Splunk Cloud Platform Reviews

The primary use cases of Splunk Cloud Platform are security log monitoring and compliance.

The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go. Splunk has multiple features, but the cloud feature comes with that. It is built for a smaller organization, but that's how organizations grow. The solution is good for a new budding organizational group.

Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS.

I would like to see more integrations because integration is related to bringing in more data. More integrations would increase the visibility and customer's point of scope. Customers are initially tied to one platform and stick to it because of its feasibility. Integration becomes a major challenge when they want to bring in different solutions.

Once they have different integrations from Splunk, they need not worry about security, things to monitor, or what compliance they must meet. Everything will be physical, and integration will bring in a lot of things.

I have been working with Splunk Cloud Platform for one and a half years.

Splunk Cloud Platform is a stable solution.

Splunk Cloud Platform's technical support is good. The support's technical capabilities are always great because everyone who is capable joins in and contributes. However, at a high level, we understand there is always a gap in automation. We have process automation that can be resolved or detected by customers.

The flaws in our cloud can be fixed. We can send an integration update to the customer and tell them that you must fix this so everything works fine. For a download-compatible system, you can update an older heavy forwarder version to a newer version to grasp the maximum out of it.

Positive

I have worked with a lot of other products, but not as a cloud solution. I have designed cloud solutions for other products like what Splunk currently has. I have worked with IBM, which has its own cloud platform, cloud monitoring solutions, and security solutions. Similarly, we have other market solutions that will act as a security solution, but they are in different behaviors. We have designed one for other customers, which monitors other cloud and hybrid solutions.

Splunk is currently at the top rating because I haven't explored other ones. I started exploring Microsoft Sentinel, which is a good competition for the Splunk Cloud Platform, and it's a healthy competition. I would like to see a very light-flavored source solution integrated with the Splunk Cloud. Once people start tasting source solutions, they will surely explore them more because that's how hunger is created. Other solutions already have the source solution in them. For example, Sentinel has its own source solution, which they give as an integrated part.

Splunk Cloud Platform’s initial setup was quite easy.

The Splunk team was involved in the solution's deployment.

Splunk Cloud Platform's pricing is a little on the higher end. When smaller organizations start their journey of onboarding log sources or security solutions, they think Splunk is quite worth it. But when they start growing, they feel it's quite eating up their budget on security. So, it is fine for smaller organizations. It all depends on how the discounts are provided.

Splunk Cloud Platform is used in our customer's company. The solution is deployed on the Spunk Cloud in our organization.

Splunk Cloud Platform is a very good product in the market, and you can use it wisely. Compared to other products for the cloud solution, you can use Splunk Cloud Platform for a wide range of tools. Splunk Cloud Platform is the best product to onboard for a new startup or a working good industry with a very small number of people. You don't have to sit in an office and work. You can work it from anywhere and integrate the log sources. That's how easy it is.

The cloud is not for a bigger organization. The one which is sitting in the environment can be used. For example, if you have one terabyte of ingestion per day, that is not what we expect a bigger organization to ingest on a cloud. It would become quite expensive to store, manage, and process.

It is good for smaller organizations because they have around 25, 30, or 100 GB of ingestion per day. If you want to grow bigger and bigger, you can use a hybrid model. If that model is available, that would be great for bigger organizations. For example, the cloud is integrated into the cloud, and on-premise is integrated into data centers. That should work fine.

Splunk does the solution's maintenance. From our side, the local integration material has to be maintained as per the cloud instance. It all depends on the customer. If the customer is fully on the cloud, it should not be a problem. We still have to upgrade heavy forwarders, universal forwarders, and deployment servers. However, the rest is taken care of by Splunk itself.

Our customers monitor multiple cloud environments, which are distinguished in their environment. It is integrated in a different format and not directly integrated. Monitoring multiple cloud environments using the Splunk Cloud Platform’s dashboards is quite easy and reliable.

It's a standard thing. I don't know about other comparative tools, but the first time I used Splunk Cloud Platform, it was quite good enough and can be used for the current organization.

