Splunk Observability Cloud Reviews

My customers used the solution for application performance in uptime and networking.

Splunk Infrastructure Monitoring has helped our customer's organization by making troubleshooting easier. The solution helped them have a centralized place where they could dig in across multiple other tools and consolidate all the information in one place.

Splunk Infrastructure Monitoring provided our customers with visibility into their overall infrastructure. They could quickly start identifying where the problems were coming from. If something was going sideways, they could more easily target the specific pathways.

One of our customers was on-premises. The other was a hybrid with on-premises and private cloud.

I was on a team helping them build a brand new tool, which was instantaneous. Another team got it a while ago, and they weren't sure what to do with it. So, we came in and helped them over a six-week engagement. We pivoted them from not feeling like they were getting all that much value to getting good value. It was more of a learning curve situation.

Splunk's unified platform has helped our customers consolidate networking, security, and IT observability tools. I was on the team of a company that was helping build a brand-new monitoring solution. They had probably a dozen separate stand-alone silo tools that could not talk to each other.

Instead of logging on to 12 different places to check each tool individually, Splunk Infrastructure Monitoring helped consolidate everything into a single location for viewing. We didn't get them to the point where they were ready to fully decommission the other systems.

They were going to decommission 12 systems on the six-month game plan. By now, they would have realized the cost savings. It would have been a multimillion-dollar savings for them.

Our customer, with 12 separate systems, was all on-premises. Part of our other customer's footprint was in AWS. It was incredibly easy for our customers to monitor multiple cloud environments using Splunk Infrastructure Monitoring. It was a combination of cloud and on-premises for our customer.

The solution provided them with a single pane of glass where they didn't have to log into multiple places and see everything in a single location. You can develop dashboards that give you cross-platform visibility, which is a huge win.

A wide variety of logging makes log onboarding difficult. Over the years, Splunk has done various things to make it easier, so I want to give them props for that. However, the reality is that every vendor has its own logging format. Some vendors have multiple log formats because they change their own products over time.

They have different log formats for different products in their own suites, and no industry standard makes it chaotic. Splunk is probably the best product out there in terms of how they handle it, but it's not perfect yet. They need to keep pushing that cutting edge and trying to improve it. I have no idea how they could do that because they're trying to wrangle chaos, and it's hard.

I have been using Splunk Infrastructure Monitoring for two years.

I think Splunk Infrastructure Monitoring is a solid product from an infrastructure perspective. I haven't seen any bugs in the tool. Like many things with Splunk, everybody knows there will be patches when there's a core upgrade. However, that's more with Splunk Core and not specifically the Splunk Infrastructure Monitoring part.

The solution's scalability is wonderful. I've worked with customers as small as 25 gigs a day, which is tiny, all the way up to close to a petabyte a day. You have to make sure you scale the tool intelligently, but it's more of a budgetary constraint than a technical one. The solution handles the big ones beautifully if you have the budget to have the needed hardware.

Splunk's technical support has significantly improved in the last year. The support went through a rough patch about a year and a half ago. I had to coerce customers to use it because it was really bad there for a while. Splunk's support has vastly improved recently, and I hope it continues to improve.

Those people who changed the attitude, mindset, and processes need all the accolades because it's so much better than it was. Unfortunately, that does mean that it was really bad at one point.

Splunk's technical support still has some room for improvement in certain areas. Mostly, you can tell the more junior people who just read off of a script and really don't know where to go. I always introduce myself as a consultant to let the support person know that I have already done the basic introductory troubleshooting, and they can skip the first ten pages in their script.

Some frontline people in Splunks' support team are wonderful and clearly have more experience. However, it is still obvious that they occasionally bring in somebody brand new who's a little lost.

I rate the technical support seven and a half to eight out of ten.

Positive

I've worked with Core Splunk as a consultant for seven years and was a customer for seven years before that. So I've seen it all: the good, the bad, the ugly, and everything in between. Usually, the actual building of Splunk is super easy because I've done it so many times. Every customer's environment is unique in terms of how to get the data.

