Splunk Observability Cloud Reviews

We are using the Splunk Observability Cloud for monitoring purposes and troubleshooting, and we are using that infrastructure in real time, in which we have infrastructure monitoring, application monitoring, log observer, and RUM synthetic monitoring. For troubleshooting purposes, we are installing the open telemetry collector agent on some of the servers, including Intel, Windows, and UNIX servers. 

I have also worked on the agent upgrade from version 0.103 to 0.1113, which is ongoing right now.

We are also using the dashboards and detectors in Splunk Observability Cloud. For client needs, we are creating dashboards, reports, and detectors as well. For the detectors, we mostly work on host-down situations. When a server is down, we troubleshoot using the detector infra host down and identify the root cause of the failure, such as why it was down or not reporting to Splunk Observability Cloud. We find out the root cause by using that detector when the alert gets triggered and cleared.

We use the tracing features in the Splunk Observability Cloud, primarily for application performance monitoring. It helps us figure out service maps for root cause analysis. It provides visibility and helps address blind spots in data collection.

Splunk Observability Cloud offers a transparent, customized tool with real-time visibility. We use AWS, ReactJS, Python, and Java for tracing. It helps create customized dashboards and service maps based on customer requirements. It has AI that automatically generates visualizations, allowing us to create more reports based on customer needs. My seniors are primarily working on creating dashboards, reports, and for monitoring purposes.

Their technical team is performing well. About a year ago, Splunk Observability Cloud was slow and lacked features compared to now. It didn't provide exact details for any searched server in the metrics, but the situation has improved significantly, and we can now retrieve complete data on when servers were down or up.

The best features in Splunk Observability Cloud are the metrics; I can see any logs or anything related to the server or services we want to monitor, and the metrics are a good function. It provides exact details. It offers unified visibility for logs, metrics, and traces.

In Splunk Observability Cloud, I notice room for improvement in synthetic monitoring. It does not provide output based on server names. It only gives a response when we input a URL. I'm not sure if this issue is specific to my organization, but it would be beneficial if server details could be retrieved directly in synthetic monitoring.

I have been using this solution for two years and two months.

I would rate its stability an eight out of ten.

I would rate its scalability an eight out of ten.

Around 100+ users access Splunk Observability Cloud in my organization, including the cloud SRE team, Windows Intel team, Linux team, and AD team.

My client base primarily consists of enterprise financial services.

If any issues arise, we can raise a vendor case, and resolutions are provided in a timely and accurate manner. 

Positive

In my organization, we also work with Sentry, Datadog, PagerDuty, and Dynatrace. Splunk Observability Cloud offers more features than Datadog, which also provides APM monitoring, log observer, and metrics, but does not match the feature set of Splunk Observability Cloud.

It is a bit complicated. For deploying Splunk Observability Cloud, we first need an access token, after which we connect to our AWS Cloud account and provide the access token. We must set up CloudWatch or AWS Lambda and forward the metrics or logs from all sources to AWS.

The implementation took about 45 days.

The return on investment varies based on requirements; for smaller tasks, we can leverage our team's capabilities effectively, so I can estimate around a 20% efficiency gain.

Currently, we are providing outputs to clients within the required time frames. If a client requests any dashboard, logs, APM monitoring, or synthetic monitoring, we have been able to deliver output on time, achieving approximately an 80% efficiency in response.

Splunk Observability Cloud is expensive.

For operational performance, we created monitoring within the Splunk Observability Cloud for most servers with agent installation. We upgraded the open telemetry collector from version 0.82 to 0.103, then again to a newer version, enhancing visibility and use cases, especially after the upgrade, which has improved operational purposes.

My impressions of Splunk Observability Cloud for focusing on business-critical initiatives are positive. I manage six tools, but Splunk Observability Cloud is one of my favorites, and I aspire to build my career specializing in it because it has great features, more attention in the market, and is a relatively new tool with promising growth.

I would recommend Splunk Observability Cloud to other users for its accurate data fetching, dashboard creation, report generation, and synthetic monitoring capabilities.

