Splunk Observability Cloud Reviews

We are using the Splunk Observability Cloud for monitoring purposes and troubleshooting, and we are using that infrastructure in real time, in which we have infrastructure monitoring, application monitoring, log observer, and RUM synthetic monitoring. For troubleshooting purposes, we are installing the open telemetry collector agent on some of the servers, including Intel, Windows, and UNIX servers. 

I have also worked on the agent upgrade from version 0.103 to 0.1113, which is ongoing right now.

We are also using the dashboards and detectors in Splunk Observability Cloud. For client needs, we are creating dashboards, reports, and detectors as well. For the detectors, we mostly work on host-down situations. When a server is down, we troubleshoot using the detector infra host down and identify the root cause of the failure, such as why it was down or not reporting to Splunk Observability Cloud. We find out the root cause by using that detector when the alert gets triggered and cleared.

We use the tracing features in the Splunk Observability Cloud, primarily for application performance monitoring. It helps us figure out service maps for root cause analysis. It provides visibility and helps address blind spots in data collection.

Splunk Observability Cloud offers a transparent, customized tool with real-time visibility. We use AWS, ReactJS, Python, and Java for tracing. It helps create customized dashboards and service maps based on customer requirements. It has AI that automatically generates visualizations, allowing us to create more reports based on customer needs. My seniors are primarily working on creating dashboards, reports, and for monitoring purposes.

Their technical team is performing well. About a year ago, Splunk Observability Cloud was slow and lacked features compared to now. It didn't provide exact details for any searched server in the metrics, but the situation has improved significantly, and we can now retrieve complete data on when servers were down or up.

The best features in Splunk Observability Cloud are the metrics; I can see any logs or anything related to the server or services we want to monitor, and the metrics are a good function. It provides exact details. It offers unified visibility for logs, metrics, and traces.

In Splunk Observability Cloud, I notice room for improvement in synthetic monitoring. It does not provide output based on server names. It only gives a response when we input a URL. I'm not sure if this issue is specific to my organization, but it would be beneficial if server details could be retrieved directly in synthetic monitoring.

I have been using this solution for two years and two months.

I would rate its stability an eight out of ten.

I would rate its scalability an eight out of ten.

Around 100+ users access Splunk Observability Cloud in my organization, including the cloud SRE team, Windows Intel team, Linux team, and AD team.

My client base primarily consists of enterprise financial services.

If any issues arise, we can raise a vendor case, and resolutions are provided in a timely and accurate manner. 

In my organization, we also work with Sentry, Datadog, PagerDuty, and Dynatrace. Splunk Observability Cloud offers more features than Datadog, which also provides APM monitoring, log observer, and metrics, but does not match the feature set of Splunk Observability Cloud.

It is a bit complicated. For deploying Splunk Observability Cloud, we first need an access token, after which we connect to our AWS Cloud account and provide the access token. We must set up CloudWatch or AWS Lambda and forward the metrics or logs from all sources to AWS.

The implementation took about 45 days.

The return on investment varies based on requirements; for smaller tasks, we can leverage our team's capabilities effectively, so I can estimate around a 20% efficiency gain.

Currently, we are providing outputs to clients within the required time frames. If a client requests any dashboard, logs, APM monitoring, or synthetic monitoring, we have been able to deliver output on time, achieving approximately an 80% efficiency in response.

Splunk Observability Cloud is expensive.

For operational performance, we created monitoring within the Splunk Observability Cloud for most servers with agent installation. We upgraded the open telemetry collector from version 0.82 to 0.103, then again to a newer version, enhancing visibility and use cases, especially after the upgrade, which has improved operational purposes.

My impressions of Splunk Observability Cloud for focusing on business-critical initiatives are positive. I manage six tools, but Splunk Observability Cloud is one of my favorites, and I aspire to build my career specializing in it because it has great features, more attention in the market, and is a relatively new tool with promising growth.

I would recommend Splunk Observability Cloud to other users for its accurate data fetching, dashboard creation, report generation, and synthetic monitoring capabilities.

I would rate Splunk Observability Cloud a nine out of ten.

