moving to the cloud because you do not have to maintain physical servers and infrastructure. Everything is handled by the cloud provider. 

Overall, I would rate Splunk Cloud Platform a nine out of ten.

We use Splunk Cloud Platform for IT operations, IT security, and business value. 

We implemented Splunk Cloud Platform to resolve our IT security issues.

The federated search feature is a valuable tool that can be used effectively in the right architecture. However, the extent it is utilized will vary depending on the customer's needs. In my experience, more advanced customers tend to use this feature more heavily.

Splunk Cloud Platform provides good visibility into multiple environments, including cloud, on-premises, and hybrid.

Splunk Cloud Platform is the best tool for a reason. It is a high-functioning solution with high integration for getting data in and out, and it is customizable.

The most significant benefit of using Splunk Cloud Platform is the freedom of data. The security team can see the data that's relevant to them, IT Ops can see the data that's relevant to them, and the business can see the data that's relevant to them. Sometimes, the same data is applicable to all three groups. Sometimes, it's not. But everyone has access to the data, and it's immutable. It can't be changed or deleted. The ability of all of these departments to leverage the same data is how Splunk Cloud Platform has benefited our company the most.

Splunk Cloud Platform has helped us make key decisions, such as cost-saving decisions related to licensing. It has also improved uptime and helped us improve performance in areas where our network or servers were not performing well. Additionally, it has helped us make better business and IT decisions and has supported our planned growth.

Splunk Cloud Platform helps us access data for compliance and privacy regulations. It currently has the features to mask data, perform the least privileged access, and provide only certain commands and functions within the platform.

We are the best in the industry because of Splunk Cloud Platform. Splunk Cloud Platform fills the SIEM role for our organization, and without the best SIEM, we would be no better than our competitors.

Splunk's extensibility is one of its best features. It offers a wide variety of ways to ingest data, generate reports, and create dashboards. Its integrations with other systems are also very impressive.

Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration.

The reporting provided by Splunk Cloud Platform is often good, but it only provides the data and not the flash, whereas the other platforms provide both. From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it.

Navigating the solution can be more user-friendly.

The documentation has room for improvement and the price is high and can be improved.

I have been using the Splunk Cloud Platform for over five years.

When architected properly and maintained to an optimum level, Splunk Cloud Platform is unbelievably stable.

One of Splunk Cloud Platform's key selling points is its ability to scale to petabytes and beyond.

Base-level support is suboptimal. Enterprise customers need the premium support package. Responses are often delayed, and resolution is slow.

Neutral

Over the past 25 years, I have used several different solutions. In the past, I preferred using a terminal interface rather than a web interface. Splunk has an API and a mobile app, but ultimately, Splunk users are confined to their browsers. This is one thing I would like to change, as I would prefer to be able to use Splunk outside of a browser. However, this is also one of Splunk's biggest advantages, as it is a universal platform.

We used Splunk Enterprise before migrating to Splunk Cloud Platform.

My knowledge of Splunk has since grown exponentially, but the first time I deployed Splunk Enterprise eight years ago, it was unbelievably hard. There were so many moving parts and things to consider. It was too much for one person to figure out, and I didn't have the budget to get help from the Splunk team.

The cost of using Splunk Cloud Platform is high, but the value it provides is worth the investment.

I give Splunk Cloud Platform a nine out of ten.

Monitoring multiple cloud environments is never easy. We are looking forward to new features from our cloud partners, such as AWS Security Data Lake, Google, and Microsoft. These features will make it easier to integrate our cloud environments. Splunk Cloud Platform is currently the best solution for collecting data from multiple cloud environments. AWS has five million different ways to export data, and we need to use all of them to collect all of the security and IT-related data. Splunk supports all of these data sources.

A year ago, I would have said that Splunk needed automated response, an easy-to-detect, easy-to-run, and manage business analytics platform, a user and entity-based business analytics platform that is integrated within the product, threat intelligence, and a current dashboarding tool. Splunk now has all of these features. A year ago, Splunk's competitors had these features, but Splunk did not. Splunk has since acquired or developed these features in-house. Very little in Splunk's product is not tightly integrated into the current releases. If someone is starting from scratch, meaning they are just rolling out a new security solution, and they do not choose Splunk, they are making a mistake. Splunk provides so much of everything that it is the best choice for most organizations.

We perform daily maintenance on the solution.

I advise new users to find someone who knows Splunk. Even a good technical person will not be able to do this on their own. They are not going to train them on day one. Good technical people who know Splunk are valuable assets, so they should seek them out and get them on the project.

