Splunk Observability Cloud Reviews

The main purpose of using Splunk APM is to optimize our application. We use Splunk APM primarily to understand how the application works, how it uses resources, and its response time in connection with different infra services. It is mainly used for application optimization and reviewing third-party application dependency response times.

Splunk APM helps us to identify long-running queries and long-running functions or methods, as well as third-party dependencies that are not responding on time. We are easily able to see the error or trace it. A developer can easily find out the issue without having to dig into the application.

We normally do not use the Tag Spotlight functionality, but our developers use this functionality when we are trying to dig into the logs. It helps to search the data that we want to see. It helps to troubleshoot the actual problem and visualize the data. We can see how the error is coming and how many reports are coming.

Splunk APM has helped us to optimize the application performance, find out when third-party services go down, and monitor our application within our SLA. It allows us to minimize our downtime. We can send timely notifications to our users. It mainly helps us to optimize application performance, and secondly, we are able to generate alerts based on the data that we receive from Splunk.

Splunk APM helps us to find errors immediately and resolve them. We are able to find some of the errors within five minutes. It minimizes the time to identify errors. There are about 30% to 40% time savings.

The best feature is the service map that they have. I have used multiple APM solutions such as Datadog and Elastic. They have a service map, but it does not work like Splunk APM. Splunk APM provides a holistic view of the application. Unlike other APMs, Splunk's service map is quite effective.

We suggested they provide an alert based on insert services. We told them that they have all the data, so why not have an alert on the insert service? They took feedback from us and added that feature. That feature helps us identify if any third-party dependent is down.

There is room for improvement in the alerting system, which is complicated and has less documentation available. We sometimes encountered issues in setting up alerts. The custom detector could be more simplified to assist system engineers in setting up alerts with ease.

We tested Splunk APM last year and officially started using it this year. It has been about a year.

Splunk APM is stable. I would rate its stability a nine out of ten, as it delivers on its promises.

We have not had to scale it. Our clients are medium enterprises.

The support is responsive, though it could use some improvement. In the past, we contacted their support about a feature. They did respond to us, but they did not explicitly inform us about the feature's absence. Instead, they directed us to try various resources or articles. They did not have a clear answer. I would rate them a five out of ten for customer service.

Neutral

Before using Splunk APM, I used Elastic APM and Datadog. Splunk APM is better than them. Splunk's service map and support for our existing libraries were significant reasons for the switch. The previous vendor required library updates that we could not accommodate, but Splunk supported our existing setups.

The initial setup of Splunk APM was easy and straightforward. It took around a week.

It appears to be expensive compared to competitors.

Splunk APM is suitable for enterprise solutions, particularly for those deeply involved in technical business. The service map and overall stability make it a robust choice for such needs.

I would rate Splunk APM a nine out of ten.

Our primary use case for SignalFx was visualization, charting, and alerting. We also used it to fix our µAPM.

For one project I was working on, at least 15,000 people were using SignalFx. They used to monitor their application health in the SignalFx dashboard and get alerts from SignalFx. The users had different job profiles, such as engineers and architects.

One of the valuable features is that it is very user-friendly. We can directly search for a metric and create alert charts straightaway. There are multiple visualization options to create charts that allow users to create detectors and alerts and integrate them with downstream applications for getting notifications.

Moreover, the volume it handles is very good, including the number of metrics, the volume number of traces, and more.

There are some predefined metrics where we can directly install the SignalFx agent. It gives some informative CPU utilization where some things are inbuilt. But for specific applications, we may need to create customized metrics. Here, developer teams have an additional burden of creating the whole thing if they need to customize anything. The additional feature metric could be a custom metric edition. It would make it simple for any user or engineer to go beyond the default metrics and easily choose to add more metrics. It will help share dashboards, so when we have a single version, thousands of people can use the same single version of the dashboard.

The sharing option and custom metric would be the two additional features I would like to see in the improved version.

I used SignalFx for six to eight months for my previous project, and the version I used was Splunk Observability. I used it last in October 2022; I am not using it right now.

It is a stable product. There used to be some unplanned maintenance or intermittent issues. Most of the time, we used to get alerts or notifications from the SignalFx team. So, out of 100, I would give it a 90. It was stable, but in that 10% of the occurrence, we faced various problems like loading traces, dashboards, and more. In that project, we had a limit of detectors and a limit of a metric time series, and several subscribed metrics. So, we used to get some notifications when it reached 80% or 90% of the usage. Thus, it is completely related to the subscription. But we faced the fact that the number of MTS reached the limit.

