Splunk Observability Cloud Reviews

I use Splunk primarily from a gateway operations perspective. I work on application support. As part of that support, we regularly monitor the application dashboards built in Splunk using the logs. I covered this earlier this month.

The real problem we were facing was that we were unable to get all of our logs into a single place. We have an on-premise application with multiple servers across different data centers, and we needed to be able to view all of the logs together in order to troubleshoot any problems. That's why we started using Splunk to forward all of our logs to a single location.

Moreover, Splunk APM gives us end-to-end visibility across our entire on-premise environment. 

Another biggest benefit I've seen is the ability to quickly identify problems using Splunk alerting. We set up alerts against our application metrics, and this has helped us to resolve major issues much sooner. We can now identify problems as soon as they occur, which gives us time to take corrective action before they impact our users.

Splunk has reduced the amount of time our operations team spends investigating problems. This has freed up our engineers to focus on other tasks, such as improving our application performance and adding new features.

I like the fact that Splunk APM makes it easy to connect to the application database and run queries against the data. I also like the fact that Splunk APM allows me to use log forwarders to forward logs to a central location, where I can then build dashboards to view the data. The dashboards are probably my favorite feature of Splunk APM.

I've been using the Splunk query language, and it can be a bit time-consuming to set up the queries I need. I've had to look at a lot of community forums to find the filters I need, and it can be difficult to get the details I need.

I have experience building dashboards and other things with Splunk APM.

I've been using Splunk APM for over a year now. As part of my job in application support, I regularly create and maintain dashboards for our applications using Splunk APM. I also use dashboards to create alerts based on certain metrics.

Moreover, I'm currently working on a project to create a new dashboard for our customer support application.

The stability of the solution is good because I have never had outages I have seen so far. In terms of usage, it's good in terms of availability.

I haven't had to contact the support yet. We have a separate team that maintains and builds our relationship with Splunk, so they would be the ones to contact if we had any issues.

The solution doesn't require any maintenance. 

We used New Relic and AppDynamics before Splunk. AppDynamics was our APM tool, and I'm still using New Relic for monitoring Splunk. New Relic is great for log monitoring, and it's our main tool for internal application monitoring.

With Splunk APM as an enterprise solution, various factors come into play. Right now, considerations include pricing and how they envision the solution to work for them. Some might want the solution to be cloud-based. It largely depends on the volumes they anticipate. Organizations must decide how much they're willing to invest, especially when comparing it to other investments they've made. With the current economic recession and organizations looking to cut costs, it's crucial to evaluate the volumes and aspects of Splunk that are most relevant to them.

Overall, I would rate the solution an eight out of ten. 

We use Splunk Infrastructure Monitoring to get an overview of what's happening in our customers' infrastructure. We're monitoring our servers, network, IoT devices, etc. We're a service provider, so the solution is installed in one place. 

Splunk Infrastructure Monitoring has enabled us to be more proactive. We can identify and respond to an issue before there is a failure. It has helped us significantly. For example, if somebody is attacking us we can detect that there is an increase in traffic and investigate to see if it's legitimate. We can block them or take other actions before it becomes a problem. 

Splunk Infrastructure Monitoring gives us complete visibility without the need for storage. We can visualize our infrastructure. Where is the traffic going? Are there any attacks? What are our vulnerabilities?

Splunk could be better integrated with configuration manager solutions so we can automatically resolve issues without human interference. 

We have used Splunk Infrastructure Monitoring since 2015.

Splunk Infrastructure Monitoring is stable. 

Splunk is scalable. It's easy to add more devices as needed. 

I rate Splunk support an eight out of ten. 

Positive

Before Splunk, we used multiple vendors, including Cisco, SolarWinds NPM, and WhatsUp Gold. 

The deployment process isn't complicated. We installed Splunk on a VM and started it. We have a team to deploy and monitor it.

Splunk is worth the investment. When an incident happens, you need reports immediately, and Splunk is the best monitoring solution for this. 

Splunk is expensive, but it's the best solution for the job. 

I rate Splunk Infrastructure Monitoring a nine out of ten. Splunk is a responsive piece of software. It's user-friendly and easy to get the data you need. I advise people to take the time to learn how to create reports and analytics.  

We have used Splunk to give us insight into the NetFlow of the traffic running through our network. We connect different networks but we only use on-prem. We are in the middle of a spider web, providing these services to different networks. We are trying to gain visibility into the traffic that traverses our network internally.

