Splunk Cloud Platform Reviews

On Splunk Cloud, I mainly look for errors in applications or issues that come up with our internal applications. I have also used it to create dashboards and display customer data to customers in an effective way so that they have insights into their data.

There is less overhead now for infrastructure management. There are fewer issues that we have to worry about on the infrastructure side. This has freed up more of our resources' time to work toward initiatives on the Splunk platform itself. It is hard to measure the time savings. If one resource was working on it, that resource could save anywhere between 15 to 20 hours a week.

It must have reduced our MTTR, but I have been with Splunk for as long as I have been in my current environment, so I do not have anything to compare it with.

It helped improve our organization’s business resilience. The solution helps us find where errors are and potentially where threats are a lot faster. We can more effectively push out alerts not only to our team but also to the teams across the enterprise. It is nice to have on hand.

It is quite effective at helping us identify problems very quickly. We do not participate in real-time searches within our Splunk environment, but close to real-time is possible, and it is quite effective.

Not having to manage Splunk Cloud's infrastructure is valuable. Being able to deploy within the cloud and not having to manually manage our configs on the infrastructure side and set up our own architectures has been the biggest help.

Other than that, the new Dashboard Studio has been a pretty big win, but I do not know whether that is more cloud-specific or not. Dashboard Studio has a cleaner look for customers that want to see their data but not necessarily search. For the customers that want to see their data, having an easy and effective way to drag and drop to see where things are going to be if they want to change them has been pretty beneficial.

They can streamline the process of creating custom apps. I do not have a lot of experience with it. It was not very difficult for me to do so, but there is probably a better way to present the ability for people to push their own custom apps to the platform and go through Splunk's manual and automatic reviewing process.

I have been using this solution for about three years.

I have not seen any downsides when it comes to uptime and availability. Being in the cloud reduces downtime, especially compared to being on-prem where if something goes wrong, you will have to go in and fix that infrastructure yourself.  I have not necessarily seen significant downtime with Splunk Cloud or on-prem at this time.

I quite enjoy the fact that if we need more indexes or search heads, it is very easy to plug and play with Splunk Cloud. With the infrastructure model that we had before, we would have to go in, set up a new search head out to the cluster, and add a new indexer to the cluster if we needed it. It will have more benefits going forward as we move more and more into the cloud.

I have worked with Splunk support, and I would rate them an eight out of ten. It depends on where you are and what project you are working on at the time. It would be quite beneficial to work with them if you have a specific project that you are working on, and they have some insight into it. I do not work with support too often myself. Usually, one of our Splunk Infrastructure managers works with them, but there is always room for improvement. Availability in terms of making the time to gain insight into specific projects and problems that we are having is an area that can be improved.

Positive

My company has been with Splunk for quite some time now. We are well integrated at this point, and we are in the process of migrating over to Splunk Cloud specifically. We used Splunk on-prem for a while. We are currently in a hybrid situation, and we are making our way toward being completely on the cloud.

I help from time to time with the migration process, but I am not necessarily in charge of the total migration functions that we currently have today. The most I have done in terms of deploying to the cloud was creating a custom alert action for the cloud environment, which is one of my biggest contributions so far. I am not completely in charge of it, but from time to time, I will assist in the migration process. It is a bit of a learning curve, but once you get more and more familiarized with the cloud and how to benefit from it by using features like federated search, it becomes easier. It is somewhere in between in terms of complexity.

We would have seen an ROI. I do not have a specific number, but assuming that we did not have Splunk Cloud, we would have to manage our own infrastructure. Not having to manage nearly as much infrastructure and not having to have the personnel to manage that infrastructure on a regular basis, frees up that time for them to do what they are really designed to do. This has definitely added value.

I am a little bit familiar with the pricing and licensing model. I am not sure about the particular pieces of the actual price that we have, but I do like the idea of going towards a more CPU-based approach rather than the ingesting approach. This CPU-based approach gives us the ability to ingest more data if we need it.

The biggest value that I get from attending Splunk conferences is the insights from everybody here. You have people from many different companies doing very different things and deploying very different models within their different Splunk instances. You get an idea of where everybody lands and maybe grab some ideas that you would not necessarily have thought of by looking at it from the inside of someone who is in a completely different field than you are.

There is definitely a big difference between Splunk Cloud and on-prem. For me, one of Splunk on-prem's biggest features is being able to deploy my own custom applications internally, which is something that is a bit of a process with Splunk Cloud. So, given the information that I have, I would rate it a seven out of ten.

We use Splunk Cloud Platform to monitor our environment.

