Splunk Observability Cloud Reviews

I use the solution in my company for our customers who use the tool for auditing and compliance in the area of DoD/AC. My company's customers have compliance controls, and STIG controls that they have to satisfy for their ETL processes.

The tool has helped our customer's organization in achieving compliance control. When our customer's organization has an inspection or when the DoD inspects their infrastructure, they can show their auditors that they are compliant. They can show the auditors the dashboards and verify that they are ingesting data from the sources and how all their hosts are being monitored. They can show everything to auditors, check the box, make sure that everything looks green, and then they continue to have authorization to operate.

The most valuable piece of Splunk Infrastructure Monitoring for our company's customers revolves around the data for everything. Everything produces data, and all the data can get ingested, whether it is Windows, RHEL, VMware products, Pure Storage products, or a custom product. Configuring data ingestion and performing everything in Splunk Infrastructure Monitoring is possible. At the same time, a lot of the other SIEM tools focus on a specific type of data. The benefit of Splunk Infrastructure Monitoring is that one can see all their data in one place.

There is not a lot of support for the tool's on-premises version, especially since everything is on the cloud. In my company, we had a really good demo this morning on Keynote, which touches on the APM part, and it was super cool. There was also a demo on AI assistant, which was super cool. It is hard to increase the options for a particular customer when so much of the stuff is limited to the cloud, and there is so much focus on the cloud part.

I have been using Splunk Infrastructure Monitoring for three years for my customer, who has been using it for longer than when I started to use it.

The tool's stability is great.

The tool's scalability is great. My company just moved Splunk from VMs to containers for our customers, so I would say that we have put it on Kubernetes on Tanzu, which has been great for them.

Support is an area I have not really reached out to on behalf of our customers. I usually just go to Splunk Answers or rely on my colleagues to get what I need. My company has never opened a support ticket with Splunk for our customers.

I don't know what one of my company's customers had used before Splunk Infrastructure Monitoring. They may have used some other solutions, but I have been on contract with them for three years.

In terms of ROI, I can say that I have seen a decreased amount of time spent on our company's end validating data ingested from an auditing perspective, especially when we are talking about their authorization to operate. With the tool, it is much quicker to view all your data in one place than it is to go show an auditor 15 different data sources. You can show it all together to the auditor.

Licensing cost is the biggest argument I get from those divesting from Splunk. There are those within our organization who say we are going to go to other tools since Splunk is too expensive. Till now, I have been able to ask others to look at the value Splunk adds to the company, and I have been able to convince them that it is worth it, but that might not always be the case if licensing continues to be an issue, especially if costs continue the way they are and if other solutions offer more competitive pricing for similar results.

The tool is not used to monitor multiple cloud environments.

It is not important for our company that Splunk Infrastructure Monitoring provides end-to-end visibility into your cloud-native environment.

The tool has helped improve our organization's business resilience.

The tool does the job very well. It is easy for me to use, especially as a trained person in Splunk products. The tool also does the job very well. With the tool in place, I can get Windows or RHEL. I can do things like scripted input on a forwarder. Splunk Universal Forwarder are so much more than if I just use Syslog, for example, to just get data. I can do a lot more with Splunk than just ingesting data via something like Syslog.

I rate the tool an eight out of ten.

I have the logs of my applications, and they're usually a bit volatile. The log switch doesn't stay there on the application for a long time, so Splunk can require that. It can take 15 days for the logs to be available to do some kind of research. I'm using Splunk to ingest application logs, create dashboards, and set up alerts. 

The biggest benefit of Splunk is that we can retain logs and correlate the data. Telemetry data has a huge impact because it's much easier to see everything. 

Splunk has significantly reduced our mean resolution time. The workflow at my company involves application microservices applications running on the cloud. These logs are highly volatile, so they're only retained for three to five minutes, and we had to reproduce an issue to trace why it failed. That meant we had to do everything again to capture the log at the moment.  Now, we have the data to analyze one or two hours.

Splunk's dashboards are great. The solution provides end-to-end visibility across my environment. Visualizing large amounts of data is easier because we can correlate the data from any target source. 

The licensing model is expensive. We need to monitor the amount of data ingested because the cost is based on the data collected. 

I have used Splunk APM for three years now.

We have instances for production and development. I've never seen the production instance go down. Our development instance has gone down, but that's expected. 

I used tools like Elasticsearch, which is similar to Splunk. I've also used other observability tools like Grafana and Dynatrace, but they have different features.

