What advice do you have for others considering Splunk Cloud Platform?

We also use Splunk SOAR in addition to Splunk Cloud Platform. My overall review rating for this solution is 9 out of 10.

My impressions of the visibility into cloud, on-prem, and hybrid models while using Splunk Cloud Platform are that there are no challenges. It is more that you want to know about the language for searching on the cloud. I already told you about the SPL language, for Splunk and for the cloud. If you have the knowledge about how to manage and search in the cloud, it is very easy. I am in the learning phase. It is new to me right now, but I am still learning.When I compare Splunk Cloud Platform with other solutions or other vendors, I compare it with Microsoft Azure Sentinel. They are both cloud platforms. Compared to Microsoft Sentinel, Splunk Cloud Platform has a good area. Microsoft also gives a very wide area, such as Defender XDR, connectors, and threat intelligence. It is also the same in Splunk, but I prefer the Splunk one compared to Microsoft Sentinel because it is very easy to use. In Sentinel, there are many roles and responsibilities for reader, contributor, and responder. However, in Splunk Cloud Platform, we can additionally give admin tasks or role-based tasks to the SOC analyst role. It is very easy for a SOC analyst to handle. For others looking to implement Splunk Cloud Platform, my advice would be to go for it. First, you have to do the pilot deployment. Second, you have to learn the SQL language for Splunk Cloud Platform because it is very important to learn. If you do not learn that query language, the SPL search processing language, you cannot find or do threat hunting and investigation for alert analysis. You can follow the investigation chart, such as a process tree, analyzing the IP, and verifying the IOC with the PF. Most effectively, learn the SPL language. If you learn it, you can easily handle Splunk Cloud Platform. To be a ten out of ten, when I compare Splunk Cloud Platform with others, Splunk Cloud Platform is leading the market. Our sales team is also going to tell customers to go for Splunk Cloud Platform because we are pushing Splunk only. We get the SIEM tool and cloud in one platform. We did not have to find a different way to store the logs or storage on another AWS cloud. As our organization's option, we are also pushing clients to use Splunk Cloud Platform as a cloud and SIEM tool. It is beneficial for us and for them. Splunk Cloud Platform's cloud is AI, so I can say ten out of ten. However, there is one issue: when our storage limit is crossed, they directly charge higher. From a charging point of view, it is about cost and AI. If there is an improvement, or if they give some discount to our organization, such as we are using two hundred GB per day, but if on any day we exceed that limit, they charge our organization a higher amount. They charge high. I would rate this review nine out of ten overall.

My experience with Splunk Cloud Platform's app ecosystem shows that it is not very difficult to use, and once you understand the basics, it becomes straightforward. The SQL queries are easy to understand and write. For first-time users, it might seem confusing at first when searching logs or creating dashboards, but after some practice, it becomes much easier. The setup of Splunk Cloud Platform is simpler because Splunk manages updates and infrastructure, allowing users to focus more on monitoring alerts and investigations instead of server maintenance. My perception of using native models over third-party integrations in Splunk Cloud Platform's environment is that integrating third-party tools or platforms with Splunk Cloud Platform provides a mostly smooth experience. It supports many integrations such as AWS, Microsoft, CrowdStrike, and other security tools through APIs, and we also use add-ons. The initial setup can take some time, especially for permissions and log configuration, but once we connect, data collection and monitoring become much easier and more efficient. We have integrated with many third-party solutions, such as AWS, Microsoft Azure, CrowdStrike, Google Cloud, Microsoft Defender, Palo Alto firewalls, FortiGate firewalls, Cisco firewalls, and other security or monitoring tools. These integrations are usually done through APIs, add-ons, or log forwarding, with various types of forwarders available, such as heavy forwarders and universal forwarders. They help teams collect data, monitor activities, automate alerts, and improve security visibility from a single platform. My impression of the solution's visibility into multiple environments, including cloud, on-premises, or hybrid environments, is that Splunk Cloud Platform offers very good visibility across all these environments. It helps monitor logs, security events, applications, and network activity from different platforms in one centralized dashboard, making threat detection faster and more efficient in our environment. Regarding Splunk Cloud Platform's zero-setup feature for AI models, it uses AI and machine learning features for security analytics, including anomaly detection and automation. Splunk User Behavior Analytics uses machine learning to detect abnormal user and entity behavior, and the Splunk machine learning toolkit helps create machine learning models for forecasting, anomaly detection, and data analysis. These AI features help our organization and IT team automate investigations, detect threats faster, and reduce false positive alerts while improving monitoring. The zero-setup feature for AI models affects my ability to deploy AI solutions by providing a flexible setup for deploying AI and machine learning solutions. It supports integration with other third-party AI tools and cloud services, making it easier to develop and deploy AI-driven security and monitoring use cases. Future features including the Splunk Machine Learning Toolkit and AI assistant help create predictive analytics and anomaly detection with less manual effort. My advice for teams considering Splunk Cloud Platform is to plan data ingestion and use cases properly to avoid unnecessary costs. Start with important log sources and build dashboards and alerts gradually. Understanding SPL queries through integration with cloud and security tools will help get the best value from the platform. Proper tuning and monitoring are also crucial to reduce false positives and improve SOC efficiency. I would rate my overall experience with Splunk Cloud Platform a 9 out of 10.

