Splunk Cloud Platform Reviews

Splunk Cloud Platform is my main use case, which we sell to our channel partners within the channel community that then sell it to their customers, primarily as a cloud-based platform that collects data, analytics, and monitoring. It is mainly used for log management, security monitoring, known as SIEM, IT operations monitoring, and customers can use it for infrastructure troubleshooting and compliance reporting, but primarily for getting real-time analytics. It is a useful SaaS cloud-hosted tool that manages infrastructure, upgrades, scaling, and maintenance for customers.

A specific example of how a customer uses Splunk Cloud Platform in their day-to-day operations is how it collects logs from Linux, Windows servers, Azure, and AWS. Teams can run powerful searches using SPL, search processing language, to find failed logins, investigate outages, and trace application errors. It also automatically alerts the team for system failures, CPU spikes, security threats when they occur, and API slowdowns, showcasing just a couple of examples of what our customers use Splunk Cloud Platform for.

Splunk Cloud Platform provides a complete picture regarding how customers use it. It includes capabilities around machine learning and dashboards that allow them to monitor KPIs, have a real-time operational view, and executive reporting from all the logs.

Splunk Cloud Platform's best features include its scalability, as it can handle terabytes of data and is probably one of the market leaders within SIEM capability, which is very strong. In this day and age, cybersecurity products need great integration, and it has a huge ecosystem that can integrate with over 1,200 integrations and applications. Another major positive is that it is cloud-managed, which means less infrastructure management. Finally, the main feature that many people value, and our customers provide feedback on, is real-time analytics with fast detection and troubleshooting.

Splunk Cloud Platform has positively impacted my organization by reducing the need for infrastructure management due to being a SaaS cloud platform. The main use case is detecting cyber attacks faster. For example, a large financial institution, a bank, used Splunk Cloud Platform and identified failed logins, impossible travel events, VPN anomalies, and endpoint alerts when attackers attempted credential stuffing. Without Splunk Cloud Platform, those alerts existed in multiple systems, and detection could take days, but with it, events were correlated correctly and raised a single notable event, triggering alarms immediately. This significantly improves mean time to detect and respond, reducing investigation time from hours to just 10 to 30 minutes for common incidents by providing a single pane of glass visibility for SOC teams.

Splunk Cloud Platform has areas for improvement, including the fact that it is obviously an enterprise tool and can be expensive, which is the biggest complaint I have noted. Costs can rise due to high data ingestion and long retention periods, along with a complex licensing structure that makes pricing difficult to predict as usage grows, especially since more systems send logs. There are also performance concerns at scale where users have reported slower searches and expensive long-term storage needs, particularly in multi-terabyte environments. Additionally, operational complexity exists as enterprises still need to do data onboarding, create dashboards, handle retention policies, access control, and performance tuning.

These are the three key areas of improvement I have identified.

I have been using Splunk Cloud Platform for approximately three to four years at various different places of work.

Splunk Cloud Platform is undeniably stable, which is one of its key advantages. While it may come with a high price tag and face scalability issues, its stability is commendable, enabling easy visibility into logs, effective data ingestion, and successful operations with diverse integrations and third-party platforms.

My customers typically leverage scalability and integration features across the main cloud providers, primarily AWS, integrating with CloudWatch, CloudTrail, S3, and Lambda for cloud security monitoring and audit logging. They also integrate with the entire Microsoft stack, including Defender for Cloud, Sentinel, Azure ID, and Azure Monitoring, as well as Google Cloud, where GCP integrates with Cloud Logging and Pub/Sub security command center. We also have integrations with major SIEMs including Sophos, CrowdStrike, and firewalls from Palo, Fortinet, Cisco, and Juniper, and identity management tools including Okta, Ping, and Duo. For threat intelligence, we get much of our integration from Recorded Future as our main integration, but they are just some of the top ones we integrate with effectively.

Splunk Cloud Platform's scalability works well, especially for smaller businesses, but can present issues for larger enterprises facing stricter regulations and greater integration requirements.

Customer support with Splunk Cloud Platform is really good. The CSMs and account managers in the channel team are great, providing assistance not just with selling the product but also for implementation, deployment, and aftercare. I would rate customer support a nine on a scale of one to ten. There have been a couple of instances where issues arose, which is why it does not earn a full ten, but overall, it stands out as a really good platform and contributes to why they remain number one in the business.

I have not personally switched from a different solution to Splunk Cloud Platform, but we utilize various different solutions for SIEM, including QRadar and Exabeam, alongside newer tools including DataDog and Elastic.

My experience with pricing, setup costs, and licensing is that while the setup costs are straightforward and not overly burdensome, licensing for small to mid-sized enterprises is favorable. Highly regulated businesses, including financial services and banks, tend to use Splunk Cloud Platform regularly, and while it is a high-quality product, the costs can elevate significantly as scalability needs grow within larger enterprises.

My partners deploy Splunk Cloud Platform in several different ways. My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly.

I have observed a robust return on investment with Splunk Cloud Platform, particularly in how quickly it enables the detection of breaches. We see logs between 10 to 30 minutes in contrast to six hours with other platforms, marking a substantial ROI for organizations needing to prevent breaches that can cost from tens of thousands to the average ransomware cost in the UK of 3.2 million last year. Being able to resolve issues quickly not only saves money but also minimizes the need for additional security personnel, thanks to the effectiveness of its log prioritization and integration capabilities.

Before choosing Splunk Cloud Platform, the primary alternative evaluated was DataDog, although that was not my decision directly.

The aforementioned examples are the best ones to highlight regarding positive outcomes about how Splunk Cloud Platform has helped my organization or my customers.

My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly. My impressions of Splunk Cloud Platform's visibility into multiple environments, including cloud, on-premises, and hybrid are very positive. It excels at monitoring across these environments and provides high capabilities, especially strong in centralizing visibility. This is facilitated by effective cloud monitoring alongside mature on-premises monitoring, all visible in a unified dashboard for SIEM use, supporting massive scales and deep forensic investigation across all these monitoring types.

My impression of Splunk Cloud Platform's zero setup feature for AI models is mixed, as there have been a couple of problems. Data is never standardized among organizations, leading to different log formats and inconsistent field naming. Therefore, AI cannot understand the data without mapping it first. Moreover, there is a need for context rather than just raw data, and integration remains unavoidable. Splunk Cloud Platform's zero setup AI concept feels more like a marketing idea than reality, as it requires careful scrutiny in enterprise environments. The main blockers noted remain related to data integration and standardization.

