Splunk Cloud Platform has areas for improvement, including the fact that it is obviously an enterprise tool and can be expensive, which is the biggest complaint I have noted. Costs can rise due to high data ingestion and long retention periods, along with a complex licensing structure that makes pricing difficult to predict as usage grows, especially since more systems send logs. There are also performance concerns at scale where users have reported slower searches and expensive long-term storage needs, particularly in multi-terabyte environments. Additionally, operational complexity exists as enterprises still need to do data onboarding, create dashboards, handle retention policies, access control, and performance tuning.

These are the three key areas of improvement I have identified.

View full review »

For improvement in Splunk Cloud Platform, the Splunk docs are available, which is helpful. However, for cloud, they need to give some more visibility. They need to give cluster master access to us and some more visibility into what they are doing and what they are performing. We would like to see what the settings and backend access are. We are not modifying anything, but they must need to give some read access so that we can see what the configuration is being deployed behind our search UI and all the things. That is one thing that they can improve.

For improvement, they can integrate a lot of default apps. There are a lot of default apps already, but let's say we are using Palo Alto firewall, we are getting Windows event logs, Linux logs, and these types of logs. Every customer is getting this kind of logs. They need to give some default dashboards or we just need to change the index, and that will help to populate all of the data. Everyone wants to know who is logging in and who is logging out. These are some basic security use cases that are there. Splunk Cloud Platform needs to publish one app as a default app and inside this app, you will have all of these things.

View full review »

I think the dashboards could be better. I mentioned earlier that SPL and dashboard can be hard to understand for beginners, so I would suggest an easier learning curve for beginners and lower pricing for small organizations. Additionally, faster dashboard loading with large data sets, more user-friendly reporting and visualization options, and reduced false positive alerts in SIEM detection would improve usability. Improving documentation and guided troubleshooting is key so we can troubleshoot easily. Overall, while Splunk Cloud Platform is powerful, usability and cost optimization could still improve for new users.

View full review »

Splunk Cloud Platform holds only three months' worth of data. If you try to search for more than three months or prior to three months, it wouldn't store the values because the data stores a large number of data. I believe that's the limit for us. I believe having flexible memory would ease us because whenever we face an incident, if we want to look for this occurrence or root cause, if it is prior to three months, we wouldn't have proper logs to check.

I wish it would take a little less time and not search through unnecessary things. Of course, querying depends on the developer's knowledge, but storage is also an issue because I feel memory is not flexible enough. If we try to increase our memory, it will charge us a considerable amount of money.

View full review »

If you want to make Splunk Cloud Platform more reliable, there will be some issues. For example, if you want to allow some IP or renew some certificates, you need to raise a case and it will not be immediate. It will go through the process and take three to four days. Sometimes, the technical support case persons are not sufficiently technical. I have experienced this where they are not technical enough or not understanding the issues.

The app ecosystem is good, but if you want to upgrade any kind of apps or receive support related to the app, you mostly need to raise a support case and the Splunk team will handle it. However, if there is a problem with your custom apps that you need to deploy on an indexer, that becomes an issue. You can upload it from the search head, but sometimes there are DMC issues. DMC mostly fails sometimes, so we cannot deploy from the search head cluster or indexer. For custom apps, you need to go through all of these processes, which involves a lot of process.

View full review »

Compared to other clouds we were using before, the price of Splunk Cloud Platform is very nominal because our sales team is already a partner with the Splunk team. We get some benefits in pricing. We already purchased existing Splunk. They also offer a cloud service to our organization. Improvement-wise, I do not see anything, because compared to AWS—and we also partner with the AWS cloud—it is very cheap.

Our entire SOC is deployed on that cloud only. I would suggest going for Splunk Cloud Platform because AWS, Microsoft Azure, and Google Cloud are very expensive in comparison. Improvement-wise, I do not see anything. You can go for it.

View full review »

Splunk Cloud Platform is almost a nine out of ten, but the main improvement point is the user manual. Recently, we got stuck somewhere in an error, but because of the less documentation available in ChatGPT or in any LLM, we had to go through every documentation and then we got the result. If Splunk can provide some LLM or any AI tool for error solving, it would be better.

The deployment of Splunk Cloud Platform is easier. If we get a better user manual, it can be even easier, but it is quite easy.