I would rate Splunk Observability Cloud a nine out of ten.

Our main use cases for Splunk Observability Cloud are to observe our application, our websites, and our infrastructure metrics.

What I appreciate the most about Splunk Observability Cloud is the APM part and the log analytics part. These features can help us with troubleshooting our problems between multiple systems. 

Distributed tracing is very useful to us, and the infrastructure part can help us identify problems with the infrastructure. Splunk Observability Cloud has helped improve our operational performance and our company's resilience on the path of adopting it, and I expect more improvements in the future.

The RUM part of Splunk Observability Cloud can be improved significantly. We are currently struggling to use it since our application is mixed mobile and non-mobile. Some AI features in the search functionality could be beneficial in the next release of Splunk Observability Cloud.

In GCP, Cloud Run is not natively supported by Splunk, and we are challenged with bringing data from Cloud Run to Splunk. Native support of it in the future would be great for us.

We started using Splunk Observability Cloud one year ago.

I would assess Splunk Observability Cloud as quite reliable. The only problem is the graphical interface, which sometimes is buggy. It crashes, doesn't display data, and requires reloading the browser. I have experienced downtime with Splunk Observability Cloud only once, which lasted one hour due to issues that prevented us from logging into the platform.

Splunk Observability Cloud scales with the growing needs of our organization quite efficiently. I have expanded the usage of Splunk Observability Cloud, and the process of expanding usage was smooth apart from one part.

Customer service and technical support respond very quickly. That said, sometimes the solutions take too long to implement.

Neutral

Before adopting Splunk Observability Cloud, we used DataDog, and before that, we had no solution. The factors that led me to consider the change were mainly because my company has different IT offices. My IT office used DataDog, another IT office used New Relic, and others used different tools. We needed to adopt Splunk across the group to have something standard in my company.

My experience with deploying Splunk Observability Cloud was quite good, mainly since we almost have everything on cloud and that makes deployment quite easy.

My advice to other organizations considering Splunk Observability Cloud is to adopt it if you don't have anything else as it's a very good tool, and having something for observability is very good. Not only for the observability part but for all the Splunk platform, that's great. 

On a scale of one to ten, I rate Splunk Observability Cloud a seven out of ten.

My main use case is end-to-end monitoring for the application.

We utilize the APM and auto-detectors, as the core metrics and core alerts are available for us, which are the features of Splunk Observability Cloud that I appreciate the most.

We lead the SRE, so our job is to ensure reliability, stability, and uptime, and without good observability monitoring, there is no way we can accomplish that. This is the main tool that we would use.

I would evaluate the effectiveness of Splunk Observability Cloud in improving digital resilience by saying that the idea is to minimize incidents. If any incident happens, the first thing I would do is go back to see why Splunk Observability Cloud did not detect that. I will take it back, do the reverse engineering to find out where it was missed out, and then work with the team to ensure these things are identified.

I have yet to experience the No-Sample Tracing feature in Splunk Observability Cloud, however, I am only in conversation with the teams where distributed tracing is required, and we want to provide the traces. My teams utilize the ability to enrich data with custom metrics in Splunk Observability Cloud, and I appreciate the feature supported within the Observability Cloud. Custom metrics could also be introduced from within the microservices, so I am yet to explore the OTEL library. I gave this feedback to the Splunk team that they should have their dedicated .NET library that customers can embed and start using; I do not think that is there today.

We are the first project within the company for a fully cloud-native application, so we will set the ground for the rest of the teams to get motivated. Therefore, I expect that I will have the best experience to become an example for others.

The integrations need to be improved for Splunk Observability Cloud. Currently, they do not have great support for Azure. We are on Azure, and I know they invested a lot of time in AWS yet not in Azure.

I had given feedback to the teams here, as the integration from Azure Cloud, how we supply the logs and the metrics, is not clearly documented yet, which was acknowledged by the team. For example, the OTEL collector has a thousand parameters, and we need a very specific use case with 10 parameters required for our integration. We can't go through the thousand parameters; we can, however, that is basically why I think some integrations need to get better for Azure.