I rate Splunk Cloud Platform's integration with other systems and applications in our environment a seven to eight. This is an average rating where you can see that the growth still has to be achieved. Splunk Cloud Platform should work on its integration with third-party products.

Splunk Cloud Platform has different types of formats, and those are enough. The rest of the reporting, like the presentation, should be done by itself. No one gives those. The reporting that Splunk Cloud Platform currently provides is enough.

It depends on the industry, but for financial or banking industries, Splunk Cloud Platform plays a major role in decision-making. If I want to rate it, you have to consider ten out of ten as Splunk or any other tool before they make any decision. If they have Splunk already, they should consider Splunk as a major partner to integrate and bring in more services apart from bringing any other solutions. That will create a multiple-glass observation, which will not be an easy decision. If one of our customers has Splunk, they must consider it a priority before bringing in any other solution.

Splunk Cloud Platform helps our organization access data for compliance and privacy regulations. Right now, Splunk is so feasible that it can integrate with any tool, anytime, and in any data format. So, it should not be a problem. Anyone brings in data in any format, Splunk Cloud Platform will surely meet it. The only thing is they need a good engineer to design it properly so that it brings in data properly.

An organization that does not have a security posture review is considered a zero, not a negative. We don't know when it becomes negative. The day they bring Splunk into the environment, it will obviously increase their visibility. Every time the security posture increases, they get to know the flaws.

Their observation of 24/7 monitoring, compliance, log monitoring, and forensics will come into the picture. They can enable everything in a single solution or product.

Splunk Cloud Platform is a resilient model. SIEM tools can perform post-detection. SIEM is not an EDR tool because it doesn't automatically detect something. A SIEM tool is used for compliance and audit. It is helpful for future investigation because it can record logs and keep them aside.

However, a SIEM tool does not have an automatic detection module. Although it has a prediction model, it does not have an auto-detection or blocking model. It cannot be a resilient tool, but it can be a vigilant tool.

Overall, I rate Splunk Cloud Platform a nine out of ten.

We use it for security monitoring and application monitoring.

We monitor multiple cloud environments. We monitor AWS and Oracle Cloud. It is easy to get all the data into Splunk from our AWS and Oracle Cloud. The integration is comparatively easy when it comes to on-prem versus Splunk Cloud.

It has end-to-end visibility into our cloud-native environment, which is pretty important for us. About 80% of our infrastructure is on AWS. It is pretty important for our digital resiliency to monitor our AWS and Oracle Cloud platforms end to end.

It definitely reduces our mean time to resolve, but I am not sure exactly how much time it has reduced because as a Splunk Cloud customer, we provide our platform to our application teams. 

We have Splunk Enterprise Security and our regular Splunk Enterprise. We use Splunk Enterprise Security for monitoring all our security use cases and our regular Splunk Enterprise for application monitoring. We have our own custom digital apps that we monitor on the enterprise cloud, and all our enterprise security monitoring happens on the Splunk Enterprise Security app. There are so many custom applications that we currently support. 

We do digital transaction monitoring, so when a customer sends some money to a different customer, we monitor the end-to-end transaction of that customer when it happens on the digital platform. It is pretty important for our L1 and L2 teams to monitor that end-to-end transaction. 

With Splunk in place, we can identify the bottlenecks where transactions are getting held and immediately take necessary actions to release the transaction and reach the customer. That improves the transaction time frame. There is improvement in terms of how many analysts are monitoring how many transactions and how fast transactions are happening from end to end. It improves our performance and customer experience. It is also easy to monitor end to end transactions.

They can offer more self-service capability to their customers. Currently, most of the things happen behind the Splunk Cloud Platform. As a customer, I do not have an opportunity to see my platform. If they can offer more self-service to see the health of my endpoints and stack, it would be appreciated. 

Their support also needs improvement. I have had issues with the support team. When I run into issues, it is always hard to get hold of them and get things done with the support team. Other than that, product-wise, it is very good.