View full review »

Splunk Cloud Platform is good, but sometimes it lags. When I run a very simple query with a perfectly created query in the search bar, it gives a good result, but if I create a very simple query without index and source types, it takes too much time to draw the visuals.

It is somewhat complex because Splunk Cloud Platform has multiple components like heavy forwarders and indexers. There are multiple integration approaches that we use, for example, syslog and for Windows, it is WMI. For most of the applications, we are using API integration, which is very good, but for syslog and other WMI kind of configurations, first, I need to integrate them so they start sending logs to the heavy forwarders. On heavy forwarders, I have to configure syslog-ng, and there are multiple configuration files that I have to configure for each data source.

The improvement part is that I have worked on multiple SIEM solutions, starting with RSA NetWitness, QRadar, ArcSight, and Splunk Cloud Platform. All SIEM solutions have the same issues; at the time of POC, the vendors tell us that they have many features, but at the time of implementation, we find minor issues everywhere, from integration to querying logs and deploying configuration files. There are minor issues that need fixing for more operational efficiency.

View full review »

I'm not quite sure how Splunk Cloud Platform could be improved or enhanced. I would suggest keeping what works. Sometimes it can feel slightly slow in what it brings up, but I don't know if a lot of times that's on our end with the data that's getting in. Staying up to date with current trends and technologies will be good enough for me. It's already a good platform, and I wouldn't recommend too many changes or tweaks.

The major thing that could be optimized is the speed, so it could be a bit faster.

View full review »

The dislike about Splunk Cloud Platform is the learning resources and the learning materials that they have. In the starting of my phase with Splunk Cloud Platform, I was very new to this, and I was not able to understand each and everything. We don't have much of a resource from where we can learn things about Splunk Cloud Platform, but if there is a specific platform from where we can learn things from, it would be great if we get a platform to learn how we have to use it.

I would like to see better training material or something like that for Splunk Cloud Platform.

View full review »

I don't see any new requirements in terms of improvements for Splunk Cloud Platform at this time. Splunk's dashboarding, reporting, and visualizations are evolving at a larger scale with the new Splunk Dashboard Studio in place. There were some limitations with the classic dashboard where you had to be aware of different HTML, CSS, and custom JavaScript for better visualizations. That's being migrated towards Splunk Dashboard Studio, which is evolving at a great pace, providing similar functionalities. I have not faced any current challenges regarding Splunk Cloud Platform's limitations. I still think, however, that better configuration and customization options for workload management could be enhanced, but that applies to Splunk Enterprise as well. It's just my understanding and what I foresee, but I'm not sure if it will be a priority right now, as even without workload management, a lot can be done, and the product team might have a different roadmap.

View full review »

The Search Processing Language of Splunk Cloud Platform has a steep learning curve. To extract the correct amount of logs needed, you must understand the exact mnemonics. Writing efficient SPL queries requires time to become accustomed to the language. Only after you have a good grasp of the basics of Splunk Cloud Platform and understand how to trace logs will you be able to use it perfectly.

Handling a large volume of logs requires proper filtering strategies. Logs keep coming in very large quantities, but you need to know how to properly filter them. Proper filtering strategies must be understood and implemented.

The setup and configuration for Splunk Cloud Platform is complex, especially from a developer perspective. Although it was relatively easy for me, the setup and configuration were handled by the platform team, which had to deal with the complexity in the initial phases.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

Splunk Cloud Platform does not require any maintenance on my end as a developer. We only use it for checking logs. Maintenance is handled by the platform team. Sometimes Splunk experiences downtime for a few minutes, which we are notified about via email, sometimes during weekends. I am not certain what happens during those phases, but as developers, we are unable to use it for that short period of time, sometimes around half an hour during midnight hours on weekends. Otherwise, it functions well.

View full review »

If Splunk Cloud Platform could be made less complex, it would be beneficial since Splunk specialists are required to perform the installation.

My experience with Splunk Cloud Platform's app ecosystem is that it's a bit complex and support from a Splunk specialist is required to manage updates.

I perceive the scalability capability of Splunk Cloud Platform in relation to my organization's demand fluctuations as a bit challenging.

The use of native models versus third-party integrations within Splunk Cloud Platform's environment is a bit complex, as a specialist is required to do the mappings between third-party integrations and native models.

