Splunk Observability Cloud Reviews

Our use cases are basically just bringing log aggregation like application logs into Splunk, working on the integrations with observability. Unfortunately, with our current setup, we just have to implement Log Observer in a couple of instances so that we can have that integration with Splunk Observability Cloud. But mostly, we are working on getting logs into Splunk, so one of the primary things we've been working on is ingesting Azure logs through Event Hub into Splunk and trying to correlate across our disparate platforms.

I don't use any of those. We actually have a security team that works with Splunk Observability Cloud, and we have SOAR, but that's not me. I'm more focused on Splunk Cloud.

My understanding was it was just Splunk. A review of Splunk in general was supposed to be conducted, but there was nothing that specified Splunk Observability Cloud, because I'm not involved with that.

Probably my favorite feature is just the integration through Log Observer, but unfortunately, the PCI requirements we have working with WestJet prevents us from fully implementing Log Observer just because when you do Log Observer, you have to sign a document that states your responsibility for PCI compliance could be broken. That was a hard sell, but we were able to work around it. Other than that, the visibility to track observability traces directly to the application logs was really cool.

It has helped improve the operational performance of our operations. As we start getting our services mapped out in observability, we've been able to bring insights into aspects of the WestJet operations that have surfaced. We recently had an outage that showed up in observability but didn't appear elsewhere. In hindsight, we were able to identify the error from inferred services with visibility into them and now we have alerting set up to notify the team. Just because of the third-party vendor that went down, we were able to show in our observability that this inferred service was not working properly. That was a huge win.

From our experience, the quality of the out-of-the-box dashboards and detectors is okay as a starting point, but we've had to do a lot more custom work. We are working on templating our observability setup for Kubernetes so that when new applications are implemented, they auto-populate existing dashboards and all related components. We're putting in significant effort to build that template out.

Looking at other tools and comparing them to Splunk, the ability to curate the data that is being ingested is a lot more labor-intensive and not as intuitive as some of the competitors. The Edge Processor that Splunk has really needs a redo to be easier to use and more intuitive for setting up custom ingestion rules to ensure PCI information such as payment card details is masked. We've seen other tools that do it well, but I am looking forward to the new Splunk upgrade, which appears to be adding a bunch of new features to the Edge Processor.

We don't have any other observability solutions, but we are kind of aware and looking at the market. The Edge Processor has been the biggest issue, and we've noticed that the integration with Microsoft isn't as strong as it could be, with limited visibility into function apps and integration with other Azure components needing improvement.

I've been using Splunk Cloud for just over three years.

Splunk Cloud has been quite stable. We did experience an outage during the Victoria upgrade, which didn't go well and caused some downtime, but other than that, it's been good.

From our perspective, it's scalable since it's a hosted solution. We haven't run into any limits based on our licensing; everything has been fine. As we increase our observability, we may have to look at expanding our licensing as more teams adopt it. A lot of our storage issues are due to not curating data, and we're currently doing a Splunk cleanup to better leverage the tool after inheriting some poor configuration.

I have contacted technical support.

Quality and speed in my case have been quite good; I've had no concerns with Splunk support.

For support, I would rate them an eight.

Splunk Cloud was already in place when I joined the company, and I got hired because of my previous experience with on-prem Splunk.

It's starting to help reduce our Mean Time to Detect (MTDD) because the visibility we gain is unprecedented, allowing us insight into applications that we've never had before.

Splunk is a very expensive tool, and I think that's one of the problems they face as competitors in the marketplace offer better value. They might need to reevaluate their pricing since competitors are catching up, and the cost is very high.

Splunk Cloud doesn't require maintenance from our end since it's hosted, but some maintenance doesn't get coordinated well with us. Maintenance is often scheduled without giving us enough time for proper change management on our side, which could be improved.

At this point, we're still in the early stages of implementing observability. We definitely see the value and potential it has, but leveraging it effectively will be crucial to justify its cost.

I am not involved with using Splunk Observability Cloud; that's a different team.

I would rate this review a seven.

I work for a managed service provider, so I have different clients that require help in assessing various tools. I work with Splunk, ScienceLogic, and Nagios most frequently because I have small clients as well.

We have Splunk Observability Cloud for some customers. The dashboards are good, and everything is nice, but unfortunately, it doesn't have long-term storage of the logs. So you need to use a data lake to store the logs.