I have been using the Splunk Cloud Platform for more than four years.

Its stability is 99.5%, but I have had pretty bad incidents in the last couple of years. Last month, we had an outage for the whole day. Support-wise, I am not happy.

In typical cloud infrastructure, you can add your EC2 on demand based on the load of your customers, but with the Splunk Cloud, that is not the case. They assign a fixed number of searches and indexes. They have named it as a cloud, but it is still an on-prem instance sitting in their cloud, so in terms of scalability, I do not see much advantage with Splunk Cloud because, at the end of the day, you get approval from your Splunk account team or a management team to add a new instance into your cluster. 

The support that we get from Splunk is not always great. Whenever we have issues, we have to chase them to get the answers. When we have an incident, identifying the root cause of that incident with the Splunk Cloud support team is always a pain. The Splunk team should improve their customer support experience. I love the product, but the only issue is getting support. I would rate them a three out of ten.

Negative

We had IBM QRadar, and we moved from IBM QRadar to Splunk Cloud. Cost-wise, Splunk is a premium solution. We pay more, but we get a better experience with Splunk Cloud Platform. It is easy to manage. There is a better user experience. When it comes to identifying issues, it is pretty easy with Splunk. Cost-wise, we have not saved much, but in terms of resiliency and digital experience, we get a lot from Splunk.

We get a lot of capabilities with Splunk Cloud and Splunk Enterprise Security. We also do application monitoring, and we wanted to embed both solutions into one. That is the whole reason we got Splunk.

We have a bunch of tools, not just Splunk, in our ecosystem. Splunk is one of our tools for monitoring purposes. We have other tools for alert management, global alert repository, etc. In our ecosystem, Splunk serves the main purpose of detecting and bringing the issues to our analysts to resolve them. Splunk plays a vital role.

I was initially involved in the whole migration process. We used to have the Splunk on-prem instance, and only application teams were utilizing it. We bought the Splunk Cloud Platform, and we merged both the application and security into the Splunk Cloud Platform.

Cloud deployment is pretty easy because you do not have to manage any of your infrastructure. They take care of that. 

We could see its time to value in roughly one year to sixteen months. We started the migration and moved to the cloud, and in a year to sixteen months, we could see a return on investment.

The ROI is in terms of the mean time to resolve the issues. We could do all of our security monitoring and enterprise security. We integrated security monitoring with our SOAR platform. We have so many L1 and L2 teams using Splunk day in and day out to monitor the transactions. They definitely have more visibility and reduced mean time to resolve the issues. They can identify an issue pretty fast. 

Currently, we have the ingest-based license. They are offering SVC-based licenses as well, but I am not a fan of SVC-based licensing. At the end of the day, I want to predict my budget and how much I am going to pay to the vendor so that I can plan my yearly budget.

I would always suggest going with the ingest-based license because you can control how much you want to ingest. It feels like you will be paying less when you switch to SVC-based licensing, but this is not true because you cannot control your users and what kind of searches they want to run. If you go for that, you will need a whole lot of manual effort to control your users.

We evaluated Elasticsearch. We evaluated Exabeam. We evaluated one more solution. Among all the solutions in the market, Splunk is the best.

The good thing with Splunk is that you can search your data across all the indexes pretty fast. The way the processing language works with Splunk is awesome. Most of my analysts can search the data as quickly as possible, whereas, with the other solution, there was always a lag while searching for data. With Elasticsearch, you have very limited capability to search across the whole platform. It is very easy with Splunk. The secret sauce of Splunk is the way they index the data. That is the main difference between Splunk and its competitors.

I would rate the Splunk Cloud Platform a nine out of ten. The product is good. The only issue is the support.