I rate Splunk APM 10 out of 10.

I am a technology analyst. I have been working on a financial project in the US. For this project, I used Splunk APM for troubleshooting and reviewing the logs, and finding errors. Most of our APIs ran on Splunk APM, and we used it to find errors in our production environment.

We are no longer using Splunk APM. We have switched to Dynatrace.

Splunk APM is very good for monitoring purposes. You can watch application-to-application flows. If you just click on a flow, you can go step by step and debug an issue. The places with errors are marked in red. The API or the application in which you are getting an error is red. From there, you can go to the log or the error, and then the person responsible for that particular API or application has to fix it.

Splunk APM gives tools for user monitoring, logs observability, infrastructure monitoring, synthetic monitoring, and automated on-call. 

Splunk APM provides real-time data. In the logs, if you want to see errors related to status 404, you can just write one keyword, and you will get the results.

Splunk APM offers end-to-end visibility across the environment, but it also depends on how your business is set up on Splunk APM.

Splunk APM helped to reduce our mean time to resolve (MTTR). Previously, I had to log into my VPN, run commands, and see the logs. After having Splunk APM, I could click on one link and go through the logs. 

We could set up Splunk APM based on our environment. I worked on one project with Splunk APM. In that project, we faced a lot of issues, and I resolved the issues with the help of Splunk APM. I found the accurate logs and the easiest way to resolve the errors.

Splunk APM is the most advanced application for performance monitoring and troubleshooting for cloud-native applications and microservices.

The ability to troubleshoot is valuable. While running any product or API, we need to troubleshoot issues. We need to find the error in the logs. In Splunk APM, we have the section logs. In that section, we can search with any particular keywords. Before Splunk APM, I also worked with Splunk Enterprise where we have various dashboards to monitor. 

It is an application performance monitoring and observability tool. It is a very good tool. You need to use the documentation on Splunk's website. From there, you can learn many things. I have Splunk certification. You can dive deep into it. For me, it gives end-to-end visibility into our production environment.

They can improve the flow system and the keyword language. It has predefined keywords, but they can be improved. I also use LogMeIn where I can use predefined keywords to see the logs. 

They should give us the option to use our own language to search. For example, I should be able to search for an ID name along with an error or status code. 

I worked with Splunk APM for one and a half years.

I have not faced any downtime. I have worked with Splunk APM for one and a half years, and I did not face any downtime during this duration of time.

I have never faced any issues with scalability.

I did not have any need to contact support because I did not face any issues. 

We used another solution previously. In Splunk Enterprise, it is easier to create dashboards. You can easily set up application alerts and infra alerts. You can search with metrics and you can set alerts based on a specific error. Whenever that error occurs, you will receive an alert.

I am not involved in its deployment. In terms of maintenance, it is owned and managed by Splunk. Everything is maintained by Splunk. I have not faced any downtime with Splunk APM. I have also used Splunk Enterprise previously. With both of these products, I did not face any downtime. 

The pricing is reasonable.

It is a good tool. It allows you to set alerts for application and infrastructure monitoring, and it allows you to create dashboards. You can set alerts based on the threshold or traffic.

For logging purposes, Splunk APM is very good, but we should be able to use our own search query language. Currently, we can only search based on the predefined tags.

Overall, I would rate Splunk APM a nine out of ten.

I use Splunk primarily from a gateway operations perspective. I work on application support. As part of that support, we regularly monitor the application dashboards built in Splunk using the logs. I covered this earlier this month.

The real problem we were facing was that we were unable to get all of our logs into a single place. We have an on-premise application with multiple servers across different data centers, and we needed to be able to view all of the logs together in order to troubleshoot any problems. That's why we started using Splunk to forward all of our logs to a single location.

Moreover, Splunk APM gives us end-to-end visibility across our entire on-premise environment. 

Another biggest benefit I've seen is the ability to quickly identify problems using Splunk alerting. We set up alerts against our application metrics, and this has helped us to resolve major issues much sooner. We can now identify problems as soon as they occur, which gives us time to take corrective action before they impact our users.

Splunk has reduced the amount of time our operations team spends investigating problems. This has freed up our engineers to focus on other tasks, such as improving our application performance and adding new features.

I like the fact that Splunk APM makes it easy to connect to the application database and run queries against the data. I also like the fact that Splunk APM allows me to use log forwarders to forward logs to a central location, where I can then build dashboards to view the data. The dashboards are probably my favorite feature of Splunk APM.