I would like to see agentless deployment and better integration with ticketing systems like ServiceNow, which is the biggest.

We utilize the ability to enrich data with custom metrics in Splunk Observability Cloud to create tickets in ServiceNow. It is integrated with ServiceNow, but we enrich the tickets by putting the logs in the tickets and things of that nature, so it helps us. However, even that is a mixed approach. From Splunk Observability Cloud, you cannot put the logs directly in the tickets. Instead, it will create a ticket and send you an email with the logs. That integration could be improved.

Splunk Observability Cloud has helped me improve my operational performance and my customer's operational performance because we use alerting, so we find when things are not working.

I think it is very good for evaluating the effectiveness of Splunk Observability Cloud in improving digital resilience within my customer's environment.

It does provide some return on investment. It is beneficial in terms of finance to use it.

The dashboards in Splunk Observability Cloud are amazing. If you configure them correctly, they are amazing, and it is quite fast as well.

That is a very good feature of Splunk Observability Cloud because it helps us and it gives more trust in the alerts.

There are not complexities with the installation of Splunk Observability Cloud, but with the configuration of alerts and everything because Splunk has its own language in the background. You need to know Splunk in order to configure everything that you want.

It requires some in-depth knowledge of the product. It should be more plug-and-play, similar to ScienceLogic. ScienceLogic uses whatever it finds. You can use PowerShell, you can use scripts that you make. Splunk is more on the old style. It uses agents, and you have to deploy the agents.

The out-of-the-box customizable dashboards provided by Splunk are okay, but usually, I have to create new dashboards because every user wants to see something else. The out-of-the-box dashboards help to get started faster, but in the end, I will have to redo them.

I would like to see agentless deployment and better integration with ticketing systems such as ServiceNow, which is the biggest.

We utilize the ability to enrich data with custom metrics in Splunk Observability Cloud to create tickets in ServiceNow. It is integrated with ServiceNow, but we enrich the tickets by putting the logs in the tickets and things of that nature, so it helps us. However, even that is a mixed approach. From Splunk Observability Cloud, you cannot put the logs directly in the tickets. Instead, it will create a ticket and send you an email with the logs. That integration could be improved.

I have been working with Splunk Observability Cloud for about two years.

I cannot speak to lowering the cost of unplanned digital downtime using Splunk Observability Cloud because the client will get the bills. However, it reduces the downtime for systems. It improved visibility when you do changes and you do patching and you do emergency changes, so you can see if they were applied correctly or not, if the servers are still down.

If it is a new deployment and you have a medium client with about 2,000 users or computers or servers, it will take about six months just to install and configure.

The technical support is very good with Splunk.

Positive

I worked with ScienceLogic before actually working with Splunk.

There are not complexities with the installation of Splunk Observability Cloud, but with the configuration of alerts and everything because Splunk has its own language in the background. You need to know Splunk in order to configure everything that you want.

I do not spend any time personally because I have a team that does it. I have 27 people in my team.

It does provide some return on investment. It is beneficial in terms of finance to use it.

I think the pricing for Splunk Observability Cloud is still at a good price. If you are looking at Dynatrace, it is way higher.

I am familiar with the Dynatrace operator but I am not actually working with them. I am just looking into differences and tooling and what will benefit my clients better.

You need to know Splunk in order to configure everything that you want.

The out-of-the-box customizable dashboards provided by Splunk are okay, but usually, I have to create new dashboards because every user wants to see something else. The out-of-the-box dashboards help to get started faster, but in the end, I will have to redo them.

We utilize the ability to enrich data with custom metrics in Splunk Observability Cloud to create tickets in ServiceNow. It is integrated with ServiceNow, but we enrich the tickets by putting the logs in the tickets and things of that nature, so it helps us. However, even that is a mixed approach. From Splunk Observability Cloud, you cannot put the logs directly in the tickets. Instead, it will create a ticket and send you an email with the logs. That integration could be improved.

I would rate this product an 8 overall.

My main use cases for Splunk Observability Cloud include Application Performance Monitoring, synthetic monitoring, and dabbling in infrastructure and what comes along with it; however, we do already have a tool that does infrastructure. We're debating about just switching it all over to Observability.