The primary benefit that I get from attending the Splunk Conference is to be able to see all the new features that Splunk is releasing and how to use them and implement them in my infrastructure, platform, or ecosystem. I also get to know how other organizations are using Splunk to solve their use cases. Another thing is that we have so many vendors utilizing Splunk as their base and building so many new products. I visited one of the booths, and I was very impressed with their booth. They are doing all the content validation, security validation, and simulation of attacks. They are using their tool, and they have integrated it with Splunk. They are bringing all the data into Splunk to showcase how to maintain the hygiene of the content. That impressed me a lot. When I attend Splunk conferences, I get to see how others are utilizing Splunk as their base and building new tools out of that. It gives me some ideas of how to implement it in our organization. Of course, we cannot implement everything, but at least we can see the best fit for our platform.

We're looking to migrate an acquisition into the Splunk environment. We acquired a company and their Splunk environment was small and separate. We didn't want to have to maintain old Windows environments in unique use cases so we wanted to migrate it to the cloud as a proof of concept.

In their case, they had global data domicile requirements. We didn't have the same global deployment for our other larger environment that they did. So it made sense for us to migrate them to a bunch of small cloud stacks that were globally positioned rather than deploy a bunch of tiny enterprise environments to do the same thing.

The solutions are segregated at the moment. We're currently migrating the ACS environment. We have our own Splunk Enterprise implementation that we still use for Azure currently. It's fine, it doesn't drop.

It has definitely improved our organization by virtue of reducing the amount of overhead we would have had for those environments. Having to implement, maintain, or even update the existing stuff would have been extremely time-consuming. Splunk Cloud handles all of that for us. So it's definitely been helpful from that perspective. It's allowed them to maintain upgrades for far further than they are. Some of the hosts of that environment were still on version 7 so they could get upgraded feature parity.

They do well at empowering staff by providing business resilience. Users have the capability to utilize Splunk in ways to make their jobs better for resiliency purposes, reporting, and whatever it is that they need to do. Splunk is a very powerful platform in that way. 

In their case, they had global data domicile requirements. We didn't have the same global deployment for our other larger environment that they did. So it made sense for us to migrate them to a bunch of small cloud stacks that were globally positioned rather than deploy a bunch of tiny enterprise environments to do the same thing.

It's pretty important to us that Splunk has end-to-end visibility to our native cloud environment. We need to be able to figure out where the points of failure are. Knowing whether it's a forward, on our end, an index, the cloud environment,  a firewall, or something else entirely is important to troubleshooting that kind of process. 

Splunk has helped to reduce our mean time to resolve. For the specific use case, the ability to bring in more Splunk data and market makes work consistently accessible.

I think that Splunk's ability to predict, identify and solve problems in real time is better than what we use it for. Our observability journey is still pretty early so we haven't done a lot of predictive detection that is possible to do with Splunk. It looks like it can do the things that we needed to do in a pretty effective way. We just haven't done that yet.

Some of the implementation is challenging. They're not very proxy-aware. Their recommendation is to set up an intermediate forward in a DMZ environment or something like that. That's not always the most convenient way to do things. It would be better if we could use an HTTP proxy, send data out via HEC, HTTP, or in a way that is proxy-aware.

We did the POC six months to a year ago. We've been in the process of migrating some smaller use cases over the last three or four months.

We haven't used it a lot but it's been pretty stable.

Splunk support is pretty good. There's some work to be done. When I provide them with a bunch of data, they don't need to ask me some of the initial questions. But otherwise, they're pretty good.

Positive

I have seen ROI. The adoption of the company has increased dramatically. We have hundreds of alerts, hundreds of reports, and hundreds of dashboards that people use for their business cases, whether it's deliverables, resiliency, or troubleshooting.

Splunk is expensive. We have had some challenges in ensuring that all data is available in Splunk due to its cost. It has definitely proven its value in the data that we have brought in. From a resiliency and reporting perspective, those things are all very valuable. But it's certainly not the most cost-effective product in the world.

It is a valuable product, but it is certainly challenging at times to be able to bring in as much data as I would want due to the cost of the product.

I would rate Splunk Cloud Platform an eight out of ten.