There's a lot of talk about AI-powered analytics and guidance in Splunk Observability Cloud. I didn't get a great sense of how much of it is actually working; there are a lot of AI hallucinations. I think it probably needs much more improvement to contextualize it so that it is very clear and precise about what it randomly thinks, but it needs to match the context better.

Customer service and technical support need some improvement. We had issues with technical support, and the professional services were struggling as well.

I've been using Splunk Observability Cloud for six months.

I would assess the stability and reliability of Splunk Observability Cloud by saying no crashes or performance issues have been experienced.

On a scale of one to ten, I would rate customer service as eight.

Positive

My experience with deployment has been good. It's just the routing, the matrices, and the integration is where we were struggling a little bit. That said, having the cloud as observed to provision was never a problem.

I hope to see a return on investment with Splunk Observability Cloud. I have not applied this for production. That said, we already use Splunk Cloud for production, and we are good with that, so I see the value.

The cost is fine, and we are good with what is given. It's a centralized tool for my organization, so at the org level, a lot of things were decided, but we are actually happy with the cost we received because I know I have to approve my budget, and it's within our range, so we are okay with it.

My advice to Splunk is to mix Splunk Cloud and Splunk Observability Cloud into one. Don't make oObservability only needed in Splunk Cloud, too. You don't want to have two products competing with each other; you want to compete with someone outside your organization. Combine this, as there's a lot of confusion. Even in different classes and training sessions meant only for Splunk Cloud, they were not for Splunk Observability Cloud, and they are different today. The acquisition of SignalFx, which is not its own, adds to the confusion. So, to the customer, provide one interface, and combine them.

On a scale of one to ten, I rate Splunk Observability Cloud an eight overall.

For the retail sector, we are building a solution for customer stores in order to know how the products are sold.

The feature of Splunk Observability Cloud that I prefer most is the easy deployment on the cloud. The benefit of that feature for my organization is to optimize the deploys and implementation and the response to our customers, to quickly make a demo. Splunk Observability Cloud has helped improve our operational performance, especially for our customers.

My experience with the out-of-the-box customizable dashboards provided by Splunk Observability Cloud is that they are effective in showcasing IT performance to business leaders. For the initial point of contact, it helps and works nicely as a star point. Then, you have the basics and use that as a framework to deploy others, so they are very helpful.

Splunk Observability Cloud can be improved. In terms of additional features I would want to see in future releases, since Cisco acquired Splunk, more Cisco integration could be beneficial.

I have been using Splunk Observability Cloud for the last two years.

I have not experienced any downtime, crashes, or performance issues.

Splunk Observability Cloud scales very well with the growing needs of my organization, as we just need to add a license or data ingestion.

I would evaluate customer service and technical support for Splunk Observability Cloud as good. They respond effectively and in time.

Positive

Prior to adopting Splunk Observability Cloud, we used other solutions to address similar needs, such as Dynatrace and ElasticSearch.

It is easy to deploy on the cloud.

I have not seen a return on investment with Splunk Observability Cloud yet, as we are relatively new to it.

My experience with pricing, setup cost, and licensing of Splunk Observability Cloud is that it is somewhat expensive, considering I am from Mexico and the market in Mexico is very different from the market in the USA. It is expensive, especially when there are other vendors that offer something similar for much cheaper.

The factors that led me to consider the change to Splunk Observability Cloud include performance and cost, and it depends on the customer. If the customer is a network user or partner with all Cisco solutions, Splunk Observability Cloud fits perfectly.

However, if we have a new customer that doesn't have any Cisco products, it might be better for them to use another solution that is easier to deploy and not as complete as Splunk Observability Cloud, especially if they only need one or two features.