We primarily use Splunk Real User Monitoring to analyze performance bottlenecks and application transactions. It allows us to see how applications are experienced on the user side, making it easy to capture any bottlenecks or performance issues.

The most valuable features include user time tracking and the ability to analyze application load times. Splunk provides advanced notifications of roadblocks in the application, which helps us to improve and avoid impacts during high-volume days. It is very useful for identifying performance bottlenecks.

It would be beneficial to have more enhanced features with capabilities to adapt more integrated applications. Improvements in dashboard configuration, customization, and artificial intelligence functionalities are desired. There is room for improvement in customer support due to delays and standard feedback responses.

I have been working with Splunk Real User Monitoring for almost two years.

In terms of stability, I would rate it a nine out of ten. It is a very stable solution.

Splunk Real User Monitoring is definitely scalable. I would rate its scalability a nine out of ten.

Technical support is rated an eight. There is some delay in their in-depth responses and standard answers to questions.

Positive

I worked with Splunk alongside Dynatrace. Before Splunk, I did not use any other services.

It takes about an hour to set up the client for real-time monitoring.

We have a separate team for deployment, consisting of about three to four people.

We have achieved a return on investment between 10% to 20% as it helped in removing roadblocks, which could lead to more savings with wider usage.

Splunk is a little expensive, however, it is in line with the current market pricing. I would rate the pricing an eight on a scale of one to ten, as it reflects the going rate in the market.

I would recommend this product to other users because of its capabilities in monitoring and analytics. 

I rate the overall solution eight out of ten, considering the comparison with other products like Dynatrace.

The main use case with Splunk Observability Cloud is to capture the logs from the SD-WAN in order to check the health of the network and the flow of data from different sources to the central place.

The best feature of this product is the latency and processing of all the telemetry that is being received, which gives full visibility at the right time. 

One cannot protect and operate what they don't know. When there is this observability, it helps to see exactly what is present, the problems that may exist, and hence, it increases digital resilience by having proactive actions ahead, which increases the availability of the service.

The teams have utilized the ability to enrich data with custom metrics, as this enrichment is one of the key aspects used to have a clear understanding of which assets are being attacked, enabling necessary actions to be taken. The data has been enriched by adding customized information from customers' databases from different sources.

The pricing would be one area for improvement.

I have used the SIEM solution since 2019 and have had experience with Splunk Observability Cloud for the last year.

I would rate their customer service and technical support an eight out of ten.

Positive

I work for SI, and we deliver to different organizations based on their requirements. We are responsible for implementation, so we implement and they see the value out of it.

Splunk Observability Cloud has improved the operational performance of our clients.

It is expensive.

The AI component is one of their strengths; currently, most competitors are moving in the same direction. As SI professionals, we are seeing different improvements in the AI domain for different products, and they are at the leading edge with many vendors following them.

My overall rating for Splunk Observability Cloud would be a seven out of ten.

We use the solution to monitor and calculate the number of systems, applications, and DR sites we have. Then, if there is any problem, we can detect the information on which server belongs to which application. This really helps us.

We have seen 28% to 29% optimization and performance with Splunk Infrastructure Monitoring. You will know the moment you see any anomaly in the system, the server, or the infrastructure. The solution has given us more visibility not only from the infrastructure or server point of view but also from the network perspective.

Splunk's GUI and dashboard capacity are the most valuable features of Splunk Infrastructure Monitoring.

Compared to Microsoft Azure, Splunk Infrastructure Monitoring can ingest all the log sources. You can ingest all the data in one single source. Then, it accumulates the data, calculates internally, and gives you the right information you're looking for. Splunk Infrastructure Monitoring is the optimal solution, where you can see everything on one screen.

Our organization monitors multiple cloud environments, including GCP (Google Cloud Platform) and AWS (Amazon Web Services).

We're all completely dependent on Splunk's end-to-end visibility into our cloud-native environment to see everything, including any incident that comes.

Splunk Infrastructure Monitoring has helped drastically improve our meantime to resolve, detect, and investigate.