My experience with Splunk Cloud Platform's application ecosystem is that it is easy to manage for small and simple environments, as management involves just installing the application and configuring the data. However, for enterprise environments, management becomes really complex when dealing with multiple applications and teams, especially in larger organizations or heavily regulated industries including financial services and banking, where governance is stringent.

Splunk Cloud Platform scales extremely well at enterprise and hyperscale levels with some cost and architecture considerations. It can ingest almost limitless data and scale impressively, but higher data volumes present challenges, including costs, poor data hygiene, slower searches, and operational complexities that arise even in cloud environments. Despite these challenges, Splunk Cloud Platform scales extremely well technically; however, in real-life enterprise contexts, the main scaling limitation is not infrastructure but rather cost, data volume discipline, and query efficiency.

In comparing native models to third-party integrations within Splunk Cloud Platform's environment, I find that native Splunk scores high in integration quality and stability. However, it lacks the customization and innovation speed found with third-party options. Native models require very low maintenance effort, which contrasts with the medium to high maintenance needed for third-party applications. Each model has its advantages: the native model excels in core SIEM engines and performance-critical workloads, while third-party models handle data ingestion for external systems and industry-specific applications effectively. Therefore, a hybrid approach, leveraging the reliability of native capabilities with the flexibility of third-party applications, is ideal.

Splunk Cloud Platform's subscription model significantly impacts financial planning for data platform investments by being quite complex and opaque. The licensing and subscription model are tough to decipher initially, largely due to the relationship between ingestion levels, data scaling, and the associated costs that increase with usage. Customers usually find that as they scale, their expenditure rises, with no clear set cost available when they first begin using it.

Splunk Cloud Platform is a market leader known for its strengths in enterprise-scale log analysis, advanced security monitoring, complex event correlation, and deep search capabilities. It is also highly customizable, making it an excellent choice for organizations unperturbed by cost and seeking a cloud-native design, especially if they have a SOC environment and a large IT estate. I would rate this product a nine out of ten overall.

Public Cloud

Amazon Web Services (AWS)

Currently, we are using Splunk Cloud Platform for our basic security. We have our own firewall, and we are getting that firewall data. We have installed Splunk agent on all of the laptops for our 200 to 300 plus employees. We are collecting data from a lot of servers and all internal sources everywhere and putting that into Splunk Cloud Platform. We are performing analysis on what users are doing, and some security use cases are based on the firewall logs. We also have Zscaler logs that we are using for all purposes.

For AI models, there is one good feature in Splunk Cloud Platform. We are using the latest version 10.2, so there will be SPL to SPL3 conversion. There are AI features as well that can help write some Splunk queries. AI will help in this area. Other than this, we are not using AI in Splunk Cloud Platform.

For Splunk Cloud Platform, the best feature is that we don't need to manage the infrastructure. That is one of the best things. We don't face any downtime issues. If we are facing anything, we just need to create a support case and the Splunk team will resolve everything. There are maintenance windows, and they will take care of everything. That is a good thing that I appreciate. We just need to manage only search and no background things. Everything will be taken care of by the cloud teams.

With Splunk Cloud Platform, we are managing the apps ecosystem. Inside the manager, we will see all of the apps. For this, we do have a deployment server and a cluster master. With that, if we need to upgrade the app, we just need to create a support case, and the Splunk team will upgrade all of the apps on behalf of us. We can also do manual things as well. Sometimes in the UI, there is an upgrade apps option available. We are upgrading that manually as well. For our forwarders and our clients, we are pushing apps from our deployment server. For this, we can download apps from Splunkbase, put it in the deployment server, and just deploy there. It will go everywhere and it will restart Splunk and it will come up. This is a straightforward process. It's easy. We just need to take care of one thing, which is to read the Splunk release notes.

For improvement in Splunk Cloud Platform, the Splunk docs are available, which is helpful. However, for cloud, they need to give some more visibility. They need to give cluster master access to us and some more visibility into what they are doing and what they are performing. We would like to see what the settings and backend access are. We are not modifying anything, but they must need to give some read access so that we can see what the configuration is being deployed behind our search UI and all the things. That is one thing that they can improve.

For improvement, they can integrate a lot of default apps. There are a lot of default apps already, but let's say we are using Palo Alto firewall, we are getting Windows event logs, Linux logs, and these types of logs. Every customer is getting this kind of logs. They need to give some default dashboards or we just need to change the index, and that will help to populate all of the data. Everyone wants to know who is logging in and who is logging out. These are some basic security use cases that are there. Splunk Cloud Platform needs to publish one app as a default app and inside this app, you will have all of these things.

We are using this product since two years. Last year we think about Cribl.

This is a very stable product. It will act immediately and will give alerts. Everything is on time, so it's very good. I rate stability from 1 to 10 as nine.

The scalability of Splunk Cloud Platform is 10. It's a fully scalable product.

For Splunk Cloud Platform, there will be some issues I faced for downscale while coordinating with Splunk support. However, for upscale, they can easily do it. If we want to add more data, they can add more indexers and can add more size as well. Let's say we are storing right now 100 TB, but if we want to increase from 100 to 150 TB, we just need to say that to the support sales team, and they can increase it in one to two days. So for upscale, it is very good, but for downscale, sometimes we face issues.

The technical support for Splunk Cloud Platform is very good. I will give a 10 because they immediately help and support. I rated it 10 out of 10, the support.

I never used other SIEM, but I can compare Splunk Cloud Platform as one of the stable SIEM products. Other than this, there are log connectors, and one more thing is DataDog. However, they are not very feasible compared to Splunk Cloud Platform. With Splunk Cloud Platform, you can modify whatever you want. Let's say you want to run Python, you want to run any script, you want to monitor any port, you want to monitor data from syslog, whatever you think, you can do it in Splunk Cloud Platform. But you cannot do the same thing in some other solutions. In that case, Splunk Cloud Platform is one of the best things.

Deployment of Splunk Cloud Platform was easy, but you need to learn Splunk. For example, if you have some understanding and you are at least a Splunk certified admin minimum, then you can able to do all of the things. Deployment doesn't face any issues. You just need to download the .tar.gz file, extract this and start this. That's all. However, there are a lot of components, such as search head, indexer, forwarder, heavy forwarder, and universal forwarder. To connect all of these things, you must know how Splunk works and how to configure all the things. You must go through training.

We have 200 plus users working with Splunk Cloud Platform, around 250 or 200.

Maintenance for Splunk Cloud Platform is not required because Splunk version upgrades and some security fixes will be taken care of automatically by the Splunk Cloud team. However, for our heavy forwarder and from our side, there is a half infrastructure on our side as well. For that, we need to manage it, but one person is enough for that.

