Splunk Cloud Platform Reviews

We use Splunk Cloud Platform to monitor our environment.

Monitoring multiple cloud environments is made easy with the Splunk Cloud Platform due to its fast ingestion and data recovery times.

Splunk's visibility into multiple environments is excellent. I have found that a hybrid environment works the best, as the login portion remains on-premises while the rest is in the cloud. This reduces the maintenance required on-premises.

There are two types of integration. The first involves bringing something into Splunk, while the second entails moving something out of Splunk. Bringing data into Splunk is relatively straightforward, with multiple options such as RAS, SysLog, and Splunk's built-in functions. However, exporting data from Splunk is more challenging and not as straightforward as the process of bringing data into Splunk.

Splunk Cloud Platform has influenced our decision-making processes. Splunk is primarily employed for security purposes; thus, it excels particularly in SIM. It encompasses an asset and identity framework that effectively gathers information about an organization's assets and individual identities, encompassing all users. Therefore, when considering Unified Business and SIM, Splunk proves to be highly proficient. 

The cloud performance is good.

Not having to perform any maintenance because it is handled by Splunk saves our administrators time which is valuable.

Splunk should offer various options for real-time monitoring. If we could enhance the speed of data ingestion or data retrieval, that would be an added advantage. Additionally, there is room for improvement in SaaS-to-SaaS integration. I believe that reintroducing HTML dashboards would be beneficial, as they provide dedicated web features. This, in turn, gives users the flexibility and freedom to create custom dashboards more easily.

I have been using Splunk Cloud Platform for five years.

I would rate the stability of the Splunk Cloud Platform as an eight out of ten. We still encounter some lagging and errors, but not as much as with the on-premises deployment.

I occasionally get in touch with Splunk technical support, usually regarding data onboarding. These include routine activities like installing or uninstalling applications, as well as making changes to existing ones. On average, we submit at least one ticket per week to them.

I have used many tools including Elastic, Grafana, Tableau, and Sumo Logic.

Splunk is indeed superior in many cases, but other tools are also making progress to catch up, with Elastic being one of them. They have begun developing their own SIM offering, complete with its own SIM features. Similar to Splunk Cloud, Elastic also has its Elastic Cloud Stack. Some of the features provided by Elastic seem to outperform Splunk. Therefore, there is room for Splunk to enhance these aspects. As for pricing, it could be more competitive, considering that other tools also provide the freedom to choose the Cloud Stack. Although Splunk offers this flexibility, the process often involves extensive discussions, making it less adaptable compared to other tools.

The initial setup is somewhat complex regarding the CI/CD pipeline, and Splunk manages the deployment. Splunk provides a feature called ACS, which enables us to manage the deployment ourselves if desired, but it's simpler to have Splunk handle the deployment on our behalf.

The deployment took around one month and required ten people from Splunk's DevOps team.

The implementation was completed by Splunk.

The pricing is high for small organizations. The cost makes more sense for organizations that have a large amount of data ranges.

I would rate Splunk Cloud Platform an eight out of ten.

There are numerous tools that offer real-time reporting and alerting capabilities. Splunk is indeed effective, but due to the prerequisite of registering logs beforehand, a delay is inevitably introduced. Therefore, while Splunk is suitable for real-time reporting alerts, it may not be as optimal as some alternative solutions.

Resilience has added value and contributed to the improvement of our organization. This is highly significant. In most cases, the SOC team relies on the tool for issue mitigation and ticket resolution. Therefore, it is crucial for Splunk to remain consistently up-to-date and respond as quickly as possible. This holds immense importance.

The extensibility is good, but there is room for improvement, especially in integrating certain logs. Enhancing the process of incorporating raised logs is possible. In most cases now there are limitations on log creation. Previously, a direct option existed to import logs. However, this process has been altered, requiring users to develop an add-on for log integration, leading to increased complexity. Furthermore, users are expected to have knowledge of Python. This can be problematic in cases where users lack such expertise. Therefore, this aspect could certainly be enhanced.

For those who want to evaluate Splunk, it comes down to the volume of data. If they are dealing with a substantial amount of data flowing into their SIM, Splunk would be the superior option. Splunk effectively manages extensive datasets in comparison to other technologies. It also offers numerous additional functionalities, such as an enterprise security suite, assets, and identity framework. Moreover, it has undergone industry testing and has been employed in the field for a considerable duration. In contrast to other organizations, they provide a wealth of features.

I use the solution to create alerts for different servers. I also create dashboards in Splunk.

We have a lot of servers. It was hard to track which were down as we didn't have a monitoring platform. Splunk changes that. It receives data and if it doesn't get any data, it creates an alert so we are notified if something is down.

