I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.
Sr. Manager, SOC, NOC, and Corporate Security at a computer software company with 1,001-5,000 employees
Can integrate easily with other tools and allow businesses to expand their use cases
Pros and Cons
- "The product's deployment phase was easy."
- "I think the tool has some scalability issues, especially when used in larger organizations."
What is our primary use case?
How has it helped my organization?
The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.
What is most valuable?
Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.
In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.
Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.
My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.
Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.
What needs improvement?
I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.
Buyer's Guide
Splunk Cloud Platform
May 2025

Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
856,873 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.
What do I think about the stability of the solution?
I think the stability is pretty good. I haven't noticed any outages.
What do I think about the scalability of the solution?
I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.
How are customer service and support?
When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.
How was the initial setup?
The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.
The product's deployment phase was easy.
The solution is deployed using the cloud services offered by AWS.
What about the implementation team?
My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.
Which other solutions did I evaluate?
I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.
What other advice do I have?
My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.
In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.
There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.
I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.
I rate the tool a seven to eight out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

IT Lead at a manufacturing company with 201-500 employees
Helps predict, identify, and resolve problems in real-time
Pros and Cons
- "Alerts are a huge benefit because we can customize them to each business unit's needs."
- "Using basic natural language in English instead of writing a regex expression will be helpful."
What is our primary use case?
Our Splunk Cloud Platform centralizes logs from all OT assets, allowing OT business units to request various insights. These insights can include how often assets cycle down, memory storage usage, or data consumption over time. They can then configure dashboards to receive alerts based on these specific metrics.
How has it helped my organization?
The biggest benefit I have seen using the platform is the alerts because most of our sites are remote in the middle-of-nowhere deserts. If something goes down, they don't have direct eyes on them. Thanks to Splunk's automated alert that notifies us if something is down, we can quickly respond to it before it affects any other systems.
We do have several cloud environments that we're using because we got the Splunk Cloud Platform last month. We are integrating them all into one location, so we are still determining the ease of monitoring all the cloud environments using the Splunk Cloud Platform. Before having Splunk, it was a huge issue because we had to go to different locations. Having it all in one location under Splunk will make it much better for us.
It is important, especially for our cloud team to have end-to-end visibility into our cloud-native environments through Splunk Cloud Platform. The more visibility we have the better it is.
Splunk Cloud Platform has significantly reduced our mean time to resolve because instead of us having to go out to the site or having somebody on the site tell us a few hours later there is an issue, it could be within minutes now that we can resolve the issue. After all, as soon as it goes down, we get the logs, we get notified, and then we can immediately go in and check it out. So it is a significant amount of time that Splunk is helping us reduce for resolution.
Splunk Cloud Platform's ability to predict, identify, and resolve problems in real time has been huge, especially because our business units are operational technologies. They generate revenue for us. That's how our business stays afloat because we're in the energy sector. So If something goes down or if they want a quick dashboard, the biggest thing we're to be using as well besides the alerts is the dashboards showing how quickly we're remediating vulnerabilities and showing where they are vulnerable. That's going to be huge for the business side and will help us a lot.
Splunk Cloud Platform helps consolidate network security and IT observability tools. The cyber group gets all the alerts, but we can direct it to which person we want to send the alert to. That's good because they can go to IT, which is where we're at, Cyber, which can potentially help fix the problem, and then networking too in case something goes down. That is one of the requests is if an on-site asset goes down, the network team can see why it's off the network. So it's good that it spreads out everywhere, and whoever can help fix it can be on top of it.
What is most valuable?
Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.
What needs improvement?
The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people.
For how long have I used the solution?
I have been using the Splunk Cloud Platform for one month.
What do I think about the stability of the solution?
Splunk Cloud Platform is stable.
What do I think about the scalability of the solution?
Splunk Cloud Platform can handle terabytes of data.
How are customer service and support?
The support has always been great for the few times I have used it.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment is super easy. We deployed the Splunk Forwarder file and from there, we have a batch file, a PowerShell file, and it runs in the background. The users don't even know it's being installed.
What about the implementation team?
The implementation was completed in-house.
What was our ROI?
