Splunk Cloud Platform's best features include its scalability, as it can handle terabytes of data and is probably one of the market leaders within SIEM capability, which is very strong. In this day and age, cybersecurity products need great integration, and it has a huge ecosystem that can integrate with over 1,200 integrations and applications. Another major positive is that it is cloud-managed, which means less infrastructure management. Finally, the main feature that many people value, and our customers provide feedback on, is real-time analytics with fast detection and troubleshooting.

Splunk Cloud Platform has positively impacted my organization by reducing the need for infrastructure management due to being a SaaS cloud platform. The main use case is detecting cyber attacks faster. For example, a large financial institution, a bank, used Splunk Cloud Platform and identified failed logins, impossible travel events, VPN anomalies, and endpoint alerts when attackers attempted credential stuffing. Without Splunk Cloud Platform, those alerts existed in multiple systems, and detection could take days, but with it, events were correlated correctly and raised a single notable event, triggering alarms immediately. This significantly improves mean time to detect and respond, reducing investigation time from hours to just 10 to 30 minutes for common incidents by providing a single pane of glass visibility for SOC teams.

View full review »

For Splunk Cloud Platform, the best feature is that we don't need to manage the infrastructure. That is one of the best things. We don't face any downtime issues. If we are facing anything, we just need to create a support case and the Splunk team will resolve everything. There are maintenance windows, and they will take care of everything. That is a good thing that I appreciate. We just need to manage only search and no background things. Everything will be taken care of by the cloud teams.

With Splunk Cloud Platform, we are managing the apps ecosystem. Inside the manager, we will see all of the apps. For this, we do have a deployment server and a cluster master. With that, if we need to upgrade the app, we just need to create a support case, and the Splunk team will upgrade all of the apps on behalf of us. We can also do manual things as well. Sometimes in the UI, there is an upgrade apps option available. We are upgrading that manually as well. For our forwarders and our clients, we are pushing apps from our deployment server. For this, we can download apps from Splunkbase, put it in the deployment server, and just deploy there. It will go everywhere and it will restart Splunk and it will come up. This is a straightforward process. It's easy. We just need to take care of one thing, which is to read the Splunk release notes.

View full review »

Splunk Cloud Platform's best features include powerful log management and real-time monitoring features, advanced threat detection features, easy scalability without managing servers, cloud-based fast data search, a great dashboard UI, automated alerts, and strong security analytics for our organization's SOC team.

The benefits I have seen from using Splunk Cloud include centralized log management, real-time monitoring, strong security analytics, and easy scalability without needing to manage physical servers. It helps our organization quickly detect threats and investigate incidents, monitor cloud infrastructure, and with the help of SOAR, we can automate alerts. The platform also supports many third-party integrations, making our environment more efficient and reliable.

View full review »

Logs can ask which type of log you need to give it, such as a claims pay logger or a state change logger or any other logger as a filter. Then you need to give that public ID and it would give you all the fields that were changed in that specific criteria that you were searching.

For me, with Splunk Cloud Platform, if you don't give the necessary filtration values, it has its own querying type. If you do not give a proper query or anything for the log to be generated on a primary key, it won't give you the values. It takes too much time and it checks a large number of values. Sometimes it goes more than a million, so that takes a lot of time. However, if you use proper filtration, it takes much less time. It saves our time and we could also pause the values, we could pause the search fields, we could resume the certain fields, we could skip a few fields, and we could check right from the payload whether which messages were generated and how the transaction was proceeded.

View full review »

I appreciate the expansion capability of Splunk Cloud Platform. We can forward any kind of data to the cloud endpoint that they provide. This allows us to forward any kind of traffic to that endpoint. There is no need for maintenance. If an error occurs or Splunk health is not good, we can raise a support case and they will handle everything. There is no need to maintain infrastructure either, as they keep the infrastructure very stable, which is a good thing.

View full review »

The best features in Splunk Cloud Platform are that it is very fast compared to any other cloud because we have integrated Splunk with Splunk Cloud Platform. We get the logs from the agent to Splunk, and we store those logs on the cloud. We are using it for real-time monitoring. The SPL, meaning search processing language, is also very easy. Any other SOC analyst can learn that language for searching. The searching query language is very powerful.

For monitoring, it is a very good cloud. We have integrated it with the Splunk SIEM tool only. Additionally, the platform's app ecosystem is very easy to use even in the initial starting phase, and it supports responsibilities including real-time alert monitoring and event correlation. It is very easy to learn the cloud because we have integrated it with the SIEM tool.

View full review »

The best features of Splunk Cloud Platform are the ecosystem that has been created. We do not have to worry about many small things or many big things because the cloud gives infrastructure that is handled on their end. That makes it very easy for us to get used to it. The main beneficial case for us is the dashboards, alerts, stability, cloud scalability, and everything.