In terms of stability, we faced intermittent issues so I won't give it a 100%; it is 90%.

It is scalable. Although the scalability depends on the subscription model, there are some related requests according to cost. For example, if I want to increase the metrics by up to 30%, store more metrics, or create more alerts, I can easily do it without impacting anything. For all those things, it is scalable.

I used to create a support case in the SignalFx portal itself, and I used to call them on their toll-free number and engage them with issues. So I had some experience with their team and I rate them an eight out of ten.

I would rate it an eight because customer support won't provide back-to-back service. If I expect updates every hour, sometimes I may not get updates every hour. For example, if I need someone to explain the issue, there might be delays. If I need to get some root cause of an issue in real-time, that might take time. So considering these factoes, I rate them an eight out of ten.

Positive

I have used some observability tools like Splunk, Instana, and Grafana. I found SignalFx the best one for visualization, and it is user-friendly too. For example, you can directly search for a metric, and we can create alert charts immediately. So there will be multiple visualization options to create graphs. From there, we can directly create detectors, create alerts, and integrate them with other downstream applications for getting notifications.

The initial setup was simple, and we used some package installers. We had a restrictive code for binaries in Artifactory. So we directly used some package installers and pulled it in individual service. Also, it was integrated with Puppet, so installing the SignalFx agent and starting it was simple.

I wanted to manually install, deploy, and download it on a single server, and the whole manual procedure took around 10 to 15 minutes. When I tested a group of services with the help of Puppet, even hundreds of servers were done within an hour or something. 

So I was working on a banking project, and we had a private cloud there; SignalFx agents were installed on servers, and our metrics were derived from there.

My company used an inbuilt application built by in-house developers, which was developed 15 years ago. Those tools were somewhat outdated and could not serve the purpose of the ever-growing volumes and other issues. So they preferred to have some third-party tool to solve their problems, and they found SignalFx useful. As a user, I also thought SignalFx was much better than other visualizations.

I would definitely recommend SignalFx. Compared to other installation tools, creating alerts, understanding charts, and creating dashboards is more straightforward. 

The functions are complex but SingalFx is very user-friendly. There is very defined documentation for everything, whether I have to create an alert or use some aggregation. We will have a direct link that says something like, "Click here to read more" or  "Click here to understand." Such links are there for everything. Moreover, if I want to create an alert, there will be multiple options; it will say, "What is the time of alert?" or "What is the threshold base?" All these details will be there; you will have a link to detailed documentation. It is a very user-friendly tool for any beginner. 

I would rate it as nine out of ten. 

We use the solution to do a lot of email checking. We also use the tool to monitor different embassies, server IPs and some of the teams.

Splunk Infrastructure Monitoring has helped our organization tremendously. We have onboarded Splunk for the last four years, and we have 30 to 40 contractors who use Splunk daily. The solution has helped not just a small organization like ours but the whole DOS (Department of State).

The solution monitors attacks or unauthorized access to the information we want to protect. There is a dashboard called ISSO that monitors pretty much everything worldwide. We also monitor almost 300 embassies and consulates.

The solution's machine learning deployment is hard and should be made user-friendly. Even if a team doesn't have a data scientist, they should be able to use the machine learning toolkit for monitoring purposes. The solution should include more algorithms and SPL commands that people can use.

I have been using Splunk Infrastructure Monitoring for four months.

We haven’t faced any issues with the solution’s stability.

Splunk Infrastructure Monitoring is highly scalable. We were able to do monitoring and some of the advanced analytics.

I have not contacted Splunk's technical support. We have contacted our account manager for issues, and she's been awesome.

We have different vendors who do deployments, which is different for the government than regular businesses.

We have seen a return on investment with Splunk Infrastructure Monitoring regarding the kind of threats we can identify.

Splunk Infrastructure Monitoring is an expensive solution.

Our organization monitors multiple cloud environments using Splunk Infrastructure Monitoring, which works well. This is the only tool we use, and we aren't considering moving or having additional tools.