We use it for security investigations and alerting.

The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance. 

The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.

I have been using it for about two years.

From what I've seen so far, stability has been great.

The actual technical reps we've had have been fair. I'd rate them a seven on a scale from one to ten.

Neutral

We previously used LogRhythm. We switched to Splunk. It was an on-prem setup, so it was tough to maintain. It wasn't very reliable, and we always had to deal with hardware issues.

I haven't been hands-on with the deployment, but Splunk's deployment has been smooth. We also have Enterprise Security, which has been a little more difficult.

We have not calculated in dollars, but it has definitely saved us time.

We evaluated other options. I wasn't directly involved in all the decision-making processes, but from a user standpoint, it was the cost and the future possibilities of adding SOAR that made Splunk Cloud Platform seem like the best option for us.

I would rate it an eight out of ten, mainly due to the difficulty we've had with the Enterprise Security side.

The Splunk Cloud platform is for anyone who wants to save money and doesn't want to manage an on-prem infrastructure. I like the Cloud platform because we don't have to handle any maintenance. Any server downtime, upgrades, or patches are no longer our responsibility, which is great. That's the biggest advantage of Splunk Cloud.

Before COVID-19, the Splunk Cloud platform was much more difficult to manage. I've heard it causes a lot of frustration. Thankfully, it's come a long way since then. Now, it's user-friendly and allows app and add-on installations without worrying about accidental breakdowns.

I wouldn't have released Splunk Cloud myself when they did but the shift to remote work during COVID-19 drove everyone to the cloud, making the Splunk Cloud platform a great solution. While the updates focus on features, patches, and maintenance, there's nothing about the Splunk Cloud platform itself that I love other than the fact that we can use it in the cloud without the hassle of any on-prem requirements.

The importance of having one cloud platform depends on an organization's data goals, but at the end of the day, we onboarded the data because it's important. So as long as we have a use case, it's high up there.

Splunk Cloud Platform has improved our mean time to resolve incidents 100 percent. The cloud eliminates the need for upgrades to multi-cluster environments and the risk of errors during configuration, which can cause major problems. While we are not responsible for any Cloud maintenance, Splunk's support is helpful for escalations. Their clear communication about maintenance minimizes the need for their involvement.

While I can't speak to personal cost savings, moving to Splunk Cloud likely saves on storage costs compared to on-premises setups. This is especially valuable because many organizations use Splunk alongside other security products for specific needs. However, some competitors offer better data storage and faster results as add-ons for Splunk. Overall, the biggest cost savings come from eliminating the need for in-house server maintenance, storage management, and future data migrations. This reduces headaches and frees up IT resources, even if the migration itself wasn't a major issue.

I like the idea of being able to list the IPs that we want without having to open up a ticket to get it done so that way if anything changes we can add a new IP. The platform itself is the most valuable because if we're using the product, we're paying a lot for it. So we're searching our data and doing the triage we need to with the events. In reality, our biggest benefit of the Splunk Cloud Platform is not having the hassle on-prem.

Splunk Cloud's SVC licensing model lacks transparency. Customers are unsure of how SVC consumption translates to costs, and there's no easy way to identify what's driving SVC usage within the platform. While some external applications provide limited insight, Splunk Cloud itself doesn't offer a clear view into SVC consumption. This lack of clarity makes it difficult to explain cost spikes to customers, as the cause could be anything within the platform.

I have been using the Splunk Cloud Platform for four years.

The Splunk Cloud Platform is stable.

I have some concerns about the SVC licensing model for deployments under 1 terabyte, and it's separate from Splunk Cloud. The bigger challenge customers face is managing the surge of data and historical information they ingest. This can lead to situations like an admin setting up numerous queries and then leaving, making users hesitant to disable them for fear of breaking something. While this can happen with any product with unchecked admin access, Splunk and Splunk Cloud themselves function as intended for large-scale environments. Ultimately, it's up to the customer to manage their Splunk instance effectively.

Many people complain about back-and-forth interactions with Splunk support. It feels like a repetitive loop of explaining the problem, being asked for information and questioning why it's needed. There's frustration on both sides: support needs details to diagnose the issue, while users might feel it's a simple problem and supplying extra information is unnecessary. This can be true for any customer support experience.