We also use it for making reports to help make management easier. 

The monitoring of servers for high CPU utilization helps us out. If there are offline servers or high utilizations, we can see the incidents and optimize our processes. 

The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way. 

The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support. 

We can monitor multiple cloud environments, including Azure and AWS. 

It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.

We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.

We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability. 

The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems. 

The cloud has helped us with decision-making. It helps make maintenance decisions very easy.

It's very resilient. 

Testing can handle a lot of logs, however, we are unsure if the speed will be affected.

When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.

There are some issues with Splunk blocking some shared mailboxes. 

Support could be improved. 

I have been using the solution for five years.

The Splunk cloud is very stable. I've never experienced crashing. If there are issues, they will notify us. It doesn't take long to resolve issues at all. Things tend to be resolved in an hour or so. 

The solution is very scalable. 

I haven't experienced the extensibility, or the ability to extend the system, however, my understanding is that it is very good. We have yet to upgrade it.

When we have high-priority tickets, it's hard getting help efficiently. We'd prefer to call. It takes time to get someone to help. We've had to submit tickets via the portal, and they asked us to call instead. It's hard to get above P1.

It would be ideal to get a specific phone number or email so that we do not have to wait hours to get help.

We do have different Splunk support services where we talk to them bi-weekly, and at that point, we can talk about any high-priority issues. They do try to help us with queries. 

Positive

We previously used Splunk on-premises. 

I do not have any experience with the initial setup. Since it is a cloud deployment, Splunk handles the maintenance mainly.

I'm not aware of the exact pricing. That said, my understanding is that it is very reasonable. However, every application has a price. We need separate licenses for everything. They don't have any bundles. 

For the first few years, I used the solution on-premises, and then I moved over to the cloud. 

I use the classic dashboard; I don't yet use the studio. 

It has not yet affected our security posture. 

We have not yet explored federated search. 

I'd rate the solution ten out of ten.

If a user is planning to use the Cloud Platform is to consider the pricing. It's fast to access and there is no downtime. It's very good from a user perspective. I'm happy with it. It's helpful.

Users should work to maximize the power of Splunk to get the most out of it. Leverage the applications, including security. 

On Splunk Cloud, I mainly look for errors in applications or issues that come up with our internal applications. I have also used it to create dashboards and display customer data to customers in an effective way so that they have insights into their data.

There is less overhead now for infrastructure management. There are fewer issues that we have to worry about on the infrastructure side. This has freed up more of our resources' time to work toward initiatives on the Splunk platform itself. It is hard to measure the time savings. If one resource was working on it, that resource could save anywhere between 15 to 20 hours a week.

It must have reduced our MTTR, but I have been with Splunk for as long as I have been in my current environment, so I do not have anything to compare it with.

It helped improve our organization’s business resilience. The solution helps us find where errors are and potentially where threats are a lot faster. We can more effectively push out alerts not only to our team but also to the teams across the enterprise. It is nice to have on hand.

It is quite effective at helping us identify problems very quickly. We do not participate in real-time searches within our Splunk environment, but close to real-time is possible, and it is quite effective.

Not having to manage Splunk Cloud's infrastructure is valuable. Being able to deploy within the cloud and not having to manually manage our configs on the infrastructure side and set up our own architectures has been the biggest help.

Other than that, the new Dashboard Studio has been a pretty big win, but I do not know whether that is more cloud-specific or not. Dashboard Studio has a cleaner look for customers that want to see their data but not necessarily search. For the customers that want to see their data, having an easy and effective way to drag and drop to see where things are going to be if they want to change them has been pretty beneficial.

They can streamline the process of creating custom apps. I do not have a lot of experience with it. It was not very difficult for me to do so, but there is probably a better way to present the ability for people to push their own custom apps to the platform and go through Splunk's manual and automatic reviewing process.

I have been using this solution for about three years.

I have not seen any downsides when it comes to uptime and availability. Being in the cloud reduces downtime, especially compared to being on-prem where if something goes wrong, you will have to go in and fix that infrastructure yourself.  I have not necessarily seen significant downtime with Splunk Cloud or on-prem at this time.

I quite enjoy the fact that if we need more indexes or search heads, it is very easy to plug and play with Splunk Cloud. With the infrastructure model that we had before, we would have to go in, set up a new search head out to the cluster, and add a new indexer to the cluster if we needed it. It will have more benefits going forward as we move more and more into the cloud.