It's more about navigating the local customer's politics and archaic technical debts. Somebody thought that a certain architecture was a good idea ten years ago, but today, that doesn't make any sense whatsoever. Wrangling customer chaos is hard, but the Splunk piece is usually easy.

There's always room for improvement, but Splunk Infrastructure Monitoring is a solid product overall. It definitely helps customers who have a lot of legacy systems that don't work well together.

Overall, I rate the solution an eight out of ten.

Right now it improves the gap between our on-prem data centers and our cloud environment. We've been using Splunk on-prem for eight or nine years now and it's been useful seeing existing tools that we've used like Splunk integrate into cloud environments and bridge that gap. We use the integration the most.

It has reduced our mean time to resolve. It's been easy to aggregate logs and infrastructure data in one place, making it easier to find a single point as opposed to jumping around tools. It's ten to fifteen percent better. It makes aggregating data and logs faster for our cloud purposes.

There's a feature that allows you to connect to AWS infrastructure that we've been using. Its integration with the cloud is what we're looking forward to the most.

It is very easy to monitor multiple cloud environments. It's like a single pane of glass for us. We can use it to monitor our on-prem and both of our cloud environments as opposed to having different tools for each environment. It makes it all come together in one tool.

It's fairly important that it has end-to-end visibility into our native environment. We host a lot of other programs in our program. We host an infrastructure platform. It's good to have the integration that we can pass on to our customers to show them that there are tools they can use to better their program while we're using them to better ours. So it's been pretty beneficial.

Splunk's ability to predict, identify, and solve problems in real-time is good. I was very happy with the keynote. A lot of the use of machine learning is cool. We're excited to get our hands on that once it makes its way to Enterprise.

We still use Splunk Enterprise licensing. A lot of the newer features go into Splunk Cloud before Enterprise. We're not looking to switch our licensing over, so we're falling behind on the newer features. I know Splunk has plans to move their cloud features into Enterprise at some point. The only improvement we would like is to have more features put into Enterprise that focus on the cloud. Some people come from an on-prem environment and slowly move to cloud and would have to make a full jump into the Splunk Cloud licensing to get any of the cool Cloud features.

The program that I'm on has been using Splunk Infrastructure Monitoring for around three years now. We started off mainly on-prem for data centers and we've slowly migrated into AWS and Azure for cloud footprint.

The company has been using Splunk since we were a lot smaller. We were using Splunk for data logs, aggregation, and things like that.

It's very stable. We've never had issues with that. Anytime we do have stability issues, it's something that we can work on to fix. It's not an inherent flaw with the product.

Scalability is excellent. That's what Splunk is designed for, big data aggregation. It's been very easy and seamless to scale up over the years.

I've only had a couple of Splunk support cases, and they've been very, very prompt in responding, especially compared to some of the other big enterprise tools we use.

Positive

We have seen ROI. It's made onboarding better and it's easier for engineers in our project because there's a single pane to view all of these different environments.

We have seen time to value. It makes it a lot easier to train new people and get them spun up. We had our cloud environment for a couple of years before we started integrating with Splunk. It was a pretty quick improvement within a couple of months, noticing how beneficial it was to have a single pane of glass in all of our different environments.

I understand Splunk wants people to move towards Cloud licensing for a lot of the newer features, especially for multi-cloud. It would be nice to see those in Enterprise. I understand why they do it but that is my main concern. 

I would rate Splunk Infrastructure Monitoring a seven out of ten. There's more we can do with it. We just haven't explored it. 

We use Splunk to monitor some devices in the company. We have several cloud groups for monitoring the energy companies in the state. The stack has several devices to monitor if you have a problem. There is a mixture of solutions.

The solution monitors the system in real-time. We can find the resources and investigate security incidents. Splunk and another solution, AppDynamics, monitor several devices.

We integrate Splunk with a data collection solution, and it plugs in the users to collect data at several points in the network and infrastructure. The data is indexed in Splunk, which can be visualized in different dashboards. Monitoring for fraud is critical for the company because you have to resolve many problems in the infrastructure with federal information in the dashboard. 