The solution has helped reduce our mean time to resolve by 28%, which is a huge number. We aim to reduce it by 30% to 37%, but that would definitely require some AI concept and new enterprise security. That's our plan for next year.

Splunk Infrastructure Monitoring has helped improve our organization's business resilience. The moment you receive an incident, you have full visibility. You can go deep into the investigation, do threat hunting, and find the root cause analysis. That's the visibility and performance we look for in enterprise security solutions like Splunk.

Splunk's unified platform helps consolidate networking, security, and IT observability tools. When you have multidimensional solutions and a multi-cloud environment, you have specific applications for finance and patient care. You can see everything consolidated in one solution.

DevOps and GRC compliance solutions come into one solution, and visibility extends. That gives you confidence, and we build trust with the business. Businesses are confident when they're going outside. Because we have full visibility, we provide that trust to the patient and my health care entities that we are safe.

The utilization of the use cases is not available. You need to write custom out-of-the-box use cases. There's no standard use case available where you can see the utilization of the number of use cases I have. For example, if you have 200 use cases, do you know if you are utilizing all 200 and if they are actually clicking at the right time?

If I can work 20 use cases out of 200, it is 20% utilization for the use cases. So, I'll focus more on 20% and try to optimize them based on my business requirements rather than focusing on 200.

I have been using Splunk Infrastructure Monitoring for six years.

The solution's scalability is marvelous because we can just add on. We are currently using two TB, and the solution gives us the flexibility to add an extra 500 GB next month.

Sometimes, we face technical difficulties because of the limitations of the connectors. Integrating Splunk with post-relational databases like InterSystems is challenging because such applications or databases are not very much publicly exposed. The technical team faces a lot of challenges when integrating because they need to write some custom connectors to integrate the data.

We have some clinical applications specific to a particular specialty, and you have different applications and databases for that. For that, you need to write custom connectors. Sometimes, the technical team lingers on and passes the time because they're also exploring.

I rate the solution's technical support seven and a half out of ten.

Neutral

We previously used a different solution called RSA. We switched to Splunk because RSA was not providing the latest changes and many of the upgrades we were expecting. Also, a lot of functionality we were expecting, like XDR, optimization processes, and connectors, was not available. We used RSA for four and a half years. RSA had performance issues, and a lot of use cases were not met because it was an old solution.

We had a system integrator who initially helped us integrate and deploy the solution. They helped us to deploy the solution, and we take their help to develop any new use cases.

We have seen a return on investment with the solution. Our KPIs have become smooth. When we have more visibility, our KPIs definitely increase. We can easily measure meantime to detect and meantime to resolve. You will definitely be up to the mark when your incident response capability increases. Our performance has increased. Our IT environment and DevOps team have more visibility and are more transparent now.

The solution's pricing is costly. We're now looking for a cloud version that would have a completely different pricing calculation.

Splunk Infrastructure Monitoring has use case capability, visibility capability, and performance. It also has a vast dashboard capability that no other solution currently provides. There are many solutions in the market, but Splunk stands out separately. With Splunk Infrastructure Monitoring, you can correlate data and ingest any kind of data with your connectors. Flexibility is another important functionality of Splunk.

Overall, I rate the solution an eight out of ten.

Splunk is primarily used for log monitoring, where I collect all my security logs, system logs, and application logs into a centralized place. This helps me customize my monitoring models.

Splunk has provided me with a centralized platform to manage multiple features. Instead of using various products, Splunk offers everything in one solution, which adds value to my organization.

The most valuable feature is the ability to customize dashboards based on my queries or any other customization I may need.

I'm still experiencing some features of the product. However, in future updates, I would like to see more predefined monitoring query solutions, which could be more effective.

I have been using Splunk Synthetic Monitoring for almost five years, primarily focusing on log monitoring.

Overall, the product is stable, and I would rate it an eight out of ten.

For scalability, I would give it a nine out of ten.

Technical support is good but could be improved, particularly concerning the time taken for ticket resolution.

Neutral

The main reason for choosing Splunk over other products is its comprehensive capabilities and flexible customization options. It is widely used and provides cloud solutions.