The features of Splunk Observability Cloud that I prefer the most are its all-encompassing licensing model, which is comparatively better than others in the market. We're switching off AppDynamics, and the licensing model always constrained us, so that is our main reason for switching to observability, as the licensing is all-encompassing.

The benefits of these features for my organization are significant. The license is all in one, meaning infrastructure, APM, synthetics, RUM, and the logs are all under one license, allowing us to offer that to our application teams more so than we were ever able to do before. 

We're currently trying to implement RUM, Real User Monitoring, with two applications just to get a feel for it, which we were never able to do before, since it was a completely separate license that we needed to purchase. So we're able to offer more of a full suite, more of a one-stop shop sort of thing, versus what we were able to do before.

The user interface of Splunk Observability Cloud needs a lot of work. I have been known to describe it as slapping lipstick on a pig. The pretty colors draw in everybody, however, the actual functionality of it has a lot that you cannot do, and how the user interface is organized is very difficult to navigate. This is a driving factor for us not to use the product.

The next release of Splunk Observability Cloud should include a feature that makes it so that when looking at charts and dashboards, and also looking at one environment regardless of the product feature that you're in, APM, infrastructure, RUM, the environment that is chosen in the first location when you sign into Splunk Observability Cloud needs to stay persistent all the way through. There's no reason that a user should have to keep having to restart all of their filters and select their environment anytime that they switch to a different area of the tool.

I have been using Splunk Observability Cloud for one year exactly.

I have not experienced downtime, crashes, or performance issues with Splunk Observability Cloud yet.

Splunk Observability Cloud scales with the growing needs of my organization, however, we very quickly always run into hitting the limit for custom metrics. This is something we've discovered that we have to manually manage, which is not fun, especially for large applications such as our huge tracking system, since we're a logistics company, as well as the two main revenue-generating applications. We are probably going to hold off putting them into Splunk Observability as we're constantly bumping the limit already.

I would evaluate customer service and technical support as hit or miss as I get the impression that the support folks assigned to our account might be spread a little too thin. They are good people and do good work; however, I get the impression they're spread a little too thin. If we put in a ticket, we do get a response in a decent amount of time, so that's not a problem.

Positive

Prior to adopting Splunk Observability Cloud, I used several solutions. The solutions we used include Zabbix, Splunk Core, Grafana, Prometheus, and AppDynamics, so a whole suite of things.

The deployment has been fine for cloud applications. It is very tumultuous for on-prem. That is supposed to be getting fixed over the next year. Right now, it's not there. So I always tell my management we're a year and a half too early for this tool.

I have seen ROI for our cloud applications, as we've been able to fully integrate with one application, which is a big revenue producer for the post office, and it's something that they were not able to do before, so we have been able to see that. In terms of ROI, I would say 100%.

We don't currently use the out-of-the-box customizable dashboards provided by Splunk Observability Cloud to showcase IT performance to business leaders. 

I will say we have not expanded usage to other applications since we're still stuck where we are. 

My advice to other organizations considering Splunk Observability Cloud is to wait until next year. 

On a scale of one to ten, I would rate this solution five or six.

My main use case for Splunk Observability Cloud is application monitoring.

The features of Splunk Observability Cloud that I appreciate the most are ops intel and the community support. These features have benefited my organization because they help us find the root cause of any issue quickly and pinpoint the exact location where the issue exists.

We have not yet completely gone into production, so I do not have any metrics or data points to share. To evaluate the effectiveness of Splunk Observability Cloud in improving digital resilience within my organization, we have various client applications, such as the teller application and our online banking applications. 

Initially, before Splunk, we had a long time to resolve issues. Now, with Splunk Observability Cloud, we will be able to solve them quickly and know exactly where the issue is. Previously, we needed to go to the war room to find where the issue was. Now, with Splunk Observability Cloud and all its agents and data, we know exactly where the issue is located.

Regarding the no-sample tracing feature, all the data fed by the agents to Splunk Observability Cloud means we do not have to worry about missing any issues during sampling. We have not yet explored the AI-powered analytics feature, but we have partially explored MLTK.

My teams have utilized the ability to enrich data with custom metrics by writing custom agents in Java and Python to collect those custom metrics and feed them into Splunk Observability Cloud. This is particularly useful for applications without direct Splunk agents.