Regarding pricing for Splunk Cloud Platform, it is not cheap. It's cost-efficient if you are using it properly. If you really need the SIEM solution, then it is very cost-effective for your company. However, if you are not using it properly, then it is very costly for you. If you are just using this for storing data and just to see the things, then this will be a costly product.

I will give advice to others looking to implement this product that if you have more than one TB of data, then this product is helpful. Other than this, this is mainly a SIEM solution. It will help for security use cases. It is mostly designed with a lot of AI features and threat intelligence available. This is very helpful for the people who are looking for security solutions because there are a lot of intelligent dashboards available in enterprise security and it will give you a full map of your company where the data is flowing. You can collect the data and put it in Splunk Cloud Platform and you can see visually. This will give you raw things to visualization. So it's good.

For Splunk Cloud Platform, we are using cloud, so visibility is less. I can say that because I don't know where my indexer is or where my data is getting stored. It's in the cloud, it's secure, and it's managed by Splunk and Cisco. It's a trusted thing, but we don't know where they are storing or what the things are. We just have one URL, which is a search URL and we are using that. Visibility is less, very less in the cloud.

For the integration capabilities of Splunk Cloud Platform, we don't need to go anywhere. Splunkbase is there. Whatever, let's say tomorrow I'm purchasing a new product, Fortinet or any product. I just need to search 'FortiGate add-on Splunk' or 'FortiGate app for Splunk'. I can browse that on Google Chrome and I can easily find one of the apps that is built already. For Okta, there are default apps. Whatever product you think, there is a default app available on Splunkbase. We just need to simply download and install in Splunk Cloud Platform. That's it. It will work. We can integrate other solutions with this with the help of this app in Splunk Cloud Platform and we can get the data and we can visually see these things. I give this product an overall rating of 9 out of 10.

I work with Splunk Cloud Platform for visualization and alerting. Use cases include real-time threat detection, monitoring, firewall, VPN, EDR, Windows log, and detecting brute force attacks, suspicious login activity, and security alert investigations. Examples of alert names include detecting multiple failed logins. In these cases, I have to write query languages in Splunk. The query language is SPL, which is the Splunk Processing Language, and I have to write coding by indexing first, ensuring the index is equal to Windows, and then for event code, I type 4625, which represents failed login, to find failed logins.

Splunk Cloud Platform's best features include powerful log management and real-time monitoring features, advanced threat detection features, easy scalability without managing servers, cloud-based fast data search, a great dashboard UI, automated alerts, and strong security analytics for our organization's SOC team.

The benefits I have seen from using Splunk Cloud include centralized log management, real-time monitoring, strong security analytics, and easy scalability without needing to manage physical servers. It helps our organization quickly detect threats and investigate incidents, monitor cloud infrastructure, and with the help of SOAR, we can automate alerts. The platform also supports many third-party integrations, making our environment more efficient and reliable.

I think the dashboards could be better. I mentioned earlier that SPL and dashboard can be hard to understand for beginners, so I would suggest an easier learning curve for beginners and lower pricing for small organizations. Additionally, faster dashboard loading with large data sets, more user-friendly reporting and visualization options, and reduced false positive alerts in SIEM detection would improve usability. Improving documentation and guided troubleshooting is key so we can troubleshoot easily. Overall, while Splunk Cloud Platform is powerful, usability and cost optimization could still improve for new users.

I have been working with Splunk Cloud Platform for the last six months.

I rate it eight because it offers strong stability, powerful log analysis, advanced security threat monitoring, and excellent cloud integration, improving visibility and SOC efficiency. However, the pricing can be high, and some configurations or advanced features may require technical expertise, which takes time. There is room for improvement.

Scalability in Splunk Cloud Platform aligns well with our organization's demand fluctuations, allowing us to handle increasing amounts of logs and security data without major infrastructure changes. The cloud manages this, reducing the workload on our internal IT team by handling server maintenance, updates, and scaling automatically. This helps our organization save time, improve performance, and reduce infrastructure management efforts.

I would rate the customer service and technical support teams an eight out of ten.

Previously, we used Wazuh in our environment before going with Splunk Cloud Platform.

The differences between Wazuh and Splunk Cloud Platform lie in cost, scalability, features, and management. Splunk Cloud Platform is a commercial SIEM type, while Wazuh is open source. The security provided by Wazuh is less robust, whereas Splunk Cloud Platform's technical team and pricing reflect its more comprehensive capabilities. Splunk Cloud Platform provides a better dashboard, faster large-scale log searching, strong support, advanced threat detection, and better third-party integrations.

I find the initial setup process very easy, simple, and straightforward.

The setup process is generally easier compared to on-premises Splunk because infrastructure and updates are managed by Splunk Cloud Platform. However, configuration, integration, and log onboarding might still require technical knowledge, especially for Level 2 personnel.

The deployment setup was mainly a third-party managed deployment for Splunk Cloud Platform.

HDFC Bank is the partner that helped us deploy Splunk Cloud Platform. We work directly with Splunk for deploying Splunk Cloud Platform, especially for cloud subscription support onboarding and enterprise deployment. In our case, we used both the partner for integration and customization.

I have seen a strong ROI with Splunk Cloud by improving security visibility, reducing incident response times, and lowering infrastructure management efforts. It centralizes log monitoring and automation, offering real-time analytics that help our organization detect issues faster, reduce downtime, and improve operational efficiency. Although the platform can be costly at times, many companies find value through enhanced security operations and reduced manual workload.

The subscription model impacts our financial planning for data platform investments by being subscription-based, meaning our organization pays based on data ingestion volume and workload usage. This model includes cloud hosting, maintenance, updates, and security support from Splunk. It helps companies scale resources as their logging and monitoring needs grow without the burden of managing physical infrastructure.

We evaluated other options before choosing Splunk Cloud Platform, and compared to some alternatives, Splunk Cloud Platform offers greater scalability, faster log searching, and was one of the options we evaluated alongside other SIEM and monitoring solutions such as IBM QRadar.

We chose Splunk Cloud Platform because it provides better scalability, faster log analysis, strong cloud and third-party integrations, and advanced security threat monitoring compared to other solutions. It offers centralized visibility, real-time alerts, and a user-friendly dashboard that makes it easy to understand and create dashboards, improving our organization's overall monitoring efficiency.

My experience with Splunk Cloud Platform's app ecosystem shows that it is not very difficult to use, and once you understand the basics, it becomes straightforward. The SQL queries are easy to understand and write. For first-time users, it might seem confusing at first when searching logs or creating dashboards, but after some practice, it becomes much easier. The setup of Splunk Cloud Platform is simpler because Splunk manages updates and infrastructure, allowing users to focus more on monitoring alerts and investigations instead of server maintenance.