The search capability is pretty good because we have been using it for the last one year and it works very smoothly. The search functionality works very smoothly with us. Recently, we faced one issue, and with this feature, we got to know from which end this problem occurred. We directly dived into it and solved that thing. It is useful.

The alerting mechanisms work very proactively because that is the main use case of Splunk Cloud Platform. One of our application APIs got shut down because of some random issue or error. Because of the alert message, during our peak time, we got to know something was wrong. We directly fixed it and the rest of the things worked easily.

The ingestion and visualization feature of Splunk Cloud Platform is very good. It helps us a lot to create multiple reports and multiple dashboards because visualization can help us create multiple things into it.

View full review »

UBA is a great application within Splunk Cloud Platform.

That feature gives us behavioral analytics within the logs, so we do not need to write complex queries. By using UBA, we achieve threat detection without needing complex correlation rules; UBA gives us a perfect output from it.

The log ingestion is very good, and the visualization part is also very good. I can create multiple dashboards from the logs we are receiving; it is similar to other SIEM solutions.

View full review »

I find the features and capabilities of Splunk Cloud Platform to be highly valuable because of how customizable it is for my view and the data we need to put into it. The ability to organize the data and set up different views is particularly useful.

I also appreciate how easy it is to work with coworkers on the platform to collaborate on the same issues.

The tangible benefits I've observed since starting with Splunk Cloud Platform are significant. It's pretty much the standard for what we use it for. If we're working with a consultant or we bring in someone new, most people know the platform or at least have been exposed to it. This exposure and the platform's big name and familiarity make it easy to direct people around in it, show them the data, and collaborate.

View full review »

The favorite feature of Splunk Cloud Platform is the infrastructure that has been provided to us, and the pricing that has been given to us is very low and very fit within our budget where we were looking at that point. The main feature is the reduction in time and manpower.

My thoughts about the overall app ecosystem in Splunk Cloud Platform are that it is very good. We don't have to think about where the error has occurred or where we have to solve it; we don't have to spend two to three hours just to find where the error is. It is very easy to get out of it.

View full review »

The best thing about Splunk Cloud Platform is that you can bring any data and store it in one place. You can build meaningful insights from it, have the same data ingested, create beautiful insights, have alerting done on it, and have dashboards and reports built on top of it.

Splunk Cloud Platform's ingest and visualization features do not bind you with a limitation in the volume you want to ingest. Since we are using the compute-based licensing feature of Splunk Cloud Platform, there is no limitation to the volume of data we ingest on the platform. All Splunk Cloud Platform instances are also Smart Store supported, so that eases storage utilization concerns.

One of the best advantages of using Splunk Cloud Platform is that there are lots of proactive alert notifications from Splunk support if anything goes down on the infrastructure end or if there is anything wrong with your environment. Splunk support is on top of things, notifying you beforehand if something is going wrong and that their team is already aware and working on a fix.

View full review »

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

One unique feature with Splunk Cloud Platform is that it can be used not only for log creation but also for creating dashboards. I have created one dashboard myself for visually representing data. This dashboard checks various clients and services to see how many hits we have seen. I made it as a pie chart, and when we click on one of those sections, we are able to see how many hits that service has received. For that particular service, we can check how many users have contributed to that hit. When we send that visualization to higher management, they make decisions based on what service to focus more on. The decisions matter and vary according to management priorities.

View full review »

The best features that Splunk Cloud Platform offers include its ability to detect fraud, outages, slowness, suspicious access, operational failures, or intrusion attempts.

What makes work easier for the team is that they have a centralized tool in which they can identify these attempts and thus be able to act on the people who are trying to do it.

The team has leveraged this tool to respond to incidents by having everything centralized in Splunk Cloud Platform instead of going out to look for separate logs from each team.

The main advantage of having the logs centralized in Splunk Cloud Platform is that I don't have to access different places to get them.

Splunk Cloud Platform has positively impacted my organization by reducing the time for investigations of outages or attacks on servers.

The time I have managed to reduce in investigations thanks to Splunk Cloud Platform is about 25%, since having everything centralized is the first starting point to look for that information.

View full review »

The most valuable features I found in Splunk Cloud Platform are mainly the search capabilities, dashboards, and alerting system. The biggest advantage for me is the SPL search capability. When investigating issues, I can quickly filter millions of events, connect different logs together, and find the root cause without manually going through multiple systems. Another feature I really value is custom dashboards. We create dashboards for system health, security events, and application monitoring which give the team a quick overview of what is happening. Real-time alerting is also very useful because we do not have to continuously watch logs, and Splunk Cloud Platform automatically notifies us when unusual activity or failure happens. Since it is a cloud platform, we do not spend much time managing servers or upgrades, which allows us to focus more on analysis and solving issues.