In regards to a return on investment, the metrics are the biggest thing. Data is everything. The business units enjoy the dashboards that Splunk Cloud presents. And it is quick to present them.
What's my experience with pricing, setup cost, and licensing?
Splunk Cloud Platform fell within our budget so we pulled the trigger and implemented it.
What other advice do I have?
I would rate Splunk Cloud Platform ten out of ten. All the applications I need are readily available in a user-friendly dropdown menu. Exploring them is a breeze, and the platform's speed is impressive.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Splunk Cloud Platform
May 2025

Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.
856,873 professionals have used our research since 2012.
Infrastructure Engineer at a insurance company with 5,001-10,000 employees
Excellent reporting and dashboarding, but it is expensive
Pros and Cons
- "Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve."
- "It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it."
What is our primary use case?
We mainly use it for the purposes of analyzing application logs to get a bit of understanding of what is normal application performance and then use that to highlight errors and inconsistencies when they occur.
How has it helped my organization?
Resilience is incredibly important to us. We are in the medical field. It is insurance. When people are using our service, we should be able to provide that. Having that resilience is key for us because we are helping people. The resilience that Splunk offers has been valuable in that regard. There is peace of mind for us and our customers.
We have multiple cloud vendors that are being utilized in Splunk. It has been useful. Splunk is able to handle a lot of things out of the box. There is a good bit of value in being able to make sense of multiple types of logs in one environment and being able to cross-reference them. It has just taken a lot of effort out of that.
We have integrated it with other tools. At the moment, it has been with Cribl as a pipeline tool so that we can be agnostic with Splunk in some regards. Cribl handles the logs being sent to Splunk, and then from there, if there is anywhere else where we want to send them, Cribl can handle that too. That has been our main integration. The ease of integration varies. Splunk offers out-of-the-box support for some tools and applications. Integration with them has been quite simple. Other things have been a bit more difficult. Integration can be more difficult if it does not have a Splunk base, but there is a good range of things that are available out of the box.
Its reporting has been excellent. We have integrated it with tools like ServiceNow, so we are able to create an instance for teams and integrate it with our NOC. The reporting has been incredibly valuable.
I come from a monitoring background. I knew from the get-go the value that we could get from Splunk, but we actually started to see its value once we started enforcing logging standards. It made it very easy for us to validate if something was or was not following our standards.
It has been great from the compliance perspective. It began to show value to some of our customers when they were able to search multiple applications because of the standards and compliance built into it.
It has had an impact on the decision-making processes in our organization. It has been mainly around compliance. Given it is a financial and medical sector, decisions have been made around what information we are storing in the logs and how we are managing the data that comes directly from Splunk.
It has been good for helping our organization access data for compliance and privacy regulations. It has been useful for pinpointing things. We are able to ensure that we are abiding by those standards. It has been incredibly useful in that space.
What is most valuable?
Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve.
What needs improvement?
It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it.
For how long have I used the solution?
I have been using this solution for two years.
What do I think about the stability of the solution?
I have not had any issues related to stability.
What do I think about the scalability of the solution?
This is outside of my department, but it seems like it would be easy to scale up. However, there is a cost concern. That always seems to be the linchpin when people discuss Splunk. It comes at a cost.
When it comes to extensibility, they make it relatively simple, but it is an expensive tool. There are always going to be conversations that need to be had.
How are customer service and support?
The quality of the answer has been good. We have had to leverage the support only a small number of times. We found the actual portal to get support difficult. Some members of the team were not able to raise certain types of requests. However, when we got through to support, we had no issues.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Prior to Splunk, we had a mixture of things. LogViewer and Graylog were used. Some folks had their logs locally. There was not one central system.
I was not directly involved in decision-making, but some of the things that I called out as useful were the analytical tools that Splunk offers. We can very quickly get to the root cause by using its query language. It provides a lot of power with little effort. That is what initially drew me to it.
Moving to Splunk allowed standardization. That is the key. It does not matter which part of the company you are from. Splunk has given us a mechanism to say that we expect the logs to look like this, and we all are going to abide by that. It has made standardization a lot easier. Previously, you would not know what you were getting while dealing with a logging problem.