The out-of-the-box customizable dashboards are helpful in showcasing IT performance to business leaders. They provide guidance on requirements we may not have visualized and help us build custom dashboards to include our company-specific metrics. We have not yet expanded usage since we haven't started using it extensively.

To improve Splunk Observability Cloud, we need more applications to be included in the observability so that more applications can have agents to monitor them and bring that information to the cloud. 

Splunk Observability Cloud has not yet completely improved our operational performance for our company's resilience as we are just starting out, however, it will help us ultimately to reduce incident time.

I have been using Splunk Observability Cloud for one year now.

In my experience until now, I have not experienced any stability issues with Splunk Observability Cloud.

Splunk Observability Cloud scales effectively with the growing needs of my organization. As we are a growing company transitioning all our applications to the cloud, and with the increasing number of cloud-native applications, Splunk Observability Cloud will help us achieve digital resiliency and reduce our mean time to resolution.

I would evaluate customer service and technical support as excellent, as Splunk has been quite responsive to our service requests, with their team providing good support.

Positive

Prior to adopting Splunk Observability Cloud, we were using Splunk Enterprise, and we had custom monitoring tools developed in-house.

The installation of Splunk Observability Cloud worked smoothly once we figured out the initial issues. The agents do not consume many resources, and the type of metrics they collect is helpful.

Since we have not progressed far into the implementation of Splunk Observability Cloud, I cannot comment on the return on investment at this time.

I am not involved in the experience with pricing, setup cost, and licensing.

I rate Splunk Observability Cloud eight out of ten.

My experience with Splunk Observability Cloud involves monitoring infrastructure, application performance monitoring, and real-time alerting. Although I am no longer working with Splunk Observability Cloud due to a recent position change that occurred approximately two months ago, I previously monitored servers, containers, Kubernetes, application performance, and Docker images. In terms of monitoring, I tracked response time, error rate, and latency. This capability helped in identifying performance issues or infrastructure issues before users were impacted. For instance, if Kafka failed, we knew about it before users experienced an impact and could resolve it before it caused maximum damage to our systems. I also used dashboards and alerts to monitor critical services and received notifications whenever issues arose.

The features of Splunk Observability Cloud that I found most valuable included application performance monitoring and distributed tracing, particularly when monitoring distributed systems or applications. Real-time alerting and Kubernetes monitoring were essential since Kubernetes is quite complex. I could effectively monitor Kubernetes using Splunk Observability Cloud. Additionally, the Smart Attack Detector, which I tried at the last moment, was a good feature, although I did not work extensively with it. The Log Observer was very fast and reliable, and the dashboards provided good visualization for troubleshooting and monitoring. If there was a network outage, I received notifications very quickly.

Splunk Observability Cloud helped me detect performance issues faster and reduce downtime in my organization. Earlier, I had limited visibility into my application performance. After implementing observability, I could see end-to-end transaction tracing and quickly identify where issues arose, which reduced troubleshooting time and improved overall application stability and availability for our customers and systems. This capability also helped in proactive detection.

I believe that areas of Splunk Observability Cloud that could be improved include the initial setup and instrumentation costs, which take more time for APM. Some dashboards and detectors require tuning, and I think the visualization needs enhancement. Additionally, alert noise remains an issue, and we need suppressions for when systems go down for short periods. Better integration with third-party tools and easier onboarding of data would also be beneficial.

When evaluating the stability and reliability of Splunk Observability Cloud, I can confirm it has been reliable. I would rate it eight out of ten for reliability.

Splunk Observability Cloud scales very well with the growing needs of my organization. I can demonstrate the scalability of our system to our customers, which is advantageous for business. This capability helped us secure business as we provide real insights to customers who were happy to purchase our systems and applications. The ROI has been good for us.

I communicated with the technical support of Splunk Observability Cloud regarding our issues, specifically when I was unable to monitor or set up Kubernetes to monitor our infrastructure. They were able to help us, and we purchased an on-demand call for assistance, which they provided.

I did not participate significantly during the initial setup and deployment of Splunk Observability Cloud, but I was part of the team. I know the process is straightforward. We simply needed to ensure that all data was in the correct format, matched current dashboard setups, and included all necessary fields for insights.