We are interested in the traffic volume because the services we are looking at are endpoint-encrypted, meaning encrypted traffic between a service provider and a client in another network. So we are not able to look into the media stream.

The networks we are connecting have their own security boundaries and their own security levels, and we don't mess with that. We are just trying to let them talk together. 

We have been using Splunk for monitoring who is logging in and how and when.

It has given us visibility into what is going on in the network, such as how much traffic is running to and from the services, but we are not using Splunk in a straightforward way. When we are looking into reports on how much data has been used, we need to look into another system and enrich it with data from Splunk.

Splunk has drawn our attention to how the network is running. If there are alarms on things that are not functioning, it gives us early warning on problems that could arise.

In terms of operational performance, the efficiency, Splunk has helped us improve. We could have found other tools that would have given us the same efficiency, but this was the tool that we chose. From that perspective, it has been of value to us.

It would have helped us reduce our mean time to detect but I can only guess at how much; perhaps by 25 percent. And we would see a similar reduction for mean time to resolve.

It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.

We have been using Splunk for about eight years.

We have not looked at Splunk as a means of being able to scale, but we have not been hindered by using Splunk. Our goal has not been growth, but maintaining stable and secure networking, and this is what we have achieved. But with or without Splunk, we would have achieved that anyway.

We really haven't had any technical issues where we involved Splunk's support.

We did not have a previous solution like Splunk, other than in-house-developed tools. We got acquainted with Splunk as part of the tender for our network infrastructure, and from that perspective, it has been okay.

Splunk has been fairly expensive, but it has been predictable. You are not punished if you are looking into much more data if you are, for example, under attack. Other tools could be more expensive to use if they charge per incident or the amount of data you are looking into. With other solutions, you could be punished if you need to index more data because of an attack, such as a DDoS attack, and you need to do some forensics on the data.

Why shift to something you don't know when you are, perhaps, happy enough with the tool that you already have? Think about whether you could develop that tool into something that would give you the visibility you would like to have, instead of using Splunk. Are you looking into incidents, traffic flows, indexing per day, or is the issue that you're looking for an alternative with a better price? Think about why you are considering shifting from a tool that you already know.

We primarily use the solution for network monitoring and to identify threats. It is a security measure. 

If anything suspicious happens in the banking system, the solution would be able to identify the threat. We've also been able to identify malicious domains and phishing attacks. 

The product provides a lot of valuable features. 

It's helpful for identifying threats. The solution helps protect against phishing and malicious domains.

We we see any spikes in the CPU, it might be a sign of suspicious activity, and we can monitor it to protect our company. 

It's a very easy-to-use solution. It's simple to install and configure.

The solution is stable.

It is scalable.

They need to offer better endpoint protection. They don't have their own platform for endpoint protection. It would be helpful if they added something that addressed that. They need more EDR functionalities. 

Support could be faster. 

I've used the solution for five years now. 

The solution is stable. It's reliable and the performance is good. There are no bugs or glitches and t doesn't crash or freeze. 

The solution is really scalable. You can easily add more components and different vendors. 

We're an IT service provider. We don't use Splunk ourselves. However, a bank we work for has about 500 employees right now that would be leveraging Splunk. 

We tend to support our customers. We can troubleshoot for customers.

We also use Splunk technical support, and they aren't too bad. They could be faster and improve their response time. 

We also use Cisco for EDR since Splunk doesn't really have any EDR options. 

The simplicity of the setup is great. It's easy to configure. Splunk is very straightforward. 

To have the solution up and running, you can deploy it in three hours. There might be more integration that needs to be done on top of that. There are a few other items that may make the deployment a bit longer, depending on the setup. 

Installing the system is very easy. However, for it to be useful, you need to customize it to integrate with your current use cases. You might have to spend some time testing use cases. It's important to understand the use cases before doing the configurations.

We have a manager and a few engineers that can handle deployment and maintenance tasks. 

We're a service provider and can implement the solution for clients. 

We use a free version of the solution. There is also an enterprise option as well. 

The product has a fairly flexible licensing model. You buy based on your requirements, whether it is six months or a year.

We are using the latest version of the product. 

I'd rate the solution eight out of ten.

Our use cases have not been completely sorted and executed. In that case, if this has been done and we know the way forward, the stabilization is more complete. This is not yet stabilized, and I would say at the moment, the focus is more on creating alerts and incidents, rather than how the user can view Splunk ITSI. That focus has not yet been set. Once it is done, I think that would help.