How was the initial setup?
I was involved in its deployment only in a small cluster. I was mainly involved in setting up standards around logging. It was challenging. It was dense, but it was manageable. The feature set of Splunk allowed us to know what we could or could not do.
The main part of maintenance is the ingestion of new logs. New teams and applications get stood up every day, or a new cloud vendor comes in, so there is some maintenance involved there.
What about the implementation team?
We had Splunk technical support. We had a mixture of people from other departments. We had some folks from security, and we had some folks from operations. There were 15 regular faces and 2 Splunk contractors. We involved other teams on an ad hoc basis, but the core team had 15 people.
Overall, we had 20 to 30 people who directly worked with Splunk in some way or for some period of time. We also had to involve all of the teams to get their feedback and educate them on how to use Splunk.
What's my experience with pricing, setup cost, and licensing?
I do not personally deal with that side, but from discussions, I know that it is one of the more expensive tools. I do not have anything to compare it with.
What other advice do I have?
New users should focus on the Splunk free courses. They are an excellent resource. If you are a customer, you should take up the search and reporting classes. That is probably going to be what 99% of people are using it for day to day. If you are a sysadmin user or someone setting up the instance, there are free classes for managing licenses and ingesting data. I would highly recommend them. The free classes are a great start, and if you think it would be valuable, take some of the paid classes as well. They are incredibly detailed.
When it comes to security, we definitely have a stricter attitude when things are going to the cloud because they are not fully in our control. Going to the cloud is always a little bit scary, but we have put in a refined approach for the data going into Splunk.
I have not made much use of federated search. I have come across it, but it is not something I have leveraged.
I would rate this solution a seven out of ten. What it does, it does well, but I do have qualms with it here and there. There are obvious features that are missing from time to time, but I am happy with what is there.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior analyst in investigations at GlaxoSmithKline
Helpful in dealing with malware investigations and anomalies
Pros and Cons
- "In terms of the benefits of the product, I would say it is my go-to tool."
- "The expensive nature of the product is an area of concern that needs to be considered for improvement."
What is our primary use case?
I work on corporate investigations and incident response. I use Splunk Cloud Platform to investigate user frauds, cases related to malware investigations, and anomalies.
How has it helped my organization?
In terms of the benefits of the product, I would say it is my go-to tool. Regarding getting all the data from Windows event logs, and considering the other reporting tools we have in our company like Forcepoint, Proofpoint Email Protection, Office 365, or Microsoft Defender, we have to search and get all the data in one place and to do so, Splunk Cloud Platform is super valuable.
What is most valuable?
The solution's most valuable features are search, reporting, and dashboards.
Splunk Cloud Platform is useful in our organization's monitoring of multiple cloud environments involving cloud services like AWS. I cannot speak about the ease or difficulty of using the tool to monitor multiple cloud environments since I am not on the administration side.
Considering the product's ease of use, the tool offers me the ability to search all the data and get it in a format before giving it to an investigator so that they can get it in a format they can understand.
What needs improvement?
The expensive nature of the product is an area of concern that needs to be considered for improvement.
For how long have I used the solution?
I have been using Splunk Cloud Platform for twelve to fourteen months.
What do I think about the stability of the solution?
The product has been pretty stable for me. I have never seen any outages in the tool, and it has been a pretty solid solution.
How are customer service and support?
I have no experience with the solution's technical support team.
Which solution did I use previously and why did I switch?
I was not using any other solution in the past.
How was the initial setup?
I don't know anything about the product's deployment phase.
What's my experience with pricing, setup cost, and licensing?
I know that Splunk Cloud Platform is an expensive product.
What other advice do I have?
I rate the tool a ten out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Module Lead at ValueLabs
Allows to easily monitor multiple cloud environments and offers good resilience to users
Pros and Cons
- "In my organization, Splunk Cloud Platform has improved the issue revolving around transactions."
- "When it comes to the integrations with the other platforms, there is a little bit of a lag in the observability part, making it an area where improvements are required."
What is our primary use case?