Monitoring multiple cloud environments is made easy with the Splunk Cloud Platform due to its fast ingestion and data recovery times.

Splunk's visibility into multiple environments is excellent. I have found that a hybrid environment works the best, as the login portion remains on-premises while the rest is in the cloud. This reduces the maintenance required on-premises.

There are two types of integration. The first involves bringing something into Splunk, while the second entails moving something out of Splunk. Bringing data into Splunk is relatively straightforward, with multiple options such as RAS, SysLog, and Splunk's built-in functions. However, exporting data from Splunk is more challenging and not as straightforward as the process of bringing data into Splunk.

Splunk Cloud Platform has influenced our decision-making processes. Splunk is primarily employed for security purposes; thus, it excels particularly in SIM. It encompasses an asset and identity framework that effectively gathers information about an organization's assets and individual identities, encompassing all users. Therefore, when considering Unified Business and SIM, Splunk proves to be highly proficient. 

The cloud performance is good.

Not having to perform any maintenance because it is handled by Splunk saves our administrators time which is valuable.

Splunk should offer various options for real-time monitoring. If we could enhance the speed of data ingestion or data retrieval, that would be an added advantage. Additionally, there is room for improvement in SaaS-to-SaaS integration. I believe that reintroducing HTML dashboards would be beneficial, as they provide dedicated web features. This, in turn, gives users the flexibility and freedom to create custom dashboards more easily.

I have been using Splunk Cloud Platform for five years.

I would rate the stability of the Splunk Cloud Platform as an eight out of ten. We still encounter some lagging and errors, but not as much as with the on-premises deployment.

I occasionally get in touch with Splunk technical support, usually regarding data onboarding. These include routine activities like installing or uninstalling applications, as well as making changes to existing ones. On average, we submit at least one ticket per week to them.

Positive

I have used many tools including Elastic, Grafana, Tableau, and Sumo Logic.

Splunk is indeed superior in many cases, but other tools are also making progress to catch up, with Elastic being one of them. They have begun developing their own SIM offering, complete with its own SIM features. Similar to Splunk Cloud, Elastic also has its Elastic Cloud Stack. Some of the features provided by Elastic seem to outperform Splunk. Therefore, there is room for Splunk to enhance these aspects. As for pricing, it could be more competitive, considering that other tools also provide the freedom to choose the Cloud Stack. Although Splunk offers this flexibility, the process often involves extensive discussions, making it less adaptable compared to other tools.

The initial setup is somewhat complex regarding the CI/CD pipeline, and Splunk manages the deployment. Splunk provides a feature called ACS, which enables us to manage the deployment ourselves if desired, but it's simpler to have Splunk handle the deployment on our behalf.

The deployment took around one month and required ten people from Splunk's DevOps team.

The implementation was completed by Splunk.

The pricing is high for small organizations. The cost makes more sense for organizations that have a large amount of data ranges.

I would rate Splunk Cloud Platform an eight out of ten.

There are numerous tools that offer real-time reporting and alerting capabilities. Splunk is indeed effective, but due to the prerequisite of registering logs beforehand, a delay is inevitably introduced. Therefore, while Splunk is suitable for real-time reporting alerts, it may not be as optimal as some alternative solutions.

Resilience has added value and contributed to the improvement of our organization. This is highly significant. In most cases, the SOC team relies on the tool for issue mitigation and ticket resolution. Therefore, it is crucial for Splunk to remain consistently up-to-date and respond as quickly as possible. This holds immense importance.

The extensibility is good, but there is room for improvement, especially in integrating certain logs. Enhancing the process of incorporating raised logs is possible. In most cases now there are limitations on log creation. Previously, a direct option existed to import logs. However, this process has been altered, requiring users to develop an add-on for log integration, leading to increased complexity. Furthermore, users are expected to have knowledge of Python. This can be problematic in cases where users lack such expertise. Therefore, this aspect could certainly be enhanced.

For those who want to evaluate Splunk, it comes down to the volume of data. If they are dealing with a substantial amount of data flowing into their SIM, Splunk would be the superior option. Splunk effectively manages extensive datasets in comparison to other technologies. It also offers numerous additional functionalities, such as an enterprise security suite, assets, and identity framework. Moreover, it has undergone industry testing and has been employed in the field for a considerable duration. In contrast to other organizations, they provide a wealth of features.

We're migrating our on-prem environment to Splunk Cloud Platform. We're consolidating two separate Spark clusters because of a merger. Our primary use case is for unifying all of that data into one place.

It's made searching for data easier. Users like it. We're still in the migration process, but overall, it's a lot easier to use.