View full review »

The overall experience is positive, but there are a few areas where I think Splunk Cloud Platform can improve. One area is the learning experience for new users. Splunk Cloud Platform is very powerful, but understanding SPL queries, data models, and advanced features takes time. More guided recommendations or AI-assisted query building would make onboarding easier. Another area involves cost visibility and optimization. Since the environment generates a lot of data, having simpler ways to understand usage patterns and optimize ingestion would help teams manage expenses better. I also feel that some advanced configuration and troubleshooting options could be made more self-service in the cloud environment so that teams can make changes faster without depending on support. These are not major issues, but improving them would make Splunk Cloud Platform even easier to adopt and manage.

I would not say that there are any missing functionality features, as Splunk Cloud Platform already covers most of our monitoring and analytics requirements. However, there are some areas that would improve the experience. One thing I would suggest is more built-in intelligence for query creation and troubleshooting. SPL is very powerful, but having more AI-based suggestions for building searches and optimizing queries would help users work faster. Another area is automated data optimization recommendations, such as suggestions on which logs are less valuable, which searches are expensive, or where we can improve performance. Additionally, more ready-made dashboards and use case templates for common scenarios would help teams get value faster without building everything manually. Overall, the core functionality is strong, but more automation and guidance will make Splunk Cloud Platform even better.

View full review »

In my opinion, there isn't much to improve in Splunk Cloud Platform, but one suggestion would be to integrate AI or provide a more graphical query builder to reduce the learning curve for new users wanting to learn SPL.

View full review »

Splunk Cloud Platform's user interface is quite simple and needs to be updated; it feels as if I am using a platform from two thousand fifteen. However, I do appreciate the new feature for starting investigations, which allows us to save our work for later analysis.

I would like to see improvements in the UI, and while I recall that Cisco has acquired parts of Splunk, I would love to see more integration with threat intelligence platforms like VirusTotal, which are widely used. Currently, to implement VirusTotal, we have to purchase it, whereas we use Talos, but we mostly rely on AbuseIPDB and VirusTotal in the SOC.

View full review »

I think it is really effective, and we are still at the beginning. The capability to search for insights is very powerful and also supported by AI and machine learning. The capabilities are increasing day by day, and new features are being released and will be released soon.

I am not able to answer right now, but I am confident they will be able to predict a trend because they promise they are able to do this using machine learning algorithms and Agentic AI features. They say they will be able to predict the behavior of your network or your infrastructure. I am really confident about this, and I hope it will be true because I need this.

There is something that they say will be improved, and I am still waiting for it. This is the Agentic AI elements inside the platform that I mentioned before. There is something present today, but the full feature is not released yet. From my point of view, it is a bit late. It is okay for me because we are adopting it and we can work on this, and it is acceptable for my timing. However, from a market perspective, they are a bit late. Competitors in some cases are earlier adopters. But I am sure they will release a very powerful tool, as per the Cisco approach. They want to win when they start doing something, and I am confident they will release a very powerful tool.

View full review »

To be honest, I don't think it's beginner-friendly. It takes time and multiple meetings to actually understand how to create different types of alerts or how to search for them. It's quite similar to how you might search on SQL, but that's asking another set of skills to have. I know there are tutorials on the website, but I feel if they rolled out more free courses on such things that provide a link to a free course for beginner training, I feel people would be interested in it.

View full review »

In Splunk Cloud Platform particularly, there is nothing specific that I would like to see improved or enhanced, but the cost is currently very high. If that part could get a little bit cheaper, then that would be really great.

In terms of enhancement for Splunk Cloud Platform, I would say if we could create add-ons or if we get the capability to build add-ons directly through cloud, not talking about the add-on builder framework, but something editor-like where we will directly edit our conf files from any specific app or TA provided by Splunk Cloud Platform itself. If we get that feature, it will be really beneficial. Instead of doing configuration from the UI, we would prefer to get access to back-end conf files and do it manually because when we were using enterprise, we had pretty much hands-on experience with that.

View full review »

One improvement I would suggest is in the cost part. Splunk Cloud Platform cost is generally generated on high data volume. It can be relatively expensive for a smaller company. Our company is in the mid-term range, but the cost could be improved. Additionally, the learning curve for SPL is a little bit hard for beginners, otherwise it is fine.

View full review »

One area that has room for improvement in Splunk Cloud Platform is support. The support knowledge base is the primary concern for me because we had several cases working with support teams, and they could not resolve our problem.