I've been using the Splunk query language, and it can be a bit time-consuming to set up the queries I need. I've had to look at a lot of community forums to find the filters I need, and it can be difficult to get the details I need.

I have experience building dashboards and other things with Splunk APM.

I've been using Splunk APM for over a year now. As part of my job in application support, I regularly create and maintain dashboards for our applications using Splunk APM. I also use dashboards to create alerts based on certain metrics.

Moreover, I'm currently working on a project to create a new dashboard for our customer support application.

The stability of the solution is good because I have never had outages I have seen so far. In terms of usage, it's good in terms of availability.

I haven't had to contact the support yet. We have a separate team that maintains and builds our relationship with Splunk, so they would be the ones to contact if we had any issues.

The solution doesn't require any maintenance. 

We used New Relic and AppDynamics before Splunk. AppDynamics was our APM tool, and I'm still using New Relic for monitoring Splunk. New Relic is great for log monitoring, and it's our main tool for internal application monitoring.

With Splunk APM as an enterprise solution, various factors come into play. Right now, considerations include pricing and how they envision the solution to work for them. Some might want the solution to be cloud-based. It largely depends on the volumes they anticipate. Organizations must decide how much they're willing to invest, especially when comparing it to other investments they've made. With the current economic recession and organizations looking to cut costs, it's crucial to evaluate the volumes and aspects of Splunk that are most relevant to them.

Overall, I would rate the solution an eight out of ten. 

We use Splunk Infrastructure Monitoring to get an overview of what's happening in our customers' infrastructure. We're monitoring our servers, network, IoT devices, etc. We're a service provider, so the solution is installed in one place. 

Splunk Infrastructure Monitoring has enabled us to be more proactive. We can identify and respond to an issue before there is a failure. It has helped us significantly. For example, if somebody is attacking us we can detect that there is an increase in traffic and investigate to see if it's legitimate. We can block them or take other actions before it becomes a problem. 

Splunk Infrastructure Monitoring gives us complete visibility without the need for storage. We can visualize our infrastructure. Where is the traffic going? Are there any attacks? What are our vulnerabilities?

Splunk could be better integrated with configuration manager solutions so we can automatically resolve issues without human interference. 

We have used Splunk Infrastructure Monitoring since 2015.

Splunk Infrastructure Monitoring is stable. 

Splunk is scalable. It's easy to add more devices as needed. 

I rate Splunk support an eight out of ten. 

Positive

Before Splunk, we used multiple vendors, including Cisco, SolarWinds NPM, and WhatsUp Gold. 

The deployment process isn't complicated. We installed Splunk on a VM and started it. We have a team to deploy and monitor it.

Splunk is worth the investment. When an incident happens, you need reports immediately, and Splunk is the best monitoring solution for this. 

Splunk is expensive, but it's the best solution for the job. 

I rate Splunk Infrastructure Monitoring a nine out of ten. Splunk is a responsive piece of software. It's user-friendly and easy to get the data you need. I advise people to take the time to learn how to create reports and analytics.  

We have used Splunk to give us insight into the NetFlow of the traffic running through our network. We connect different networks but we only use on-prem. We are in the middle of a spider web, providing these services to different networks. We are trying to gain visibility into the traffic that traverses our network internally.

We are interested in the traffic volume because the services we are looking at are endpoint-encrypted, meaning encrypted traffic between a service provider and a client in another network. So we are not able to look into the media stream.

The networks we are connecting have their own security boundaries and their own security levels, and we don't mess with that. We are just trying to let them talk together. 

We have been using Splunk for monitoring who is logging in and how and when.

It has given us visibility into what is going on in the network, such as how much traffic is running to and from the services, but we are not using Splunk in a straightforward way. When we are looking into reports on how much data has been used, we need to look into another system and enrich it with data from Splunk.

Splunk has drawn our attention to how the network is running. If there are alarms on things that are not functioning, it gives us early warning on problems that could arise.

In terms of operational performance, the efficiency, Splunk has helped us improve. We could have found other tools that would have given us the same efficiency, but this was the tool that we chose. From that perspective, it has been of value to us.

It would have helped us reduce our mean time to detect but I can only guess at how much; perhaps by 25 percent. And we would see a similar reduction for mean time to resolve.

It's a bit difficult to use. It takes some time to get into it and to get it to do what you would like it to do. It is not straightforward to use it. Once you have the dashboards for collecting and analyzing transactions configured, they are okay, but it takes some time to do it. Configuration could be easier.