It's important to use that Splunk has end-to-end visibility in our native environments. We have to have that visibility because we manage multiple app applications that rely on it.

Splunk helped to improve our organization's business resilience. That's very important to us. Our users rely on Splunk heavily for the health of their applications. It helps them to get ahead of issues, and if there is an outage, it enables them to resolve them faster.

Splunk gives the different application owners the ability to configure alerting specific to their needs so they can customize it however they want. If they know their applications better than you know, admins, I'll give them that flexibility.

The administration could use improvement. We have to rely on support more often than we're used to.

We have been using Splunk Cloud Platform for nine months.

Stability has so far been good. We haven't had any issues.

Their support is great, especially the agent that we have now. They're very responsive, willing to help out, and give suggestions.

Positive

We previously used Splunk Enterprise. We switched to Cloud Platform because we wanted to consolidate a couple of instances to one place and we're moving our security team to the cloud. 

I wasn't involved in the setup directly but I was aware of what they were doing. The setup is a little complex. We had some issues we had to deal with. Bringing both environments together and getting the different environments to communicate with Splunk Cloud was complex. We have a lot of data. Getting a handle on that before we were able to start sending data to the cloud was complex. 

It's expensive. We're still trying to figure out Cloud licensing. 

It's not so easy to monitor multi-cloud environments using Splunk. We have some difficulties, but we have some things in place, but it's not easy.

I would rate Splunk Cloud Platform an eight out of ten. There's a lot we haven't tapped into yet, so the rating can go up.

We mostly use Splunk Cloud Platform for monitoring performance and looking for performance events.

We have seen many benefits of Splunk Cloud Platform, which is why we are still using it. With the alerting, we can find outages faster, and we can find performance impacts faster. We are then able to use them to diagnose and dig through our logs to find out what possibly caused it or look for a time when it happened to find a correlating deployment or something else that caused the problem.

We monitor multiple cloud environments. Splunk Cloud Platform is pretty good for monitoring multiple cloud environments. We have it all come into the same index irrespective of the system. Even though we have multiple data centers, everything comes into the same Splunk index, so we monitor it all in the same place.

Splunk Cloud Platform has end-to-end visibility into our cloud-native environment, which is very important for us because otherwise, we would not be able to have the data or be able to diagnose and find issues.

We have been using Splunk Cloud Platform for a very long time. I do not even know a time without it, so it is hard to say how much it has reduced our mean time to resolve (MTTR).

Splunk Cloud Platform has improved our organization’s business resilience. We use it very heavily to look for issues that may arise. In terms of Splunk’s ability to predict, identify, and solve problems in real-time, we mostly rely on our own searches. We do not rely on a lot of advanced observability features. We are mostly using our own alerts that we have written and our own dashboards.

Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening.

Its performance can be better. The searches sometimes take a long time. There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use.

Their support can also be better.

I have been using this platform for 12 years.

Its stability has been very good. We have only had a few outages that I can remember where Splunk has been down.

Its scalability seems okay. Most of our issues come with our data storage. We are storing mass amounts of data, and it seems to handle that right now.

Their support has been lacking a little bit. We have several outstanding bugs that have not been fixed yet, and we are still waiting for Splunk to fix them. For example, we cannot use Splunk Mobile because of an issue with the authentication and what permissions are available. We have not been able to use Splunk Mobile since the new app. I have used the old apps, and I was quite disappointed when they were broken. I have never been able to use the new app.

I would rate them a seven out of ten. For emergency issues, they are good. For lower-priority issues, we are still waiting.

Neutral

I was not involved in its deployment.

I know that the company evaluated a few other solutions, but I have not been as involved in those. We are still using Splunk.

I would rate Splunk Cloud Platform a nine out of ten because it does a good job at what it does. I wish I could use the mobile app, but the rest of it works very well.

The best value that I have received by attending Splunk conferences is finding out new things that I can do with my own job. Most of the time, it is disappointing because a lot of the new features have new applications that we have to buy, and I have no say in the purchase of new applications. However, there have been some new improvements in the applications that we already have, and I come for those updates. I am able to see if the new features in the existing applications are more useful to me.

We leverage the Splunk Cloud Platform for log ingestion. This allows us to create dashboards, alerts, and reports from security and application log data.

Splunk Cloud Platform offers real-time monitoring capabilities. It continuously ingests data from various sources, allowing us to track its flow. We can set up alerts to be notified of any anomalies, such as spikes in CPU or memory usage. These alerts can be configured to trigger email notifications, keeping us informed of potential issues. Additionally, Splunk Cloud Platform provides real-time dashboards that visualize the data as it's collected.