View full review »

I believe Splunk Cloud Platform can be improved as this project has helped me understand how the system works. I think Splunk Cloud Platform could be improved by making it easier for beginners to learn and use. More simple tutorials, guided examples, and beginner friendly dashboards would help new users understand the platform faster. It would also help to have easier SPL query suggestions, clearer error messages, and more built in templates for alerts and reports. Overall, Splunk Cloud Platform is very powerful for security monitoring and log analysis, but simplifying some features would make the learning experience better for new users.

View full review »

It is worth reconsidering the syntax language and changing it to KQL. The company would benefit from using the KQL language in queries. Pricing would be better.

View full review »

The initial learning curve should be more personalized for new users who just started using Splunk Cloud Platform. Additionally, the documentation should be more beginner-friendly.

View full review »

Areas of Splunk Cloud Platform that could be improved or enhanced in the future include data visualization, as the way we use data for security and other purposes could further benefit from enhanced visualization to support monitoring, threat analysis, and other aspects.

View full review »

I believe there are a few areas of Splunk Cloud Platform that have room for improvement, particularly in user customization and documentation clarity.

View full review »

Splunk Cloud Platform could improve in how quickly it reacts to users reporting issues.

Splunk Cloud Platform can be complex depending on the log source in terms of deployment.

View full review »

For betterment, there is definitely a cost concern. The cost is high, so there should be a somewhat lower cost. I am expecting a more competitive pricing structure from Splunk Cloud Platform, but otherwise it is fine.

View full review »

One aspect I dislike about Splunk Cloud Platform is that cost can become high as data ingestion increases. The initial learning curve for SPL and cloud setup is also difficult for some new beginners.

View full review »

Splunk Cloud Platform needs improvement in its security offerings, specifically in cybersecurity. It has not kept pace with competitors over recent years, and integration with the Cisco ecosystem after Cisco's acquisition of Splunk has also been slow. The product should incorporate more readily available features, especially in security monitoring.

The federated search feature is costly.

Extracting meaningful insights beyond essential log data proves challenging due to the product's reliance on manual processes. Users must manually configure detections, develop logic for insights, and manage dashboards. While the product boasts numerous out-of-the-box capabilities, these often require extensive modification to align with specific user needs, limiting their practical applicability.

Splunk Cloud Platform doesn't inherently provide visibility as a standalone product. It's a platform for building custom visibility solutions. We need to feed it data and then write logic to define what insights we want to extract. While pre-built solutions might be available in the marketplace, Splunk doesn't offer out-of-the-box visibility. If we know our requirements, we can utilize code and research to create custom dashboards, but it requires effort and expertise.

The pre-built reports in Splunk Cloud Platform are generic and require manual adjustments to extract specific, granular information, which requires the user to be knowledgeable.

View full review »

What I find challenging about Splunk Cloud Platform is that it occasionally has a steep learning curve for new users.

The platform could improve by offering more comprehensive onboarding resources and tutorials.

View full review »

For one of the areas I am working on right now, they did an update this week which gave me back something. It was a feature that I have been using, but they took it away last conference. They just gave it back to me now, and I had to go through the setup again to make it work with our Okta. We have had issues with the maintenance windows. Sometimes I get informed about those at the last minute. They are getting better about informing us when they are going to do maintenance, but there were times when they did maintenance, and then I came in the next day and something was broken. They have gotten a lot better about that. I am still working on a couple of issues. They have cases open for them, so they know about them. They are working on them. The communication is getting better. That was an area that had a lot of feedback. I can see that they are accepting the feedback and taking it to heart, which is great.

Some of the Victoria Experience that was rolled out is not yet fully everywhere.

The AI assistant is going to be good, but we are on GCP, so I am worried about how fast it is going to get rolled out and if it is going to be nine months late for the GCP customers or not. That would be a bad thing because that would put a black eye on the whole marketing part of that. The same thing is with the Victoria Experience. They already have a black eye on that one. It has been two years since it came out and they still do not have it on GCP, so they need to get that fixed up. I would like to see the AI assistant feature as it rolls out. That helps with me wanting to roll out ITSI and the O11y suite with them bringing that AI assistant over there. I have teams right now that hit me up. They have been using some kind of AI assistant. We have Microsoft CoPilot. It is allowed in our company now. They tell us not to use ChatGPT right now because it is not approved for whatever reason. I have had some of our people hit me up who are not Splunk users but they have access to some dashboards and want to do a little bit of searching. If they use generic AI to find out how to do a generic Splunk search, it is not going to work in my environment at all. They will wonder why this is not working. That is because the AI does not know our environment. It will be handy to have an AI assistant that knows our environment.