I will give advice to others looking to implement this product that if you have more than one TB of data, then this product is helpful. Other than this, this is mainly a SIEM solution. It will help for security use cases. It is mostly designed with a lot of AI features and threat intelligence available. This is very helpful for the people who are looking for security solutions because there are a lot of intelligent dashboards available in enterprise security and it will give you a full map of your company where the data is flowing. You can collect the data and put it in Splunk Cloud Platform and you can see visually. This will give you raw things to visualization. So it's good. For Splunk Cloud Platform, we are using cloud, so visibility is less. I can say that because I don't know where my indexer is or where my data is getting stored. It's in the cloud, it's secure, and it's managed by Splunk and Cisco. It's a trusted thing, but we don't know where they are storing or what the things are. We just have one URL, which is a search URL and we are using that. Visibility is less, very less in the cloud. For the integration capabilities of Splunk Cloud Platform, we don't need to go anywhere. Splunkbase is there. Whatever, let's say tomorrow I'm purchasing a new product, Fortinet or any product. I just need to search 'FortiGate add-on Splunk' or 'FortiGate app for Splunk'. I can browse that on Google Chrome and I can easily find one of the apps that is built already. For Okta, there are default apps. Whatever product you think, there is a default app available on Splunkbase. We just need to simply download and install in Splunk Cloud Platform. That's it. It will work. We can integrate other solutions with this with the help of this app in Splunk Cloud Platform and we can get the data and we can visually see these things. I give this product an overall rating of 9 out of 10.

I would rate Splunk Cloud Platform an eight on a scale from 1 to 10. I give Splunk Cloud Platform an eight because the licensing is expensive and can become complex. My advice to others who are considering using Splunk Cloud Platform is to take into account the learning curve, the implementation curve—which are both quite steep—and the licensing costs, so that it doesn't consume their entire budget. Since I'm installed in the cloud, I can only speak about the cloud when it comes to the visibility that this solution provides. I am not using the AI solutions at the moment, so I cannot comment on the zero-configuration functionality for artificial intelligence models in Splunk Cloud Platform.

The aforementioned examples are the best ones to highlight regarding positive outcomes about how Splunk Cloud Platform has helped my organization or my customers. My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly. My impressions of Splunk Cloud Platform's visibility into multiple environments, including cloud, on-premises, and hybrid are very positive. It excels at monitoring across these environments and provides high capabilities, especially strong in centralizing visibility. This is facilitated by effective cloud monitoring alongside mature on-premises monitoring, all visible in a unified dashboard for SIEM use, supporting massive scales and deep forensic investigation across all these monitoring types. My impression of Splunk Cloud Platform's zero setup feature for AI models is mixed, as there have been a couple of problems. Data is never standardized among organizations, leading to different log formats and inconsistent field naming. Therefore, AI cannot understand the data without mapping it first. Moreover, there is a need for context rather than just raw data, and integration remains unavoidable. Splunk Cloud Platform's zero setup AI concept feels more like a marketing idea than reality, as it requires careful scrutiny in enterprise environments. The main blockers noted remain related to data integration and standardization. My experience with Splunk Cloud Platform's application ecosystem is that it is easy to manage for small and simple environments, as management involves just installing the application and configuring the data. However, for enterprise environments, management becomes really complex when dealing with multiple applications and teams, especially in larger organizations or heavily regulated industries including financial services and banking, where governance is stringent. Splunk Cloud Platform scales extremely well at enterprise and hyperscale levels with some cost and architecture considerations. It can ingest almost limitless data and scale impressively, but higher data volumes present challenges, including costs, poor data hygiene, slower searches, and operational complexities that arise even in cloud environments. Despite these challenges, Splunk Cloud Platform scales extremely well technically; however, in real-life enterprise contexts, the main scaling limitation is not infrastructure but rather cost, data volume discipline, and query efficiency. In comparing native models to third-party integrations within Splunk Cloud Platform's environment, I find that native Splunk scores high in integration quality and stability. However, it lacks the customization and innovation speed found with third-party options. Native models require very low maintenance effort, which contrasts with the medium to high maintenance needed for third-party applications. Each model has its advantages: the native model excels in core SIEM engines and performance-critical workloads, while third-party models handle data ingestion for external systems and industry-specific applications effectively. Therefore, a hybrid approach, leveraging the reliability of native capabilities with the flexibility of third-party applications, is ideal. Splunk Cloud Platform's subscription model significantly impacts financial planning for data platform investments by being quite complex and opaque. The licensing and subscription model are tough to decipher initially, largely due to the relationship between ingestion levels, data scaling, and the associated costs that increase with usage. Customers usually find that as they scale, their expenditure rises, with no clear set cost available when they first begin using it. Splunk Cloud Platform is a market leader known for its strengths in enterprise-scale log analysis, advanced security monitoring, complex event correlation, and deep search capabilities. It is also highly customizable, making it an excellent choice for organizations unperturbed by cost and seeking a cloud-native design, especially if they have a SOC environment and a large IT estate. I would rate this product a nine out of ten overall.