Splunk Cloud deployment complexity varies by use case. Starting fresh is simple: install, configure, and point data to the cloud. However, migrating from on-premises to the cloud with existing data can be complex. Deciding what data to migrate and the migration process itself adds significant challenges, although these are likely to become easier over time.

Splunk Cloud's value is clear: it eliminates maintenance headaches and simplifies connection, offering a hassle-free experience.

The lack of transparency around the SVC licensing makes it difficult to explain the costs to our clients.

I would rate the Splunk Cloud Platform nine out of ten. The rating is not because of customer service. I am strictly looking at the product. I've worked with it for seven years. I've been on over 70 engagements with other customers over those years, and I rarely find a use case that a customer can't solve when it comes to an architect-type scenario, which is great. It's the same thing for data. For the most part, if you know you have data and can get it written down to a file, you can adjust it, which is phenomenal. The on-prem infrastructure consists of only 12 CPUs and 12 RAM if it's hardware, and then you double it if it's virtual. Overall that's very inexpensive to stand up major components. I'm not including storage or any other sizing that can get more complicated. Overall, it doesn't ask much from actual servers if you want to host it on-prem. Even managing it yourself on-prem, is not terrible. The commands are still there, the resources are there to do it yourself. You have community groups out there that help you with questions. There are tons of providers out there that can get you from point A to point B. 

I have always used Splunk but I am open to learning Chronicle soon depending on industry trends. While I believe Splunk remains the top SIEM tool. According to Gartner, competitors like Azure and Oracle are emerging. However, I have not needed to look for other solutions.

We are onboarding everything on it. We have infrastructure, applications, and network-related things on it.

The availability has improved. There is the ease of upgrades. We are able to show value quicker with some of our add-ons and things like that because of the stability in the base.

It is extremely important to me that Splunk Cloud Platform has end-to-end visibility into our cloud-native environment.

Splunk Cloud Platform has definitely helped reduce our mean time to resolve. It is a little hard to measure. It has at least saved 3% of our time.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools. There is ease on resources.

There is definitely the ease of the infrastructure administration. It frees up a lot of time.

I would love to be able to manage my own apps. 

I have been using Splunk Cloud Platform for two years.

Stability and scalability have been the main benefits of this solution.

We have had some confusion around some of our requests, but I understand. We have to work through and get proper responses.

Neutral

We were using on-prem Splunk.

There was a professional service involved. I came into the team right at the time of the cutover. They were pushed into the cloud because things had gotten so out of control on-prem, so we had to clean that up first, and then finish the migration. It was kind of bumpy, but we got through.

We are using AWS. It is managed by Splunk.

We had Aquila as our partner for help with implementation.

We are definitely starting to see an ROI. We have been focused on metrics because we are trying to get very comprehensive and overall monitoring of the environment both from the security standpoint and the infrastructure standpoint.

We have not yet seen any cost efficiencies by switching to Splunk Cloud Platform. We are still maturing it out.

As far as the pricing goes, it was what was expected. It is a premium product. There were no surprises there.

We did not evaluate other solutions. We have always been with Splunk.

We are not monitoring multiple cloud environments, but it seems it would be easy to monitor them.

Overall, I would rate Splunk Cloud Platform an eight out of ten. There is always room for improvement, but it has been good.

We leverage the Splunk Cloud Platform for log ingestion. This allows us to create dashboards, alerts, and reports from security and application log data.

Splunk Cloud Platform offers real-time monitoring capabilities. It continuously ingests data from various sources, allowing us to track its flow. We can set up alerts to be notified of any anomalies, such as spikes in CPU or memory usage. These alerts can be configured to trigger email notifications, keeping us informed of potential issues. Additionally, Splunk Cloud Platform provides real-time dashboards that visualize the data as it's collected.

The federated search feature is useful for our cybersecurity team to complete their log analysis.

Splunk Cloud Platform offers seamless integration with other systems and applications. This is achieved through apps and add-ons developed by Splunk.

Splunk is a good reporting tool. It allows us to generate reports and attach them to emails in CSV or PDF format.

Splunk Cloud Platform has been instrumental in helping our cybersecurity team continuously monitor our data for anomalies and attacks. Its usefulness extends beyond security, though. Teams that ingest their logs into Splunk can monitor various services. If a service goes down, Splunk will trigger an alert. Splunk offers a robust monitoring suite, including dashboards, alerts, and reports. We can monitor system resources like memory and CPU consumption, application logs, Azure logs, and even Office 365 logs. For example, Splunk can reveal who sent emails, who participated in group email threads, and who added or removed members from Active Directory groups. This audit log capability allows us to investigate activity even months or years later. Splunk provides a wide range of use cases for our organization. We noticed these benefits as soon as Splunk started ingesting data.