My perception of using native models over third-party integrations in Splunk Cloud Platform's environment is that integrating third-party tools or platforms with Splunk Cloud Platform provides a mostly smooth experience. It supports many integrations such as AWS, Microsoft, CrowdStrike, and other security tools through APIs, and we also use add-ons. The initial setup can take some time, especially for permissions and log configuration, but once we connect, data collection and monitoring become much easier and more efficient.

We have integrated with many third-party solutions, such as AWS, Microsoft Azure, CrowdStrike, Google Cloud, Microsoft Defender, Palo Alto firewalls, FortiGate firewalls, Cisco firewalls, and other security or monitoring tools. These integrations are usually done through APIs, add-ons, or log forwarding, with various types of forwarders available, such as heavy forwarders and universal forwarders. They help teams collect data, monitor activities, automate alerts, and improve security visibility from a single platform.

My impression of the solution's visibility into multiple environments, including cloud, on-premises, or hybrid environments, is that Splunk Cloud Platform offers very good visibility across all these environments. It helps monitor logs, security events, applications, and network activity from different platforms in one centralized dashboard, making threat detection faster and more efficient in our environment.

Regarding Splunk Cloud Platform's zero-setup feature for AI models, it uses AI and machine learning features for security analytics, including anomaly detection and automation. Splunk User Behavior Analytics uses machine learning to detect abnormal user and entity behavior, and the Splunk machine learning toolkit helps create machine learning models for forecasting, anomaly detection, and data analysis. These AI features help our organization and IT team automate investigations, detect threats faster, and reduce false positive alerts while improving monitoring.

The zero-setup feature for AI models affects my ability to deploy AI solutions by providing a flexible setup for deploying AI and machine learning solutions. It supports integration with other third-party AI tools and cloud services, making it easier to develop and deploy AI-driven security and monitoring use cases. Future features including the Splunk Machine Learning Toolkit and AI assistant help create predictive analytics and anomaly detection with less manual effort.

My advice for teams considering Splunk Cloud Platform is to plan data ingestion and use cases properly to avoid unnecessary costs. Start with important log sources and build dashboards and alerts gradually. Understanding SPL queries through integration with cloud and security tools will help get the best value from the platform. Proper tuning and monitoring are also crucial to reduce false positives and improve SOC efficiency. I would rate my overall experience with Splunk Cloud Platform a 9 out of 10.

I use Splunk Cloud Platform to check logs. As a product developer, whenever I try to make a transaction to see whether it has proceeded smoothly, we check the logs. In logs, we can see from the payload how the message gets generated, which is very useful for us.

I work as a product developer for Guidewire, an insurance tool, where we mostly face payment-related issues. It follows a check lifecycle where it starts from awaiting submission, requesting, requested, issued, cleared, pending stop, stopped, and everything. We have various check lifecycles. Suppose if a lifecycle is missed and the user is trying to proceed with a transaction starting from awaiting submission and moving directly to issued instead of requesting to issued, we face an illegal state change exception. Without Splunk Cloud Platform logs, we wouldn't know what type of exception we are facing. We help the user after checking the logs as well.

Recently we faced an issue where we use another software called One-Ink, where most of our process checks get updated to our database. From there, they were doing IP whitelisting where most of the payment-related features were done. IP whitelisting means giving out an IP address only for certain individuals where they can do payment-related changes. When they were doing that, they missed two or three of the IP addresses that were needed to be processed, and we had a global outage for check-related issues. We checked logs to know whether the issue was or how the issue got generated. We had to create a new payload and check it from Splunk Cloud Platform to see whether the payload got generated and the affected claims were resolved.

Generally, when we face a certain issue, if a check-related transaction will have a public ID generated, for that public ID, we don't have it in the UI. We have to query the database to get the public ID. Public IDs are primary keys and using those primary keys as a substitute, you have to search through our logs.

Logs can ask which type of log you need to give it, such as a claims pay logger or a state change logger or any other logger as a filter. Then you need to give that public ID and it would give you all the fields that were changed in that specific criteria that you were searching.

For me, with Splunk Cloud Platform, if you don't give the necessary filtration values, it has its own querying type. If you do not give a proper query or anything for the log to be generated on a primary key, it won't give you the values. It takes too much time and it checks a large number of values. Sometimes it goes more than a million, so that takes a lot of time. However, if you use proper filtration, it takes much less time. It saves our time and we could also pause the values, we could pause the search fields, we could resume the certain fields, we could skip a few fields, and we could check right from the payload whether which messages were generated and how the transaction was proceeded.

Splunk Cloud Platform holds only three months' worth of data. If you try to search for more than three months or prior to three months, it wouldn't store the values because the data stores a large number of data. I believe that's the limit for us. I believe having flexible memory would ease us because whenever we face an incident, if we want to look for this occurrence or root cause, if it is prior to three months, we wouldn't have proper logs to check.

I wish it would take a little less time and not search through unnecessary things. Of course, querying depends on the developer's knowledge, but storage is also an issue because I feel memory is not flexible enough. If we try to increase our memory, it will charge us a considerable amount of money.

I have been using Splunk Cloud Platform for around one year and three months.

We face occasional downtime issues where when we try to scale up, we face a considerable amount of challenges. If we consider one month, we would face around two to three days of downtime issues.

Scalability is a little issue for us because it's not currently adapting to our rightful needs. I believe they should upgrade on their side to match our tempo.

I never really reached the customer support, but they provide proper documentation, so all that was required. Mostly our support team takes care of any needs that were needed by us.

I did not use any solution prior to this because in this project, this was the tool that was working when I started.

We picked this tool because it was on top of a line in the market and it suited our specific criteria. We are developers, so it suited and matched our tempo.

I would say initially, to read Splunk Cloud Platform logs, it would prove very difficult because it is definitely not beginner-friendly. It will take around 15 days to one month to just adapt to what is a log and where you need to find the error because a payload and every logger is a complex form where line by line it will be written, but what that line is, they won't show that. It is definitely not a beginner-friendly tool, but it is definitely the best tool that is available in the market for insurance-related products.

Related to the pricing factor, I think it is slightly on the costlier side, but I wouldn't know much because I'm not on the management side. My organization divides developers and management, so we wouldn't know the price for it.

Generally, at our morning call, we go through our incident team-wise and assign incidents based on what we can do. Before we can do that, we check whether this is doable or not. We go through the logs and find if any check-related issues or claim-related issues that we face. We go through the logs and first check where the problem is because most of the problems that we faced were related to permission issues, where the user might not have permission and tries to make a few changes when that person doesn't have permission. They face a few errors or issues and cannot log in through certain sites or anything. Splunk Cloud Platform helps us reduce the time and effort through checking the logs. If we didn't have this, we would have checked the history loggers, where it checks and tracks even the person who viewed that particular claim. It would take a considerable amount of time.