The company has many systems that the customer pays to access. Splunk APM issued via AppDynamics helps find problems in the feed. It reduces the risk of supervising all the devices. I can supervise the flow and simulate the conditions of the repository across several dashboards to show what's happening at the moment.

The dashboards are used mainly to visualize information about the infrastructure, but it isn't easy to construct or use the dashboards. While we tried to resolve the issue by calling support, it would be easier if they had an AI co-pilot to identify the problem and help you solve it. 

I have been using Splunk APM.

Splunk APM isn't easy to scale because you have to follow the steps and implement best practices, which can be a little awkward.

I rate Splunk support 10 out of 10. We had good documentation, and the support team at Splunk has a lot of experience with code and the tool. 

Positive

I haven't had any problems deploying Splunk. When I installed Splunk for the first time, I thought the product line was complex because I had to build the solution. After working on it for a while, it has become easier to do the solution next time.

Splunk APM is a crucial tool because it controls all the systems and solves a lot of problems.

I rate Splunk APM 8.5 out of 10. It's an excellent solution.

Splunk Infrastructure Monitoring reduces our mean time to resolve. We are more proactive than reactive. I would be very confident to say that there is about a 25% reduction in time. We get things way quicker than when we were just doing it reactively.

It has the ability to identify and solve problems in real time. It saves time.

There is no one feature that stands out more than others. We use a little bit of everything. When we started using it, we did not exactly know it. It was new and fresh, so we just started gathering everything. We did not end up doing anything different. All of the features that we are using have had an effect on the monitoring that we are doing. Everything is very effective.

We never had any issues when it comes to the type of use cases we are using it for. We did not need more advancement on it, but I know that, in general, everything can be updated. There are tiny little tweaks that can be made regardless of whether it looks better or has a different flow to it than it does right now, but it works pretty well for what we use it for.

I have been using Splunk Infrastructure Monitoring for two to three years.

It is stable.

It is scalable. As we continue to grow and expand, the stability and the scalability are there.

They have been very helpful whenever we have had any issues. Only one or two times they did not know. That does happen. We are all humans, but that is the best that you can get.

Positive

I got onto the team when we started using it, so I am not sure what we were using before.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

We use Splunk APM for performance testing. 

Splunk offers end-to-end visibility across our environment.

Splunk APM simplifies application performance monitoring. It also provides insights into data quality, including data security, integration, ingestion, and versioning of trace logs. We can directly inject data for monitoring purposes, trace the data flow, and monitor metric values.

Splunk can ingest data in any format, allowing us to easily monitor logs and identify blockages through timestamps, which saves us time.

The most valuable feature is dashboard creation. This allows us to easily monitor everything by setting the data we want to see. For example, imagine we're working on a project within the application. There might be different environments, such as development, testing, and production environments. In the production environment, we can use dashboards to monitor customer activity, like account creation or other user data. This gives us a clear view of how transactions are performing and user response times. This dashboard creation feature is one of the most beneficial aspects of Splunk that I've used in a long time. While Splunk offers many features, including integration with various DevOps tools, its core strength lies in data monitoring and collection.

Splunk's functionality could be improved by adding database connectors for other platforms like AWS and Azure.

I have been using Splunk APM for one year.

We previously used a legacy application for monitoring and when it was decommissioned we adopted Splunk APM.

Splunk offers a 14-day free trial and after that, we have to pay but the cost is reasonable.

I would rate Splunk APM eight out of ten.

Splunk APM requires minimal maintenance and can be monitored by a team of three.

Our primary use case for SignalFx was visualization, charting, and alerting. We also used it to fix our µAPM.

For one project I was working on, at least 15,000 people were using SignalFx. They used to monitor their application health in the SignalFx dashboard and get alerts from SignalFx. The users had different job profiles, such as engineers and architects.

One of the valuable features is that it is very user-friendly. We can directly search for a metric and create alert charts straightaway. There are multiple visualization options to create charts that allow users to create detectors and alerts and integrate them with downstream applications for getting notifications.

Moreover, the volume it handles is very good, including the number of metrics, the volume number of traces, and more.