The federated search feature is useful for our cybersecurity team to complete their log analysis.

Splunk Cloud Platform offers seamless integration with other systems and applications. This is achieved through apps and add-ons developed by Splunk.

Splunk is a good reporting tool. It allows us to generate reports and attach them to emails in CSV or PDF format.

Splunk Cloud Platform has been instrumental in helping our cybersecurity team continuously monitor our data for anomalies and attacks. Its usefulness extends beyond security, though. Teams that ingest their logs into Splunk can monitor various services. If a service goes down, Splunk will trigger an alert. Splunk offers a robust monitoring suite, including dashboards, alerts, and reports. We can monitor system resources like memory and CPU consumption, application logs, Azure logs, and even Office 365 logs. For example, Splunk can reveal who sent emails, who participated in group email threads, and who added or removed members from Active Directory groups. This audit log capability allows us to investigate activity even months or years later. Splunk provides a wide range of use cases for our organization. We noticed these benefits as soon as Splunk started ingesting data.

Splunk has improved our decision-making process thanks to its clear dashboards that help us analyze information and make informed choices.

Splunk has been valuable as a compliance tool because it centralizes log ingestion. Any tool generating logs should be configured to send them to Splunk. This allows us to easily identify compliant applications – those whose logs are collected. Conversely, uncollected logs raise security concerns, as they represent a potential attack surface.

Splunk has significantly improved our organization's security posture. As a primary security tool, Splunk allows us to collect application logs, monitor activity for potential attacks, and conduct searches to identify suspicious behavior.

I like that Splunk Cloud Platform is managed by the vendor.

I like the Cloud monitoring console feature.

I like the support for all the apps and add-ons.

Splunk currently manages the components, which restricts our ability to access them directly. I would like to be granted read access to be able to review the components.

I have been using Splunk Cloud Platform for one and a half years.

The Splunk Cloud Platform is stable as long as we perform proper maintenance to prevent bugs.

This system is very scalable. That means it can be easily adapted to accommodate our needs. We can increase the number of licenses we use, or add more resources like CPU and memory. We can also request additional components, such as adding more user accounts if our team grows from four to eight members. Overall, the scalability of this system is a major advantage.

I would rate the scalability of Splunk Cloud Platform nine out of ten.

Splunk Cloud Platform offers excellent technical support that is both knowledgeable and responsive.

Positive

The initial setup is straightforward but it takes a month or two to complete because of the applications that need to be onboarded.

We first need to calculate the amount of data we need to ingest. Then, based on that amount, we can plan how much data we need to onboard and what components we'll need.

Two experienced people were involved in the deployment.

The implementation was completed in-house.

Splunk Cloud Platform is more expensive than some of its competitors, but it offers a wider range of features.

I would rate the Splunk Cloud Platform eight out of ten.

Splunk Cloud Platform is deployed in multiple locations.

Splunk Cloud Platform requires maintenance.

I recommend the Splunk Cloud Platform to others.

If you're using cloud services, Splunk Cloud Platform is a good option. It minimizes management overhead for you since Splunk handles the underlying infrastructure. Splunk Enterprise however requires more resources to manage.

My manager typically requests dashboards, alerts, and scheduled reports. Based on their specific requirements, I create reports and dashboards that visualize the data. We leverage the Splunk Cloud Platform to fulfill these needs.

Additionally, my teammates may approach me for insights. I analyze the data and provide them with these insights, which they then use for team meetings and further data analysis. This ultimately helps them make informed decisions.

Splunk Cloud Platform improves our incident response time by enabling the retrieval of large data volumes. The platform offers impressive search speeds, and we don't need additional SQL commands to optimize response times.

We saw immediate benefits from the Splunk Cloud Platform. Being able to access and analyze logs provided valuable insights.

Splunk's impact on decision-making is significant. I have access to all the data I need, and it is always reliable.

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

I have been using Splunk Cloud Platform for 2 years.

It is reliable. In my experience working with virtual machines, any search lags are likely due to the VMs themselves, not Splunk.

I would rate the stability 8 out of 10.

Splunk Cloud Platform is horizontal scaling. So it is easy to scale based on the data we are using.

I would rate the scalability of Splunk Cloud Platform 9 out of 10. 

Deploying Splunk Cloud Platform requires knowledge of the Splunk architecture, the deployment server, and the components.

We have seen a return on investment.

The certifications are costly.

I would rate Splunk Cloud Platform 8 out of 10.

The maintenance required is minimal.

The resilience of Splunk is good.

I recommend the product.