View full review »

Splunk Cloud Platform should have better integrations with its suite of tools. Splunk Cloud Platform should include a more seamless connection with ES.

View full review »

The disadvantage of Splunk Cloud Platform is that its integration process should be improved.

The challenges I have encountered while integrating Splunk Cloud Platform include that integration is a bit difficult due to the coding required for the integrations.

View full review »

The Splunk Cloud Platform deployment process could be improved to reduce the time required.

View full review »

We're interested in learning more about the new AI features, especially the natural language to SPL conversion. While we jokingly worry these features might replace us, our main focus is helping users understand Splunk and build dashboards. We're curious how these AI features will integrate into our work, how many people will use them, and if there will still be a need for our Splunk expertise. Overall, we're excited to see how AI will impact our work.

View full review »

I think that Splunk Cloud Platform is good, and I rate it seven or eight.

View full review »

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

View full review »

Areas of improvement for Splunk Cloud Platform are difficult to say because we're still learning about the platform. I want to have the ability to process the ingestion before it is sent to the back end and Splunk just announced that the feature is coming, so now it just needs to be released.

View full review »

First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.

Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client. 

View full review »

The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people. 

View full review »

The expensive nature of the product is an area of concern that needs to be considered for improvement.

View full review »

The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps.

The Splunk Cloud Platform is not a very mature solution; it has only been on the market for four or five years. While they have made significant improvements, there are still limitations, such as the absence of CLI access. Therefore, there are several limitations that still exist with the CLI. 

The standard support has room for improvement. 

View full review »

It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it.

View full review »

If I focus on the observability part of the product, I see that it is an area that doesn't offer more integrations compared to what Splunk Cloud Platform or Splunk Enterprise offers. When it comes to the integrations with the other platforms, there is a little bit of a lag in the observability part, making it an area where improvements are required.

View full review »

There's one specific use case I work with. I work with some Splunk experts, and it lacks workload management rules.

It can identify specific dashboards e.g., or all-time searches. When I try to track back to the user, I don't have additional information within those logs to help me know, "This is the dashboard this guy accessed."

Instead of relying on those particular workload management logs, I have to do an investigation that takes time. It takes too much time when it shouldn't.

View full review »

The only disadvantage of Splunk Cloud compared to Splunk Enterprise Security is that you only have two options for long-term storage: AWS S3 Buckets and GCP.

View full review »

I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

So far, it meets my needs, so I don't need to see any additional features in the tool.

View full review »

Sometimes, integrating with other systems is difficult, and it isn't feasible to connect with other applications, but it's easy most of the time. I rate Splunk 7 out of 10 for its ability to integrate with other systems. 

Every time they launch new versions, we experience a few bugs. The most recent version had a couple of bugs in the databases. We contacted the vendor and got assistance solving these bugs, so the environment is more stable. 

View full review »

Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting. It has been over a year since any significant updates were added to the Splunk Cloud Platform.

View full review »

Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS.

I would like to see more integrations because integration is related to bringing in more data. More integrations would increase the visibility and customer's point of scope. Customers are initially tied to one platform and stick to it because of its feasibility. Integration becomes a major challenge when they want to bring in different solutions.

Once they have different integrations from Splunk, they need not worry about security, things to monitor, or what compliance they must meet. Everything will be physical, and integration will bring in a lot of things.

View full review »

They can offer more self-service capability to their customers. Currently, most of the things happen behind the Splunk Cloud Platform. As a customer, I do not have an opportunity to see my platform. If they can offer more self-service to see the health of my endpoints and stack, it would be appreciated. 

Their support also needs improvement. I have had issues with the support team. When I run into issues, it is always hard to get hold of them and get things done with the support team. Other than that, product-wise, it is very good.

View full review »

Its stability and performance can be better. Very rarely does a day go by when we do not see an error in the console, such as a health check error. Because it is cloud-hosted, we do not have access to the backend to figure it out ourselves. We are reliant on their support to figure it out, and a couple of days later, the error comes back or it is a different error. It is a never-ending cycle of support tickets. Their support is also not great.