There are some predefined metrics where we can directly install the SignalFx agent. It gives some informative CPU utilization where some things are inbuilt. But for specific applications, we may need to create customized metrics. Here, developer teams have an additional burden of creating the whole thing if they need to customize anything. The additional feature metric could be a custom metric edition. It would make it simple for any user or engineer to go beyond the default metrics and easily choose to add more metrics. It will help share dashboards, so when we have a single version, thousands of people can use the same single version of the dashboard.

The sharing option and custom metric would be the two additional features I would like to see in the improved version.

I used SignalFx for six to eight months for my previous project, and the version I used was Splunk Observability. I used it last in October 2022; I am not using it right now.

It is a stable product. There used to be some unplanned maintenance or intermittent issues. Most of the time, we used to get alerts or notifications from the SignalFx team. So, out of 100, I would give it a 90. It was stable, but in that 10% of the occurrence, we faced various problems like loading traces, dashboards, and more. In that project, we had a limit of detectors and a limit of a metric time series, and several subscribed metrics. So, we used to get some notifications when it reached 80% or 90% of the usage. Thus, it is completely related to the subscription. But we faced the fact that the number of MTS reached the limit.

In terms of stability, we faced intermittent issues so I won't give it a 100%; it is 90%.

It is scalable. Although the scalability depends on the subscription model, there are some related requests according to cost. For example, if I want to increase the metrics by up to 30%, store more metrics, or create more alerts, I can easily do it without impacting anything. For all those things, it is scalable.

I used to create a support case in the SignalFx portal itself, and I used to call them on their toll-free number and engage them with issues. So I had some experience with their team and I rate them an eight out of ten.

I would rate it an eight because customer support won't provide back-to-back service. If I expect updates every hour, sometimes I may not get updates every hour. For example, if I need someone to explain the issue, there might be delays. If I need to get some root cause of an issue in real-time, that might take time. So considering these factoes, I rate them an eight out of ten.

Positive

I have used some observability tools like Splunk, Instana, and Grafana. I found SignalFx the best one for visualization, and it is user-friendly too. For example, you can directly search for a metric, and we can create alert charts immediately. So there will be multiple visualization options to create graphs. From there, we can directly create detectors, create alerts, and integrate them with other downstream applications for getting notifications.

The initial setup was simple, and we used some package installers. We had a restrictive code for binaries in Artifactory. So we directly used some package installers and pulled it in individual service. Also, it was integrated with Puppet, so installing the SignalFx agent and starting it was simple.

I wanted to manually install, deploy, and download it on a single server, and the whole manual procedure took around 10 to 15 minutes. When I tested a group of services with the help of Puppet, even hundreds of servers were done within an hour or something. 

So I was working on a banking project, and we had a private cloud there; SignalFx agents were installed on servers, and our metrics were derived from there.

My company used an inbuilt application built by in-house developers, which was developed 15 years ago. Those tools were somewhat outdated and could not serve the purpose of the ever-growing volumes and other issues. So they preferred to have some third-party tool to solve their problems, and they found SignalFx useful. As a user, I also thought SignalFx was much better than other visualizations.

I would definitely recommend SignalFx. Compared to other installation tools, creating alerts, understanding charts, and creating dashboards is more straightforward. 

The functions are complex but SingalFx is very user-friendly. There is very defined documentation for everything, whether I have to create an alert or use some aggregation. We will have a direct link that says something like, "Click here to read more" or  "Click here to understand." Such links are there for everything. Moreover, if I want to create an alert, there will be multiple options; it will say, "What is the time of alert?" or "What is the threshold base?" All these details will be there; you will have a link to detailed documentation. It is a very user-friendly tool for any beginner. 

I would rate it as nine out of ten. 

I use the solution in my company for our customers who use the tool for auditing and compliance in the area of DoD/AC. My company's customers have compliance controls, and STIG controls that they have to satisfy for their ETL processes.

The tool has helped our customer's organization in achieving compliance control. When our customer's organization has an inspection or when the DoD inspects their infrastructure, they can show their auditors that they are compliant. They can show the auditors the dashboards and verify that they are ingesting data from the sources and how all their hosts are being monitored. They can show everything to auditors, check the box, make sure that everything looks green, and then they continue to have authorization to operate.