It is important for our organization that Splunk Infrastructure Monitoring has end-to-end visibility into our cloud-native environments. Our job is critical and very sensitive, so having end-to-end visibility is really helpful.

Splunk Infrastructure Monitoring has helped reduce our mean time to resolve. Looking at the solution's dashboards has helped tremendously because we don't have to look at the individual index or events.

Our business is different from that of a private organization, and Splunk Infrastructure Monitoring has helped improve our organization's business resilience. The machine learning toolkit allows us to do clustering, and we have a couple of deployments on the clusters. That has helped cluster different events based on their critical or security threats.

We have seen time to value using Splunk Infrastructure Monitoring.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools. We don't have to integrate Splunk with a different tool and worry whether those two will integrate. Having everything in one platform helps us create dashboards, alerts, and monitoring tools in one place.

Overall, I rate the solution an eight or nine out of ten.

I use it for monitoring and troubleshooting the performance of cloud-native applications.

Providing comprehensive visibility throughout the environment, it monitors my system, enhances career performance, and offers insights into the user experience.

Troubleshooting and visualizing a cloud-native environment is made easy with Splunk APM. It provides complete visibility into software tools, swiftly monitoring business performance and applications.

It possesses the capability to conduct distributed tracing within our environment. This includes monitoring the speed of tracked access, extending from end users to the Internet, system, and network services, and supporting my software application. Consequently, it offers an end-to-end overview of potential bottlenecks.

Splunk APM has significantly enhanced our organizational efficiency. Initially, my responsibilities included tracking website application performance, managing applications, and handling license releases. Now, it provides real-time user monitoring, transforming the way I handle these tasks.

It significantly impacts our organization's telemetry data, improving operational performance and user experience. The platform provides insights into application performance and effective log management. Ensuring accurate tracking of all performance-related logs contributes to building up the application performance percentage with comprehensive data.

It contributed to a daily reduction of six hours in our mean time to resolve.

The most valuable features are troubleshooting and optimizing application performance. 

Another value lies in the resilience and quick recovery capabilities offered by the SIEM. It enables thorough monitoring across our landscape, providing insights into the number of running software applications. The tool furnishes comprehensive information across microservices, significantly enhancing our proficiency.

Enhancing system availability and optimizing service performance are crucial. It is essential for the monitoring tool to deliver quick response times when generating analytical reports, instead of prolonged delays.

I have been using it for two years.

It provides good stability capabilities.

It has the capacity to scale. There are approximately two hundred users and one administrator that use it.

I would rate its customer service and support eight out of ten.

Positive

The initial setup was straightforward.

The deployment process took six hours. During this time, a clear understanding was established regarding which technical applications—whether cloud-based, native, or others—needed monitoring and improved performance. These categories were identified in-house, with two individuals overseeing the process.

It allowed our IT staff to focus on other projects by freeing up their time. In total, it saved around four hours.

We evaluated Grafana.

It can serve as an analytical application for enhancing performance, ensuring all dependencies are effectively addressed. Overall, I would rate it eight out of ten.

We utilize Splunk APM for security purposes, monitoring all transactions within the organization to prevent potential attacks. Additionally, we leverage Splunk APM to analyze application logs, gaining insights into application behaviour and facilitating a reduction in Mean Time To Resolution should any issues arise in the production environment.

OpenTelemetry provides more accurate information about an application by combining views from the customer perspective, infrastructure metrics, and application-specific data. This holistic view enables full telemetry observability, allowing us to analyze and strategize effectively for our company or clients.

Once configured correctly, the analysis reporting the Splunk APM provides is better than that of the other APM tools. Once the correct fields are defined, we can create different report dashboards.

Splunk isn't an ideal tool for application performance management due to the extensive setup required. It necessitates various configurations to gather diverse information from applications, networks, or other sources. Creating the right tables and defining the appropriate fields to extract comprehensive data involves a significant amount of setup within the tool. Managing this process can be quite challenging. However, once configured, the collected information is invaluable, although not easily manageable.

Splunk falls short compared to other APM tools such as AppDynamics or Datadog. It does not collect online information in real time and relies heavily on log files. Unlike Datadog, which collects real-time application behaviour data like CPU, memory, load, and response time, Splunk requires additional configuration to obtain similar information. This makes using Splunk for APM purposes significantly more difficult compared to the automatic data collection capabilities of AppDynamics or Datadog.