In terms of performance, we are on the classic version of Splunk. We are not yet on Victoria or the new version, so we do not get auto-scaling. Therefore, we are limited. 90% of the time, Splunk is not doing anything. It is just reading logs, and 10% of the time is when we need to use it, but when we actually need to use it, there are five or six different teams trying to use it at the same time, and there are speed issues with search.

View full review »

Some of the implementation is challenging. They're not very proxy-aware. Their recommendation is to set up an intermediate forward in a DMZ environment or something like that. That's not always the most convenient way to do things. It would be better if we could use an HTTP proxy, send data out via HEC, HTTP, or in a way that is proxy-aware.

View full review »

The reporting provided by Splunk Cloud Platform is often good, but it only provides the data and not the flash, whereas the other platforms provide both. From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it.

Navigating the solution can be more user-friendly.

The documentation has room for improvement and the price is high and can be improved.

View full review »

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

View full review »

I faced a few minor issues with Splunk Cloud Platform. In the case of knowledge objects, even a Splunk admin does not have access to delete them.  If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects. 

Everything else was good. It already had all the features. We did not require any new features.

View full review »

The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.

View full review »

Splunk Cloud's SVC licensing model lacks transparency. Customers are unsure of how SVC consumption translates to costs, and there's no easy way to identify what's driving SVC usage within the platform. While some external applications provide limited insight, Splunk Cloud itself doesn't offer a clear view into SVC consumption. This lack of clarity makes it difficult to explain cost spikes to customers, as the cause could be anything within the platform.

View full review »

I would love to be able to manage my own apps. 

View full review »

Splunk currently manages the components, which restricts our ability to access them directly. I would like to be granted read access to be able to review the components.

View full review »

Currently, Splunk Cloud Platform is very easy to use and read. The solution's visualization for the end users is also good. However, setting up the solution or an alert is not straightforward. There's a lot of incompatibility and areas that you have to consider while setting up the solution.

All those things make setting up the solution very complex for regular people who know the business operation. So, they have to hire a third party or a technical person who doesn't understand the business to set it up for them, which usually creates a gap.

When someone who cares about the business and understands its operation sets up the solution, they would set it right. There's always a gap when a technical person or third party sets it up. It may lead to many workarounds to fix issues like alert fatigue or false security. Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly.

View full review »

It works as needed, and it does everything that we want to do. I have not come across anything that I would consider missing as such. If anything, sometimes we have dashboards that would not go into the dark mode. It is a minor issue, but it is the only thing that I wish was there. The dark mode would definitely help.

View full review »

It could have a more efficient UI. If they could integrate more AI and make search more efficient so that other people can access and use it, not just engineers, that would be ideal.

It needs to mature; it's just getting established in the industry on a wider scale. 

The API still needs some enhancements from a post-performance point of view.

From a monitoring point of view, Splunk is doing very well. However, if they could provide a post-provisioning aspect. Right now, we have to install a monitoring tool while we are post-provisioning every virtual machine. If they could be a provider that precluded having a virtual machine being created or provisioned, that would be ideal.

Alerting could be faster. Sometimes the actions that happen take some time to reflect on the Splunk dashboard. There is still latency. Especially when you work in a multi-cloud environment, you deal with a lot of regions. They still need to focus on availability across regions. 

They need to have some security enhancements. Most users are using it with other single sign-on features like Okta. If they had their own SSOs that would be ideal. we'd be able to work independently. Right now, we have to log onto the virtual machines then move to Okta, then go to Splunk. 

View full review »

One thing that is a stickler for us is the ability to download apps. I guess it depends on what kind of license you have. It allows some of them if I want, but this is something that we need on a day-to-day basis. When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud.

Another issue is that if I build my own app to some configuration, I cannot load it up there myself. They have to vet it, which is important but it takes a long time to do all that.

View full review »

It's improved a lot since we began using it. We have been seeing issues, but they get resolved by working with the support. It's just getting expensive with time.

Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved. To date, we have cases open for two or three months without a resolution. Support is the worst part.

View full review »

The cost of Splunk Cloud Platform is high and has room for improvement.

The current visuals on the dashboard could be more impactful.

View full review »

Splunk should offer various options for real-time monitoring. If we could enhance the speed of data ingestion or data retrieval, that would be an added advantage. Additionally, there is room for improvement in SaaS-to-SaaS integration. I believe that reintroducing HTML dashboards would be beneficial, as they provide dedicated web features. This, in turn, gives users the flexibility and freedom to create custom dashboards more easily.