I have worked with Splunk support, and I would rate them an eight out of ten. It depends on where you are and what project you are working on at the time. It would be quite beneficial to work with them if you have a specific project that you are working on, and they have some insight into it. I do not work with support too often myself. Usually, one of our Splunk Infrastructure managers works with them, but there is always room for improvement. Availability in terms of making the time to gain insight into specific projects and problems that we are having is an area that can be improved.

Positive

My company has been with Splunk for quite some time now. We are well integrated at this point, and we are in the process of migrating over to Splunk Cloud specifically. We used Splunk on-prem for a while. We are currently in a hybrid situation, and we are making our way toward being completely on the cloud.

I help from time to time with the migration process, but I am not necessarily in charge of the total migration functions that we currently have today. The most I have done in terms of deploying to the cloud was creating a custom alert action for the cloud environment, which is one of my biggest contributions so far. I am not completely in charge of it, but from time to time, I will assist in the migration process. It is a bit of a learning curve, but once you get more and more familiarized with the cloud and how to benefit from it by using features like federated search, it becomes easier. It is somewhere in between in terms of complexity.

We would have seen an ROI. I do not have a specific number, but assuming that we did not have Splunk Cloud, we would have to manage our own infrastructure. Not having to manage nearly as much infrastructure and not having to have the personnel to manage that infrastructure on a regular basis, frees up that time for them to do what they are really designed to do. This has definitely added value.

I am a little bit familiar with the pricing and licensing model. I am not sure about the particular pieces of the actual price that we have, but I do like the idea of going towards a more CPU-based approach rather than the ingesting approach. This CPU-based approach gives us the ability to ingest more data if we need it.

The biggest value that I get from attending Splunk conferences is the insights from everybody here. You have people from many different companies doing very different things and deploying very different models within their different Splunk instances. You get an idea of where everybody lands and maybe grab some ideas that you would not necessarily have thought of by looking at it from the inside of someone who is in a completely different field than you are.

There is definitely a big difference between Splunk Cloud and on-prem. For me, one of Splunk on-prem's biggest features is being able to deploy my own custom applications internally, which is something that is a bit of a process with Splunk Cloud. So, given the information that I have, I would rate it a seven out of ten.

My role is in observability. 

Some of our internal systems send data into Splunk Cloud. We had dashboards for our team's KPIs. We can check to see how fast the team reacts to events. Those reaction times a recordreed and sent to Splunk. From there, we can draw some dashboards. We can check to see who is doing well and who needs to improve. The power Splunk admins started moving into the Cloud.

The primary use cases are for team KPIs, log analytics, and error search. We would look for the relation of different events and draw dashboards to see how bad things were veering off from the timeline that we wanted to see. 

Splunk helped us shape the picture of our team and enabled management to see who should be rewarded and who should be coached. It helped outline where KPIs were not being met. We could sit down and discuss what happened, and why it did not go as planned, and then we could make improvements in the processes. It helped us draw a broader picture of the entire team's capabilities.

With Splunk, everything is centralized, everything is in one place. We don't have to scramble and approach Splunk admins where to look. 

In terms of networking, we managed to build good dashboards. We have a lot of firewalls and rules. If a new service comes up, if they don't have a firewall and nothing works, we can look at the Splunk dashboard and see the particular network flow and see if firewalls are blocking traffic. This is a Splunk function that people are happy and excited about. It shows us valuable information in an easy-to-understand way.

It's very important for us that Cloud Platform offers end-to-end visibility into our cloud-native environment. More and more functions are moving to the cloud, so it's not only for observability to see the system, but it's also for management and senior management to see that all of their applications are running as intended. If we try to spread out applications through multiple vendors, multiple regions, access groups, and whatnot, it becomes pretty important. It may become a challenge because of that spread. It brings resilience, but it also makes it more difficult to look after everything.

We want to achieve having everything in a single view. Senior management wants to make sure that everything is running well. The application team's developers want to have a granular review. 

Splunk reduced our mean time to resolve by 30%. If an application starts misbehaving, we send logs to Splunk and check to see what's going on and see what's happening.

The dashboards are the most valuable feature. It's all of the information in one place. We can build it ourselves, so we can make it the way we like. 

Since I work on data collection from external sources and send them into Splunk, I miss its ability to collect that data through REST API applications. I would like the ability to configure an endpoint, set it on Splunk, and set a schedule for it to pull information every ten minutes, and pull this endpoint information. I could search through it, look for keywords, restructure the data that's brought back to me, and then store it in the Splunk index. This is not available and if it is available, it is bare bones. I would like Splunk to have this function by default.

We started using Splunk seven years ago. We started with Splunk on-prem and then moved to Splunk Cloud. 

I never had any stability issues. 