I think the app ecosystem for Splunk Cloud Platform is robust, and managing updates within this app ecosystem is relatively easy. Splunk Cloud Platform's visibility into multiple environments offers excellent monitoring capabilities, whether I am using it in the cloud, on-premises, or in hybrid environments. I leverage it primarily for cloud infrastructure. Regarding Splunk Cloud Platform's zero-setup feature for AI models, my impression is that it is truly innovative and simplifies the integration of AI into my workflow, although I have not used it extensively. Regarding the pricing, I think Splunk Cloud Platform is on the higher end, but the value it provides justifies the cost. I would rate this product an eight overall.

Visibility with Splunk Cloud Platform is very good. We do not use only cloud because we have a heavy forwarder at our end that will forward the data. This is a hybrid deployment on our end. If you have on-premises only, then everything is on you. With on-premises, we have full visibility of the environment, including what is indexer and what is search head. However, in the cloud, we do not know where this is deploying. They are saying that they are deploying only on AWS. If something goes wrong with AWS, then our full Splunk Cloud Platform goes down. For enterprise on-premises, we have full visibility and can see what is affected and other details. Visibility is less in cloud and more in on-premises. I have not tried that feature. My overall rating for this product is 9.

We are a customer in our relationship with the vendor. We have not used the machine learning tools yet. The integration with third-party applications is pretty good. We have integrated our mail application into Splunk Cloud Platform. Whenever the alert comes, we get to know and we can work on it 24/7. We highly recommend Splunk Cloud Platform. If you are working with any data or any APIs from any logging system, or any log you have to track, Splunk Cloud Platform is a very good platform to work with. The overall review rating is 9 out of 10.

When assessing the effectiveness of the search capabilities in Splunk Cloud Platform, I notice that searches are slow, which is the main disadvantage of Splunk, but the rest is really great and the most mature. The alerting mechanisms in Splunk Cloud Platform are configured as well as possible, so you can get all the information that you need. They are really great. As a certified Splunk Architect, I consider Splunk the best solution when comparing it with competitors including Elastic, Sumo Logic, Datadog, and Microsoft. Regarding integration with third-party tools, Splunk provides federated searches, allowing you to search data even without integrating Splunk with other features such as AWS or data lakes. This is separate pricing, but it is still possible and works really well. However, the downside is that you need to buy additional SOAR if you want to automate certain things such as blocking an IP or user or removing a user or revoking their session. Approximately thirty to forty people work with Splunk Cloud Platform. Splunk Cloud Platform is hosted on Splunk Cloud, though this is a tricky question since we also have on-premise Splunk installed in the cloud of client infrastructure. I am discussing only Splunk Cloud Platform here. My advice for Splunk is that it is the best SIEM solution for me. Based on your needs, you will need a POC. It is good enough for small, medium, or enterprise clients, but you will also need to invest in people who need to learn how to write searches and work with the solution because it is not easy. If you have appropriate people, it will be worth its cost. The learning curve for Splunk Cloud Platform depends on which level you want to achieve, but the downside is that most of their really good trainings are not free, so you will need to invest in learning. I give this review an overall rating of ten.