My advice to other organizations considering using Splunk Observability Cloud is that if you want a comprehensive, consistent tool or solution, it is one of the leaders in the market because it integrates with the network side of their organization, including Cisco solutions. Regarding customers who don't come from the Cisco world, it is a good choice, depending on their use. However, for small customers or those that are not large companies, Splunk Observability Cloud may not be the best fit, as it is a comprehensive tool. In Mexico, we observe that customers claim they only need APM or infrastructure monitoring, a very basic requirement, and don't require the entire Splunk portfolio.

On a scale of one to ten, I rate Splunk Observability Cloud a nine.

My main use cases for Splunk Observability Cloud are indexing, dashboards, alerts, and reports.

The dashboards are the features of Splunk Observability Cloud that I appreciate the most, providing visual representation of all data and text. These features have benefited my organization by speeding up people's jobs, allowing a place to monitor all logs, as there are usually thousands of entries coming in which can become very disorderly. Users can monitor everything and write queries to organize the data and build dashboards to visualize it. This creates one-stop shops to get answers on how products and applications are performing, as opposed to having to jump onto servers and look through numerous logs.

The main improvement I would suggest for Splunk Observability Cloud would be offering the ability to implement custom apps, specifically allowing Python scripts that Splunk Cloud could host. Currently, we cannot create custom apps through Splunk Cloud. Additionally, continuous performance improvements for faster searching and indexing would be beneficial.

I have been using Splunk Observability Cloud for over the last year.

I would assess the stability and reliability of Splunk Observability Cloud as good. There have been some performance issues, though not necessarily crashes, occurring approximately 20% of the time or less.

Splunk Observability Cloud scales smoothly with the growing needs of my organization. There have been some cases of performance loss due to rapid onboarding. We are handling multiple terabytes of data daily, so we expect some hiccups, but otherwise, it has scaled effectively for our fast-paced migration.

My experience with customer service and technical support has been very present and super responsive. When we submit a case on Splunk support, they usually reach out within the same day or next day. They have consistently helped us resolve any issues we've encountered.

Positive

I used Splunk Enterprise before adopting Splunk Observability Cloud. While other parts of the company were leveraging different logging tools, we primarily revolved around Splunk. When Splunk Cloud became available as the next option, we were ready to migrate.

I haven't had personal experience with pricing, setup cost, and licensing as it's managed by our managerial side.

I have seen a return on investment with Splunk Observability Cloud through faster debugging and troubleshooting capabilities with enhanced observability. A significant return on investment comes from not having to host Splunk Enterprise ourselves. Having servers on Splunk's end allows us to focus more on development, monitoring, and our products, rather than maintaining our own local version of Splunk.

I would rate Splunk Observability Cloud overall as a solution 9 out of 10.

Currently, we are in the process of migrating from on-premises to Splunk Cloud as well as Observability. For metric-based monitoring, we can monitor via Observability and are migrating it there. We are setting up private locations to monitor synthetic tests, such as ping checks, port checks, and URL monitoring. The rest is metric-based monitoring, which is being done by Splunk using Splunk OTeL, which is an OpenTelemetry agent for Observability. This agent brings metrics from end devices to Observability. Based on these metrics, we set detectors and rules to trigger alerts.

Our observability is not yet live in production with Splunk Observability Cloud. It is currently being built, and we are adding new components, but it is not yet fully ready.

Comparing to Cloud, Splunk Cloud, or any other solution, the most valuable feature of Splunk Observability Cloud is that it is entirely based on metrics. The agent is also very lightweight compared to Splunk UF and does not consume much compute resources on the end server or host from which we are pulling data. However, it can only monitor metrics and cannot monitor logs.

Regarding how Splunk Observability Cloud has benefited our organization, we are yet to go live, but most of the configuration that requires conditions and triggers on Splunk Cloud involves writing queries. With Splunk Observability Cloud, the process is quite simple. We can directly get metrics flowing, set thresholds, and everything is UI-based. This requires less time to set up and use. I do not have that much visibility with Splunk Observability Cloud at this time as I am working as an administrator. It has helped us create dashboards for visualization purposes.