My experience with lowering the cost of unplanned digital downtime using Splunk Observability Cloud has been positive, as it helped us significantly. Our system was bottlenecking and consuming excessive resources, but with the ability to detect and resolve that issue, overall system usage was reduced without further bottlenecking.

Regarding metrics or data points confirming performance improvement and resilience, I found that during certain times, we experienced the most significant spike in our systems due to multiple users requesting the same service. We needed to change our overall architecture as we were not scaling adequately, and this was bottlenecking our systems. By observing this from the dashboards, I realized improvements could be made. After implementing the solution, our application's stability improved significantly. I can confidently say our availability improved by forty percent, and downtime was reduced by approximately seventy to eighty percent.

My impression of the No-Sample Tracing feature in Splunk Observability Cloud is that it helped us detect key metrics and real use cases, particularly in tracking and monitoring. I primarily tracked server uptime, application response time, API latency, and similar metrics. Combining these parameters instead of relying on a single factor improved our system. Specifically, I used distributed tracing to understand how requests flowed through our network and how different systems responded, which helped determine if any particular system impacted all our systems.

Regarding the AI-powered analytics and guidance provided by Splunk Observability Cloud, I have not actually used the AI features, particularly with ITSI, as I did not utilize that aspect for observability.

My teams effectively utilized the ability to enrich data with custom metrics in Splunk Observability Cloud. They found valuable insights from our systems and created reports that the application and infrastructure teams used to decide their workarounds and solutions. They developed different solutions, experimenting and improving our systems by relying on observability to understand what happens when we adjust parameters or change configurations.

When evaluating the effectiveness of the out-of-the-box customizable dashboards provided by Splunk Observability Cloud, I note that we mostly used the default dashboards. While we created a custom dashboard to track our overall system flow, we relied on pre-built dashboards for monitoring and representing our business perspective. When we needed to showcase our environment to customers, we demonstrated our scalability and system performance, including response time and downtime, providing insightful details from the dashboards for business use cases.

I would rate Splunk Observability Cloud an eight out of ten, where ten is the best and one is the worst.

My main use case for Splunk Observability Cloud is end-to-end tracing of business processes.

Splunk Observability Cloud has helped improve my operational performance and my company's resilience.

What I appreciate most about Splunk Observability Cloud is the correlation feature, specifically the ease of correlating logs and issues to those traces to see where within the path of the business function is failing. 

One significant way these features benefit my organization is through mean time to resolution. Taking away that first instinct of where we're trying to figure out what's wrong will drop that time significantly, so rather than a few hours, potentially we're looking at a few minutes before we can start resolving an issue.

In terms of operation performance and resilience, I have experienced improvements in mean time to resolution and the ability to detect issues that we weren't detecting ahead of time. I can give a specific case scenario; while we were in a POC situation, it was able to find issues we were having with servers just by random chance. We implemented it and it happened to let us know about an issue before our NOC even knew that it was occurring.

My teams have utilized the ability to enrich data with custom metrics in Splunk Observability Cloud during the implementation process, and we're definitely seeing a huge difference in what data we have, and the teams are extremely excited by the new amount of data we're getting in. I find the out-of-the-box customizable dashboards provided by Splunk Observability Cloud extremely beneficial since they give you a lot of information already, and the ability to customize and do your own is even better.

I ran into a small security incident. Splunk Observability Cloud was able to help us with that along with Splunk's core process or core offering. Between the two, we were able to use it for correlations, which helped with mean time to resolution and getting us back up and running much faster.

Splunk Observability Cloud could be improved with better integration with AppDynamics, as we know that's coming, however, it is an issue we've had between the OpenTelemetry and the AppDynamics collector. We saw a complete difference in what data was being brought in, however, we know that issue is being resolved and that's a big one for us.

I would assess the stability and reliability of Splunk Observability Cloud as okay. We've been experiencing an issue with the cloud console, and we're working with support to get through that. We're assuming it's just a growing pain at this point. Particularly what we're having is disconnection from the cloud console, where we will be working in it and receive a message saying that we've been disconnected and have to wait for it to come up. It's been painful and seems to be a new issue, and they're trying to figure out what's going on,however, I haven't heard of anybody else having that issue.

Splunk Observability Cloud seems to be scaling quite well with the growing needs of my organization.