The initial setup was quite straightforward, and agent installation can be done quickly. However, the entire setup process might involve multiple people due to organizational policies.

The implementation process involved around five to ten people due to our organization's processes and need for multiple approvals.

Using Splunk has saved my organization about 30% of our budget compared to using multiple different monitoring products.

Splunk is a bit expensive since it charges based on the indexing rate of data. However, considering the features it provides, the pricing is quite affordable compared to other monitoring solutions.

Overall, I would recommend Splunk to anyone seeking a monitoring solution, thanks to its extensive capabilities and features.

I'd rate the solution nine out of ten.

The main purpose of using Splunk APM is to optimize our application. We use Splunk APM primarily to understand how the application works, how it uses resources, and its response time in connection with different infra services. It is mainly used for application optimization and reviewing third-party application dependency response times.

Splunk APM helps us to identify long-running queries and long-running functions or methods, as well as third-party dependencies that are not responding on time. We are easily able to see the error or trace it. A developer can easily find out the issue without having to dig into the application.

We normally do not use the Tag Spotlight functionality, but our developers use this functionality when we are trying to dig into the logs. It helps to search the data that we want to see. It helps to troubleshoot the actual problem and visualize the data. We can see how the error is coming and how many reports are coming.

Splunk APM has helped us to optimize the application performance, find out when third-party services go down, and monitor our application within our SLA. It allows us to minimize our downtime. We can send timely notifications to our users. It mainly helps us to optimize application performance, and secondly, we are able to generate alerts based on the data that we receive from Splunk.

Splunk APM helps us to find errors immediately and resolve them. We are able to find some of the errors within five minutes. It minimizes the time to identify errors. There are about 30% to 40% time savings.

The best feature is the service map that they have. I have used multiple APM solutions such as Datadog and Elastic. They have a service map, but it does not work like Splunk APM. Splunk APM provides a holistic view of the application. Unlike other APMs, Splunk's service map is quite effective.

We suggested they provide an alert based on insert services. We told them that they have all the data, so why not have an alert on the insert service? They took feedback from us and added that feature. That feature helps us identify if any third-party dependent is down.

There is room for improvement in the alerting system, which is complicated and has less documentation available. We sometimes encountered issues in setting up alerts. The custom detector could be more simplified to assist system engineers in setting up alerts with ease.

We tested Splunk APM last year and officially started using it this year. It has been about a year.

Splunk APM is stable. I would rate its stability a nine out of ten, as it delivers on its promises.

We have not had to scale it. Our clients are medium enterprises.

The support is responsive, though it could use some improvement. In the past, we contacted their support about a feature. They did respond to us, but they did not explicitly inform us about the feature's absence. Instead, they directed us to try various resources or articles. They did not have a clear answer. I would rate them a five out of ten for customer service.

Neutral

Before using Splunk APM, I used Elastic APM and Datadog. Splunk APM is better than them. Splunk's service map and support for our existing libraries were significant reasons for the switch. The previous vendor required library updates that we could not accommodate, but Splunk supported our existing setups.

The initial setup of Splunk APM was easy and straightforward. It took around a week.

It appears to be expensive compared to competitors.

Splunk APM is suitable for enterprise solutions, particularly for those deeply involved in technical business. The service map and overall stability make it a robust choice for such needs.

I would rate Splunk APM a nine out of ten.

We use the solution to do a lot of email checking. We also use the tool to monitor different embassies, server IPs and some of the teams.

Splunk Infrastructure Monitoring has helped our organization tremendously. We have onboarded Splunk for the last four years, and we have 30 to 40 contractors who use Splunk daily. The solution has helped not just a small organization like ours but the whole DOS (Department of State).

The solution monitors attacks or unauthorized access to the information we want to protect. There is a dashboard called ISSO that monitors pretty much everything worldwide. We also monitor almost 300 embassies and consulates.

The solution's machine learning deployment is hard and should be made user-friendly. Even if a team doesn't have a data scientist, they should be able to use the machine learning toolkit for monitoring purposes. The solution should include more algorithms and SPL commands that people can use.