The advice I would give to others looking into using Splunk Cloud Platform is to plan multi-tenant indexing and role-based access control earlier to ensure secure data separation. I would also tell my peers to leverage SOAR and ITSM integration from the start to automate incident response and reduce manual effort. I would rate my overall experience with Splunk Cloud Platform as an eight out of ten.

We do use Splunk Cloud Platform's alerting mechanism. We have set up hundreds and thousands of alerts for different use cases. For example, if any of the data sources stop the ingestion or the volume has been relatively quite down, we have set up alerting for that. It creates a ServiceNow incident that falls under our team's responsibility and sends an email as a notification that this alert has been triggered, such as when XYZ feed has gone down or the data from XYZ feed has decreased up to 80% or 70%, whatever the threshold set. We definitely use all the different alerting mechanisms and alert actions provided by Splunk Cloud Platform. Whenever we see a situation where we don't want to be reactive, we attempt to do a predictive analysis of the data ingested in our Splunk Cloud Platform. This analysis depends on an alert-to-alert basis. For instance, when talking about a data source going down, if the situation arises, we should be triggered at a threshold of around 80% decrease. In that situation, we keep a buffer of 10% and alert ourselves to notify at a 70% decrease in the feed so that we can take preemptive measures to ensure that the feed comes back online before the situation escalates. In terms of machine learning, we are using the Splunk-supported machine learning toolkit that also has new features for artificial intelligence. We do use them for outlier detection and predictive analysis in terms of different alerting we have enabled in our environment. To predict trends in our data, the example I shared previously involves understanding if the volume is going down or not. We do this using the machine learning toolkit itself. We have our data ingested into Splunk Cloud Platform, and each index and source type has some dedicated volume getting ingested daily. We create an average of the total volume ingested over the past 60 days, 45 days, and 90 days, and then we identify the volume ingested yesterday. We compare it with the average of the last 45 days and try to detect any deviation. All of this is part of the machine learning toolkit application itself. That's how predictive analysis and outlier detection work, and we're using that in our daily operations as well. With different vendors, there is no problem having Splunk Cloud Platform integrated with them. For example, we already have our alerting enabled so that whenever any alert gets triggered, an incident is created in ServiceNow. I have also worked on integrating Jira and other different Atlassian products with Splunk Cloud Platform. It's user-friendly and straightforward to integrate Splunk Cloud Platform with different vendors without much issue. For any organizations looking to configure Splunk Cloud Platform, I believe it's a simple process. It's just important to stick to the fundamentals and understand how Splunk Cloud Platform operates. The documentation is quite clear. One notable advantage of Splunk Cloud Platform is the Ingest Processor and Edge Processor, which help optimize data before feeding into Splunk Cloud Platform. We've seen a reduction of around 40% to 60% in the total volume ingested using efficient data pipelines. We provide services for optimizing data pipelines and feeds, and those tools can be quite helpful. But if you're looking to configure Splunk Cloud Platform for on-premises servers, downloading the universal forwarder package from the Splunk Cloud Platform search head is all you need. I would rate this product a 9 out of 10.

We have clients that use Splunk, but we do not use Splunk ourselves. As a person with deployment experience, I find it difficult to answer the question about implementation because we are obliged to have a platform. There are many platforms, and the implementation is not simple, but we have no special difficulties with Splunk. We think that integration of Splunk Cloud Platform with third-party tools is easy to implement.

In my opinion, there is room for improvement, as we used to raise multiple issues via the process, but they pick them up slowly, and the response times are not as prompt as we would like. Regarding how Splunk Cloud Platform's ingest and visualization features help improve my data reporting, I have some insights on dashboards, but from a fully comprehensive perspective of data flow and ingestion, I haven't been hands-on that much. As an admin, I have worked on the infrastructure side of it, so I am unable to provide thorough feedback on that. I would rate Splunk Cloud Platform an eight out of ten overall as a solution for our organization.

I am currently working with the solution, but I need to know from which NNTT. The interface is okay; its interface is good, and user interface is good. I would recommend Splunk Cloud Platform to other users and organizations because it adds value to the organization; you can do different things with it because it's a pure analytical tool, not only a SIEM tool. I am mostly focused on Splunk Cloud Platform because I chose this vendor due to the feature set that was offered by Splunk Cloud Platform; it was not being offered by any other vendor. Splunk Cloud Platform is the vendor I am referring to, not NNTT. Maintenance for Splunk Cloud Platform has been done manually, not automatically. Usually, one person takes part in maintenance. Regarding the number of users for Splunk Cloud Platform, it involves discussing the number of organizations or the number of people working in those organizations. In general, I would rate Splunk Cloud Platform a nine.