Initially, we were a team of 300 people where our project started with three different teams. Before having this, prior to Splunk Cloud Platform logs, we used to depend mostly on the history loggers where it tracks our history or movement. Any small changes would be tracked down there, but we wouldn't have any sort of search criteria where we cannot search. We would have to manually go through step by step, one column after another, to see who has done what changes. That would prove an issue. After Splunk Cloud Platform was introduced to us, we saved a considerable amount of time. Time is a major factor for us developers.

Our team started off with 300, and now we are 30 people. We saved a considerable amount of money and resources that are required to hire more people. We started off with a team of more than 300 people and require less than 30 people right now. I think it's over a five year duration where we came to this number, but I think fewer employees are needed because of this, and we spend little effort because logs track everything. It helps us in our day-to-day task.

Storage is the major issue that we face occasionally because whenever we are trying to solve a root cause issue that is a PRB, we would require a lot of history loggers which would not be available for us. The second issue would be that it is not that scalable. I don't think increasing our storage would cost us a less amount, but it would cost us more. I would rate this product an 8 out of 10.

On-premises

I used Splunk Cloud Platform for seven years. We built use cases for one of our pharma customers, Regeneron Pharmaceutical from the US. We created numerous use cases for their operations, including keeping medical records with details about medicine inventory, doctor information, and many other elements that we stored and presented.

I appreciate the expansion capability of Splunk Cloud Platform. We can forward any kind of data to the cloud endpoint that they provide. This allows us to forward any kind of traffic to that endpoint. There is no need for maintenance. If an error occurs or Splunk health is not good, we can raise a support case and they will handle everything. There is no need to maintain infrastructure either, as they keep the infrastructure very stable, which is a good thing.

If you want to make Splunk Cloud Platform more reliable, there will be some issues. For example, if you want to allow some IP or renew some certificates, you need to raise a case and it will not be immediate. It will go through the process and take three to four days. Sometimes, the technical support case persons are not sufficiently technical. I have experienced this where they are not technical enough or not understanding the issues.

The app ecosystem is good, but if you want to upgrade any kind of apps or receive support related to the app, you mostly need to raise a support case and the Splunk team will handle it. However, if there is a problem with your custom apps that you need to deploy on an indexer, that becomes an issue. You can upload it from the search head, but sometimes there are DMC issues. DMC mostly fails sometimes, so we cannot deploy from the search head cluster or indexer. For custom apps, you need to go through all of these processes, which involves a lot of process.

I used Splunk Cloud Platform for seven years.

Stability with Splunk Cloud Platform is very stable. Sometimes we face an issue with latency. For example, when we are ingesting 10 TB of data and there is a sudden increase, we need to increase the storage at the cloud end. Sometimes this will take time because it is not on our end but on the cloud end. That is the only issue. Everything else is good.

Splunk Cloud Platform is very flexible in terms of scalability. If you purchase something initially and later have increased requirements, they can scale up and scale down your environment. That is one good feature. We just need to raise a simple support case, and based on that support case, they will scale up and down our environment. That is good.

I reached out to technical support many times regarding operations. If you want to perform any kind of operations, you need to reach out to the technical support. They are very good and their responsiveness is fine. Everything is good. However, as I mentioned, sometimes they might not have proper knowledge or sometimes they are not sufficiently technical. They are not understanding sometimes.

I used New Relic for log collection. However, New Relic is not a part of Splunk. It is a very limited scope product, not widely used like Splunk. There is no competitor to Splunk in the current market right now.

I do not think we need to do anything for initial setup. We just need to request the cloud team, and they will prepare an instance and everything for us, and they will give us a URL to access the cloud. After that, you need to allow firewall access based on what is in your company. That is all. Then you can access the environment. It is very simple and we do not need to configure anything.

Maintenance is not required at all in the cloud. A team of four or five people is more than enough to handle the full cloud infrastructure. I managed the cloud around 10 TB ingestion per day with only four or five people. That is more than enough because we do not need to take care of hardware and other components. However, if you have on-premises, then you need more than 30 people to maintain all of the parts.

Splunk Cloud Platform pricing is very costly. If we did it on-premises, it would be cheaper because we would just need to purchase a license. However, Splunk Cloud Platform is very costly. But if you use it properly, then you can get value from it. Maintaining an infrastructure on-premises would be expensive as well.

Splunk Cloud Platform pricing is very costly. If we did it on-premises, it would be cheaper because we would just need to purchase a license. However, Splunk Cloud Platform is very costly. But if you use it properly, then you can get value from it. Maintaining an infrastructure on-premises would be expensive as well.

Visibility with Splunk Cloud Platform is very good. We do not use only cloud because we have a heavy forwarder at our end that will forward the data. This is a hybrid deployment on our end. If you have on-premises only, then everything is on you. With on-premises, we have full visibility of the environment, including what is indexer and what is search head. However, in the cloud, we do not know where this is deploying. They are saying that they are deploying only on AWS. If something goes wrong with AWS, then our full Splunk Cloud Platform goes down. For enterprise on-premises, we have full visibility and can see what is affected and other details. Visibility is less in cloud and more in on-premises. I have not tried that feature. My overall rating for this product is 9.

Splunk Cloud Platform is used for our on-premise server. Our organization uses it as a cloud SaaS product. We have deployed our server on Splunk Cloud Platform. We have partnered with AWS and Splunk Cloud Platform because we already use Splunk Enterprise Security. Additionally, we get Splunk Cloud Platform in that form.

The best features in Splunk Cloud Platform are that it is very fast compared to any other cloud because we have integrated Splunk with Splunk Cloud Platform. We get the logs from the agent to Splunk, and we store those logs on the cloud. We are using it for real-time monitoring. The SPL, meaning search processing language, is also very easy. Any other SOC analyst can learn that language for searching. The searching query language is very powerful.

For monitoring, it is a very good cloud. We have integrated it with the Splunk SIEM tool only. Additionally, the platform's app ecosystem is very easy to use even in the initial starting phase, and it supports responsibilities including real-time alert monitoring and event correlation. It is very easy to learn the cloud because we have integrated it with the SIEM tool.

Compared to other clouds we were using before, the price of Splunk Cloud Platform is very nominal because our sales team is already a partner with the Splunk team. We get some benefits in pricing. We already purchased existing Splunk. They also offer a cloud service to our organization. Improvement-wise, I do not see anything, because compared to AWS—and we also partner with the AWS cloud—it is very cheap.