If there is an issue or challenge in Splunk at the product level, Splunk's internal log will call out every problem it is facing, which will help us to identify the root cause and fix it. This gives us a clue about what to do next if there is a problem we can understand the issue from the reports.

The alerts are the most valuable feature.

I don't see any issues yet because my use case has not been finalized. The point is, if anyone is going to acquire Splunk ITSI, their primary purpose should be to ensure that all infrastructure assets in production are logged into Splunk to ensure complete monitoring is enabled. Each organization has its own criteria for the importance of its applications and servers. All of these must be added for the monitoring to be effective.

The implementation can be more user-friendly.

I have been using the solution for a few months.

The solution is stable.

The Splunk technical support meets all the SLAs. There's a P1, P2, and P3 categories, and the support is being handled accordingly.

Positive

It is not possible to set up the solution without the assistance of Splunk professionals. A professional services representative must be present to handle the Splunk ITSI implementation.

The implementation requires either Splunk for PS or the hiring of a Splunk Certified Resource. We used a Splunk architect for our implementation.

I give the solution an eight out of ten. 

I suggest using Splunk Professional Services for enrollment review. Splunk has a set of recommendations for keeping our data clean and structured when logging into Splunk, which will make our application infrastructure monitoring more effective. Splunk also has best practices that need to be implemented. We can take care of this in one call, and Splunk inputs may help us make it even better.

Our primary use case for SignalFx was visualization, charting, and alerting. We also used it to fix our µAPM.

For one project I was working on, at least 15,000 people were using SignalFx. They used to monitor their application health in the SignalFx dashboard and get alerts from SignalFx. The users had different job profiles, such as engineers and architects.

One of the valuable features is that it is very user-friendly. We can directly search for a metric and create alert charts straightaway. There are multiple visualization options to create charts that allow users to create detectors and alerts and integrate them with downstream applications for getting notifications.

Moreover, the volume it handles is very good, including the number of metrics, the volume number of traces, and more.

There are some predefined metrics where we can directly install the SignalFx agent. It gives some informative CPU utilization where some things are inbuilt. But for specific applications, we may need to create customized metrics. Here, developer teams have an additional burden of creating the whole thing if they need to customize anything. The additional feature metric could be a custom metric edition. It would make it simple for any user or engineer to go beyond the default metrics and easily choose to add more metrics. It will help share dashboards, so when we have a single version, thousands of people can use the same single version of the dashboard.

The sharing option and custom metric would be the two additional features I would like to see in the improved version.

I used SignalFx for six to eight months for my previous project, and the version I used was Splunk Observability. I used it last in October 2022; I am not using it right now.

It is a stable product. There used to be some unplanned maintenance or intermittent issues. Most of the time, we used to get alerts or notifications from the SignalFx team. So, out of 100, I would give it a 90. It was stable, but in that 10% of the occurrence, we faced various problems like loading traces, dashboards, and more. In that project, we had a limit of detectors and a limit of a metric time series, and several subscribed metrics. So, we used to get some notifications when it reached 80% or 90% of the usage. Thus, it is completely related to the subscription. But we faced the fact that the number of MTS reached the limit.

In terms of stability, we faced intermittent issues so I won't give it a 100%; it is 90%.

It is scalable. Although the scalability depends on the subscription model, there are some related requests according to cost. For example, if I want to increase the metrics by up to 30%, store more metrics, or create more alerts, I can easily do it without impacting anything. For all those things, it is scalable.

I used to create a support case in the SignalFx portal itself, and I used to call them on their toll-free number and engage them with issues. So I had some experience with their team and I rate them an eight out of ten.

I would rate it an eight because customer support won't provide back-to-back service. If I expect updates every hour, sometimes I may not get updates every hour. For example, if I need someone to explain the issue, there might be delays. If I need to get some root cause of an issue in real-time, that might take time. So considering these factoes, I rate them an eight out of ten.

Positive

I have used some observability tools like Splunk, Instana, and Grafana. I found SignalFx the best one for visualization, and it is user-friendly too. For example, you can directly search for a metric, and we can create alert charts immediately. So there will be multiple visualization options to create graphs. From there, we can directly create detectors, create alerts, and integrate them with other downstream applications for getting notifications.