I would evaluate the customer service and technical support for Splunk Observability Cloud as fantastic. On a scale of 1 to 10, the customer service and technical support deserve a 10.

Positive

I have seen a return on investment with Splunk Observability Cloud.

I would advise other organizations considering Splunk Observability Cloud to definitely POC it to see if it's going to work for their situation. It may not be for everybody. That said, definitely give it a chance and see what it can do for you and the kinds of new information it can bring in for you.

On a scale of one to ten, I rate Splunk Observability Cloud nine.

I am using Splunk Observability Cloud as a log-based monitoring tool for my databases. We have ingested our database logs and OS system logs into Splunk Observability Cloud and are creating dashboards and alerting features over those alerts. One of my major use cases is that all kinds of databases I am currently working with have database logs that capture all information, warnings, and error messages. These database logs are moving to Splunk Observability Cloud. The first use case is that I no longer need to maintain a long list of flat files on my server for all those logs. Those can be directly ingested into Splunk Observability Cloud. The benefit I am seeing from here is that I can get pattern-based analysis of what kind of errors I am commonly getting and what the date patterns of those errors are. I can get dashboards over that and I can also create alerts. I can also incorporate those alerts with some back-end Git workflow for automatic remediation. This is one of the solutions.

Another use case for Splunk Observability Cloud that we are seeing is that there are multiple times when there is a requirement to publish some kind of data. So instead of publishing an alert if those data breaches occur or if some kind of dashboard needs to be created, instead of sending data directly to the users, if that data is not PII, we are also ingesting that into Splunk Observability Cloud in a JSON format and then again, dashboards and other alerting can be created. These two are the main major use cases for which I am using Splunk Observability Cloud.

With the help of the alerting and observability mechanism, resiliency, and automatic automation of issue remediation based on alerts and workflows, it actually reduces the cost and increases the uptime of my system and customer satisfaction. There are multiple indirect benefits I am getting when using Splunk Observability Cloud.

Currently, with the growth of the organization, I am seeing an increasing use of Splunk Observability Cloud in a more dynamic way. We are continuously creating new dashboards, ingesting logs in JSON, and trying to bring the best value out of it. I am seeing a dynamic and drastic increase in the use of Splunk logs and the Splunk data we are ingesting.

There are two aspects to expanding the usage. Organic growth of the environment actually puts new systems into Splunk Observability Cloud, and exploring new opportunities for what all can also be ingested into Splunk Observability Cloud. Previously, I can see that memory dumps are there. We are also looking at whether we can ingest memory dumps so that if the system is about to crash, those memory dumps can be captured into Splunk Observability Cloud so that it can create alerts over that and I can also perform analysis. I can also see if any other system is facing the same kind of memory dump issues. So that maybe it is one alert for one system for me, but for the complete farm, there may be different servers with different teams or business units facing the same issues. When I have Splunk Observability Cloud on all systems, I can actually create a consolidated report and see that this is the pattern which particular farms are having this kind of issues, and maybe something is broken. This is the way the plan is to increase the availability or the usage of Splunk Observability Cloud.

The performance and speed are valuable. Previously when Splunk offered the enterprise solution, I needed to install Splunk and maintain my local server. There was a limitation that only a certain number of servers could be supported in one instance and I would need to have multiple instances if I was in an enterprise system setup. When I am in the cloud, a single instance can support N number of systems. It is pretty fast, no matter how much data is there. Dashboards are pretty good with multiple functions available. The alignment or integration that can trigger automatic solutions with the workflow for automatic remediation of the alerts is the best thing. These three or four things are the best Splunk Observability Cloud features that I am seeing.

The point in time alerting, the point in time data capture, and automatic remediation with the integration of good workflows or Ansible workflows is definitely the key to any resiliency and increasing the uptime of any system.

After moving to Splunk Observability Cloud, it is almost zero downtime. We never face downtime because when I was in the enterprise setup, I needed to maintain my servers and maintain hygiene of vulnerabilities, patches, and all. Now when I am in the cloud, everything is automatic. Almost zero downtime plus the perfect alerting feature and log-based analysis are available. Metrics alerting is also there in Splunk Observability Cloud through queries. This is one of the features that keeps me updated with the current health of my system and helps me to keep my system up and running fine and available for my customers.