There is one thing that could be improved in Splunk Observability Cloud. We have the capability in Splunk to connect to Splunk agents such as Splunk forwarders from a deployment server and update the end agents and forwarders using server classes. We can push and update configurations from our own hosted servers without needing to access the end device. In Splunk Observability, the OTeL agent cannot be updated from our end. Every time we need to update, we have to reach out to users or gain access to the host to update the configurations. There should be a solution to update OTeL agents from Splunk Observability Cloud itself.

I have been working with Splunk Observability Cloud for approximately five to six months.

Splunk Observability Cloud is reliable based on my experience with stability and reliability so far.

We were facing some challenges with the stability of Splunk Observability Cloud regarding the login page. It was not working several times and was not accepting SSO authentication. The observability team found a solution for this issue, though I am not fully aware of the details. There were several times when opening the page did not directly log in and showed some errors.

I have not encountered any scenarios regarding the scalability of Splunk Observability Cloud. It should be good because it is cloud-based. I am not aware of the licensing model and how it scales or what the rules are for scaling.

I was not directly involved with technical support for Splunk Observability Cloud, but I am aware that my teammates reached out to support. They were finding issues regarding configuration, installation, and deployment of Observability for specific components. Since Observability is cloud-based and hosted by Splunk, the components we own on-premises are the OTeL gateways, agents, and private locations. They reached out to the vendor regarding these components, and the support was quite smooth. They have raised some bugs as well for the vendor to fix. I would rate the technical support from Splunk an eight out of ten.

Positive

Since it is cloud-based, Splunk Observability Cloud was ready to use upon deployment. The OTeL gateways were built by our team and required configuration. I was not part of that process but am aware that we needed to configure the OTeL gateways to route data to them as an endpoint and from there it would be ingested to Observability or forwarded to Observability. There were no significant issues with this process and it was quite smooth. However, configuring private locations on a few gateways was quite difficult to set up and maintain because Docker was going down at times. There were some issues that were discussed with Splunk vendor, and they provided guidance on how to fix them.

Our main use cases include synthetic monitoring, APM, RUM, alerting, detectors, dashboards, and all related functionality.

My favorite feature of Splunk Observability Cloud is the RUM because I like the RUM data. Splunk Observability Cloud has helped improve our operational performance and company's resilience, which was their initial offering. Without it, we wouldn't have any exposure and would be looking at raw data.

It can be improved through the integration of AI, which is either coming or already available.

I've been using Splunk Observability Cloud for two and a half years.

I've only experienced downtime, crashes, or performance issues when it isn't configured correctly.

Splunk Observability Cloud scales effectively with the growing needs of our organization; we simply need to pay more and ingest more data.

Prior to this, I wasn't using another solution to address similar needs.

I've seen ROI with Splunk Observability Cloud, though I cannot specify the exact amount. We would be unable to track user access issues without it, which would result in significant losses.

I use the cloud almost exclusively and am still learning some features. I handle synthetic monitoring, but don't manage all integrations or usage aspects. I need to explore the AI-powered analytics and guidance, as we haven't implemented it yet. The out-of-the-box customizable dashboards are effective because they contain all the necessary base components.

On a scale of one to 10, I would rate Splunk Observability Cloud as an eight. I appreciate the cloud because it provides more visibility into the user's path. It's quite good, though the observability aspect is somewhat complicated, primarily due to my limited experience with it.

We use Splunk in APM to monitor our applications. So, we integrated it into our systems to enhance our monitoring and observing capabilities, especially for our microservices. 

So, we have used Splunk APM for this.

APM integrates well with Splunk’s other observability solutions. These logs with application performance monitoring can significantly impact our business in several positive ways, like troubleshooting and root cause analysis. 

Using these logs with APM, we can collaborate performance metrics with log data. It allows us to pinpoint the exact cause of issues, such as identifying specific errors in the logs. Because of this, we have access to faster resolution and detailed logs alongside performance metrics, enabling quicker diagnosis and resolution of problems. It also helps us minimize downtime and improve system reliability. 