Splunk Cloud Platform is a product I use since my company has different platforms on Splunk, like Splunk ITSI and Splunk Enterprise Security. Splunk ITSI and Splunk Enterprise Security are the two packages known as paid packages under Splunk Cloud Platform, and my company also has an ad-hoc search head. Splunk ITSI is totally related to the infrastructure monitoring that my company does, and from it, we derive the service analyzers, episodes, and alerts and see if we want to integrate anything with ServiceNow, Jira, or any other monitoring tools we have. The product can be integrated with other tools, while my company can also use its alerting feature and its ability to notify the consumers with particular alerts, so the total infrastructure is covered under SIEM, making it possible to attach to security information. My company also created a couple of use cases, like in the case of continuous resetting of a password more than three or four times, then there will be a security incident that would be created so that if any end user is doing it as malpractice, like, phishing or something, my company can detect it and inform the user that you have crossed the four limits, and there is some attack happening owing to which we need to reset the password. Based on the aforementioned process, SIEM monitoring will be handled through its application. The aforementioned areas consist of the use cases related to the tool, along with a couple of more activities, like onboarding a user onto Splunk, creating apps for them, creating dashboards, creating alerts, and creating a couple of use cases for them as per their requirements.
How has it helped my organization?
In my organization, Splunk Cloud Platform has improved the issue revolving around transactions. If there are any issues with the transactions, then my company notifies the end users that their transactions failed, after which they can fix the issues so that there are no issues with the transaction part, especially regarding the application availability. The tool makes it possible to fix issues without any downtime.
What is most valuable?
I mainly work with Splunk SIEM and Splunk ITSI, and these are the two major products recommended for all consumers. If it is related to security, I recommend Splunk SIEM, and if it is related to infrastructure monitoring, I recommend Splunk ITSI to others. I used to take care of the observability part as well with the aforementioned tools. For observability purposes, I use Splunk-related applications. I also do the onboarding of the data into Splunk with the help of observability functionality.
What needs improvement?
If I focus on the observability part of the product, I see that it is an area that doesn't offer more integrations compared to what Splunk Cloud Platform or Splunk Enterprise offers. When it comes to the integrations with the other platforms, there is a little bit of a lag in the observability part, making it an area where improvements are required.
For how long have I used the solution?
I have been using Splunk Cloud Platform for 5 years. My company has a partnership with Splunk.
What do I think about the stability of the solution?
It is a stable solution. Cisco has acquired Splunk recently, so I think it will be a more stable product in the coming days.
How are customer service and support?
It takes a lot of time for the support team to resolve issues. In short, it takes a lot of time for Splunk's support team to troubleshoot an issue, meaning they are unable to resolve issues within a certain time frame. I rate the technical support a 6-7 out of 10.
How was the initial setup?
The product's deployment phase was straightforward, especially compared to the ones I have dealt with in the past.
The solution is deployed on a hybrid cloud model.
For deployments starting from scratch, I deal with the documentation part. I prefer to look through Splunk's recommendations on the limits of how much the server configuration should be while trying to meet the configuration requirements of the consumer. In general, I deal with whatever configuration files are needed and how the consumers want to approach it, like if it should be a heavy forwarder or universal forwarder or if they don't want to directly ingest data to the indexer bypassing the heavy forwarder. Basically, I try to understand the consumer requirements before taking care of the deployment part.
For a limited deployment involving four to five servers, only a single person is required. If the deployment involves twenty to thirty servers, the number of people required to deploy the product will have to be increased depending on the requirements, and my company will also have to manage everything. The number of people required for deployment is based on the capacity at which my company plans to do the deployment.
My company has the entire Splunk Enterprise package, and we have many universal forwarders set up at fifty different locations. In around twenty locations, universal forwarders have been set up. My company also has fifteen indexes that directly send data to indexers. My company also has four heavy forwarders that collect information from applications like Azure. My company uses add-ons with the heavy forwarders in Splunk.
What about the implementation team?
I was involved in the product's deployment phase.
What's my experience with pricing, setup cost, and licensing?
My company has a license for Splunk Cloud Platform. My company also has a license for Splunk Enterprise. There are two packages that my company has access to when it comes to Splunk, and I am also aware of the configurations and setup phases related to the tool, from scratch to production.