Splunk Observability Cloud incorporated a new AI agent feature that is really good. Sometimes I need to create queries and Splunk queries for filtering the data and some pattern-based analysis. This agent is really good in helping me and suggesting the queries. This means I do not need to have a Splunk expert or Splunk query expert. I can just ask that agent that I need pattern-based analysis or I need to create this kind of filters for this kind of data and it can suggest to me. Once it suggests a sample query to me, I can do the tweaking and I can have my data ready. It actually reduces my time to perform my analysis and to reach the conclusion about what exactly is causing issues in my system and what are the repetitive issues in my system. This AI feature really helps for newcomers to Splunk Observability Cloud to perform deep diving analysis with the data captured by it.

Custom metrics are valuable. In Splunk Observability Cloud, some infra-level metrics are not available, but through custom metrics, I can achieve it. This is an add-on feature that Splunk Observability Cloud is providing and without any additional monitoring tool. If that feature was not there, then I would need to plan some other monitoring tool for metrics-based alerting, but this custom one helps me to achieve it in the same monitoring tool. The consolidation and integration of metrics-based alerting and log-based alerting in a single tool is actually the lovable feature. I do not need to worry about or look for multiple tools. I can have my own data and own health available in a single tool, in a single view.

The dashboards are good, but the only limitation I see currently is that they need particular formats only to create a dashboard. They need to have a particular JSON format or time series format. This sometimes creates additional work for me so that when I am ingesting logs in Splunk Observability Cloud, it should be in a specific format. Either Splunk Observability Cloud should have multiple formats available or multiple dashboards available for different kinds of formats. At least Splunk Observability Cloud has everything available at a Splunk level. They can do some kind of analysis and see what are the major top ten or top twenty types of logs they are getting and they can have dashboards according to those logs. Instead of forcing customers to design their logs in the way of Splunk Observability Cloud, Splunk Observability Cloud can create dashboards based on the customer requirement. This will actually ease things up for the end users.

The current dashboards are good. The feedback is that Splunk Observability Cloud is forcing me to modify my logs that I am ingesting in Splunk Observability Cloud in a specific format. If Splunk Observability Cloud can leverage it and make it open for any format, that would be great. If that is not feasible, at least the top ten or top twenty logs that Splunk Observability Cloud is getting should be readable by Splunk Observability Cloud without any changes. That actually is one of the major feedback items I can provide which can actually ease the life of the end users or any layman. As a newcomer to Splunk Observability Cloud, I may not know JSON. I now need to hire someone or I need to look for someone who knows JSON and who can convert my logs into JSON format and then I will ingest them into the logs if I want to create a dashboard. If I do not want to create a dashboard, that is okay. On the other hand, Splunk Observability Cloud is giving me a usability and easy to go interface, but for a dashboard, I need to have an understanding of JSON so that I can ingest the log in JSON format. That is a dilemma that they have and they should work on.

Currently, Splunk Observability Cloud is not the only solution which any organization is using. There is also Grafana and PagerDuty. If Splunk Observability Cloud can plan some kind of integration with PagerDuty and Grafana, then those things can be controlled from a single position and if something else is happening at one location, it can update things at all levels. That can also bring great value to the users. Currently, I have to maintain three systems separately, but if some kind of integrations can be developed with these three vendors, then that can be a great thing because all these three have now become the industry pillars or industry standards for observability and resiliency.

I have been working with it for the last two years. Before that, it was an enterprise solution. Now it is cloud-based.

I cannot relate any stability issues to my experience with Splunk Observability Cloud.

Scalability is pretty smooth. I just need to deploy the Splunk forwarder and the config file that specifies which servers it should connect to and it will get connected. My data will start populating. It is pretty straightforward. I do not see any challenges there, even when it was in enterprise and now when it is in the cloud. The deployment and onboarding of new servers and ingesting the logs is pretty straightforward. Anybody can learn it within a day without having any prior knowledge.

We have raised multiple questions when we face any issues. Our support is prompt and usually within a day, I will get my answers.

Positive

Previously I was on Splunk Enterprise. I have been using Splunk for seven to eight years before we moved to the cloud in the last eighteen months.

