Splunk Observability Cloud Reviews

Our use cases have not been completely sorted and executed. In that case, if this has been done and we know the way forward, the stabilization is more complete. This is not yet stabilized, and I would say at the moment, the focus is more on creating alerts and incidents, rather than how the user can view Splunk ITSI. That focus has not yet been set. Once it is done, I think that would help.

If there is an issue or challenge in Splunk at the product level, Splunk's internal log will call out every problem it is facing, which will help us to identify the root cause and fix it. This gives us a clue about what to do next if there is a problem we can understand the issue from the reports.

The alerts are the most valuable feature.

I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective.

The implementation can be more user-friendly.

I have been using the solution for a few months.

The solution is stable.

The Splunk technical support meets all the SLAs. There's a P1, P2, and P3 categories, and the support is being handled accordingly.

Positive

It is not possible to set up the solution without the assistance of Splunk professionals. A professional services representative must be present to handle the Splunk ITSI implementation.

The implementation requires either Splunk for PS or the hiring of a Splunk Certified Resource. We used a Splunk architect for our implementation.

I give the solution an eight out of ten. 

I suggest using Splunk Professional Services for enrollment review. Splunk has a set of recommendations for keeping our data clean and structured when logging into Splunk, which will make our application infrastructure monitoring more effective. Splunk also has best practices that need to be implemented. We can take care of this in one call, and Splunk inputs may help us make it even better.

We have used Splunk to give us insight into the NetFlow of the traffic running through our network. We connect different networks but we only use on-prem. We are in the middle of a spider web, providing these services to different networks. We are trying to gain visibility into the traffic that traverses our network internally.

We are interested in the traffic volume because the services we are looking at are endpoint-encrypted, meaning encrypted traffic between a service provider and a client in another network. So we are not able to look into the media stream.

The networks we are connecting have their own security boundaries and their own security levels, and we don't mess with that. We are just trying to let them talk together. 

We have been using Splunk for monitoring who is logging in and how and when.

It has given us visibility into what is going on in the network, such as how much traffic is running to and from the services, but we are not using Splunk in a straightforward way. When we are looking into reports on how much data has been used, we need to look into another system and enrich it with data from Splunk.

Splunk has drawn our attention to how the network is running. If there are alarms on things that are not functioning, it gives us early warning on problems that could arise.

In terms of operational performance, the efficiency, Splunk has helped us improve. We could have found other tools that would have given us the same efficiency, but this was the tool that we chose. From that perspective, it has been of value to us.

It would have helped us reduce our mean time to detect but I can only guess at how much; perhaps by 25 percent. And we would see a similar reduction for mean time to resolve.

It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.

We have been using Splunk for about eight years.

We have not looked at Splunk as a means of being able to scale, but we have not been hindered by using Splunk. Our goal has not been growth, but maintaining stable and secure networking, and this is what we have achieved. But with or without Splunk, we would have achieved that anyway.

We really haven't had any technical issues where we involved Splunk's support.

We did not have a previous solution like Splunk, other than in-house-developed tools. We got acquainted with Splunk as part of the tender for our network infrastructure, and from that perspective, it has been okay.

Splunk has been fairly expensive, but it has been predictable. You are not punished if you are looking into much more data if you are, for example, under attack. Other tools could be more expensive to use if they charge per incident or the amount of data you are looking into. With other solutions, you could be punished if you need to index more data because of an attack, such as a DDoS attack, and you need to do some forensics on the data.

Why shift to something you don't know when you are, perhaps, happy enough with the tool that you already have? Think about whether you could develop that tool into something that would give you the visibility you would like to have, instead of using Splunk. Are you looking into incidents, traffic flows, indexing per day, or is the issue that you're looking for an alternative with a better price? Think about why you are considering shifting from a tool that you already know.

My customers used the solution for application performance in uptime and networking.

Splunk Infrastructure Monitoring has helped our customer's organization by making troubleshooting easier. The solution helped them have a centralized place where they could dig in across multiple other tools and consolidate all the information in one place.

Splunk Infrastructure Monitoring provided our customers with visibility into their overall infrastructure. They could quickly start identifying where the problems were coming from. If something was going sideways, they could more easily target the specific pathways.

One of our customers was on-premises. The other was a hybrid with on-premises and private cloud.

I was on a team helping them build a brand new tool, which was instantaneous. Another team got it a while ago, and they weren't sure what to do with it. So, we came in and helped them over a six-week engagement. We pivoted them from not feeling like they were getting all that much value to getting good value. It was more of a learning curve situation.

Splunk's unified platform has helped our customers consolidate networking, security, and IT observability tools. I was on the team of a company that was helping build a brand-new monitoring solution. They had probably a dozen separate stand-alone silo tools that could not talk to each other.