The biggest benefit we have seen from Splunk Cloud Platform is that it has made troubleshooting and monitoring much faster. Previously, when issues happened, we had to check multiple systems separately to collect logs and understand the problem. Now with Splunk Cloud Platform, everything is available in one place so we can quickly search across different data sources and find the root cause. Another benefit is better proactive monitoring. With dashboards and alerts, we can identify unusual behavior or failure earlier instead of waiting for users to report problems. It has also reduced operational workload because Splunk Cloud Platform manages the cloud infrastructure, updates, and maintenance, allowing our team to spend more time improving security and reliability rather than managing the platform itself.

View full review »

The most valuable features or capabilities of Splunk Cloud Platform that I have found so far are mainly the search and the indexing engine, and I also find the data management of Splunk better. I have used both Splunk Enterprise and Splunk Cloud Platform, and I feel that the data management on Splunk Cloud Platform is handled by the Splunk team with much better expertise than its Enterprise Platform, where we had to manage storage and everything ourselves.

The effectiveness of Splunk Cloud's search capabilities in uncovering operational insights is pretty good. Once you know Splunk Query Language, or SPL, it is way better than any other data management tool, especially when analyzing and monitoring security logs, as it makes searching and minimizing threats much easier for me.

I use Splunk Cloud's alerting mechanisms to send alerts to my email, whether something happens in real-time or through scheduled Splunk query alerts for operational tasks like security incidents or operational warnings, such as when my storage is 90% full.

Splunk Cloud Platform's ingest and visualization features have helped me improve my data reporting significantly, as data ingestion and visualization are great, especially for creating dashboards from various sources like endpoints, firewalls, and web applications.

Operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

View full review »

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's integrations with third-party tools have had quite an easy impact on my daily operations. Initially, the outdated threat intelligence led to notable IP addresses going undetected. However, after integrating Talos and VirusTotal, we can quickly determine whether an investigation requires immediate attention or a deeper analysis, which has saved us considerable time. When we implement the SOAR solution in August, I expect we can provide even more details about integration with third-party intelligence platforms.

View full review »

Splunk Cloud Platform is a very mature solution and an enterprise-grade solution that brings the work we have to do with customers to an enterprise-grade level. It is something that we can manage from a single pane, and it is quite easy to deploy. I see a benefit that is not strictly related to the features that Splunk Cloud Platform offers, but it depends on the company belonging to Cisco now because we are a Cisco partner and Splunk Cloud Platform is a pillar, a vertical technology in the security area of the partnership. The benefit of partnering with Splunk Cloud Platform falls into the Cisco partnership and the benefits we can have in this important partnership we have as a company.

Compared to my previous situation, the first benefit of this solution is the speed and the effort reduction in terms of onboarding new customers and maintaining the entire platform. I will not have any more effort for system upgrades and infrastructure maintenance. This is one of the biggest benefits I can have from the solution. I save a lot of money because I do not have to spend resources anymore to maintain and operate the infrastructure and the systems.

View full review »

Data Visualization and IT Alerting and Incident Management are the main valuable features, primarily to get a better idea of what's going on.

When you do data reporting using Splunk Cloud Platform, because you have everything in front of you and it's so detailed and easy to read once you have the data. Another thing that makes it clear is because of the amount of evidence you have in front of you, the data is a lot more valuable. It's less of a human claim and more of evidence presented in front of you when you're trying to make any kind of claim on a certain thing going on.

I really do like about Splunk Cloud Platform the real-time alert where you can search for anything and the data is still stored there because at the end of the day, we are finally in a generation of cloud where everything is stored on a cloud platform to the point that you can search anything, as long as you do it in the appropriate way, you will find the results. It's in a good visual status with good visibility. I appreciate this feature.

View full review »

What I like about Splunk Cloud Platform is that it gives me flexibility and freedom in that I do not need to worry about the actual architecture of Splunk. I do not need to install it anywhere manually, and I only need to worry about what data I need to ingest and how I will create a dashboard on top of that. It provides support so I do not need to worry about the platform. It functions as Software as a Service, so I can directly use it and if I am facing any issue, Splunk support is available to help me anytime.

I do not have any limitations with Splunk Cloud Platform. I can access it from my own private network or anywhere, and I can access it from the public network as it is on a cloud. That is also a plus point for me.

In terms of assessing the effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights, its storage capability is excellent. Previously, we were managing it at an enterprise level, but it was costly to us because of data redundancy and the availability zones. With Splunk Cloud Platform, we do not need to worry about data backup, which is a very good point.

The alerts have helped us in proactive issue resolution. If we are currently getting any error, we will get notified in the next 15 minutes or 30 minutes according to the schedule of the search.

Splunk Cloud Platform's ingest and visualization features have helped improve our data reporting, truly the best available in terms of customizability. We have two options, classic and Dashboard Studio for dashboard purposes. In classic, we get options to build custom dashboards using custom JavaScript. We can insert our own graphics to provide better visuals where insights to our management team will not be dependent on the numerical base. We have charts to showcase our current situation, which will be really great for management.