I use support rarely but so far, it's been fine. 

I would rate it an eight out of ten. My cases weren't that critical so it took a little longer to solve. 

Positive

We have not achieved cost efficiencies by switching to Splunk. There will be some cost discussions in cost optimization. 

We log a lot of data which may have impacted our licensing cost.

We also looked at Datadog but it wasn't cost-efficient to log with two tools.

We monitor multiple cloud environments. I heard that it's more straightforward to monitor multiple cloud environments with AWS. Azure doesn't work as intended, there were some issues collecting data from it.

I would rate Splunk Cloud Platform seven out of ten. I really miss REST API abilities. 

I used it in my last organization for monitoring, intrusion detection, and intrusion prevention.

We wanted to take preventative actions so we implemented it.

The monthly security reports were detailed, and we got to know about a lot of vulnerabilities that we did not know about before.

It integrated well with other systems and applications in our environment. I would rate it a ten out of ten in terms of integration.

Splunk Cloud Platform had a good impact on decision-making processes in our organization.

It was helpful for data access for compliance and privacy regulations. I would rate it a nine out of ten in this aspect.

Splunk Cloud Platform had a very good impact on our organization’s security posture. The resilience that it offered was very important because we were dealing with client data.

For reporting, a lot of manual intervention was required to create the reports, but after that, it worked well.

Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable. 

We had multiple cloud environments. It was easy to monitor multiple cloud environments using the Splunk Cloud Platform’s dashboard.

Considering its price point, it does not need any improvement. However, it does require manual implementation.

There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that.

I worked with this solution for one year and a half.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability and extensibility.

I got great support from them every time. I would rate them a ten out of ten.

Positive

We were not using any similar solution previously.

It was deployed on a public cloud. Its setup was quite complicated. A lot of steps were involved in implementing it.

We had some engineers from Splunk to advise on a couple of things.

We had three people involved in the deployment. They were all cloud engineers.

It did require maintenance. We had one person involved in the maintenance.

It was a good model.

We evaluated other solutions, but I do not remember the names. I know there was one from AT&T.

I would rate Splunk Cloud Platform a nine out of ten.

We are primarily using it for InfoSec, cybersecurity intelligence, information gathering, and forensics. We also do a little bit of application performance monitoring for some appliances that can only be monitored through log ingestion.

We are starting to monitor multiple cloud environments. We have our internal cloud, and we are migrating to AWS. We are engaged in that path. In terms of monitoring, it is more or less the same because we are using the same integration pattern, which is to use Ivy folders and gather logs. We use it at its minimum, but the way I see it at the Splunk conference, we can go further. Will we go further? That is a million-dollar question.

It has end-to-end visibility into our cloud-native environment. For sure, it is important for operation and application support, but we need to embark our staff and management for that. They are the ones who are committing big dollars to that.

It has not reduced our mean time to resolve because we are using other tools as well. We are aiming to go on that path in the coming months.

It specifically has not improved our organization's resilience. There are a myriad of modern tools that we are implementing. Splunk is one of them. It is one of them helping us.

Index Manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team.

The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good.

We have owned Splunk Cloud Platform for the last year and a half.

The stability of the solution is quite good. 

We had challenges with the sizing of the cloud tenant that we purchased, but that was based on past decisions, so we are stuck with that until our next move. That should come in the next year. At that time, we will resize the tenant in a more efficient way, so scalability does not apply because the tenant we bought is a closed one. There is no scalability on either side. I learned that after the fact, so I am not impressed because we did not buy it. I guess people who buy that type can have good feedback on scalability.

We migrated from an on-premise solution that we had for about three years. We saw cost efficiency when we went from on-premise to the cloud, but I do not manage the budget.

We are using Dynatrace in parallel. We used Splunk as a cybersecurity tool, and we embraced Dynatrace a few years ago. So far, Dynatrace does a great job. Splunk is closing the gap. With today's announcement at the Splunk Conference, they are catching up. We are also using Microsoft SCOM, so it is a trio. It helps us do a better job.

I was not involved with the setup of the on-prem one, but I was involved with the migration to the cloud. My experience was interesting because I started from zero, but with the help of Splunk's professional teams, we could achieve our project. On a personal side, it helped me to gather the knowledge that brought me here at the Splunk conference.

The setup is always challenging. We had four or five people involved in the migration. We also involved a lot of key players in application migration. We had 20 to 30 people involved at some point in the migration path.

We used professional services.

We have, for sure, seen an ROI with Splunk. Our DevOps team is able to gather faster answers to their questions. Obviously, it brings value, whether it is Splunk or any other tool. 