What other advice do I have?
Splunk Cloud Platform has improved our company's incident response time. For example, if any event is ingested into Splunk, within less than a minute, we trigger an incident to the end user based on the assignment group in ServiceNow.
There are many benefits attached to the tool in the areas of machine learning and predictive analysis. In Splunk ITSI, there is predictive analysis, which can be used for protection with the alert capabilities, especially if there is an alert storm coming up. My company can directly detect particular alerts from the trail to the attack and notify the end user about it. With the machine learning toolkit, my company does anomaly detection with the help of Splunk SIEM platform. With Splunk ITSI, my company does predictive analysis. The aforementioned area covers the two different platforms my company uses, along with two different approaches and the tool's machine learning capabilities.
My company interacts with our consumers. For example, if I am a consumer of Azure products, I would want to onboard all the data from Azure, even if it consists of user data. I recommend that more space be set on a particular index so that Azure data can be used. My company has all data related to Azure about its users and the changes if you have a license or if you have Azure Event Hubs, including any other things that it may have. I recommend more space in Azure, but if it is a network-related application like Aruba, I recommend that it has a little bit less space compared to Azure. The scalability of Splunk Cloud Platform can impact our company's data management, though I recommend the space required for a tool based on the use cases.
I am aware of the federated search features in the product. If a search is not running up, then my company needs to check whether any permission related to the search has any issue or if anything is going wrong, after which my company needs to check and fix those searches. I have not used much of the tool's federated search features.
My organization monitors multiple cloud environments with the tool's help. It is easy to monitor multiple cloud environments using the product. For example, if my company takes into account Splunk ITSI with service analyzers, then we define how one service is related to GCP. One service will be under the cloud services offered by Azure, while another service will be related to AWS. My company can divide the services based on locations and KPIs. My company monitors the total locations of the cloud so that we can get more insights from the service breakdown, which is why I recommend the use of Splunk ITSI. I used to work more with Splunk ITSI, a reason why I recommend it to others, as it is easy to understand and handle, even if you have 1,000 or 20,000 applications. With Splunk ITSI service breakdown, it is very easy to handle applications.
The visibility of the tool in multiple environments can be explained with the help of an example, where, if my company considers Splunk Cloud Platform, the visibility will be less compared to what we get from Splunk Enterprise. Splunk Cloud Platform is totally managed by Splunk's support team, so if anyone needs to do anything, my company needs to raise a request for a change in the tool, though we can modify a couple of services, like a couple of applications using ACS, which was introduced by Splunk. With ACS, if you want to update, create a token, or modify anything from the HEC token information, you can do it with the particular services offered by the solution. Considering the aforementioned area, I recommend that 30 percent of the work be done with ACS, and 70 percent of the work needs to seek assistance from Splunk's support team. Our company handles Splunk Enterprise, and we have 100 percent visibility on it compared to Splunk Cloud Platform.
The integration of the product with other services is possible. I have integrated it with ServiceNow, Jira, Slack, and Microsoft Teams, and I can say that it has been okay till now. It is good to integrate Splunk Cloud Platform with other tools. If we take a cloud service like GCP into consideration as an example and say that it is not working properly, then there will be an incident directly assigned to the support team based on the integration with ServiceNow. If you want to notify all the consumers in a scenario where GCP is not working properly through particular notifications with Slack channel particular notifications, then one can inform all the thousand consumers in a particular company about it, and it is possible with a single integration.
My company uses the tool for alert reporting. For example, if the top management of an organization is looking for the availability of websites, especially a couple of websites that are critical to their applications, then my company monitors such applications with the data in the report from the last thirty days or seven days, to ensure that availability of a particular website is 100 percent. If anything goes wrong as per the reports from the previous seven days, then the availability is reduced to 80 or 95 percent, which is based on how much time it was down, and it will be then notified to the consumer or top management, stating that the availability got reduced, and how there is need to fix a couple of applications in the back-end so that the availability can be increased. The top management will be made aware of the things that have been going on for the last seven or forty days. In general, a report is good for notifying the top management or consumers so that they can make decisions or check if their licenses or server capacity needs to be increased. With the alerting report feature, my company can be confident that the top management or consumers know about a particular issue in the tool that we can fix as soon as possible, but there will be a cost involved in doing so every time. If the consumer or top management is aware of the issues in the tool with the help of the alerting report feature, then they can make a decision.