Splunk Cloud Platform is not impacting a lot of decisions. But if we write very good reports and dashboards, then we can derive insights from them for leadership to make concrete decisions on. So we have to do the legwork to get that output. While Splunk Cloud Platform may not be a significant factor in decision-making, generating high-quality reports and dashboards can provide valuable insights for leadership to take concrete action. However, we must dedicate ourselves to the necessary work to produce those impactful outputs. I would rate Splunk Cloud Platform a five out of ten due to its gradual decline over the last few years. While I would have rated it an eight out of ten four years ago, its performance and features have deteriorated, leading to my current lower rating.

I rate Splunk Cloud Platform eight out of 10. I would recommend this product.

I have no major gripes other than some detailed grievances, so I would rate it an eight out of ten.

New users should focus on the Splunk free courses. They are an excellent resource. If you are a customer, you should take up the search and reporting classes. That is probably going to be what 99% of people are using it for day to day. If you are a sysadmin user or someone setting up the instance, there are free classes for managing licenses and ingesting data. I would highly recommend them. The free classes are a great start, and if you think it would be valuable, take some of the paid classes as well. They are incredibly detailed. When it comes to security, we definitely have a stricter attitude when things are going to the cloud because they are not fully in our control. Going to the cloud is always a little bit scary, but we have put in a refined approach for the data going into Splunk. I have not made much use of federated search. I have come across it, but it is not something I have leveraged. I would rate this solution a seven out of ten. What it does, it does well, but I do have qualms with it here and there. There are obvious features that are missing from time to time, but I am happy with what is there.

I rate Splunk Cloud Platform nine out of 10. I recommend ingesting data into the cloud if possible. Even if you have an on-prem environment, it still helps to ingest data into the cloud.