We could see the ROI in a few months. We gave time to our DevOps specialists to embrace the solution and get used to it. From there, as they made their own usage and use cases of the tool, it gave them speed to achieve what they were looking for.

I would rate Splunk Cloud Platform a seven out of ten.

We're migrating our on-prem environment to Splunk Cloud Platform. We're consolidating two separate Spark clusters because of a merger. Our primary use case is for unifying all of that data into one place.

It's made searching for data easier. Users like it. We're still in the migration process, but overall, it's a lot easier to use.

It's important to use that Splunk has end-to-end visibility in our native environments. We have to have that visibility because we manage multiple app applications that rely on it.

Splunk helped to improve our organization's business resilience. That's very important to us. Our users rely on Splunk heavily for the health of their applications. It helps them to get ahead of issues, and if there is an outage, it enables them to resolve them faster.

Splunk gives the different application owners the ability to configure alerting specific to their needs so they can customize it however they want. If they know their applications better than you know, admins, I'll give them that flexibility.

The administration could use improvement. We have to rely on support more often than we're used to.

We have been using Splunk Cloud Platform for nine months.

Stability has so far been good. We haven't had any issues.

Their support is great, especially the agent that we have now. They're very responsive, willing to help out, and give suggestions.

Positive

We previously used Splunk Enterprise. We switched to Cloud Platform because we wanted to consolidate a couple of instances to one place and we're moving our security team to the cloud. 

I wasn't involved in the setup directly but I was aware of what they were doing. The setup is a little complex. We had some issues we had to deal with. Bringing both environments together and getting the different environments to communicate with Splunk Cloud was complex. We have a lot of data. Getting a handle on that before we were able to start sending data to the cloud was complex. 

It's expensive. We're still trying to figure out Cloud licensing. 

It's not so easy to monitor multi-cloud environments using Splunk. We have some difficulties, but we have some things in place, but it's not easy.

I would rate Splunk Cloud Platform an eight out of ten. There's a lot we haven't tapped into yet, so the rating can go up.

We mostly use Splunk Cloud Platform for monitoring performance and looking for performance events.

We have seen many benefits of Splunk Cloud Platform, which is why we are still using it. With the alerting, we can find outages faster, and we can find performance impacts faster. We are then able to use them to diagnose and dig through our logs to find out what possibly caused it or look for a time when it happened to find a correlating deployment or something else that caused the problem.

We monitor multiple cloud environments. Splunk Cloud Platform is pretty good for monitoring multiple cloud environments. We have it all come into the same index irrespective of the system. Even though we have multiple data centers, everything comes into the same Splunk index, so we monitor it all in the same place.

Splunk Cloud Platform has end-to-end visibility into our cloud-native environment, which is very important for us because otherwise, we would not be able to have the data or be able to diagnose and find issues.

We have been using Splunk Cloud Platform for a very long time. I do not even know a time without it, so it is hard to say how much it has reduced our mean time to resolve (MTTR).

Splunk Cloud Platform has improved our organization’s business resilience. We use it very heavily to look for issues that may arise. In terms of Splunk’s ability to predict, identify, and solve problems in real-time, we mostly rely on our own searches. We do not rely on a lot of advanced observability features. We are mostly using our own alerts that we have written and our own dashboards.

Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening.

Its performance can be better. The searches sometimes take a long time. There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use.

Their support can also be better.

I have been using this platform for 12 years.

Its stability has been very good. We have only had a few outages that I can remember where Splunk has been down.

Its scalability seems okay. Most of our issues come with our data storage. We are storing mass amounts of data, and it seems to handle that right now.

Their support has been lacking a little bit. We have several outstanding bugs that have not been fixed yet, and we are still waiting for Splunk to fix them. For example, we cannot use Splunk Mobile because of an issue with the authentication and what permissions are available. We have not been able to use Splunk Mobile since the new app. I have used the old apps, and I was quite disappointed when they were broken. I have never been able to use the new app.

I would rate them a seven out of ten. For emergency issues, they are good. For lower-priority issues, we are still waiting.

Neutral

I was not involved in its deployment.

I know that the company evaluated a few other solutions, but I have not been as involved in those. We are still using Splunk.

I would rate Splunk Cloud Platform a nine out of ten because it does a good job at what it does. I wish I could use the mobile app, but the rest of it works very well.

The best value that I have received by attending Splunk conferences is finding out new things that I can do with my own job. Most of the time, it is disappointing because a lot of the new features have new applications that we have to buy, and I have no say in the purchase of new applications. However, there have been some new improvements in the applications that we already have, and I come for those updates. I am able to see if the new features in the existing applications are more useful to me.