Additionally, it improves our performance optimization with detailed insights and analyzing historical log data along with APM metrics. This allows us to understand long-term trends and make informed decisions about performance improvements and better user experience, like error reduction and proactive monitoring.

Splunk has reduced our mean time to resolution by 30%. 

If there is any issue in Splunk; we’ll identify the issue first and look for the error messages, like alerting with the Splunk user interface or in the logs that might indicate what the issue is and then determine which part of Splunk is affected. 

Then, we’ll refer to the Splunk official documentation and check the system's health. We’ll review the logs. By following these steps, I can resolve the issues with Splunk, ensuring that our monitoring and analytics capabilities remain effective.

Mainly, I like Splunk APM because it will show the errors compared to other tools. We use the dashboards to monitor our applications. It will tell us the errors, and we can solve them quickly.

I have used APM but haven’t used Trace Analyzer, though I have some knowledge of it. We are able to implement it. We have some Trace Log Points in Splunk APM to catch the errors. We have a special graph for it where we can see the red points.

We use OpenTelemetry. OpenTelemetry and Splunk APM are similar in terms of observability and monitoring. We use it for observability standardization, which allows us to collect traces and metrics, making it easier to work with different monitoring tools, including Splunk APM. It is more flexible because it allows us to instrument our applications without being locked into a specific monitoring vendor. 

It supports collecting traces, metrics, and logs from our applications, providing a comprehensive view of our performance and health endpoints. This data can be fed into Splunk APM, giving us in-depth analysis and insights about our application.

Splunk APM is a robust tool with many capabilities. There are always areas for potential improvement to enhance its functionality and user experience. 

For Splunk APM, there could be simplified navigation, like streamlining the user interface to make navigation more intuitive for our users, especially those new to APM, which can enhance usability. We can provide more customization options for dashboards and visualizations to help users tailor the platform to their specific needs. 

There could be more integration capabilities with a wider range of third-party tools and platforms would also be beneficial. By focusing on these areas, Splunk APM can enhance its value proposition, improve user satisfaction, and better meet the evolving needs of organizations monitoring their application performance.

I have been using it for a year. 

I never had an issue with the stability. It worked fine. 

My team has used alternatives to Splunk APM, like Datadog and New Relic.

The initial setup was easy. To fully deploy it, we had to add some signal effects into our applications and just deploy it. It took like 20 minutes. That’s it.

We took some help from our teams and my senior manager and also from other teams across our company. We connected and did all this together.

For deployment, one person can do it, actually, but as we are junior developers, we took help from our senior manager, like three to four people. 

Splunk is good like this now. I don’t think any updates would be required, but there are some regular updates and upgrades of Splunk APM, like software updates, version upgrades, and all. 

These provide more powerful monitoring capabilities and help ensure the system remains reliable, secure, and aligned with organizational needs. Regular updates, performance tuning, and proactive management help in maximizing these benefits of the Splunk solution.

We’ll see the results after the deployment. It’s not that late, and that’s the reason we are using Splunk APM.

 Splunk made our job easier in a way. It will give the points when we use any dashboards, and there are no delays in everything, like performance. It will give the error issues very clearly, and it will monitor 24/7. It will show the issues, and it is very effective. It will pinpoint the exact cause of the issues, and it will help us troubleshoot the issues very fast.

It benefits the IT staff in other teams, like operations, improves efficiency, and manages the IT environments more effectively. When it centralizes the logs and search analytics, the powerful capabilities allow IT teams to perform in-depth troubleshooting, identify root causes, and analyze complex issues with ease. 

Splunk also provides real-time visibility into IT infrastructure, and we have connected with cross-functional teams around our team to work with Splunk APM. It supports proactive management, enhances security, and improves operational efficiency. It facilitates better collaboration across the team.

The pricing is  based on several factors, including the scale of deployment. The pricing model typically includes considerations like the number of hosts, features, and capabilities. 

Overall, I would rate the solution a nine out of ten.