Splunk Cloud Platform has improved our company's incident response time. For example, if any event is ingested into Splunk, within less than a minute, we trigger an incident to the end user based on the assignment group in ServiceNow. There are many benefits attached to the tool in the areas of machine learning and predictive analysis. In Splunk ITSI, there is predictive analysis, which can be used for protection with the alert capabilities, especially if there is an alert storm coming up. My company can directly detect particular alerts from the trail to the attack and notify the end user about it. With the machine learning toolkit, my company does anomaly detection with the help of Splunk SIEM platform. With Splunk ITSI, my company does predictive analysis. The aforementioned area covers the two different platforms my company uses, along with two different approaches and the tool's machine learning capabilities. My company interacts with our consumers. For example, if I am a consumer of Azure products, I would want to onboard all the data from Azure, even if it consists of user data. I recommend that more space be set on a particular index so that Azure data can be used. My company has all data related to Azure about its users and the changes if you have a license or if you have Azure Event Hubs, including any other things that it may have. I recommend more space in Azure, but if it is a network-related application like Aruba, I recommend that it has a little bit less space compared to Azure. The scalability of Splunk Cloud Platform can impact our company's data management, though I recommend the space required for a tool based on the use cases. I am aware of the federated search features in the product. If a search is not running up, then my company needs to check whether any permission related to the search has any issue or if anything is going wrong, after which my company needs to check and fix those searches. I have not used much of the tool's federated search features. My organization monitors multiple cloud environments with the tool's help. It is easy to monitor multiple cloud environments using the product. For example, if my company takes into account Splunk ITSI with service analyzers, then we define how one service is related to GCP. One service will be under the cloud services offered by Azure, while another service will be related to AWS. My company can divide the services based on locations and KPIs. My company monitors the total locations of the cloud so that we can get more insights from the service breakdown, which is why I recommend the use of Splunk ITSI. I used to work more with Splunk ITSI, a reason why I recommend it to others, as it is easy to understand and handle, even if you have 1,000 or 20,000 applications. With Splunk ITSI service breakdown, it is very easy to handle applications. The visibility of the tool in multiple environments can be explained with the help of an example, where, if my company considers Splunk Cloud Platform, the visibility will be less compared to what we get from Splunk Enterprise. Splunk Cloud Platform is totally managed by Splunk's support team, so if anyone needs to do anything, my company needs to raise a request for a change in the tool, though we can modify a couple of services, like a couple of applications using ACS, which was introduced by Splunk. With ACS, if you want to update, create a token, or modify anything from the HEC token information, you can do it with the particular services offered by the solution. Considering the aforementioned area, I recommend that 30 percent of the work be done with ACS, and 70 percent of the work needs to seek assistance from Splunk's support team. Our company handles Splunk Enterprise, and we have 100 percent visibility on it compared to Splunk Cloud Platform. The integration of the product with other services is possible. I have integrated it with ServiceNow, Jira, Slack, and Microsoft Teams, and I can say that it has been okay till now. It is good to integrate Splunk Cloud Platform with other tools. If we take a cloud service like GCP into consideration as an example and say that it is not working properly, then there will be an incident directly assigned to the support team based on the integration with ServiceNow. If you want to notify all the consumers in a scenario where GCP is not working properly through particular notifications with Slack channel particular notifications, then one can inform all the thousand consumers in a particular company about it, and it is possible with a single integration. My company uses the tool for alert reporting. For example, if the top management of an organization is looking for the availability of websites, especially a couple of websites that are critical to their applications, then my company monitors such applications with the data in the report from the last thirty days or seven days, to ensure that availability of a particular website is 100 percent. If anything goes wrong as per the reports from the previous seven days, then the availability is reduced to 80 or 95 percent, which is based on how much time it was down, and it will be then notified to the consumer or top management, stating that the availability got reduced, and how there is need to fix a couple of applications in the back-end so that the availability can be increased. The top management will be made aware of the things that have been going on for the last seven or forty days. In general, a report is good for notifying the top management or consumers so that they can make decisions or check if their licenses or server capacity needs to be increased. With the alerting report feature, my company can be confident that the top management or consumers know about a particular issue in the tool that we can fix as soon as possible, but there will be a cost involved in doing so every time. If the consumer or top management is aware of the issues in the tool with the help of the alerting report feature, then they can make a decision. I am currently not aware of how the product has an impact on decision-making. The product has helped my organization with data compliance and privacy regulations since we were able to set up the terms and conditions with Splunk. In general, it is good when it comes to the terms and conditions revolving around the security part. Maintenance is required to upgrade the applications, so we need a downtime of no more than fifteen minutes. The product offers value in terms of resilience. Whenever my company faces difficulties, it is the solution we use for all our monitoring purposes. In terms of the extensibility of the product, I feel it is a good solution. Everything is supported by Splunk support, though it may take some time to find and resolve certain issues. If Splunk's support team resolves issues within a certain time frame, I can provide a nine out of ten rating for Splunk's technical team. Splunk Enterprise is totally handled by our company, so I can give it a nine out of ten. I recommend Splunk Enterprise to others, especially when compared to Splunk Cloud Platform. If any notifications are needed, it can be done with no downtime, and it can even be completed within a week. If we want Splunk's support team to do the same aforementioned procedure for our company, then it may take a little bit more time. I rate the overall tool a 7-8 out of 10.

I would rate Splunk Cloud Platform eight out of ten.

I rate Splunk Cloud Platform 8 out of 10. I would definitely recommend Splunk to others.

I would rate Splunk Cloud Platform a nine out of ten.

I would rate Splunk Cloud Platform an eight out of ten. We have around 150 users. No maintenance is required from our end. I recommend Splunk Cloud Platform. It helps monitor all the respective functions.

Splunk Cloud Platform is a really good tool for getting alerts and better information about incident management and maintenance. Because of the solution's complex setup, most alerts are set by developers or people who create multiple unnecessary alerts, creating alert fatigue. Compared to other systems, like Dynatrace, Splunk Cloud Platform is not a smart system for analyzing alerts. As a project manager, I oversee the process of contacting the concerned parties, knowing what needs to be monitored and why they need the alerting mechanism. I was not directly involved in the scripting and adding Splunk Cloud Platform in the back end. As business requirements change, Splunk Cloud Platform needs maintenance in terms of setting up different parameters, which is not an easy task. Everybody uses the Splunk Cloud Platform in a different way. I would advise users to share their experiences about technical difficulties in the forums and community. Sometimes, others might go through the same problem without much documentation, and sharing your technical problems might help others. Overall, I rate Splunk Cloud Platform a seven out of ten.