Splunk Cloud Platform was very useful for us. With the on-prem setup, we had to maintain all the servers and take care of the upgrades, whereas with Splunk Cloud Platform, we did not have to bother about that. Everything was handled by the Splunk support team.

It was sufficient for us to monitor multiple cloud environments. The visibility that it provided into multiple environments was good.

We used Splunk Cloud Platform for business processes and security. It helped us a lot. On the business side, as a banking organization, it was helpful for reports and alerts. On the security side as well, Splunk was helpful. We could see any security breach. It was also helpful for smooth operations. If any issue happened or any server was down, it automatically alerted us.

Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side.

We integrated it with other applications in our environment. It integrates well. We did not face any issues on the integration side.

The reporting offered by Splunk Cloud Platform is also good.

I faced a few minor issues with Splunk Cloud Platform. In the case of knowledge objects, even a Splunk admin does not have access to delete them.  If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects. 

Everything else was good. It already had all the features. We did not require any new features.

I used this solution for almost ten months in my previous organization. Currently, I am not using it. I last used it about five months ago.

It was stable. We did not see many issues. Any issues were on the physical servers, not on the Splunk Cloud side.

It is scalable. We had more than 2,000 users in our organization. It was being used by more than 150 departments.

Onboarding end-users was easy. I was a Splunk admin, and I was also an end-user. I could provide access to other end-users directly.

Their technical support was good. I would rate them a five out of ten because we worked in the Australian time zone, and the tech support team that we usually got did not have much knowledge. They took time to resolve issues.

Neutral

In our organization, we used multiple products. We had Dynatrace and other products, but we mostly preferred Splunk. It was more user-friendly than others, and we could search everything easily. We could create dashboards. Other products were more difficult.

It took us a long time to switch from on-prem to the cloud. It took almost four to five months.

We took the help of the Splunk team for migration, but after that, we did not take their help. We took care of onboarding and other things. It was easy. If any issue came up, we contacted the Splunk support team.

I do not have much idea about the price. We previously used 1 GB at the cost of $600. Both on-prem and cloud licenses have the same price. There is no difference. 

It did not impact the cost because the costs of the on-prem license and the cloud license are the same. We did not have any issues with that. Overall, its price is reasonable.

I would recommend moving to the cloud because you do not have to maintain physical servers and infrastructure. Everything is handled by the cloud provider. 

Overall, I would rate Splunk Cloud Platform a nine out of ten.

We use it for IT security and observability.

We did not have anything prior to this that could perform the same function. Previously, if we needed to trace a security event, we had to search across logs on multiple systems to figure it out. Since Splunk, we have got it all in one place, and we can dashboard that out and save searches.

It has reduced the time for root cause analysis. It gets us to the logs quicker, so it has reduced our mean time to resolve (MTTR). The time saved is entirely dependent on what the problem is, but it shaves a good hour or two off the initial investigation per incident.

It would improve our company's resilience if it was used effectively. It has helped the technology teams that do use it improve their business resiliency. It needs either evangelizing or being made more accessible to the front-end teams or departments that do not use it today. That is largely on us. We can do that in Splunk, but there is a never-ending list of things to do, and a part of that is building Splunk outs so that we can provide that centralized logging, and then give users access to it while maintaining the privacy of their data within our organization.

We have probably not seen any cost efficiencies. The benefit of any cloud platform such as Splunk, AWS, or Azure is that you do not have to look after it, but you pay a premium for that. For example, for VMware, you pay a premium for vCenter, vSphere, etc. You can do the exact same thing with OpenStack, but you need to hire five people to look after it versus two people for VMware. You pay for Splunk Cloud, but you run into other challenges. You do not own your data anymore because it is now stuck there, and you have to export to AWS, and then rehydrate into a different Splunk instance if you want to get access to it, or you pay through the nose for the data or retention history. It is horses for courses. 