I am currently not aware of how the product has an impact on decision-making.
The product has helped my organization with data compliance and privacy regulations since we were able to set up the terms and conditions with Splunk. In general, it is good when it comes to the terms and conditions revolving around the security part.
Maintenance is required to upgrade the applications, so we need a downtime of no more than fifteen minutes.
The product offers value in terms of resilience. Whenever my company faces difficulties, it is the solution we use for all our monitoring purposes.
In terms of the extensibility of the product, I feel it is a good solution.
Everything is supported by Splunk support, though it may take some time to find and resolve certain issues. If Splunk's support team resolves issues within a certain time frame, I can provide a nine out of ten rating for Splunk's technical team. Splunk Enterprise is totally handled by our company, so I can give it a nine out of ten.
I recommend Splunk Enterprise to others, especially when compared to Splunk Cloud Platform. If any notifications are needed, it can be done with no downtime, and it can even be completed within a week. If we want Splunk's support team to do the same aforementioned procedure for our company, then it may take a little bit more time.
I rate the overall tool a 7-8 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cloud Sec Eng at a pharma/biotech company with 10,001+ employees
Does not require backend maintenance, is easily integrated and utilized
Pros and Cons
- "The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based."
- "The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps."
What is our primary use case?
We utilize the Splunk Cloud Platform for log ingestion related to security and troubleshooting purposes.
How has it helped my organization?
Splunk Cloud Platform helps us with our security incident response. The cloud security logs are integrated with all the cloud providers.
The federated search feature enables us to search between Europe and the US, from one Splunk instance to another, all from a single location. This federated search simplifies how we handle data, making it easy to swiftly search for and manage information.
We monitor several cloud environments and find it easy to utilize the Splunk Cloud Platform for this purpose. Each cloud provider offers its own prebuilt dashboard, or customers can create their own.
The Splunk Cloud Platform offers excellent visibility into multiple environments. In the past, we utilized hybrid integrations, and they seamlessly worked right out of the box.
The reporting functionality provided by the Splunk Cloud Platform resembles that of the on-premise platform. It is readily available without requiring integration or the installation of reporting visualizations.
From a security standpoint, the Splunk Cloud Platform provides us with comprehensive visibility into all security logs. This enables us to implement security incident responses with great efficiency. Additionally, we have discovered that internal employees, such as product teams, are utilizing the platform as intended for various other use cases. For instance, it has proven valuable in troubleshooting performance issues and monitoring within Kubernetes. As such, we are leveraging a wide array of use cases within the company.
Splunk is a highly mature software that has been in the market for many years, which greatly influenced our decision-making process. Another factor was the user-friendly nature of the latest version, making it easy to initiate. We don't require a large workforce for installing components; it's as simple as out-of-the-box. Consequently, minimal time investment is needed for training.
The Splunk Cloud Platform assists us in accessing data to meet critical compliance and privacy regulations. For instance, this is particularly important for regulations such as GDPR and HIPAA. We are utilizing Splunk Cloud with a specific focus on HIPAA compliance, allocating extra attention to this aspect. In the case of GDPR, Splunk offers a range of built-in capabilities. For instance, it allows for log masking. Moreover, there are novel features available in Splunk Cloud, such as ingest actions. This feature is exceptionally useful as it enables us to mask the data before it's ingested into Splunk. Consequently, this approach ensures our adherence to compliance regulations, exemplified by GDPR.
The Splunk Cloud Platform has had a significant impact on our organization's security posture. It serves as our primary visibility tool and is the main source of trust for all login activities. Without Splunk, we would lose essential visibility and access to security updates. Currently, Splunk stands as one of the primary tools we utilize due to its utmost importance.
What is most valuable?
The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based.
What needs improvement?
The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps.