I have been using Splunk Infrastructure Monitoring for four months.

We haven’t faced any issues with the solution’s stability.

Splunk Infrastructure Monitoring is highly scalable. We were able to do monitoring and some of the advanced analytics.

I have not contacted Splunk's technical support. We have contacted our account manager for issues, and she's been awesome.

We have different vendors who do deployments, which is different for the government than regular businesses.

We have seen a return on investment with Splunk Infrastructure Monitoring regarding the kind of threats we can identify.

Splunk Infrastructure Monitoring is an expensive solution.

Our organization monitors multiple cloud environments using Splunk Infrastructure Monitoring, which works well. This is the only tool we use, and we aren't considering moving or having additional tools.

It is important for our organization that Splunk Infrastructure Monitoring has end-to-end visibility into our cloud-native environments. Our job is critical and very sensitive, so having end-to-end visibility is really helpful.

Splunk Infrastructure Monitoring has helped reduce our mean time to resolve. Looking at the solution's dashboards has helped tremendously because we don't have to look at the individual index or events.

Our business is different from that of a private organization, and Splunk Infrastructure Monitoring has helped improve our organization's business resilience. The machine learning toolkit allows us to do clustering, and we have a couple of deployments on the clusters. That has helped cluster different events based on their critical or security threats.

We have seen time to value using Splunk Infrastructure Monitoring.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools. We don't have to integrate Splunk with a different tool and worry whether those two will integrate. Having everything in one platform helps us create dashboards, alerts, and monitoring tools in one place.

Overall, I rate the solution an eight or nine out of ten.

We utilize Splunk APM for security purposes, monitoring all transactions within the organization to prevent potential attacks. Additionally, we leverage Splunk APM to analyze application logs, gaining insights into application behaviour and facilitating a reduction in Mean Time To Resolution should any issues arise in the production environment.

OpenTelemetry provides more accurate information about an application by combining views from the customer perspective, infrastructure metrics, and application-specific data. This holistic view enables full telemetry observability, allowing us to analyze and strategize effectively for our company or clients.

Once configured correctly, the analysis reporting the Splunk APM provides is better than that of the other APM tools. Once the correct fields are defined, we can create different report dashboards.

Splunk isn't an ideal tool for application performance management due to the extensive setup required. It necessitates various configurations to gather diverse information from applications, networks, or other sources. Creating the right tables and defining the appropriate fields to extract comprehensive data involves a significant amount of setup within the tool. Managing this process can be quite challenging. However, once configured, the collected information is invaluable, although not easily manageable.

Splunk falls short compared to other APM tools such as AppDynamics or Datadog. It does not collect online information in real time and relies heavily on log files. Unlike Datadog, which collects real-time application behaviour data like CPU, memory, load, and response time, Splunk requires additional configuration to obtain similar information. This makes using Splunk for APM purposes significantly more difficult compared to the automatic data collection capabilities of AppDynamics or Datadog.

I have been using Splunk APM for more than a decade.

Splunk APM lacks scalability, requiring the administrator to constantly monitor or create specific alerts to ensure sufficient disk space, CPU, and memory for data collection and transaction processing. This results in a tool that is challenging to manage and costly to maintain.

Splunk support is responsive and provides quick resolutions when tickets are opened. Their service has left a positive impression on me.

Positive

The initial deployment is complex, requiring the definition of the switch, storage, correct host, and working with certification. This necessitates at least one expensive specialist, costing approximately $5,000 per month to hire and work with our team.

Splunk APM is expensive. Even before we begin, we need substantial infrastructure investment to collect comprehensive logs. For example, to gather log data, we must create specific tables in Splunk, starting at 50 gigabytes. In a cloud environment, this storage requirement becomes very costly.

I would rate Splunk APM six out of ten.

Cisco recently acquired Splunk, and its roadmap for the coming year includes incorporating aspects of Splunk into AppDynamics. Cisco's intention behind combining these two tools is to showcase its commitment to open telemetry and comprehensive observability to the market and its customers.