Do you want to host it yourself and save money on the OpEx but spend more on headcount and CapEx, or give it Splunk Cloud and spend more CapEx, but save money on CapEx and headcount? I prefer to have it on-prem. I prefer to go down the CapEx and headcount route because it gives me more control over my data, and it gives me more flexibility of my data. It gives me easier access to troubleshooting when something is wrong. It gives me easier access to scaling when we are seeing performance issues. I can bulk my hardware. It does not lock me into Splunk Cloud Platform. I know that Victoria promises some improvements around that with being able to manage my own applications and being able to have auto-scaling on search heads, but I will believe that when I see it, and I have not seen that yet, so I would personally prefer to put money in somebody pocket and food on their table than to give money out to a cloud provider.

I do not really like it, but being able to correlate events across platforms in a single place is valuable. I can trace an event back to its root cause. I can find the root cause instead of just looking at the symptoms across different things.

Its stability and performance can be better. Very rarely does a day go by when we do not see an error in the console, such as a health check error. Because it is cloud-hosted, we do not have access to the backend to figure it out ourselves. We are reliant on their support to figure it out, and a couple of days later, the error comes back or it is a different error. It is a never-ending cycle of support tickets. Their support is also not great.

In terms of performance, we are on the classic version of Splunk. We are not yet on Victoria or the new version, so we do not get auto-scaling. Therefore, we are limited. 90% of the time, Splunk is not doing anything. It is just reading logs, and 10% of the time is when we need to use it, but when we actually need to use it, there are five or six different teams trying to use it at the same time, and there are speed issues with search.

I have been using this solution for about eight years.

I could not interact with them very much, but I have people who do. It is not often a pretty experience. From what I understand or from the complaints that I hear, you are often told that this is not a problem or you have done something wrong, and then magically, it manages to fix itself an hour later. 

Before Splunk, we used distributed instances of Elasticsearch, Logstash, Grafana, and Graphite. This was ten years ago. Splunk was in its early days. Everybody had heard of it, but it had not become apparent why people need something like Splunk, so people had been building their own little instances. A lot of that still exists today in the organization because of the Splunk pricing model, the performance issues that we have on Splunk Cloud, and the stability. People want access to their data, but they also want to own their data. They do not want it to go into the black hole that is Splunk Cloud, so they keep it on-premises. They keep it in their own systems, such as Elasticsearch or Logstash, mostly because they can maintain sovereignty over data.

When compared to not having anything, we have seen an ROI. If we were going into it today, and that today was ten years ago, I do not think I would be at this Splunk conference. I would probably be at an Elastic conference and an Open Compute conference.

The value is definitely there, but it needs more performance around it. It needs to be more responsive. The value is definitely there in terms of a centralized point of visibility, but this value is provided by Splunk, as well as all of its competitors. Splunk potentially suffers from the same problems as ServiceNow, which is, if you want to do something clever with your data, you need a Ph.D. in data sciences to figure out how it works. It is hard to put in front of end-users who do not necessarily want to do something clever with their data. They want to be able to link it to the tools that they are familiar with.

It is a touchy subject because we are locked into it. That goes back to the rehydrating data. We cannot have the retention that we want to store for legal and compliance purposes because that is seven years' worth of data for some of the indexes, so we ship them off into S3 buckets and install them there, at which point they are invisible to Splunk, so we have to rehydrate them, but we cannot rehydrate those pockets into Splunk Cloud. We have to rehydrate them into a self-hosted version of Splunk, which can take days to set up and get going. I would not call Splunk's licensing and pricing predatory, but they have made it very difficult to maintain the independence of your own data.

There are a few solutions out there that are similar to Splunk. You can get something similar with CloudWatch, BigQuery, Azure Monitor, and Azure Sentinel. In the cloud, Azure Monitor for the analytics platform and Azure Sentinel for the SIEM platform are the biggest competitors of Splunk. When you put dollars next to them, they all cost about the same at the end of the day. I probably would not trade Splunk for another cloud provider or another cloud-hosted solution.