The Splunk Cloud Platform is not a very mature solution; it has only been on the market for four or five years. While they have made significant improvements, there are still limitations, such as the absence of CLI access. Therefore, there are several limitations that still exist with the CLI.
The standard support has room for improvement.
For how long have I used the solution?
I have been using Splunk Cloud Platform for four years.
What do I think about the stability of the solution?
The Splunk Cloud Platform offers 99.9 percent availability, ensuring that we never experience downtime.
What do I think about the scalability of the solution?
I would give Splunk Cloud Platforms' scalability an eight out of ten.
How are customer service and support?
Technical support needs more knowledgeable people.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used Sumo Logic in the past, but it wasn't an enterprise-grade solution, so it couldn't support the scale we required. Additionally, Sumo Logic lacked support for many integrations. The Splunk Cloud Platform fulfills our scaling requirements and integration needs. Moreover, our team possesses skills that align well with Splunk, making it a better fit for us.
How was the initial setup?
The Initial deployment was very straightforward because we had the skills. But I would not say that this is straightforward without the skills. We need to learn at least the basics.
The deployment took six months to create this multi-tenant environment because it's a highly specialized setting. It's distinct from a typical Splunk deployment that might only take a day or two. However, the process of configuring, migrating all the data from Sumo Logic to the new Splunk Cloud, and setting up the multi-tenant system along with product dashboards, required approximately six months of effort on our part.
What was our ROI?
We utilize Splunk in a multi-tenant manner, wherein we allocate costs back to the product teams in each department based on their usage. We are a healthcare company engaged in the development of healthcare applications tailored for doctors and hospitals. Splunk plays a pivotal role in assisting us with this endeavor. I would estimate that we have experienced a return on investment of approximately 30 to 40 percent.
What's my experience with pricing, setup cost, and licensing?
The cost of the Splunk Cloud Platform is high, and in addition to the standard licensing fee, we also have a premium support fee.
Now, we are paying less because, instead of being charged based on ingestion, we are paying for SVCs, which stands for Splunk Virtual Compute. This implies that our costs have decreased. Despite ingesting a larger volume of logs, our expenses are lower than they were before. However, it's important to note that if our usage of the tool increases, our expenses will also increase. Therefore, this represents a distinct licensing model from Splunk's.
What other advice do I have?
I would give Splunk Cloud Platform an eight out of ten. Splunk Cloud has shown significant improvement over the past four years, and I highly recommend it.
We operate two distinct Splunk Cloud platforms: one in Europe and another in the US. These platforms are linked through a federated search. This setup ensures that specific data, such as European data stored in the AWS cloud, is directed to the European Splunk platform, while data from the US Cloud is directed to the US Splunk platform. However, it's worth noting that all users primarily log into the Splunk US Cloud. From this point, they have the capability to transmit data to the Splunk Europe platform.
We have around 400 users.
The maintenance is primarily conducted by Splunk on the backend, and any on-premises maintenance we perform has been reduced by 80 percent.
The value that Resilience provides for SIEM solutions is significant for us. Therefore, if we inquire with various customers, they might provide different perspectives. However, concerning security, this holds substantial value. I would assert that it's the primary tool in our arsenal; indeed, we do possess other security tools, but the most frequently utilized one, which also delivers the utmost value, is undoubtedly Splunk.
The method to expand a SIEM system is achieved by extending the licenses. This expansion enables greater capabilities, increased log retention, and the ability to process more logs. In our specific scenario, we were previously restricted by the capacity of the ingest license. Our log ingestion was limited to, for instance, one terabyte per day. However, with the introduction of this new licensing model that's based on CPU usage, we now have the flexibility to ingest any amount of data while paying according to our actual tool usage. Consequently, if we intend to expand for additional servers, we simply need to contact Splunk and communicate our requirement for increased server capacity to enhance system performance. This process is streamlined because we aren't required to take any additional actions ourselves.
I would highly recommend Splunk Cloud because we don't require personnel for maintenance or server installation and management, as all these backend tasks are taken care of. Additionally, for those who are currently using a competitor of Splunk for SIEM purposes, I would also recommend transitioning to Splunk if they have the budget for it.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Engineer at a tech services company with 501-1,000 employees
Gives us better buffering performance and lower latency if we use the right components
Pros and Cons
- "In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that."