The initial setup was simple, and we used some package installers. We had a restrictive code for binaries in Artifactory. So we directly used some package installers and pulled it in individual service. Also, it was integrated with Puppet, so installing the SignalFx agent and starting it was simple.

I wanted to manually install, deploy, and download it on a single server, and the whole manual procedure took around 10 to 15 minutes. When I tested a group of services with the help of Puppet, even hundreds of servers were done within an hour or something. 

So I was working on a banking project, and we had a private cloud there; SignalFx agents were installed on servers, and our metrics were derived from there.

My company used an inbuilt application built by in-house developers, which was developed 15 years ago. Those tools were somewhat outdated and could not serve the purpose of the ever-growing volumes and other issues. So they preferred to have some third-party tool to solve their problems, and they found SignalFx useful. As a user, I also thought SignalFx was much better than other visualizations.

I would definitely recommend SignalFx. Compared to other installation tools, creating alerts, understanding charts, and creating dashboards is more straightforward. 

The functions are complex but SingalFx is very user-friendly. There is very defined documentation for everything, whether I have to create an alert or use some aggregation. We will have a direct link that says something like, "Click here to read more" or  "Click here to understand." Such links are there for everything. Moreover, if I want to create an alert, there will be multiple options; it will say, "What is the time of alert?" or "What is the threshold base?" All these details will be there; you will have a link to detailed documentation. It is a very user-friendly tool for any beginner. 

I would rate it as nine out of ten. 

We mostly work with developers. They run some pipelines, and they use Splunk as a platform to identify the errors, instead of themselves debugging the logs and understanding what the issue is. This is one side of the business. On the other side of the business, we use the Splunk database for frozen buckets where we archive the data.

We can easily integrate it with other tools for monitoring our entire IT data infrastructure. I also handle AppDynamics. We have integrated Splunk and AppDynamics. With one click, we can understand what the actual issue is. It brings down the time to resolve. We have had some good experiences.

It improves our operational efficiency every day. In my previous company, we had integrated it with ServiceNow. For defined alerting conditions, it could directly open up a ticket for the right team. We did not have to look into a thousand cases to understand a problem.

In terms of integrations, most of the plugins are already available. If a plugin is not available, even then it is pretty easy to integrate. There are multiple ways to integrate. You can use the REST API and just forward the data. It can be easily integrated.

It makes it easy to have end-to-end visibility in the cloud environment. There are multiple types of devices in an environment. You might have AWS, Microsoft Azure, or something else. It operates beautifully. It is easy to integrate. This is the best part.

I am in the banking industry. It helps to keep track of how well our application is performing when somebody tries to do a transaction. There are multiple pieces to it, and we keep track of everything. We have our own business dashboard that the top-tier leaders can look into. All the visibility is there because of it.

I find the monitoring console very helpful. With one click, I can see how we are performing, and at the same time, I can see what data is flowing.

The clustering part of indexes can be more refined.

They can cut down a bit at the monetary level for the long-time customers. We recently had a scenario where we were in discussions to see if there was any flexibility from Splunk's side.

I have been using this solution for the past two years. I have also used it in my previous company.

It is pretty scalable. I would rate it a nine out of ten for scalability.

I have worked with Kibana and Logstash, but they are not comparable to this solution.

It is expensive.

Overall, I would rate it an eight out of ten.

We use Splunk Infrastructure Monitoring because it is a durable solution for our environment.

Splunk Infrastructure Monitoring is easy to use.

The dashboards are good.

Splunk Infrastructure Monitoring has helped improve our operational performance and efficiency. 

Splunk Infrastructure Monitoring has helped reduce our MTTD by 90 percent.

Our MTTR is good thanks to Splunk Infrastructure Monitoring.

The most valuable feature is log reporting.

The price has room for improvement.

I have been using Splunk Infrastructure Monitoring for five years.

I would rate the stability of Splunk Infrastructure Monitoring ten out of ten.

Splunk Infrastructure Monitoring is scalable.

I have used the technical support a few times and they were good.

Positive

I would rate the price of Splunk Infrastructure Monitoring as an eight out of ten, with ten being the most expensive.

I rate Splunk Infrastructure Monitoring ten out of ten.

Splunk Infrastructure Monitoring is a good service that provides visibility into our environment.

I recommend Splunk Infrastructure Monitoring to organizations for the logs that will help identify errors in their devices and assist them in resolving the issues.

One person is required to maintain Splunk Infrastructure Monitoring.