Our entire SOC is deployed on that cloud only. I would suggest going for Splunk Cloud Platform because AWS, Microsoft Azure, and Google Cloud are very expensive in comparison. Improvement-wise, I do not see anything. You can go for it.

I have been using Splunk Cloud Platform for six months.

Stability-wise, with Splunk Cloud Platform, I did not find any issue because it is a cloud. If it is down, then our whole server and client servers are all down. Stability-wise, it is very stable. There is no issue with using Splunk Cloud Platform. Any other cloud is very stable, which is why we are using the cloud service rather than having a hard disk in our organization. We do not require any hardware as a service. That is why we pay clients to have SaaS, a cloud as a service. Stability-wise, it is good. There are no issues. If an issue occurs in our organization, we usually raise a ticket to the team to handle it. If there is a storage issue or any integration issue that happens with our customer, we directly schedule a call with the customer and the tech team.

Regarding the ability to scale with Splunk Cloud Platform, you can. We have integrated Splunk with Splunk Cloud Platform, but as I told you, we also have Wazuh and Microsoft Sentinel. We deploy all the servers on Splunk Cloud Platform only. It is up to you how you scale because it integrates with any other SIEM tool. We just want API keys to integrate with it. We have to pay for the amount of data or cloud we are using. That much we have to pay to the Splunk Cloud team.

All our data is on Splunk Cloud Platform. We have multiple customers, so as per their requirement and their purchasing from the SIEM tool, we deploy all the servers in Splunk Cloud Platform only.

I would rate the technical support of Splunk Cloud Platform as nine, because Splunk Enterprise has good technical support. Splunk Cloud Platform provides good support as a cloud service.

Regarding the deployment on AWS Cloud, it is very easy compared to others. It is very easy because I also work with the Azure cloud because I am working with the Microsoft Sentinel SIEM tool. Deployment is very easy for the cloud. We just require an API key to integrate with it or with any other tool. For cloud, the deployment is very easy.

My impressions of the visibility into cloud, on-prem, and hybrid models while using Splunk Cloud Platform are that there are no challenges. It is more that you want to know about the language for searching on the cloud. I already told you about the SPL language, for Splunk and for the cloud. If you have the knowledge about how to manage and search in the cloud, it is very easy. I am in the learning phase. It is new to me right now, but I am still learning.

When I compare Splunk Cloud Platform with other solutions or other vendors, I compare it with Microsoft Azure Sentinel. They are both cloud platforms. Compared to Microsoft Sentinel, Splunk Cloud Platform has a good area. Microsoft also gives a very wide area, such as Defender XDR, connectors, and threat intelligence. It is also the same in Splunk, but I prefer the Splunk one compared to Microsoft Sentinel because it is very easy to use.

In Sentinel, there are many roles and responsibilities for reader, contributor, and responder. However, in Splunk Cloud Platform, we can additionally give admin tasks or role-based tasks to the SOC analyst role. It is very easy for a SOC analyst to handle.

For others looking to implement Splunk Cloud Platform, my advice would be to go for it. First, you have to do the pilot deployment. Second, you have to learn the SQL language for Splunk Cloud Platform because it is very important to learn. If you do not learn that query language, the SPL search processing language, you cannot find or do threat hunting and investigation for alert analysis. You can follow the investigation chart, such as a process tree, analyzing the IP, and verifying the IOC with the PF. Most effectively, learn the SPL language. If you learn it, you can easily handle Splunk Cloud Platform.

To be a ten out of ten, when I compare Splunk Cloud Platform with others, Splunk Cloud Platform is leading the market. Our sales team is also going to tell customers to go for Splunk Cloud Platform because we are pushing Splunk only. We get the SIEM tool and cloud in one platform. We did not have to find a different way to store the logs or storage on another AWS cloud. As our organization's option, we are also pushing clients to use Splunk Cloud Platform as a cloud and SIEM tool. It is beneficial for us and for them.

Splunk Cloud Platform's cloud is AI, so I can say ten out of ten. However, there is one issue: when our storage limit is crossed, they directly charge higher. From a charging point of view, it is about cost and AI. If there is an improvement, or if they give some discount to our organization, such as we are using two hundred GB per day, but if on any day we exceed that limit, they charge our organization a higher amount. They charge high.

I would rate this review nine out of ten overall.

Splunk Cloud Platform is used to monitor everything, as we have multiple applications from which we get multiple data and multiple logs. We centralized our logging system, centralized our APIs, and everything into it. If any APIs fail, we created multiple alerts over there. We use it for that purpose.

The best features of Splunk Cloud Platform are the ecosystem that has been created. We do not have to worry about many small things or many big things because the cloud gives infrastructure that is handled on their end. That makes it very easy for us to get used to it. The main beneficial case for us is the dashboards, alerts, stability, cloud scalability, and everything.

The search capability is pretty good because we have been using it for the last one year and it works very smoothly. The search functionality works very smoothly with us. Recently, we faced one issue, and with this feature, we got to know from which end this problem occurred. We directly dived into it and solved that thing. It is useful.

The alerting mechanisms work very proactively because that is the main use case of Splunk Cloud Platform. One of our application APIs got shut down because of some random issue or error. Because of the alert message, during our peak time, we got to know something was wrong. We directly fixed it and the rest of the things worked easily.

The ingestion and visualization feature of Splunk Cloud Platform is very good. It helps us a lot to create multiple reports and multiple dashboards because visualization can help us create multiple things into it.

Splunk Cloud Platform is almost a nine out of ten, but the main improvement point is the user manual. Recently, we got stuck somewhere in an error, but because of the less documentation available in ChatGPT or in any LLM, we had to go through every documentation and then we got the result. If Splunk can provide some LLM or any AI tool for error solving, it would be better.

The deployment of Splunk Cloud Platform is easier. If we get a better user manual, it can be even easier, but it is quite easy.

We have been using Splunk Cloud Platform for almost one year.

Per our use case, Splunk Cloud Platform is very stable because we use multiple platforms. Even in high volume and high traffic, it works very stably.

Splunk Cloud Platform is more scalable and a very scalable thing. We used it in high volume during peak hours of our traffic, and it runs smoothly.

The technical support is pretty good. Whenever we get stuck, we have used it two or three times, and it is pretty good.

Splunk Cloud Platform is compared to other solutions because previously we were using DataDog for the same thing. The ecosystem provided by Splunk, the support they provide, better dashboards, better alerts, and everything is why we moved to Splunk Cloud Platform.

It took almost one hour to deploy Splunk Cloud Platform, or one or two hours.

In our organization, three people use Splunk Cloud Platform.