View full review »

Testing can handle a lot of logs, however, we are unsure if the speed will be affected.

When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.

There are some issues with Splunk blocking some shared mailboxes. 

Support could be improved. 

View full review »

They can streamline the process of creating custom apps. I do not have a lot of experience with it. It was not very difficult for me to do so, but there is probably a better way to present the ability for people to push their own custom apps to the platform and go through Splunk's manual and automatic reviewing process.

View full review »

Since I work on data collection from external sources and send them into Splunk, I miss its ability to collect that data through REST API applications. I would like the ability to configure an endpoint, set it on Splunk, and set a schedule for it to pull information every ten minutes, and pull this endpoint information. I could search through it, look for keywords, restructure the data that's brought back to me, and then store it in the Splunk index. This is not available and if it is available, it is bare bones. I would like Splunk to have this function by default.

View full review »

It is sometimes slow. Some of that has to do with the queries themselves not being efficient, but sometimes it is slow. They changed their model a few years back. It seems to be working better for us as opposed to having some limits that they had.

View full review »

Considering its price point, it does not need any improvement. However, it does require manual implementation.

There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that.

View full review »

The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good.

View full review »

The administration could use improvement. We have to rely on support more often than we're used to.

View full review »

Its performance can be better. The searches sometimes take a long time. There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use.

Their support can also be better.

View full review »

Training should be free of cost. They need to provide more training options. 

There are no missing features at this time. 

View full review »

The Splunk interface is on-premises, so we have limited access to Splunk Cloud. Splunk support is not so good on Splunk Cloud. The Splunk side of the Splunk Cloud should also be more customizable. Integrating Splunk UBA, Splunk Phantom, and Splunk Cloud is also a bit difficult. 

View full review »

Splunk Cloud could improve by having pre-defined templates. It has very good design views, but there is no predefined template. You have to define your own. If they could add predefined templates for different use cases.

View full review »

The pricing models should be improved and optimized. Right now, the pricing is a bit too expensive.  

One other thing you need is more ability to customize the dashboard to the way you want to have it. If you had a template that you could create and label inside of Splunk that would be good.  

One good thing that could be added to the AWS side of the solution is that you should have an OPS (Operation Alert) alert built into the dashboard that comes with Splunk. That would be very useful. For example, if you have a pre-defined template creator to fill in the information to forms that are loaded. That would be really beneficial.  

View full review »

We are on the classic Cloud that is hosted on GCP. There are a lot of functionalities that are missing for Splunk Cloud hosted on GCP but they are available on AWS. Adding more IPs to allow lists and many other functionalities are not supported on Splunk Cloud hosted on GCP. One good example is the ingest action which is not there in Splunk Cloud hosted on GCP. I wish they would add these missing features to the GCP platform.

View full review »

The search for bulk data needs to be improved. When we were looking for the flow, we had to search really hard. I wanted to request the Splunk team to add some features for better search because getting the flow of the bulk data was sometimes hard.

View full review »

From my perspective, customization needs to be simplified and I'd like to see a reduction in the cost of the solution.

View full review »

The only thing I would say is an issue is the cost. It matches other products. The costs can be justified for the value that we gain. The entire threat analysis stack should come in a bundle. If the cost was matchable with other products I think Splunk would pick up in the market. 

I did evaluate other products and installations. I can't compare it to Splunk. 

View full review »

The only thing that is missing compared with Splunk Enterprise is the ability to manually edit all config files. This task is easily handled with support tickets but sometimes is would be nice to experiment directly.

View full review »

Although there is documentation available, it is really hard for me to find relevant topics on what it is that I'm searching for. For example, when something goes wrong, I can spend hours trying to figure out the problem and have nothing to refer to. I find that it confuses me somewhat, so it is something that can be improved.

I feel that technical support can be improved because it is always done through the use of a support ticket, which is not very convenient.

Setting up and configuring integrations are not easy to do. 

View full review »

The training models can only be accessed for 30 days, even if it is paid training. This is a limitation that I feel should be lifted because if we are paying for it then we want to be able to continue to use it.

View full review »

The documentation available could be improved as there is sometimes no documentation or updated documentation available. For example, I tried to get the metrics from MongoDB, and there's very low documentation for the module.

View full review »