In terms of benefits, if we were needing two persons for SAP to analyze if we have any issues, now we just need one person doing multiple tasks. We have built an automation system, or a dashboard, which gives us insight so that we do not need to go and look up every service. Splunk Cloud Platform really impacted our workflow and increased our productivity.

View full review »

I appreciate that Splunk Cloud Platform accepts all of my data. All of my data from different firewalls and applications gets to the one platform. Another valuable feature is the SPL query. After my data is centralized, I can use SPL queries for better analyzing and searching my data so I can detect anomalies or threats or for incident response. If any of my deployments fail, I can quickly respond to the incident.

Operational insights are crucial because my application logs are there, my firewall logs are generating there, and any new deployment from the CI/CD is there. This generates logs there. If any deployment has failed or if any application is failing, it increases my overall operational efficiency and helps my team with incidents.

The search capabilities of Splunk Cloud Platform are very powerful and can give me deep analysis of the events. The dashboards and the visual capabilities of Splunk Cloud Platform are also excellent. Dashboard Studio allows me to highly customize and create visually rich dashboards. The infrastructure features such as Smart Store and proactive monitoring help me in my day-to-day operations of the company.

We use Splunk Cloud Platform's alerting mechanism. We have integrated an API with ServiceNow, which works well for us.

The third-party tool integration with Splunk Cloud Platform is beneficial for us. We were using third-party tools before Splunk Cloud Platform. When we introduced Splunk Cloud Platform to our organization, it was very helpful that it could be integrated with third-party tools, so we did not need to change our tools. Splunk Enterprise tools for security and other functions can also be integrated with this platform. That is also a good feature for us.

View full review »

The best features of Splunk Cloud Platform are that you do not have to manage anything and do not have to worry about anything. It is scalable, easy to use, and reliable.

Regarding the machine learning tools in Splunk Cloud Platform, machine learning is great, but it requires specially trained people who understand it and have already worked with machine learning, making it challenging for those who do not have that expertise.

The price of Splunk Cloud Platform is very high, but you get all the advantages when you do not overpay for that. Some customers choose cheaper vendors, but for me, it is a perfect solution with many integrations, ready-to-go rules, and dashboards. It is feature-based.

Regarding the ingestion and visualization features in Splunk Cloud Platform, any device or system that can produce logs can be ingested into Splunk. There is no problem with many different possibilities to ingest the logs, making it a really great tool. Regarding the dashboards, there are also many possibilities to create them. If you know XML, you can write directly in XML and have your own custom dashboards, or you can do it via templates. These are great features.

View full review »

In my opinion, the best features Splunk Cloud Platform offers are its strong search functionality, dashboards, alerting system, investigation capabilities, and system integration features. Over the last year, I worked on several cybersecurity labs and SIEM related projects utilizing the platform.Splunk Cloud Platform helped with log analysis, security monitoring, dashboard creation, and investigation of suspicious activities. The features I found most valuable include investigation capabilities, dashboard and visual report generation, alert monitoring, centralized log management, and integration with different systems and cloud environments.Splunk Cloud Platform also had a positive impact during incident response exercises where teams worked together in blue team and red team style security scenarios to investigate and respond to simulated cyber threats.

View full review »

I appreciate the syntax that Splunk Cloud Platform uses because it is not KQL.

The whole product is really good, and I did not have much difficulty using it. The alerting mechanism is good to have, but in my personal training, I did not use it much because I did not need it that much.

The visualization feature in Splunk Cloud Platform is a pretty good feature because I did not need to go to any other vendors, for example, any.run or VirusTotal. This speeds the whole investigation up.

View full review »

The powerful search capabilities using SPL are what I appreciate about Splunk Cloud Platform. The second feature we value is its real-time monitoring and alerting.

The best feature is that Splunk Cloud Platform is handled by the Splunk team itself, including installation and all related tasks. We do not have to touch anything; we simply use it for our case.

SPL search capability is one of the primary tools we use every day. We have different search queries configured for alerts, dashboards, and all related functions. It is one of the major tools we use in our daily operations.

Overall, Splunk Cloud Platform is cost-efficient for us because we are Splunk partners, and it offers better performance. It has improved our faster query execution and includes an inbuilt dashboard with better dashboard performance. We gain more meaningful insights using Splunk Cloud Platform compared to other SIEM tools.

View full review »

The features of Splunk Cloud Platform that I have found most valuable and useful relate to licensing. Previously, it was a daily quota that we purchased on-premises, but currently it is based on SVC, or Splunk virtual compute, which is based on CPU and memory utilization of the cloud for billing. There are two license types: Victoria and Base. As we utilize the SVCs, we are charged accordingly, and we have the option to purchase a fixed number of SVCs or pay based on how many we actually use.

The effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights is notable because as an admin or developer, we utilize saved searches that run on schedules that we set. The search capability utilizes the same compute assigned, and compared to on-premises, it is very efficient and fast because on-premises we had fixed compute assigned with limits set for searching per role or application. In the cloud, we find it very easy and fast to use.

Splunk Cloud Platform helps in proactive issue resolution by allowing us to set alerts based on data flow to find errors or anomalies that need identification. The saved searches run based on these conditions to find errors or identify anything unusual in the data. We get alerts based on the conditions we set, which is quite effective.

View full review »

The best features of Splunk Cloud Platform include its powerful analytics and intuitive user interface. I particularly appreciate how it simplifies complex data operations.

The ingestion and visualization features of Splunk Cloud Platform are integral to our data reporting, as they help transform raw data into meaningful visual formats effortlessly.

View full review »

What I like about Splunk Cloud Platform is the easy reading of the dashboards and finding the data, which brought me the biggest benefits.

The alerting mechanism in Splunk Cloud Platform is customizable, so we could adapt it to our needs and assign the right priorities and based on this, define the action.

Visualization features and ingesting in Splunk Cloud Platform helped to improve my data reporting, but that was also a different team that was providing the log ingestion.

Other features that were really great in Splunk Cloud Platform include real-life monitoring, so we could have logs right away, and parsing was fine, so when it was correctly ingested and Splunk Cloud Platform parsed it correctly, then we had no issues with receiving the correct alerts.

View full review »

I love how everything is handled by Splunk Cloud Platform itself. We do not have to manage migrations, updates, and other maintenance tasks. That is one of the major benefits of using Splunk Cloud Platform.

We definitely contact them and they help us during upgrade times. For example, if we want to upgrade Splunk Forwarder on a cloud instance or a Splunk Indexer in a cloud instance, they definitely assist us.

Splunk Cloud Platform is highly scalable. It is one of the best SIEM tools across the world because it is valuable not only for monitoring but also for security analysis, dashboards, and other features compared to other tools.

View full review »

Splunk Cloud Platform is fully managed, so we do not need to handle infrastructure. The next thing I appreciate is its powerful search using SPL. It is easy to build dashboards in Splunk Cloud Platform and its visualization is also solid.

The alerting mechanisms of Splunk Cloud Platform have definitely helped in proactive issue resolution. Alerting is one of the most prominent features of Splunk Cloud Platform because we have set numerous alerts for daily ingestions. Health monitoring of Splunk dashboards is another valuable feature. We have alerts for thresholds, alerts for users, and alerts for failed logons. For example, if someone is trying to log in more than five times and failing, we have alerts for that as well. This is very useful for us.

Machine learning tools of Splunk Cloud Platform have helped to predict trends in our data. Using machine learning libraries, it is easy for us to analyze data and predict our upcoming data. This makes it pretty straightforward for us in daily operations using the machine learning toolkit.

View full review »

The most valuable feature of Splunk Cloud Platform is its robustness and ability to ingest logs.

View full review »

What I appreciate most about Splunk Cloud Platform is its intuitive user interface, which makes navigation and data analysis efficient.

It has a favorite feature in its reporting capabilities, allowing me to generate insightful reports easily.

View full review »

Just the fact that it is cloud-based is valuable. We are still on the classic one. I am waiting for the VE to come to the GCP. That is where our stack is. It is in GCP. They say it is coming somewhat soon. We will see when that is.

There is the flexibility of not having to manage all the indexes and searches myself. I was doing that with on-prem before. That was quite a bit of work. When you have an issue with an upgrade, you have to upgrade all of that. They are handling that on the backend now. I still have to do my heavy forwarders and my deployment servers, but it is a much lighter load for me on my end as an admin.

View full review »

The most valuable feature of Splunk Cloud Platform is the ability to correlate events together and combine the data into one event.

The benefits we saw from using Splunk Cloud Platform are the time to detect and the ability to investigate faster.

Our organization monitors multiple cloud environments. Splunk Cloud Platform's direct cloud connection capabilities make data transfer easy.

Splunk Cloud Platform's end-to-end visibility into your cloud-native environment is key for security posture.

Splunk Cloud Platform has helped reduce our mean time to resolve by a significant portion.

Splunk Cloud Platform has helped improve our organization’s business resilience.

We have seen time to value using Splunk Cloud Platform. We immediately saw time to value after implementing the solution.

The consolidation of tools gives one place to look for logs and events. I wish there were more ways to consolidate the consoles.

Splunk Cloud Platform is easy to use, and users can quickly understand and do pretty much anything that their minds can create.

View full review »

What I appreciate about Splunk Cloud Platform is that it's an AI-driven SIEM platform, and for data fusion stock, we require Splunk Cloud Platform because none other than Splunk Cloud Platform can have this data-driven stock implemented; it allows you to get into the data repository.