Splunk Cloud Platform is a powerful tool for handling big data. To get the most out of it, understanding both the developer and administrator sides is beneficial. The platform offers broad compatibility with various technologies and allows for easy scaling to accommodate your needs.

We are primarily using it for InfoSec, cybersecurity intelligence, information gathering, and forensics. We also do a little bit of application performance monitoring for some appliances that can only be monitored through log ingestion.

We are starting to monitor multiple cloud environments. We have our internal cloud, and we are migrating to AWS. We are engaged in that path. In terms of monitoring, it is more or less the same because we are using the same integration pattern, which is to use Ivy folders and gather logs. We use it at its minimum, but the way I see it at the Splunk conference, we can go further. Will we go further? That is a million-dollar question.

It has end-to-end visibility into our cloud-native environment. For sure, it is important for operation and application support, but we need to embark our staff and management for that. They are the ones who are committing big dollars to that.

It has not reduced our mean time to resolve because we are using other tools as well. We are aiming to go on that path in the coming months.

It specifically has not improved our organization's resilience. There are a myriad of modern tools that we are implementing. Splunk is one of them. It is one of them helping us.

Index Manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team.

The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good.

We have owned Splunk Cloud Platform for the last year and a half.

The stability of the solution is quite good. 

We had challenges with the sizing of the cloud tenant that we purchased, but that was based on past decisions, so we are stuck with that until our next move. That should come in the next year. At that time, we will resize the tenant in a more efficient way, so scalability does not apply because the tenant we bought is a closed one. There is no scalability on either side. I learned that after the fact, so I am not impressed because we did not buy it. I guess people who buy that type can have good feedback on scalability.

We migrated from an on-premise solution that we had for about three years. We saw cost efficiency when we went from on-premise to the cloud, but I do not manage the budget.

We are using Dynatrace in parallel. We used Splunk as a cybersecurity tool, and we embraced Dynatrace a few years ago. So far, Dynatrace does a great job. Splunk is closing the gap. With today's announcement at the Splunk Conference, they are catching up. We are also using Microsoft SCOM, so it is a trio. It helps us do a better job.

I was not involved with the setup of the on-prem one, but I was involved with the migration to the cloud. My experience was interesting because I started from zero, but with the help of Splunk's professional teams, we could achieve our project. On a personal side, it helped me to gather the knowledge that brought me here at the Splunk conference.

The setup is always challenging. We had four or five people involved in the migration. We also involved a lot of key players in application migration. We had 20 to 30 people involved at some point in the migration path.

We used professional services.

We have, for sure, seen an ROI with Splunk. Our DevOps team is able to gather faster answers to their questions. Obviously, it brings value, whether it is Splunk or any other tool. 

We could see the ROI in a few months. We gave time to our DevOps specialists to embrace the solution and get used to it. From there, as they made their own usage and use cases of the tool, it gave them speed to achieve what they were looking for.

I would rate Splunk Cloud Platform a seven out of ten.

This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis. 

The reporting and dashboards are very good.

In terms of reporting, everything is customizable. You can write a query to have the reports and dashboards created for you, and it will be based on that data.

The documentation is pretty good.

Integration with products and devices works well. We haven't had any limitations or problems connecting to our network devices.

The training models can only be accessed for 30 days, even if it is paid training. This is a limitation that I feel should be lifted because if we are paying for it then we want to be able to continue to use it.

I have been working with Splunk Cloud for a year and a half.

This solution is pretty stable. It is used on a daily basis and in the past year and a half, I haven't faced any issues.

We have a team of 20 for our SOC operations who will be monitoring the results of Splunk Cloud.

The support is pretty good. We are a premium customer so when we raise a ticket, they deal with it right away. Also, if it needs to be escalated then the account manager will get involved.

We did not use another log management solution prior to this one.

Splunk Cloud is pretty straightforward and easy to set up. It is a SaaS solution, so we don't have to do anything on our end.

We are a team of six people who maintain our security solution.

Compared to other products, Splunk Cloud is expensive.

The licensing is based on the amount of data that we send to the cloud on a daily basis. It is expensive, although it has more features than other SIEM tools.

Overall, I find that Splunk is pretty good. It is a very mature product and I can see that compared to when I used to five years ago as an end-user, they have been improving in every way. The interface is something that has become more user-friendly over time. When there is something missing, it is handled by another product from the vendor. For example, if you need to add predictive analysis then you use Splunk Phantom.

There are many other SIEM tools on the market, such as IBM QRadar and ArcSight Logger. Splunk is comparatively more expensive but it has many features and good functionality. I definitely recommend it.

I would rate this solution a nine out of ten.