Splunk has improved our decision-making process thanks to its clear dashboards that help us analyze information and make informed choices.

Splunk has been valuable as a compliance tool because it centralizes log ingestion. Any tool generating logs should be configured to send them to Splunk. This allows us to easily identify compliant applications – those whose logs are collected. Conversely, uncollected logs raise security concerns, as they represent a potential attack surface.

Splunk has significantly improved our organization's security posture. As a primary security tool, Splunk allows us to collect application logs, monitor activity for potential attacks, and conduct searches to identify suspicious behavior.

I like that Splunk Cloud Platform is managed by the vendor.

I like the Cloud monitoring console feature.

I like the support for all the apps and add-ons.

Splunk currently manages the components, which restricts our ability to access them directly. I would like to be granted read access to be able to review the components.

I have been using Splunk Cloud Platform for one and a half years.

The Splunk Cloud Platform is stable as long as we perform proper maintenance to prevent bugs.

This system is very scalable. That means it can be easily adapted to accommodate our needs. We can increase the number of licenses we use, or add more resources like CPU and memory. We can also request additional components, such as adding more user accounts if our team grows from four to eight members. Overall, the scalability of this system is a major advantage.

I would rate the scalability of Splunk Cloud Platform nine out of ten.

Splunk Cloud Platform offers excellent technical support that is both knowledgeable and responsive.

Positive

The initial setup is straightforward but it takes a month or two to complete because of the applications that need to be onboarded.

We first need to calculate the amount of data we need to ingest. Then, based on that amount, we can plan how much data we need to onboard and what components we'll need.

Two experienced people were involved in the deployment.

The implementation was completed in-house.

Splunk Cloud Platform is more expensive than some of its competitors, but it offers a wider range of features.

I would rate the Splunk Cloud Platform eight out of ten.

Splunk Cloud Platform is deployed in multiple locations.

Splunk Cloud Platform requires maintenance.

I recommend the Splunk Cloud Platform to others.

If you're using cloud services, Splunk Cloud Platform is a good option. It minimizes management overhead for you since Splunk handles the underlying infrastructure. Splunk Enterprise however requires more resources to manage.

We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.

The most valuable feature of Splunk Cloud Platform is the alerting feature.

Currently, Splunk Cloud Platform is very easy to use and read. The solution's visualization for the end users is also good. However, setting up the solution or an alert is not straightforward. There's a lot of incompatibility and areas that you have to consider while setting up the solution.

All those things make setting up the solution very complex for regular people who know the business operation. So, they have to hire a third party or a technical person who doesn't understand the business to set it up for them, which usually creates a gap.

When someone who cares about the business and understands its operation sets up the solution, they would set it right. There's always a gap when a technical person or third party sets it up. It may lead to many workarounds to fix issues like alert fatigue or false security. Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly.

I have been using Splunk Cloud Platform for four to five years.

Splunk Cloud Platform is pretty stable, and I don't have any issues.

Splunk Cloud Platform is a scalable solution.

I usually go to forums and discussions to get answers to my issues. You might need a Splunk account username to talk to technical support. When most users I have talked to face a problem, they Google it. I don't know if the technical support would provide you with support if you were stuck.

I have previously used different solutions like DataStage, Datadog, Grafana, and ClickView.

We evaluated other options before choosing the Splunk Cloud Platform. But when a company buys Splunk services, the end users have to use what they have as a resource.

Splunk Cloud Platform is a really good tool for getting alerts and better information about incident management and maintenance. Because of the solution's complex setup, most alerts are set by developers or people who create multiple unnecessary alerts, creating alert fatigue. Compared to other systems, like Dynatrace, Splunk Cloud Platform is not a smart system for analyzing alerts.

As a project manager, I oversee the process of contacting the concerned parties, knowing what needs to be monitored and why they need the alerting mechanism. I was not directly involved in the scripting and adding Splunk Cloud Platform in the back end.

As business requirements change, Splunk Cloud Platform needs maintenance in terms of setting up different parameters, which is not an easy task.

Everybody uses the Splunk Cloud Platform in a different way. I would advise users to share their experiences about technical difficulties in the forums and community. Sometimes, others might go through the same problem without much documentation, and sharing your technical problems might help others.

Overall, I rate Splunk Cloud Platform a seven out of ten.