Using Splunk Cloud Platform saves us time because previously we took two to three hours troubleshooting any problem, but now we get to know which particular area of the API is throwing an error and everything. Almost one and a half hours, or almost two hours, are reduced by using Splunk Cloud Platform.

The pricing did not come under me, it is from the management department. We think it is more reliable to move with it, which is why we shifted from DataDog to Splunk Cloud Platform.

Splunk Cloud Platform rates as a nine out of ten, or 9.5.

We are a customer in our relationship with the vendor.

We have not used the machine learning tools yet.

The integration with third-party applications is pretty good. We have integrated our mail application into Splunk Cloud Platform. Whenever the alert comes, we get to know and we can work on it 24/7.

We highly recommend Splunk Cloud Platform. If you are working with any data or any APIs from any logging system, or any log you have to track, Splunk Cloud Platform is a very good platform to work with. The overall review rating is 9 out of 10.

Public Cloud

Other

We have an internal solution and we are working for our own enterprise solution. I'm working in Principal Financial Group where we have our in-house security operations center, so we do not have any clients; we are conducting our security monitoring for our own infrastructure.

Our major focus is on User Behavior Analytics, UBA. We are focusing on integration of all security controls that we have, meaning the log collection from all the security controls and all the servers. The use cases we are focusing on are MITRE framework, phishing, and User Behavior Analytics, UBA.

UBA is a great application within Splunk Cloud Platform.

That feature gives us behavioral analytics within the logs, so we do not need to write complex queries. By using UBA, we achieve threat detection without needing complex correlation rules; UBA gives us a perfect output from it.

The log ingestion is very good, and the visualization part is also very good. I can create multiple dashboards from the logs we are receiving; it is similar to other SIEM solutions.

Splunk Cloud Platform is good, but sometimes it lags. When I run a very simple query with a perfectly created query in the search bar, it gives a good result, but if I create a very simple query without index and source types, it takes too much time to draw the visuals.

It is somewhat complex because Splunk Cloud Platform has multiple components like heavy forwarders and indexers. There are multiple integration approaches that we use, for example, syslog and for Windows, it is WMI. For most of the applications, we are using API integration, which is very good, but for syslog and other WMI kind of configurations, first, I need to integrate them so they start sending logs to the heavy forwarders. On heavy forwarders, I have to configure syslog-ng, and there are multiple configuration files that I have to configure for each data source.

The improvement part is that I have worked on multiple SIEM solutions, starting with RSA NetWitness, QRadar, ArcSight, and Splunk Cloud Platform. All SIEM solutions have the same issues; at the time of POC, the vendors tell us that they have many features, but at the time of implementation, we find minor issues everywhere, from integration to querying logs and deploying configuration files. There are minor issues that need fixing for more operational efficiency.

I have been working with Splunk Cloud Platform for around one and a half years.

Splunk Cloud Platform is stable and reliable with no issues, though sometimes minor issues happen; it is not as though the system goes down or anything.

The more I scale, the more I have to pay for Splunk Cloud Platform. I have to properly fine-tune the logs, filtering them for what I want to take into Splunk Cloud Platform for security monitoring. Only the logs required for security monitoring should be taken into Splunk Cloud Platform; if we have compliance requirements to just store logs, then Splunk Cloud Platform is not the right platform.

I am not that happy, but they provide timely responses. They are available at the time of need; however, there are a few things like issues with log parsing that they will not cover in normal support calls. I needed to create an ODS, On-Demand Service, for those kinds of issues.

Pricing is too high for Splunk Cloud Platform. Nowadays, people are using Cribl solution that we host just before Splunk Cloud Platform. From a heavy forwarder, logs go to Cribl, and there is a filter mechanism available in Cribl, so we can only send the events of interest to Splunk Cloud Platform, which reduces our pricing heavily. Otherwise, when collecting logs from devices such as Linux, Windows, and firewalls, we get debug logs as well, and Splunk Cloud Platform charges based on the ingestion—how much data we ingested into Splunk Cloud Platform.

We are currently working with Splunk Cloud Platform only. We are exploring machine learning tools, but they are not deployed yet, so there is currently a POC going on.

Splunk Cloud Platform does what it has to do but nothing extraordinary; it is a simple dashboard application like other SIEM solutions.

There are multiple support cases because we have a very large architecture of Splunk Cloud Platform. We have eight heavy forwarders and thousands of log sources integrated with Splunk Cloud Platform, so from time to time, I observe issues related to integration, applications, and the internal workings of Splunk Cloud Platform. Thus, we need to raise support cases to troubleshoot those.

Overall, I would rate this review a 7 out of 10.

Public Cloud

Other

The main use case is for logs monitoring to get a clear vision about all the products and all the services that we have. We are giving multiple APIs to multiple platforms, and we have multiple services to maintain everything. We have created multiple logs to identify what is the root cause, which is taking much higher CPU usage and everything.

The favorite feature of Splunk Cloud Platform is the infrastructure that has been provided to us, and the pricing that has been given to us is very low and very fit within our budget where we were looking at that point. The main feature is the reduction in time and manpower.

My thoughts about the overall app ecosystem in Splunk Cloud Platform are that it is very good. We don't have to think about where the error has occurred or where we have to solve it; we don't have to spend two to three hours just to find where the error is. It is very easy to get out of it.

The dislike about Splunk Cloud Platform is the learning resources and the learning materials that they have. In the starting of my phase with Splunk Cloud Platform, I was very new to this, and I was not able to understand each and everything. We don't have much of a resource from where we can learn things about Splunk Cloud Platform, but if there is a specific platform from where we can learn things from, it would be great if we get a platform to learn how we have to use it.

I would like to see better training material or something like that for Splunk Cloud Platform.

I have been involved in Splunk Cloud Platform for the last six months, but our company has been using it for eight to nine months.

My thoughts on the stability of Splunk Cloud Platform, regarding lagging, crashing, and downtime, are that earlier we faced this issue on a very large scale of logs. However, because we were very new at that time, we didn't know much about things, but now we do. The things are not too tough for us anymore.

Splunk Cloud Platform is very scalable. We are scaling right now in our multiple applications, and it is very scalable.

We have contacted the technical support for Splunk Cloud Platform many times to get out of issues and have raised many issues with them. If I were to put the support of Splunk Cloud Platform on the scale from one to ten, I would give it a nine, because every time we are getting very decent support from them that is very reliable and very good.

Earlier, we were using a 24/7 monitoring solution as an alternative to Splunk Cloud Platform. We had built our own dashboards with Python scripts and everything to manage each platform, with each platform having their individual platform in their domain with Python, and we created all that, but it was very messy to handle in the end.