We are heavily AWS compared to every other cloud. If that was not true and we were heavily Azure, I would probably move everything to Azure Monitor and Azure Sentinel to get that single ecosystem, but we are not going to live in that world. I also do not like AWS CloudWatch, so we are not doing that. On the cloud-hosted side of things, Splunk does not really have a competitor out there. Despite being very mature, Grafana is not as convenient as Splunk, but Splunk definitely has on-prem competition. Ten years ago, everybody was itching to get to the cloud. Everybody was pushing everything to AWS. It was like, "We have got to go to the cloud. We have got to be the first. We have got to be hybrid." Now, everyone is like, "I can do this cheaper in my own data center and have more control over it and not go offline every Friday when AWS East goes down." The competition for Splunk Cloud is with Splunk on-prem and probably Elastic on-prem, which is significantly cheaper and offers 99% of the same functionality.

In terms of Splunk's ability to predict, identify, and solve problems in real time, if this capability exists, I have not seen it.

We monitor multiple cloud environments with it. We also have the on-prem environment and a lot of SaaS providers. We are largely dependent on the people who are deploying to the cloud. They are configuring their services and their platforms to talk to Splunk. We provide Splunk as a centralized service, but it is largely up to them whether they consume it or not. Some departments are eager to get in there so they can get visibility. Some want to build their own little greenfield internally, and some have not reached the maturity of realizing why they want it.

I would rate it a six out of ten. We have frequently run into many performance problems with it. The search is slow. We cannot scale it. We cannot troubleshoot it. We cannot get access to some of the functionality that we wanted, which is changing because we are moving to the new version. We also want to be able to manage our own applications. We are just locked into this parted sandbox, and we send our data off to it, and all of a sudden, it is no longer our data because it is trapped in the Splunk cloud. If we wanna get it out, it is going to cost us money. Their support is also not great, but it does provide single-pane access to data from a whole bunch of different places.

We use it for security investigations and alerting.

The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance. 

The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.

I have been using it for about two years.

From what I've seen so far, stability has been great.

The actual technical reps we've had have been fair. I'd rate them a seven on a scale from one to ten.

Neutral

We previously used LogRhythm. We switched to Splunk. It was an on-prem setup, so it was tough to maintain. It wasn't very reliable, and we always had to deal with hardware issues.

I haven't been hands-on with the deployment, but Splunk's deployment has been smooth. We also have Enterprise Security, which has been a little more difficult.

We have not calculated in dollars, but it has definitely saved us time.

We evaluated other options. I wasn't directly involved in all the decision-making processes, but from a user standpoint, it was the cost and the future possibilities of adding SOAR that made Splunk Cloud Platform seem like the best option for us.

I would rate it an eight out of ten, mainly due to the difficulty we've had with the Enterprise Security side.

I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.

The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.

Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.

In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.

Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.

My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.

Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.

I think the stability is pretty good. I haven't noticed any outages.

I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.

When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.

Neutral

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.

The product's deployment phase was easy.

The solution is deployed using the cloud services offered by AWS.

My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.

I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.

My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.

In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.

There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.

I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.

I rate the tool a seven to eight out of ten.

The Splunk Cloud platform is for anyone who wants to save money and doesn't want to manage an on-prem infrastructure. I like the Cloud platform because we don't have to handle any maintenance. Any server downtime, upgrades, or patches are no longer our responsibility, which is great. That's the biggest advantage of Splunk Cloud.

Before COVID-19, the Splunk Cloud platform was much more difficult to manage. I've heard it causes a lot of frustration. Thankfully, it's come a long way since then. Now, it's user-friendly and allows app and add-on installations without worrying about accidental breakdowns.

I wouldn't have released Splunk Cloud myself when they did but the shift to remote work during COVID-19 drove everyone to the cloud, making the Splunk Cloud platform a great solution. While the updates focus on features, patches, and maintenance, there's nothing about the Splunk Cloud platform itself that I love other than the fact that we can use it in the cloud without the hassle of any on-prem requirements.

The importance of having one cloud platform depends on an organization's data goals, but at the end of the day, we onboarded the data because it's important. So as long as we have a use case, it's high up there.