I would rate Splunk Cloud Platform an eight out of ten. There are numerous tools that offer real-time reporting and alerting capabilities. Splunk is indeed effective, but due to the prerequisite of registering logs beforehand, a delay is inevitably introduced. Therefore, while Splunk is suitable for real-time reporting alerts, it may not be as optimal as some alternative solutions. Resilience has added value and contributed to the improvement of our organization. This is highly significant. In most cases, the SOC team relies on the tool for issue mitigation and ticket resolution. Therefore, it is crucial for Splunk to remain consistently up-to-date and respond as quickly as possible. This holds immense importance. The extensibility is good, but there is room for improvement, especially in integrating certain logs. Enhancing the process of incorporating raised logs is possible. In most cases now there are limitations on log creation. Previously, a direct option existed to import logs. However, this process has been altered, requiring users to develop an add-on for log integration, leading to increased complexity. Furthermore, users are expected to have knowledge of Python. This can be problematic in cases where users lack such expertise. Therefore, this aspect could certainly be enhanced. For those who want to evaluate Splunk, it comes down to the volume of data. If they are dealing with a substantial amount of data flowing into their SIM, Splunk would be the superior option. Splunk effectively manages extensive datasets in comparison to other technologies. It also offers numerous additional functionalities, such as an enterprise security suite, assets, and identity framework. Moreover, it has undergone industry testing and has been employed in the field for a considerable duration. In contrast to other organizations, they provide a wealth of features.

We aren't using the solution across all cloud platforms. We use Azure. However, we would have the flexibility to gather insights from others. We just don't use that particular capability. Right now, the solution does not affect our decision-making. It's still a very new platform. We're not relying on it completely. It's a work in progress. We need some time with it, to build up trust with it. Splunk is great so far, however, we still need more time and it needs more of a presence in the market. Right now, in terms of compliance and privacy policy regulations, we limit the features that are not compliant with us. However, they are very flexible. We just use the features we can and block the ones that are unnecessary. It hasn't had an impact on our security posture. We have very detailed security layers and several processes and teams. We haven't had any real use cases for Splunk. It hasn't actively blocked anything. We already have what we need in place. I'd advise new users to check if this solution is reliable from a security point of view. Talk to Splunk about the cost as well. Splunk is really convenient for that. And whenever you deploy it in your infrastructure, make sure that the cloud providers or the on-prem solution that you are using are compatible with Splunk. We had issues in that some features that we were using in the cloud were not compatible with Splunk. So we had to make a lot of changes. That is something anyone who is trying to deploy Splunk needs to check - compatibility. I'd rate the solution seven out of ten.

I would rate Splunk Cloud Platform a nine out of ten because it does a good job at what it does. I wish I could use the mobile app, but the rest of it works very well. The best value that I have received by attending Splunk conferences is finding out new things that I can do with my own job. Most of the time, it is disappointing because a lot of the new features have new applications that we have to buy, and I have no say in the purchase of new applications. However, there have been some new improvements in the applications that we already have, and I come for those updates. I am able to see if the new features in the existing applications are more useful to me.

Its ability to predict, identify and solve problems in real time is looking promising. We're looking into it now. I would rate Splunk an eight out of ten. It has a lot of features and enables us to focus only on our applications and logs. I don't need to worry about the infrastructure behind it. The best value I get from attending Splunk conferences is getting experts' help for specific use cases.

I give Splunk Cloud Platform a nine out of ten. Monitoring multiple cloud environments is never easy. We are looking forward to new features from our cloud partners, such as AWS Security Data Lake, Google, and Microsoft. These features will make it easier to integrate our cloud environments. Splunk Cloud Platform is currently the best solution for collecting data from multiple cloud environments. AWS has five million different ways to export data, and we need to use all of them to collect all of the security and IT-related data. Splunk supports all of these data sources. A year ago, I would have said that Splunk needed automated response, an easy-to-detect, easy-to-run, and manage business analytics platform, a user and entity-based business analytics platform that is integrated within the product, threat intelligence, and a current dashboarding tool. Splunk now has all of these features. A year ago, Splunk's competitors had these features, but Splunk did not. Splunk has since acquired or developed these features in-house. Very little in Splunk's product is not tightly integrated into the current releases. If someone is starting from scratch, meaning they are just rolling out a new security solution, and they do not choose Splunk, they are making a mistake. Splunk provides so much of everything that it is the best choice for most organizations. We perform daily maintenance on the solution. I advise new users to find someone who knows Splunk. Even a good technical person will not be able to do this on their own. They are not going to train them on day one. Good technical people who know Splunk are valuable assets, so they should seek them out and get them on the project.