The real-time search capability of this product enhances operational decision-making, and it's very convincing; this aspect is very convincing from Splunk Cloud Platform's side.

View full review »

The most valuable feature is the SPL because without it we wouldn't be able to correlate and build our use cases and manage what we have for our data inside Splunk.

View full review »

Before we started using Splunk Cloud, we were using Splunk Enterprise. My partner and I were spending quite a bit of our time keeping the servers patched, up to date, and running the way that we wanted them to. Now that's all gone with Splunk Cloud. That has freed up a lot of our time so that I can spend most of our time helping people, learning SPL, and helping them with their dashboards, alerts, and reports. Splunk Cloud has helped us to be able to focus on getting more information out of our data. Whereas before, we were doing mostly administrative stuff. Now we don't have to do that anymore.

View full review »

Splunk Cloud Platform's ingest and visualization features help with data reporting. The platform's alerting mechanism is valuable, as there is software that makes alarms in case of attacks. Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity as a question of security to ensure the security.

View full review »

Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.

In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.

Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.

My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.

Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.

View full review »

We use Splunk Cloud primarily as a troubleshooting tool, so the most valuable features are the analysis and visualization.

View full review »

In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that. 

If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.

It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview. 

When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be. 

The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.

View full review »

Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.

View full review »

The solution's most valuable features are search, reporting, and dashboards.

Splunk Cloud Platform is useful in our organization's monitoring of multiple cloud environments involving cloud services like AWS. I cannot speak about the ease or difficulty of using the tool to monitor multiple cloud environments since I am not on the administration side.

Considering the product's ease of use, the tool offers me the ability to search all the data and get it in a format before giving it to an investigator so that they can get it in a format they can understand.

View full review »

The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based.

View full review »

Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve.

View full review »

I mainly work with Splunk SIEM and Splunk ITSI, and these are the two major products recommended for all consumers. If it is related to security, I recommend Splunk SIEM, and if it is related to infrastructure monitoring, I recommend Splunk ITSI to others. I used to take care of the observability part as well with the aforementioned tools. For observability purposes, I use Splunk-related applications. I also do the onboarding of the data into Splunk with the help of observability functionality.

View full review »

I like the Splunk Monitor console. I like how Splunk continually updates it with new features. We don't have to do anything on our end, we just get access to that. 

Splunk has some good dashboards that show us search or user search activity. There are some things that could cause the environment to go awry, like skip searches or searches that are more intensive. 

By being able to identify those, we could reach out to those customers and work with them on improving their standard practice. Since moving to SaaS, we're able to focus more on that.

View full review »

The Cloud Platform interface is cleaner than Splunk Enterprise's monitoring console. You can easily understand what's happening with your indexes. It's more refined than Splunk Enterprise's console, but they have the same feel and function. 

It's easy to monitor multiple cloud environments because you can create custom dashboards for any use case you may have. It offers good visibility because it integrates with the ITSI app, providing a clear overview of your environment. 

Integrating Splunk with other components on the cloud and network resources is effortless because it can collect data from various sources, including stored data from long-term storage.

Splunk's reporting offers a good visualization of your data. You can visualize the statistics based on your searches. It produces some helpful graphs that enable you to easily compare what's happening in your search. It's very comprehensive. 

View full review »

The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

Alert scheduling, dashboard creation, and log monitoring are the most valuable features. 

Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

For monitoring security logs, it's the best tool.

View full review »

The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

I don't know how much the product has helped my organization improve business resilience.

I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

View full review »

We can onboard multiple data types for monitoring from various ports and use Splunk to monitor laptops or other devices directly. If everything is stored in our database, we can also monitor that and see who is logging in and when. You can monitor which files are being used most and which ones aren't. We can also check for any fraudulent activity in the system. The reporting is highly detailed.

Splunk is best when used for real-time monitoring. We can use AI and machine learning, too. Splunk plans to launch new observability features soon. The federated search feature has helped us eliminate redundancy in data servers and discontinue servers that aren't being used much. We can remove those servers from the environment to cut costs. 

We can use Splunk to monitor multiple environments. The ease of monitoring depends on the source, application, or cloud environment size. 

View full review »

The data management and instant search features are the most valuable ones for us, as they allow us to instantly retrieve information needed for reports and security compliance.

View full review »

The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go. Splunk has multiple features, but the cloud feature comes with that. It is built for a smaller organization, but that's how organizations grow. The solution is good for a new budding organizational group.

View full review »

We have Splunk Enterprise Security and our regular Splunk Enterprise. We use Splunk Enterprise Security for monitoring all our security use cases and our regular Splunk Enterprise for application monitoring. We have our own custom digital apps that we monitor on the enterprise cloud, and all our enterprise security monitoring happens on the Splunk Enterprise Security app. There are so many custom applications that we currently support. 

We do digital transaction monitoring, so when a customer sends some money to a different customer, we monitor the end-to-end transaction of that customer when it happens on the digital platform. It is pretty important for our L1 and L2 teams to monitor that end-to-end transaction. 