Instead of logging on to 12 different places to check each tool individually, Splunk Infrastructure Monitoring helped consolidate everything into a single location for viewing. We didn't get them to the point where they were ready to fully decommission the other systems.

They were going to decommission 12 systems on the six-month game plan. By now, they would have realized the cost savings. It would have been a multimillion-dollar savings for them.

Our customer, with 12 separate systems, was all on-premises. Part of our other customer's footprint was in AWS. It was incredibly easy for our customers to monitor multiple cloud environments using Splunk Infrastructure Monitoring. It was a combination of cloud and on-premises for our customer.

The solution provided them with a single pane of glass where they didn't have to log into multiple places and see everything in a single location. You can develop dashboards that give you cross-platform visibility, which is a huge win.

A wide variety of logging makes log onboarding difficult. Over the years, Splunk has done various things to make it easier, so I want to give them props for that. However, the reality is that every vendor has its own logging format. Some vendors have multiple log formats because they change their own products over time.

They have different log formats for different products in their own suites, and no industry standard makes it chaotic. Splunk is probably the best product out there in terms of how they handle it, but it's not perfect yet. They need to keep pushing that cutting edge and trying to improve it. I have no idea how they could do that because they're trying to wrangle chaos, and it's hard.

I have been using Splunk Infrastructure Monitoring for two years.

I think Splunk Infrastructure Monitoring is a solid product from an infrastructure perspective. I haven't seen any bugs in the tool. Like many things with Splunk, everybody knows there will be patches when there's a core upgrade. However, that's more with Splunk Core and not specifically the Splunk Infrastructure Monitoring part.

The solution's scalability is wonderful. I've worked with customers as small as 25 gigs a day, which is tiny, all the way up to close to a petabyte a day. You have to make sure you scale the tool intelligently, but it's more of a budgetary constraint than a technical one. The solution handles the big ones beautifully if you have the budget to have the needed hardware.

Splunk's technical support has significantly improved in the last year. The support went through a rough patch about a year and a half ago. I had to coerce customers to use it because it was really bad there for a while. Splunk's support has vastly improved recently, and I hope it continues to improve.

Those people who changed the attitude, mindset, and processes need all the accolades because it's so much better than it was. Unfortunately, that does mean that it was really bad at one point.

Splunk's technical support still has some room for improvement in certain areas. Mostly, you can tell the more junior people who just read off of a script and really don't know where to go. I always introduce myself as a consultant to let the support person know that I have already done the basic introductory troubleshooting, and they can skip the first ten pages in their script.

Some frontline people in Splunks' support team are wonderful and clearly have more experience. However, it is still obvious that they occasionally bring in somebody brand new who's a little lost.

I rate the technical support seven and a half to eight out of ten.

Positive

I've worked with Core Splunk as a consultant for seven years and was a customer for seven years before that. So I've seen it all: the good, the bad, the ugly, and everything in between. Usually, the actual building of Splunk is super easy because I've done it so many times. Every customer's environment is unique in terms of how to get the data.

It's more about navigating the local customer's politics and archaic technical debts. Somebody thought that a certain architecture was a good idea ten years ago, but today, that doesn't make any sense whatsoever. Wrangling customer chaos is hard, but the Splunk piece is usually easy.

There's always room for improvement, but Splunk Infrastructure Monitoring is a solid product overall. It definitely helps customers who have a lot of legacy systems that don't work well together.

Overall, I rate the solution an eight out of ten.

We use Splunk Infrastructure Monitoring because it is a durable solution for our environment.

Splunk Infrastructure Monitoring is easy to use.

The dashboards are good.

Splunk Infrastructure Monitoring has helped improve our operational performance and efficiency. 

Splunk Infrastructure Monitoring has helped reduce our MTTD by 90 percent.

Our MTTR is good thanks to Splunk Infrastructure Monitoring.

The most valuable feature is log reporting.

The price has room for improvement.

I have been using Splunk Infrastructure Monitoring for five years.

I would rate the stability of Splunk Infrastructure Monitoring ten out of ten.

Splunk Infrastructure Monitoring is scalable.

I have used the technical support a few times and they were good.

Positive

I would rate the price of Splunk Infrastructure Monitoring as an eight out of ten, with ten being the most expensive.

I rate Splunk Infrastructure Monitoring ten out of ten.

Splunk Infrastructure Monitoring is a good service that provides visibility into our environment.

I recommend Splunk Infrastructure Monitoring to organizations for the logs that will help identify errors in their devices and assist them in resolving the issues.

One person is required to maintain Splunk Infrastructure Monitoring.