Splunk Cloud Platform has improved our mean time to resolve incidents 100 percent. The cloud eliminates the need for upgrades to multi-cluster environments and the risk of errors during configuration, which can cause major problems. While we are not responsible for any Cloud maintenance, Splunk's support is helpful for escalations. Their clear communication about maintenance minimizes the need for their involvement.

While I can't speak to personal cost savings, moving to Splunk Cloud likely saves on storage costs compared to on-premises setups. This is especially valuable because many organizations use Splunk alongside other security products for specific needs. However, some competitors offer better data storage and faster results as add-ons for Splunk. Overall, the biggest cost savings come from eliminating the need for in-house server maintenance, storage management, and future data migrations. This reduces headaches and frees up IT resources, even if the migration itself wasn't a major issue.

I like the idea of being able to list the IPs that we want without having to open up a ticket to get it done so that way if anything changes we can add a new IP. The platform itself is the most valuable because if we're using the product, we're paying a lot for it. So we're searching our data and doing the triage we need to with the events. In reality, our biggest benefit of the Splunk Cloud Platform is not having the hassle on-prem.

Splunk Cloud's SVC licensing model lacks transparency. Customers are unsure of how SVC consumption translates to costs, and there's no easy way to identify what's driving SVC usage within the platform. While some external applications provide limited insight, Splunk Cloud itself doesn't offer a clear view into SVC consumption. This lack of clarity makes it difficult to explain cost spikes to customers, as the cause could be anything within the platform.

I have been using the Splunk Cloud Platform for four years.

The Splunk Cloud Platform is stable.

I have some concerns about the SVC licensing model for deployments under 1 terabyte, and it's separate from Splunk Cloud. The bigger challenge customers face is managing the surge of data and historical information they ingest. This can lead to situations like an admin setting up numerous queries and then leaving, making users hesitant to disable them for fear of breaking something. While this can happen with any product with unchecked admin access, Splunk and Splunk Cloud themselves function as intended for large-scale environments. Ultimately, it's up to the customer to manage their Splunk instance effectively.

Many people complain about back-and-forth interactions with Splunk support. It feels like a repetitive loop of explaining the problem, being asked for information and questioning why it's needed. There's frustration on both sides: support needs details to diagnose the issue, while users might feel it's a simple problem and supplying extra information is unnecessary. This can be true for any customer support experience.

Splunk Cloud deployment complexity varies by use case. Starting fresh is simple: install, configure, and point data to the cloud. However, migrating from on-premises to the cloud with existing data can be complex. Deciding what data to migrate and the migration process itself adds significant challenges, although these are likely to become easier over time.

Splunk Cloud's value is clear: it eliminates maintenance headaches and simplifies connection, offering a hassle-free experience.

The lack of transparency around the SVC licensing makes it difficult to explain the costs to our clients.

I would rate the Splunk Cloud Platform nine out of ten. The rating is not because of customer service. I am strictly looking at the product. I've worked with it for seven years. I've been on over 70 engagements with other customers over those years, and I rarely find a use case that a customer can't solve when it comes to an architect-type scenario, which is great. It's the same thing for data. For the most part, if you know you have data and can get it written down to a file, you can adjust it, which is phenomenal. The on-prem infrastructure consists of only 12 CPUs and 12 RAM if it's hardware, and then you double it if it's virtual. Overall that's very inexpensive to stand up major components. I'm not including storage or any other sizing that can get more complicated. Overall, it doesn't ask much from actual servers if you want to host it on-prem. Even managing it yourself on-prem, is not terrible. The commands are still there, the resources are there to do it yourself. You have community groups out there that help you with questions. There are tons of providers out there that can get you from point A to point B. 

I have always used Splunk but I am open to learning Chronicle soon depending on industry trends. While I believe Splunk remains the top SIEM tool. According to Gartner, competitors like Azure and Oracle are emerging. However, I have not needed to look for other solutions.