The initial setup is pretty smooth. I just need to deploy the Splunk forwarder and the config file that specifies which servers it should connect to and it will get connected. My data will start populating. It is pretty straightforward. I do not see any challenges there, even when it was in enterprise and now when it is in the cloud. The deployment and onboarding of new servers and ingesting the logs is pretty straightforward. Anybody can learn it within a day without having any prior knowledge.

I appreciate that your organization collects reviews about the product so that it can be shared with the vendor or the product owner as appreciation or as feedback for improvement. Everything has been smooth in my experience. I would rate this product a ten out of ten.

I work in data analytics with experience in monitoring systems and working with large-scale data. I have used Splunk Observability Cloud in the context of real-time monitoring and performance tracking.

Splunk Observability Cloud works well alongside Splunk Enterprise for logs and integrates with cloud platforms and monitoring tools. It is often used together with other observability solutions. The tracking metrics such as latency, error, and throughput are easily visible. I can also build dashboards for real-time visibility.

We use Splunk Observability Cloud to track latency metrics and identify where slowdowns are happening. We have visualized response time trends and quickly detected performance degradation. We have also used it for infrastructure monitoring. Over the past six months, we have been monitoring metrics such as CPU usage and memory. If there is unusual usage, we identify it quickly using this tool and take action before it impacts our performance.

Splunk Observability Cloud has optimized our solutions and helped us understand the metrics. The AI-powered guidance in Splunk Observability Cloud helps us identify patterns and anomalies in system performance data. Instead of manually going through a large volume of metrics, it highlights unusual behavior and potential issues automatically. This makes it easier to detect problems early and understand where to focus, especially in complex systems.

There is definitely log analysis and dashboards. Log monitoring and dashboards have been better using Splunk. Splunk Observability Cloud is the best tool for log monitoring and dashboards. Splunk Observability Cloud feels more focused on real-time metrics and performance tracking compared to some other traditional log-based tools.

The learning curve for understanding all features should be improved, and the cost can increase. Splunk Observability Cloud is very costly. Cost is one of the drawbacks.

Sometimes too many alerts, if not configured properly, is a major drawback that could be improved.

The prices are quite high. As I have mentioned earlier, we are Splunk partners, so this has been handled by my other team. However, for other companies and small startups, the prices are very high for them to use Splunk Observability Cloud. Price is a concern.

I have been working with Splunk Observability Cloud for the past six to eight months.

We have expanded our team and usage. We are scaling up right now from ten people to twenty-five or thirty. Over time, I expanded my usage by going through basic monitoring and exploring things like setting up custom dashboards. We have gradually expanded our usage from setting up dashboards and alerts.

For customer service, I would rate them eight out of ten because whenever we raise a support case, they are always available for us.

For Splunk real user monitoring, implementation took time because our engineers tried very hard. In case of support, there should be more engineers specifically for this case.

We have used different products like Palo Alto and Cribl before moving to Splunk Observability Cloud. As we got a partnership, we have shifted to Splunk Observability Cloud.

The information is confidential and I cannot share specific details. However, I can tell you in percentage that fifty to sixty percent of our work has been easy to identify in terms of performance metrics and performance using Splunk Observability Cloud.

It has saved us thirty to forty percent in cost because we used some other tools before that were more costly. As we are Splunk partners, we obtained Splunk Observability Cloud, and our costs have been reduced by thirty to forty percent using this solution.

My overall impression of using Splunk Observability Cloud is that it is a strong tool for real-time monitoring. It does take some time to get fully comfortable with all the features. We have not explored everything right now, but in the future, we are looking forward to using more features.

A part of the implementation has been handled by my other team. I have explored using custom metrics to enrich observability data, mainly by adding application layer or business-related metrics alongside system metrics. I have used custom metrics in a limited way to add more context to monitoring, such as tracking application-specific metrics alongside system data.

Dashboard customization in Splunk Observability Cloud is quite flexible. We care about metrics in different types of visualization, and it helps us organize them in a way that makes sense for monitoring. It allows us to build dashboards tailored to specific use cases. This makes it easier to monitor system performance and quickly identify issues without going through unnecessary data.

The integration in real user monitoring from Splunk Observability Cloud is actually better than from some other tools. If you are looking for the best SIM tool, then Splunk Observability Cloud is for you. If you have funds and capability for the cost, then Splunk Observability Cloud is definitely the best tool you can use.

I have given this review an overall rating of nine out of ten.