I use Splunk primarily from a gateway operations perspective. I work on application support. As part of that support, we regularly monitor the application dashboards built in Splunk using the logs. I covered this earlier this month.

The real problem we were facing was that we were unable to get all of our logs into a single place. We have an on-premise application with multiple servers across different data centers, and we needed to be able to view all of the logs together in order to troubleshoot any problems. That's why we started using Splunk to forward all of our logs to a single location.

Moreover, Splunk APM gives us end-to-end visibility across our entire on-premise environment. 

Another biggest benefit I've seen is the ability to quickly identify problems using Splunk alerting. We set up alerts against our application metrics, and this has helped us to resolve major issues much sooner. We can now identify problems as soon as they occur, which gives us time to take corrective action before they impact our users.

Splunk has reduced the amount of time our operations team spends investigating problems. This has freed up our engineers to focus on other tasks, such as improving our application performance and adding new features.

I like the fact that Splunk APM makes it easy to connect to the application database and run queries against the data. I also like the fact that Splunk APM allows me to use log forwarders to forward logs to a central location, where I can then build dashboards to view the data. The dashboards are probably my favorite feature of Splunk APM.

I've been using the Splunk query language, and it can be a bit time-consuming to set up the queries I need. I've had to look at a lot of community forums to find the filters I need, and it can be difficult to get the details I need.

I have experience building dashboards and other things with Splunk APM.

I've been using Splunk APM for over a year now. As part of my job in application support, I regularly create and maintain dashboards for our applications using Splunk APM. I also use dashboards to create alerts based on certain metrics.

Moreover, I'm currently working on a project to create a new dashboard for our customer support application.

The stability of the solution is good because I have never had outages I have seen so far. In terms of usage, it's good in terms of availability.

I haven't had to contact the support yet. We have a separate team that maintains and builds our relationship with Splunk, so they would be the ones to contact if we had any issues.

The solution doesn't require any maintenance. 

We used New Relic and AppDynamics before Splunk. AppDynamics was our APM tool, and I'm still using New Relic for monitoring Splunk. New Relic is great for log monitoring, and it's our main tool for internal application monitoring.

With Splunk APM as an enterprise solution, various factors come into play. Right now, considerations include pricing and how they envision the solution to work for them. Some might want the solution to be cloud-based. It largely depends on the volumes they anticipate. Organizations must decide how much they're willing to invest, especially when comparing it to other investments they've made. With the current economic recession and organizations looking to cut costs, it's crucial to evaluate the volumes and aspects of Splunk that are most relevant to them.

Overall, I would rate the solution an eight out of ten. 

We primarily use the solution for network monitoring and to identify threats. It is a security measure. 

If anything suspicious happens in the banking system, the solution would be able to identify the threat. We've also been able to identify malicious domains and phishing attacks. 

The product provides a lot of valuable features. 

It's helpful for identifying threats. The solution helps protect against phishing and malicious domains.

We we see any spikes in the CPU, it might be a sign of suspicious activity, and we can monitor it to protect our company. 

It's a very easy-to-use solution. It's simple to install and configure.

The solution is stable.

It is scalable.

They need to offer better endpoint protection. They don't have their own platform for endpoint protection. It would be helpful if they added something that addressed that. They need more EDR functionalities. 

Support could be faster. 

I've used the solution for five years now. 

The solution is stable. It's reliable and the performance is good. There are no bugs or glitches and t doesn't crash or freeze. 

The solution is really scalable. You can easily add more components and different vendors. 

We're an IT service provider. We don't use Splunk ourselves. However, a bank we work for has about 500 employees right now that would be leveraging Splunk. 

We tend to support our customers. We can troubleshoot for customers.

We also use Splunk technical support, and they aren't too bad. They could be faster and improve their response time. 

We also use Cisco for EDR since Splunk doesn't really have any EDR options. 

The simplicity of the setup is great. It's easy to configure. Splunk is very straightforward. 

To have the solution up and running, you can deploy it in three hours. There might be more integration that needs to be done on top of that. There are a few other items that may make the deployment a bit longer, depending on the setup. 

Installing the system is very easy. However, for it to be useful, you need to customize it to integrate with your current use cases. You might have to spend some time testing use cases. It's important to understand the use cases before doing the configurations.

We have a manager and a few engineers that can handle deployment and maintenance tasks. 

We're a service provider and can implement the solution for clients. 

We use a free version of the solution. There is also an enterprise option as well. 

The product has a fairly flexible licensing model. You buy based on your requirements, whether it is six months or a year.

We are using the latest version of the product. 

I'd rate the solution eight out of ten.

We use Splunk to monitor some devices in the company. We have several cloud groups for monitoring the energy companies in the state. The stack has several devices to monitor if you have a problem. There is a mixture of solutions.