The initial deployment of Splunk Cloud Platform is difficult. It was difficult because we were very new to Splunk Cloud Platform and everything. Earlier we were thinking to buy DataDog, but then we skipped that and had an eye on Splunk Cloud Platform. It was tough to get to know about things at first, but now we are good at this and know more about it.

Splunk Cloud Platform does not require any maintenance on my end. We have four applications where we have integrated this platform, and the last time I maintained it was around two to three months back. Once everything has been set in any particular area, we don't have to maintain it every time; it is very reliable.

The return on investment from Splunk Cloud Platform is substantial. I don't know how much investment is being put into it, but the return is very high and very good.

I don't know much about the pricing of Splunk Cloud Platform, but I know that it is very less as compared to what we thought to manage this platform. It is very less, but I don't know the exact number; that is on the management side.

In Splunk Cloud Platform, the updates and everything are very easy. We don't have to worry about any other things, so it is not that difficult; it is easy. Splunk Cloud Platform can handle their own problems.

Regarding AI models in Splunk Cloud Platform, I think we are not using any specific ones.

We have used the zero setup feature for AI models in Splunk Cloud Platform. Splunk Cloud Platform is giving us a Machine Learning Toolkit, MLTK, and we are now learning about it. We are also evolving our things on it, and it is good to know that it is helpful very much.

We are just a customer of Splunk Cloud Platform, not in any partnerships.

I would give Splunk Cloud Platform an overall score of 8.5 out of 10.

The main use cases for Splunk Cloud Platform include data collection, parsing activities, use case building, data ingestion, and creating dashboards and reports. My clients use it for similar purposes.

The best thing about Splunk Cloud Platform is that you can bring any data and store it in one place. You can build meaningful insights from it, have the same data ingested, create beautiful insights, have alerting done on it, and have dashboards and reports built on top of it.

Splunk Cloud Platform's ingest and visualization features do not bind you with a limitation in the volume you want to ingest. Since we are using the compute-based licensing feature of Splunk Cloud Platform, there is no limitation to the volume of data we ingest on the platform. All Splunk Cloud Platform instances are also Smart Store supported, so that eases storage utilization concerns.

One of the best advantages of using Splunk Cloud Platform is that there are lots of proactive alert notifications from Splunk support if anything goes down on the infrastructure end or if there is anything wrong with your environment. Splunk support is on top of things, notifying you beforehand if something is going wrong and that their team is already aware and working on a fix.

I don't see any new requirements in terms of improvements for Splunk Cloud Platform at this time. Splunk's dashboarding, reporting, and visualizations are evolving at a larger scale with the new Splunk Dashboard Studio in place. There were some limitations with the classic dashboard where you had to be aware of different HTML, CSS, and custom JavaScript for better visualizations. That's being migrated towards Splunk Dashboard Studio, which is evolving at a great pace, providing similar functionalities. I have not faced any current challenges regarding Splunk Cloud Platform's limitations. I still think, however, that better configuration and customization options for workload management could be enhanced, but that applies to Splunk Enterprise as well. It's just my understanding and what I foresee, but I'm not sure if it will be a priority right now, as even without workload management, a lot can be done, and the product team might have a different roadmap.

I have been working with Splunk Cloud Platform for almost six years.

My feedback remains that you have your designated account manager who helps navigate all the cases. Sometimes, the support team may not be fully knowledgeable about the challenge you face, but through their internal escalation structure, they manage to find viable solutions sooner or later or provide updates on when issues will be fixed. I think their support is pretty good on that part.

Positive

The best thing about the initial setup process of Splunk Cloud Platform is that you don't have to deploy your own Splunk Cloud Platform deployment; Splunk handles it for you. For the on-premises setup, you do need the initial configuration for end devices to send logs to Splunk Cloud Platform, but it's straightforward. It's just one package that you install on your end device, and after restarting, everything is sorted. There is no hassle in configuring Splunk Cloud Platform or getting on-premises devices to send data to it.

We do use Splunk Cloud Platform's alerting mechanism. We have set up hundreds and thousands of alerts for different use cases. For example, if any of the data sources stop the ingestion or the volume has been relatively quite down, we have set up alerting for that. It creates a ServiceNow incident that falls under our team's responsibility and sends an email as a notification that this alert has been triggered, such as when XYZ feed has gone down or the data from XYZ feed has decreased up to 80% or 70%, whatever the threshold set. We definitely use all the different alerting mechanisms and alert actions provided by Splunk Cloud Platform.

Whenever we see a situation where we don't want to be reactive, we attempt to do a predictive analysis of the data ingested in our Splunk Cloud Platform. This analysis depends on an alert-to-alert basis. For instance, when talking about a data source going down, if the situation arises, we should be triggered at a threshold of around 80% decrease. In that situation, we keep a buffer of 10% and alert ourselves to notify at a 70% decrease in the feed so that we can take preemptive measures to ensure that the feed comes back online before the situation escalates.

In terms of machine learning, we are using the Splunk-supported machine learning toolkit that also has new features for artificial intelligence. We do use them for outlier detection and predictive analysis in terms of different alerting we have enabled in our environment.

To predict trends in our data, the example I shared previously involves understanding if the volume is going down or not. We do this using the machine learning toolkit itself. We have our data ingested into Splunk Cloud Platform, and each index and source type has some dedicated volume getting ingested daily. We create an average of the total volume ingested over the past 60 days, 45 days, and 90 days, and then we identify the volume ingested yesterday. We compare it with the average of the last 45 days and try to detect any deviation. All of this is part of the machine learning toolkit application itself. That's how predictive analysis and outlier detection work, and we're using that in our daily operations as well.

With different vendors, there is no problem having Splunk Cloud Platform integrated with them. For example, we already have our alerting enabled so that whenever any alert gets triggered, an incident is created in ServiceNow. I have also worked on integrating Jira and other different Atlassian products with Splunk Cloud Platform. It's user-friendly and straightforward to integrate Splunk Cloud Platform with different vendors without much issue.

For any organizations looking to configure Splunk Cloud Platform, I believe it's a simple process. It's just important to stick to the fundamentals and understand how Splunk Cloud Platform operates. The documentation is quite clear. One notable advantage of Splunk Cloud Platform is the Ingest Processor and Edge Processor, which help optimize data before feeding into Splunk Cloud Platform. We've seen a reduction of around 40% to 60% in the total volume ingested using efficient data pipelines. We provide services for optimizing data pipelines and feeds, and those tools can be quite helpful. But if you're looking to configure Splunk Cloud Platform for on-premises servers, downloading the universal forwarder package from the Splunk Cloud Platform search head is all you need.

I would rate this product a 9 out of 10.

Public Cloud

Other