- "First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning."
What is our primary use case?
One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me.
I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time.
We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.
How has it helped my organization?
Splunk Cloud saved us a lot of money because we're working with databases like MongoDB and Oracle and using Splunk as a sync tool. It has its own indexes that cut costs by 15 to 20 percent.
It also improves our decision-making process. In one scenario, we compared the client's data from last year to this April and saw the year-on-year profit and loss. We could see which projects were successful. Compared to another SIEM or monitoring tool, it saved us time because the data is presented in a clean, customizable dashboard.
What is most valuable?
In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that.
If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.
It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview.
When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be.
The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.
What needs improvement?
First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.
Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client.
For how long have I used the solution?
I have been using the Splunk Cloud Platform for two years.
What do I think about the stability of the solution?
I rate Splunk Cloud seven out of 10 for stability.
What do I think about the scalability of the solution?
I rate Splunk Cloud eight out of 10 for scalability.
How are customer service and support?
I rate Splunk support six out of 10. They're knowledgeable, but their response times are sometimes slow.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We have Prometheus, but that only monitors Grafana and shows you a dashboard. Splunk is not just monitoring or grabbing data you search for. I've worked with cloud and enterprise. When we started using Splunk Cloud, we used it more like a dashboard to search data. Based on my understanding, I could create applications.
After moving into the enterprise side, I understood Splunk even more, including its components, bucket lifecycles, and how the indexes and configurations work. It's not simply transferring data from one to another. I can grab data from any system that consists of raw data. Splunk can also identify those data in the timestamp index form. We don't have any other vendors to compare it to.
How was the initial setup?
Deploying Splunk Cloud Platform is straightforward unless you use an automation tool like Ansible, Puppet, or Chef. It takes four to five hours. Installation can take a day in some cases, but it typically can be completed in less than five hours unless you're dealing with more complex data.
What's my experience with pricing, setup cost, and licensing?
Splunk Cloud is affordable, depending on your license. I don't know how much it costs exactly, but my colleague said it depends on your licensing and which features you use.
What other advice do I have?
I rate Splunk Cloud Platform eight out of 10. I would recommend this product.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner (consultant)
Principal Site Reliability Engineer at a pharma/biotech company with 1,001-5,000 employees
Information is easier to get now that it is all aggregated and centralized in one place with one interface
Pros and Cons
- "Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need."
What is our primary use case?
I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.
How has it helped my organization?
Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.
What is most valuable?
The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.
My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.
It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.
It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.
I don't know how much the product has helped my organization improve business resilience.
I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.
I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.
What needs improvement?
I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.
So far, it meets my needs, so I don't need to see any additional features in the tool.
For how long have I used the solution?
I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.
What do I think about the stability of the solution?
I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.
What do I think about the scalability of the solution?
I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.
How are customer service and support?
I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.
Which solution did I use previously and why did I switch?
I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.
How was the initial setup?
The product was deployed before I joined the organization.
The solution is deployed on a hybrid cloud model, and my company has opted for AWS.
What about the implementation team?
I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.
What was our ROI?
I don't know about the ROI part.
What's my experience with pricing, setup cost, and licensing?
I don't know about the pricing, setup cost, and licensing part.
What other advice do I have?
I rate the solution a ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Splunk Cloud Platform Report and get advice and tips from experienced pros
sharing their opinions.
Updated: May 2025
Popular Comparisons
Apache Superset
Splunk ITSI (IT Service Intelligence)
Splunk Enterprise Platform
AppInsights
Buyer's Guide
Download our free Splunk Cloud Platform Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What's your experience or opinion about Spotfire vs. Tableau vs. Qlik?
- A journalist is writing a story about which Data Visualization software product to choose. Can you help him?
- What enterprise data analytics platform has the most powerful data visualization capabilities?
- When evaluating Data Visualization, what aspect do you think is the most important to look for?
- What are the best self-service and Excel-like filtering / display tools?
- What data visualization tool/s do you find to be the best?
- Why is Data Visualization important for companies?
- How many users on average are licensed users of Data Visualization software in a company?