I have been using Splunk APM for more than a decade.

Splunk APM lacks scalability, requiring the administrator to constantly monitor or create specific alerts to ensure sufficient disk space, CPU, and memory for data collection and transaction processing. This results in a tool that is challenging to manage and costly to maintain.

Splunk support is responsive and provides quick resolutions when tickets are opened. Their service has left a positive impression on me.

Positive

The initial deployment is complex, requiring the definition of the switch, storage, correct host, and working with certification. This necessitates at least one expensive specialist, costing approximately $5,000 per month to hire and work with our team.

Splunk APM is expensive. Even before we begin, we need substantial infrastructure investment to collect comprehensive logs. For example, to gather log data, we must create specific tables in Splunk, starting at 50 gigabytes. In a cloud environment, this storage requirement becomes very costly.

I would rate Splunk APM six out of ten.

Cisco recently acquired Splunk, and its roadmap for the coming year includes incorporating aspects of Splunk into AppDynamics. Cisco's intention behind combining these two tools is to showcase its commitment to open telemetry and comprehensive observability to the market and its customers.

We mainly use it for different divisions and departments within our company to keep track of our systems' health. We also ingest log files to get data and alerts for different groups.

We used to use a number of different tools before we were introduced to Splunk. We used to have a very hard time getting this data in and being able to effectively use it because we had such a massive amount of data. We also could not find a way to organize it effectively. Splunk helped us to effectively use all the data that we collect in a valuable way for different customers and groups that we have in our company.

It has definitely helped reduce our meantime to resolve (MTTR). A lot of our customers have difficulty getting to root cause analysis of different problems and situations. They also do not have the data to perform analytical responses for different problems that there could be within our industry. They are now able to use this data effectively, not just for alerting, but also for preventative maintenance.

It has definitely improved our organization’s business resiliency by a lot. I do not have the actual data to share at this time, but there has been a marked improvement in the organization. We are now able to keep track of all the raw data that we pull in and then use it effectively. This helps our organization run more efficiently.

It has improved our organization's ability to predict, identify, and solve problems in real time. We are able to use data and search for it effectively. We have different analytical forms and data that we can use to improve in different ways. 

The most valuable thing that we have seen within our group is the ability to ingest all this raw data and have it organized in a certain way so that different groups can get effective alerting from this massive amount of raw data that is out there.

A lot of customers had a hard time effectively searching within the data in Splunk. There is a learning curve from searches to indexes and using all the macros that we have created. It is a little difficult for somebody who has not used it quite a bit and does not have a lot of practice with it, but the AI features that we have been hearing about through Splunk will make it a lot easier for us to use human language to search this data. That is big. That is pretty powerful, and that will help a lot with our customers. At the Splunk conference, some of the talks have been about the AI platform and more effective and easier ways to search within Splunk through indexes and other things. These features will help correct some of the things with which we are having a hard time with some of our customers.

We have been using this solution for about four years.

We are not on the cloud. We are all on-prem. We have had certain issues with space on the servers and things like that, and while moving things up to what we need, we have not had any issues on the Splunk side.

It is great. We have not had any major issues with getting support from Splunk. With our monthly license, there are a certain amount of hours that we have with Splunk support. We are able to use it when we are getting close to the end of the month. In our meetings, we make a list of different topics that we would like to explore and discuss with Splunk. We create meetings for that, and they are always very helpful. We never had any issues in getting support from Splunk. I would rate their support a ten out of ten.

Positive

We used to use Tivoli. We also use AppDynamics in addition to Splunk for different parts, but we are starting to learn that Splunk does have a lot of similar toolsets. Splunk does the same as what AppDynamics does, and in some cases, there are more powerful tool sets that would help us. We are thinking of petering down our different tools to get into one tool, possibly Splunk. We already got rid of Tivoli, and we are using Splunk fully in place of Tivoli. We have seen a positive response to it.

We have seen cost efficiencies by switching to this solution. Because of the wider range of tools that Splunk offers, we were able to get rid of Tivoli and get rid of that licensing obligation on an annual basis. We are able to save a good amount of money on that and move that budget over to our Splunk budget to keep everything under one umbrella.

I was not involved in its deployment. I came on the year after.