We have been using Splunk for about eight years.

We have not looked at Splunk as a means of being able to scale, but we have not been hindered by using Splunk. Our goal has not been growth, but maintaining stable and secure networking, and this is what we have achieved. But with or without Splunk, we would have achieved that anyway.

We really haven't had any technical issues where we involved Splunk's support.

We did not have a previous solution like Splunk, other than in-house-developed tools. We got acquainted with Splunk as part of the tender for our network infrastructure, and from that perspective, it has been okay.

Splunk has been fairly expensive, but it has been predictable. You are not punished if you are looking into much more data if you are, for example, under attack. Other tools could be more expensive to use if they charge per incident or the amount of data you are looking into. With other solutions, you could be punished if you need to index more data because of an attack, such as a DDoS attack, and you need to do some forensics on the data.

Why shift to something you don't know when you are, perhaps, happy enough with the tool that you already have? Think about whether you could develop that tool into something that would give you the visibility you would like to have, instead of using Splunk. Are you looking into incidents, traffic flows, indexing per day, or is the issue that you're looking for an alternative with a better price? Think about why you are considering shifting from a tool that you already know.

Our primary use case for this solution is as a supplement to Dynatrace, so the log analytics is done in Splunk instead of Dynatrace.

We built a tool for firewall log monitoring and we powered all firewall logs to Splunk. In addition, we built a little dashboard that just specifies sources and the destination addresses and port numbers. It passes all the logs and tell us if there are any blocks or drops on the firewall level. This is a very useful tool for us.

The features I have found most valuable are log searching and log analytics, both of which are quick features.

There's a component in this solution that is particular and takes a lot of manual work and that is the automation. There is a lot of room for improvement with the automation. They should also improve the discovery and detection of all the infrastructure components so that it is more automated and takes less manual work.

I have been using this solution for about five years.

I would rate the stability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the scalability of this solution a nine, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the technical support of this solution a 10, on a scale from one to 10, with one being the worst and 10 being the best.

Positive

At first, we were deployed on-premises and then about one year ago we migrated to the cloud. So I would say they did most of the work around migration. There are around 1,000 users of this solution in our company.

We have seen the ROI.

I would rate the pricing of this solution a two, on a scale from one to 10, with one being the most expensive and 10 being the best price.

Our model of deployment is the cloud.

I would rate this solution as a whole a 10, on a scale from one to 10, with one being the worst and 10 being the best.

I would advise other people looking into this solution to do their due diligence and make sure they do their pre-work and post-work.

We have a lot of applications that we monitor. We have a lot of hardware that runs on VMware. We monitor all of that as well.

Dashboards have been helpful because people can go and look for themselves how their systems are running. The requests for us to go look at something have gone down because people can go and do it themselves.

It is important for us that Splunk Infrastructure Monitoring has end-to-end visibility. Developers and those types of teams can look at and troubleshoot any kind of issues quickly.

Splunk Infrastructure Monitoring has helped reduce our mean time to resolve, but I do not know how much. We just help as needed, but for the most part, it is just the teams going in there and looking at things themselves.

Splunk Infrastructure Monitoring has helped improve our organization’s business resilience.

Different teams can see a lot of different aspects of what is going on. They can see network traffic. They can see applications, and they can see hardware peaks and performances. They can see everything they need.

We could see the value of Splunk Infrastructure Monitoring within a couple of weeks of implementing it.

Dashboards help the application support teams to have a quick look at how their systems are running. It helps other teams as well.

They can get more integration with a few more products.

They can also update some of the dashboards that are in there now.

It is pretty good in terms of the ability to predict, identify, and solve problems in real-time, but there is always room for improvement.

I am in a new role. I have been there for two months. That is as long as I have been using it.

It is very stable. It is good.

Its scalability is great.

It is very good. I would rate them a nine out of ten. They are usually pretty helpful and knowledgeable.

Positive

We have it on-prem, and we also have a cloud instance. Our cloud provider is AWS. We do not monitor multiple cloud environments.

Deploying it was pretty straightforward. We just had to make sure that we were getting the logs right and setting the apps right. That was pretty much it.

We have seen an ROI in terms of manhours and less work for everyone.

I have always used Splunk.

I would rate Splunk Infrastructure Monitoring a ten out of ten. It is great. It is much better than a lot of other products, so it is definitely up there.