With Splunk in place, we can identify the bottlenecks where transactions are getting held and immediately take necessary actions to release the transaction and reach the customer. That improves the transaction time frame. There is improvement in terms of how many analysts are monitoring how many transactions and how fast transactions are happening from end to end. It improves our performance and customer experience. It is also easy to monitor end to end transactions.

View full review »

I do not really like it, but being able to correlate events across platforms in a single place is valuable. I can trace an event back to its root cause. I can find the root cause instead of just looking at the symptoms across different things.

View full review »

In their case, they had global data domicile requirements. We didn't have the same global deployment for our other larger environment that they did. So it made sense for us to migrate them to a bunch of small cloud stacks that were globally positioned rather than deploy a bunch of tiny enterprise environments to do the same thing.

It's pretty important to us that Splunk has end-to-end visibility to our native cloud environment. We need to be able to figure out where the points of failure are. Knowing whether it's a forward, on our end, an index, the cloud environment,  a firewall, or something else entirely is important to troubleshooting that kind of process. 

Splunk has helped to reduce our mean time to resolve. For the specific use case, the ability to bring in more Splunk data and market makes work consistently accessible.

I think that Splunk's ability to predict, identify and solve problems in real time is better than what we use it for. Our observability journey is still pretty early so we haven't done a lot of predictive detection that is possible to do with Splunk. It looks like it can do the things that we needed to do in a pretty effective way. We just haven't done that yet.

View full review »

Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration.

View full review »

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

View full review »

Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side.

We integrated it with other applications in our environment. It integrates well. We did not face any issues on the integration side.

The reporting offered by Splunk Cloud Platform is also good.

View full review »

The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance. 

View full review »

I like the idea of being able to list the IPs that we want without having to open up a ticket to get it done so that way if anything changes we can add a new IP. The platform itself is the most valuable because if we're using the product, we're paying a lot for it. So we're searching our data and doing the triage we need to with the events. In reality, our biggest benefit of the Splunk Cloud Platform is not having the hassle on-prem.

View full review »

There is definitely the ease of the infrastructure administration. It frees up a lot of time.

View full review »

I like that Splunk Cloud Platform is managed by the vendor.

I like the Cloud monitoring console feature.

I like the support for all the apps and add-ons.

View full review »

The most valuable feature of Splunk Cloud Platform is the alerting feature.

View full review »

All the features are very equal for me. I do not use any one feature more than the other. They all are pretty equal to me.

View full review »

I like that it's an independent cloud platform. It can work with AWS or Azure. 

Its monitoring is completely automated. We do not have to put in other engineers just to maintain Splunk. It maintains itself, and it's very user-friendly. For the dashboards to be created or any sort of code that we want to do with Splunk, we can do it by ourselves. We do not need to have separate resources so it is very cost efficient. We do not require many people; it's resource-efficient as well.

We do use the federated search feature and find it helpful. Earlier, it was hard to withdraw data. We'd have to maintain it. Now, Splunk does it for us. It's a very time-efficient service. It's made a huge impact on automation. We can grab data in real-time any time we need to.

The solution integrates well with other applications and systems in our environment. 

View full review »

I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform. We do not have to worry about maintaining the infrastructure that is out there. We just push things up and maintain our infrastructure on-premises. This is important for us because we just do not have the manpower and resources to manage all the infrastructure. 

We used to use another SIEM with which we constantly had to replace hardware and things like that, so it is a good benefit to have that cloud infrastructure there whether it is coming from a SaaS environment or we just build it in the cloud.

View full review »

The most valuable feature is the search options. Our infrastructure is huge so if an issue happens, it's hard to find where it is. That's where Splunk comes in handy. You just go to their user interface and do a Google-type search. Just put in a keyword, search it, and you'll figure out where it is. If you have thousands of servers, it's very hard to see where the issue is and where the transaction is logged. Splunk makes it very easy. That's the best part of Splunk.

I would rate Splunk's ability to provide business resilience by empowering oneself a seven out of ten. Whenever we have an issue, Splunk is handy. We have a lot of monitoring in place so if an issue happens, our monitoring helps proactively figure out the issue, and in that way, we can make sure that our environment and infrastructure are up and running, and our customers don't have any issues.

View full review »

The ability to correlate data and then present it in a meaningful and valuable way is crucial. Splunk offered this functionality, providing us with insights into threats, vulnerabilities, and all the identity information we fed into it. We sought a SIEM tool because we lacked a solution that could effectively analyze recent data. We needed a tool that could not only ingest our data but also correlate it and present it in an easily understandable format.

View full review »

The cloud performance is good.

Not having to perform any maintenance because it is handled by Splunk saves our administrators time which is valuable.

View full review »

The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way. 

The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support. 

We can monitor multiple cloud environments, including Azure and AWS. 