We are currently on-prem, but we are working on developing and moving everything over to a Google Cloud platform. The announcement that Splunk is partnering with Google Cloud, in addition to AWS, is pretty good for us because we are working on moving over to the cloud in the next couple of years.

We have definitely seen an ROI. Our team is able to spend more time learning one tool as opposed to having to learn multiple different toolsets. Therefore, we are able to get more work done in a more efficient manner.

We have seen time to value using this solution. Our company has a very heavy push toward work-life management. Since we have been able to, especially in our group, switch to this tool, we could cut down on our on-call time and have our groups run on different patterns where people who are off are actually off. They do not have to be called in because essentially, everybody is able to access the tool and use it effectively because it is the one tool that we use as opposed to having different tool sets. Everybody knows how to use it, so it definitely has helped us in that way.

I know there was a panel and a team that was going through different tools. I was not a part of that process, but I know there were quite a bit of tools that they were looking at. Splunk must have worked out better than everything else.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

Our primary use case for this solution is as a supplement to Dynatrace, so the log analytics is done in Splunk instead of Dynatrace.

We built a tool for firewall log monitoring and we powered all firewall logs to Splunk. In addition, we built a little dashboard that just specifies sources and the destination addresses and port numbers. It passes all the logs and tell us if there are any blocks or drops on the firewall level. This is a very useful tool for us.

The features I have found most valuable are log searching and log analytics, both of which are quick features.

There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.

I have been using this solution for about five years.

I would rate the stability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the scalability of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the technical support of this solution a 10, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

At first, we were deployed on-premises and then about one year ago we migrated to the cloud. So I would say they did most of the work around migration. There are around 1,000 users of this solution in our company.

We have seen the ROI.

I would rate the pricing of this solution a two, on a scale from one to 10, with one being the most expensive and 10 being the best price.

Our model of deployment is the cloud.

I would rate this solution as a whole a 10, on a scale from one to 10, with one being the worst and 10 being the best.

I would advise other people looking into this solution to do their due diligence and make sure they do their pre-work and post-work.

Splunk Infrastructure Monitoring helps identify bottlenecks within the network domain, including issues related to server databases, application response times, and code. These problems can be resolved by our customers promptly.

It is easy to use. It offers a unique dashboard reporting tool called Ollie. Ollie is essentially an observability tool, and it's also referred to simply as "Ollie" for brevity. It's important to note that this product is agent-based only.

Splunk Infrastructure Monitoring helps improve the efficiency and performance of applications by up to 70 percent.

It has helped reduce our mean time to detect. It has helped to reduce our mean time to resolve by around 50 percent.

Splunk helps us focus on business-critical initiatives.

It integrates well with multiple sets of products.

The vibrant dashboards are valuable.

The main drawback of Splunk for network monitoring is its limited agent deployment. Splunk excels at collecting data from servers and databases where agents can be installed. However, it cannot directly monitor network devices, unlike Broadcom.

Broadcom offers Spectrum and Performance Management tools that primarily work on SNMP to collect data from network devices. Splunk doesn't have a directly comparable functionality for network devices.

While Splunk offers a wider range of data collection, including metrics, logs, and more, it can be more expensive. Splunk's licensing model is based on data volume (terabytes) rather than the number of devices. This can be costlier compared to Broadcom or similar tools, which often use device-based licensing.

The end-to-end visibility is lacking because Splunk cannot directly monitor network devices.

Broadcom provides a topology-based root cause analysis that is not available with Splunk.

I have been using Splunk Infrastructure Monitoring for 10 years. 

Splunk Infrastructure Monitoring is stable. 

Splunk deployment is simplified because it is cloud-based. The deployment takes no more than 15 days to complete.

Splunk's infrastructure monitoring costs can be high because our billing is based on data volume measured in terabytes, rather than the number of devices being monitored.

Replacing legacy systems with Splunk could cost up to $200,000.

I would rate Splunk Infrastructure Monitoring 7 out of 10.

The decision to move from another infrastructure monitoring solution to Splunk should be based on a customer's specific needs. While Splunk offers visually appealing dashboards and access to a wider range of data compared to Broadcom products, pricing can be a significant factor, especially in the Indian market.

Deploying Splunk for a customer can involve higher upfront infrastructure costs. This is because implementing Splunk effectively often requires writing custom queries to filter data and optimize license usage. While this approach minimizes licensing costs, it can be labor-intensive.