The most valuable piece of Splunk Infrastructure Monitoring for our company's customers revolves around the data for everything. Everything produces data, and all the data can get ingested, whether it is Windows, RHEL, VMware products, Pure Storage products, or a custom product. Configuring data ingestion and performing everything in Splunk Infrastructure Monitoring is possible. At the same time, a lot of the other SIEM tools focus on a specific type of data. The benefit of Splunk Infrastructure Monitoring is that one can see all their data in one place.

There is not a lot of support for the tool's on-premises version, especially since everything is on the cloud. In my company, we had a really good demo this morning on Keynote, which touches on the APM part, and it was super cool. There was also a demo on AI assistant, which was super cool. It is hard to increase the options for a particular customer when so much of the stuff is limited to the cloud, and there is so much focus on the cloud part.

I have been using Splunk Infrastructure Monitoring for three years for my customer, who has been using it for longer than when I started to use it.

The tool's stability is great.

The tool's scalability is great. My company just moved Splunk from VMs to containers for our customers, so I would say that we have put it on Kubernetes on Tanzu, which has been great for them.

Support is an area I have not really reached out to on behalf of our customers. I usually just go to Splunk Answers or rely on my colleagues to get what I need. My company has never opened a support ticket with Splunk for our customers.

I don't know what one of my company's customers had used before Splunk Infrastructure Monitoring. They may have used some other solutions, but I have been on contract with them for three years.

In terms of ROI, I can say that I have seen a decreased amount of time spent on our company's end validating data ingested from an auditing perspective, especially when we are talking about their authorization to operate. With the tool, it is much quicker to view all your data in one place than it is to go show an auditor 15 different data sources. You can show it all together to the auditor.

Licensing cost is the biggest argument I get from those divesting from Splunk. There are those within our organization who say we are going to go to other tools since Splunk is too expensive. Till now, I have been able to ask others to look at the value Splunk adds to the company, and I have been able to convince them that it is worth it, but that might not always be the case if licensing continues to be an issue, especially if costs continue the way they are and if other solutions offer more competitive pricing for similar results.

The tool is not used to monitor multiple cloud environments.

It is not important for our company that Splunk Infrastructure Monitoring provides end-to-end visibility into your cloud-native environment.

The tool has helped improve our organization's business resilience.

The tool does the job very well. It is easy for me to use, especially as a trained person in Splunk products. The tool also does the job very well. With the tool in place, I can get Windows or RHEL. I can do things like scripted input on a forwarder. Splunk Universal Forwarder are so much more than if I just use Syslog, for example, to just get data. I can do a lot more with Splunk than just ingesting data via something like Syslog.

I rate the tool an eight out of ten.

I have the logs of my applications, and they're usually a bit volatile. The log switch doesn't stay there on the application for a long time, so Splunk can require that. It can take 15 days for the logs to be available to do some kind of research. I'm using Splunk to ingest application logs, create dashboards, and set up alerts. 

The biggest benefit of Splunk is that we can retain logs and correlate the data. Telemetry data has a huge impact because it's much easier to see everything. 

Splunk has significantly reduced our mean resolution time. The workflow at my company involves application microservices applications running on the cloud. These logs are highly volatile, so they're only retained for three to five minutes, and we had to reproduce an issue to trace why it failed. That meant we had to do everything again to capture the log at the moment.  Now, we have the data to analyze one or two hours.

Splunk's dashboards are great. The solution provides end-to-end visibility across my environment. Visualizing large amounts of data is easier because we can correlate the data from any target source. 

The licensing model is expensive. We need to monitor the amount of data ingested because the cost is based on the data collected. 

I have used Splunk APM for three years now.

We have instances for production and development. I've never seen the production instance go down. Our development instance has gone down, but that's expected. 

I used tools like Elasticsearch, which is similar to Splunk. I've also used other observability tools like Grafana and Dynatrace, but they have different features.

I rate Splunk APM 10 out of 10.