I would rate Splunk Cloud a 6.5 out of 10, but plugged on time, I would give it 8.8 out of 10. The maintenance of Splunk is a bit difficult due to the time-consuming tech support. I would recommend Splunk. I cannot compare Splunk with any other SIEM solution because I have worked with many different solutions and logarithms, like the ManageEngine Endpoint Central, and Wazuh. I have used Splunk for two years and I can see Splunk as really the best SIEM solution that can be used for work. I totally recommend it even though I gave some negative feedback, it's because I am coming from a product perspective. We have to also take into consideration the security perspective. I am not talking about only visibility in which they should take a lot of care, but the way the solution is handling and even manipulating the data. This is the most valuable thing.

I rate the solution a five out of ten. The documentation available could be improved.

A company that wants to leverage Splunk should understand its environment first - including the organization, the network infrastructure, and the overall infrastructure. Then, based on requirements, they should go ahead with any SIEM solution. Splunk is kind of an expensive tool to have. Therefore, the company should be clear about what requirements they have, what they need, and whether they want to use Splunk. It is very crucial to understand your requirements and your network or your environment first before going ahead. I’d rate the solution eight out of ten. Overall, it's a good tool. It's a very intelligent tool. It definitely depends on how you are going to use it. However, I love the product. I love Splunk. I want to learn more about it as much as I can.

I rate Splunk Cloud eight out of 10. It's a good solution that can index data in a short time. That's one advantage of Splunk over other solutions. However, the support isn't good, and you can't customize the Splunk interface.

We've got a version of Splunk Cloud. I'm not sure of which version. I'd advise users to get more professional service days. You get five professional service days with the product, when you buy the license, usually. Definitely get at least ten more. You need to have some strategy before. You definitely need a strategy. Before you do your PS days, definitely have a look at your strategy and make sure you've arranged your questions rather diligently. Based on how you think you're going to use the system, where you are where you want to be, just box them into separate parts - security, infrastructure, and monitoring. It's going to make life a lot easier when you talk to consultants as the consultants are very, very knowledgeable. However, you need to ask the right questions. I'd rate the solution ten out of ten.

I recommend this solution for any company that has the money to buy it and rate it eight out of 10.

The solution is deployed on-cloud. I would recommend the solution to others since there are a couple of companies with many clients that are looking for Splunk Cloud, with which they are familiar. We must consider client demands when it comes to attracting projects. Even in India, most of the companies employ Splunk Cloud as the most prevalently used SIEM solution. Then comes QRadar, which is easier. So too, Splunk is less cost-effective than QRadar, although it is more in demand. There are a couple of companies with call centers that request Splunk Cloud. I rate Splunk Cloud as a seven out of ten.

Advice-wise, I do not really have much to say to potential users considering the solution as something to apply as an end-user. My job role is data organization so it might not be appropriate for me to give these opinions. This seems to me to have more to do with system functionality. But from my side, I am good with the product. Interface-wise, I think the product is good. Security-wise, it is all approved from the CSOs (Chief Security Officer) perspective. Enhancement-wise, we have to put in a lot of effort. The end-users who are working with the solution should know SQL. If they lack training in SQL, there will not really be a use case for them. Whatever the use cases we had for Splunk, we were able to make it work. Cost optimization is the only thing that needs to be reconsidered. On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall around seven, or somewhere between six to eight. Six to eight so make that around seven-out-of-ten.

I would rate Splunk a nine out of ten. The queries and pulling out the exact reports is a little challenging. I get complaints about it. I would like to see more reports or default out of the box reports. That would be more useful, useful, and then people can avoid writing inquiries.

My advice to anybody who is implementing Splunk Cloud is to dedicate the time and resources required to learn it and use it. Investigate the features. I would rate this solution a seven out of ten.

I feel that Splunk Cloud is good as it is. It is the best tool on the market. My advice to anybody who is considering this solution is to start now and don't wait. Every day that you wait, you can be wasting time and money. I would rate this solution a nine out of ten.

Overall, I find that Splunk is pretty good. It is a very mature product and I can see that compared to when I used to five years ago as an end-user, they have been improving in every way. The interface is something that has become more user-friendly over time. When there is something missing, it is handled by another product from the vendor. For example, if you need to add predictive analysis then you use Splunk Phantom. There are many other SIEM tools on the market, such as IBM QRadar and ArcSight Logger. Splunk is comparatively more expensive but it has many features and good functionality. I definitely recommend it. I would rate this solution a nine out of ten.