It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.

We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.

We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability. 

The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems. 

The cloud has helped us with decision-making. It helps make maintenance decisions very easy.

It's very resilient. 

View full review »

Not having to manage Splunk Cloud's infrastructure is valuable. Being able to deploy within the cloud and not having to manually manage our configs on the infrastructure side and set up our own architectures has been the biggest help.

Other than that, the new Dashboard Studio has been a pretty big win, but I do not know whether that is more cloud-specific or not. Dashboard Studio has a cleaner look for customers that want to see their data but not necessarily search. For the customers that want to see their data, having an easy and effective way to drag and drop to see where things are going to be if they want to change them has been pretty beneficial.

View full review »

It's very important for us that Cloud Platform offers end-to-end visibility into our cloud-native environment. More and more functions are moving to the cloud, so it's not only for observability to see the system, but it's also for management and senior management to see that all of their applications are running as intended. If we try to spread out applications through multiple vendors, multiple regions, access groups, and whatnot, it becomes pretty important. It may become a challenge because of that spread. It brings resilience, but it also makes it more difficult to look after everything.

We want to achieve having everything in a single view. Senior management wants to make sure that everything is running well. The application team's developers want to have a granular review. 

Splunk reduced our mean time to resolve by 30%. If an application starts misbehaving, we send logs to Splunk and check to see what's going on and see what's happening.

The dashboards are the most valuable feature. It's all of the information in one place. We can build it ourselves, so we can make it the way we like. 

View full review »

For my purposes, I like the ability to aggregate lots of data from different sources. I like being able to report for management and being able to get alerts on thresholds being out of sync.

View full review »

Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable. 

We had multiple cloud environments. It was easy to monitor multiple cloud environments using the Splunk Cloud Platform’s dashboard.

View full review »

Index Manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team.

View full review »

It's important to use that Splunk has end-to-end visibility in our native environments. We have to have that visibility because we manage multiple app applications that rely on it.

Splunk helped to improve our organization's business resilience. That's very important to us. Our users rely on Splunk heavily for the health of their applications. It helps them to get ahead of issues, and if there is an outage, it enables them to resolve them faster.

Splunk gives the different application owners the ability to configure alerting specific to their needs so they can customize it however they want. If they know their applications better than you know, admins, I'll give them that flexibility.

View full review »

Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening.

View full review »

It helps us with hosting from different geographical locations. 

The speed of the cloud environment is great. 

We only buy the services we need. We don't have to pay for other things we don't. It makes the pricing very economical. 

We use the solution's federated search feature. It's easy for us to use. It helps us search logs, analyze, and manage data.

We are able to monitor multiple cloud environments using our Splunk Cloud dashboards. It makes the process very simple. We just have to maintain different teams for different environments.

The solution is great within hybrid environments. It gives us good visibility across everything. 

It works well for sizable environments. 

The product integrates well with other systems and applications in our environment. We haven't had any issues with integration at all. However, if we ran into issues, we could call Splunk support. Having an issue would be a very rare event. 

Reporting is very good. It's the same for all Splunk solutions. Having multi-cloud instances in one place is great.

We have multiple business units and easily integrate them into the cloud, as well as different infrastructures from different areas. We can deploy a Splunk agent on any cloud - AWS, Google, etc.

The company can access data easily for compliance and privacy regulations. The privacy aspect has been very good.

Having resilience has been very helpful in our organization. 

View full review »

The Splunk search is powerful compared to similar solutions. We get millions of data points within seconds.

View full review »

Splunk Cloud's most valuable features are log aggregations, dashboarding, business management, reporting, and business controls. Additionally, it has awesome indexing and the solution is always improving

View full review »

The log event capabilities and the flexibility in the search engine for finding what we need in the logs are some of the more valuable features in this product.  

View full review »

Not having to maintain any infrastructure is valuable. That frees up a lot of time as well.

View full review »

As compared to other tools, it is very easy. It is very easy to learn. It also integrates well. 

The reporting features are very good. The dashboards are very nice. We could create our own dashboards to monitor any volume dips or transaction loss. 

View full review »

Splunk is a very user-friendly tool and it's very extensive compared to other tools.

View full review »

For my current requirements, the tool theme seems to be meeting my requirements, from a cost and requirements perspective.

View full review »

The most valuable feature of Splunk Cloud is the quick setup.

View full review »

The most valuable feature for me is the flexibility of being able to send the log to the https endpoint. I know that it is possible to export the logs, although it is easier for me to communicate with the endpoints concerning what I am interested in.

This is a feature-rich product.

View full review »

The reporting and dashboards are very good.

In terms of reporting, everything is customizable. You can write a query to have the reports and dashboards created for you, and it will be based on that data.

The documentation is pretty good.

Integration with products and devices works well. We haven't had any limitations or problems connecting to our network devices.

View full review »