The solution monitors the system in real-time. We can find the resources and investigate security incidents. Splunk and another solution, AppDynamics, monitor several devices.

We integrate Splunk with a data collection solution, and it plugs in the users to collect data at several points in the network and infrastructure. The data is indexed in Splunk, which can be visualized in different dashboards. Monitoring for fraud is critical for the company because you have to resolve many problems in the infrastructure with federal information in the dashboard. 

The company has many systems that the customer pays to access. Splunk APM issued via AppDynamics helps find problems in the feed. It reduces the risk of supervising all the devices. I can supervise the flow and simulate the conditions of the repository across several dashboards to show what's happening at the moment.

The dashboards are used mainly to visualize information about the infrastructure, but it isn't easy to construct or use the dashboards. While we tried to resolve the issue by calling support, it would be easier if they had an AI co-pilot to identify the problem and help you solve it. 

I have been using Splunk APM.

Splunk APM isn't easy to scale because you have to follow the steps and implement best practices, which can be a little awkward.

I rate Splunk support 10 out of 10. We had good documentation, and the support team at Splunk has a lot of experience with code and the tool. 

Positive

I haven't had any problems deploying Splunk. When I installed Splunk for the first time, I thought the product line was complex because I had to build the solution. After working on it for a while, it has become easier to do the solution next time.

Splunk APM is a crucial tool because it controls all the systems and solves a lot of problems.

I rate Splunk APM 8.5 out of 10. It's an excellent solution.

I use the solution in my company for our customers who use the tool for auditing and compliance in the area of DoD/AC. My company's customers have compliance controls, and STIG controls that they have to satisfy for their ETL processes.

The tool has helped our customer's organization in achieving compliance control. When our customer's organization has an inspection or when the DoD inspects their infrastructure, they can show their auditors that they are compliant. They can show the auditors the dashboards and verify that they are ingesting data from the sources and how all their hosts are being monitored. They can show everything to auditors, check the box, make sure that everything looks green, and then they continue to have authorization to operate.

The most valuable piece of Splunk Infrastructure Monitoring for our company's customers revolves around the data for everything. Everything produces data, and all the data can get ingested, whether it is Windows, RHEL, VMware products, Pure Storage products, or a custom product. Configuring data ingestion and performing everything in Splunk Infrastructure Monitoring is possible. At the same time, a lot of the other SIEM tools focus on a specific type of data. The benefit of Splunk Infrastructure Monitoring is that one can see all their data in one place.

There is not a lot of support for the tool's on-premises version, especially since everything is on the cloud. In my company, we had a really good demo this morning on Keynote, which touches on the APM part, and it was super cool. There was also a demo on AI assistant, which was super cool. It is hard to increase the options for a particular customer when so much of the stuff is limited to the cloud, and there is so much focus on the cloud part.

I have been using Splunk Infrastructure Monitoring for three years for my customer, who has been using it for longer than when I started to use it.

The tool's stability is great.

The tool's scalability is great. My company just moved Splunk from VMs to containers for our customers, so I would say that we have put it on Kubernetes on Tanzu, which has been great for them.

Support is an area I have not really reached out to on behalf of our customers. I usually just go to Splunk Answers or rely on my colleagues to get what I need. My company has never opened a support ticket with Splunk for our customers.

I don't know what one of my company's customers had used before Splunk Infrastructure Monitoring. They may have used some other solutions, but I have been on contract with them for three years.

In terms of ROI, I can say that I have seen a decreased amount of time spent on our company's end validating data ingested from an auditing perspective, especially when we are talking about their authorization to operate. With the tool, it is much quicker to view all your data in one place than it is to go show an auditor 15 different data sources. You can show it all together to the auditor.

Licensing cost is the biggest argument I get from those divesting from Splunk. There are those within our organization who say we are going to go to other tools since Splunk is too expensive. Till now, I have been able to ask others to look at the value Splunk adds to the company, and I have been able to convince them that it is worth it, but that might not always be the case if licensing continues to be an issue, especially if costs continue the way they are and if other solutions offer more competitive pricing for similar results.

The tool is not used to monitor multiple cloud environments.

It is not important for our company that Splunk Infrastructure Monitoring provides end-to-end visibility into your cloud-native environment.

The tool has helped improve our organization's business resilience.

The tool does the job very well. It is easy for me to use, especially as a trained person in Splunk products. The tool also does the job very well. With the tool in place, I can get Windows or RHEL. I can do things like scripted input on a forwarder. Splunk Universal Forwarder are so much more than if I just use Syslog, for example, to just get data. I can do a lot more with Splunk than just ingesting data via something like Syslog.

I rate the tool an eight out of ten.