Splunk Cloud Platform Reviews

I use the Splunk Cloud Platform for security monitoring. My company is a technology company with over 40,000 employees.

The Splunk Cloud Platform offers easy data ingestion and a user-friendly interface for product teams, particularly for straightforward log shipping.

Splunk Cloud Platform offers easy integration due to its robust and well-documented APIs. These allow seamless integration into existing pipelines and other products and the flexibility to create custom integrations as needed.

Splunk Cloud Platform helps access data for compliance and privacy regulations. While some manual work remains, it assists with meeting compliance and regulatory requirements, especially regarding logging, reporting, and monitoring, solidifying its position as the industry standard.

We pull in information from cloud resources like AWS and Azure, and we just recently got into GCP. Just pulling data directly from there was a little bit easier than trying to do it from on-prem. We can now do that a little easily.

We have a lot of cases where business units that were not even in Splunk got compromised for whatever reason. We could get security logs from those and import them directly, more quickly, and easily with Splunk Cloud. We have had several use cases directly with that. In our company, we do not monitor logs from laptops. We have had issues with users getting compromised on our laptops. We could get the data logs from there.

I also use it to monitor my universal forwarders so that I can see what versions they are on. We had CVEs coming out on the universal forwarders. We had to replace them. I have dashboards to keep track of our progress as we are migrating and upgrading all those agents.

The biggest, heaviest use of Splunk Cloud Platform for us right now is people going and looking at our firewall logs to find the denies and to find out which firewall is being blocked. We are a medium-sized company. We are so segmented with all the PCI and SOC 2 compliance audits that we have. We have segmented everything. We have so many firewalls that there is always another firewall down the line that is blocking. The firewall team is in there every day and all day long, and then we have other teams that go in there to see if the issue that they are having with their app is a firewall issue or not.

I have done health checks several times now, and those have been very valuable in getting more information about what is going on in my platform. There are also recommendations on what is going on in my environment. Sometimes when it says something, I already know that, and when I explain why, it knows that I am aware of it. It knows that it has to be that way for compliance reasons or there are certain break glass accounts that we have to have in case our Okta is offline. It points out things like that. 

One of the things we had to do was find out how much Splunk on-prem was costing us because we had so many different groups. We had the storage group, and then we had the hardware team. The indexers and the search heads were physicals. That was being handled by the data center teams, which bought all the hardware, and then we had the virtual servers. Everything else was virtual. That was still owned by us, which is fine, but then we had storage, so we did not know the full cost. As I am trying to migrate from one data center to another, the teams do not want to buy. They do not want to migrate hardware. They want to buy new hardware, which, of course, is a cost to their department. They are a group but not our group, so we wanted to go to Splunk Cloud. We had to first find out how much the total cost of Splunk was for our company so that we could show that moving to Splunk Cloud was going to save the company money, which it did. It saved at least a million dollars a year. We are oversized in some areas, and we are running pretty close in the other areas. It is saving us money in the long term.

We monitor multiple cloud environments. We have data in multiple clouds. We have AWS, Azure, and GCP, as well as our own on-premise that is technically a cloud or our own personal private cloud. We are a cloud customer for our clients. We are in four different environments. It has been fairly simple to monitor multiple cloud environments using Splunk Cloud Platform. The documentation and the TAs have been updated and tell you which piece is what. You see no difference between a client ID, tenant ID, a secret, a key, and the tokens. That has been very handy. We had an incident where there was an S3 bucket somewhere, and one of our teams was unable to communicate with the Cloud Infrastructure team. It was set up as a file share only instead of another type, which was not available in the TA. That was not an option, so that became a challenge. We had to work with them, and they basically had to rebuild that bucket because you cannot just add it as a function to that bucket. They made a whole new bucket and put the logs in there. That was a challenge, but other than that, it has been very smooth and easy. We have had teams that had incidents. They took all the data and put it into an S3 bucket, and it took that right in.

Splunk Cloud Platform has helped reduce our mean time to resolve because they can get the data in faster. I have even automated things. We have a Python script. I can take CSV files and send them to the endpoint and just pop them with all the data they need to do their evaluations, such as if they went to bad sites. They can see all that information. I can get that in quickly. With on-prem, I could do that, but it had to run through so many hoops because of the PCI requirements that our company has. It is still PCI-compliant, but it is just so much easier to work with. I know we have had mean times of 60 days. We are reducing it to one or two weeks now, so it is getting a lot better.

Splunk Cloud Platform has helped improve our organization’s business resilience. That was something with which I have had issues with the on-prem. I have had issues with an index. It could be a hardware issue, a software issue, or an OS issue. By having Splunk Cloud Platform, everything has been a lot more stable. I do not have as many worries or problems there. I have fewer things. I can even troubleshoot on my side if it is a heavy forwarder. That is on me, but there are a whole lot fewer things to look at and worry about. It took away a lot of headaches.

In terms of Splunk’s ability to predict, identify, and solve problems in real-time, real-time is a touchy word because being real-time means you are indexing directly. There are a few people in my company who have or are allowed real-time access, but it is pretty close. It is pretty much within seconds. You have access to all that data, so it has been handy. I had to explain to the teams how searches work in the background. If you are running a search every 5 minutes, it sounds great, but if there is any kind of delay in the data, you can miss something, so 15 minutes is a little better, but still, you are seeing things within minutes and getting alert about them. We connect to Microsoft Teams and Slack. We are sending things to ServiceNow for the monitoring team. It is 24/7, so if they need something to watch 24/7, there is a group. They are now tied into ServiceNow, so they can get all that data right there in one place for that team, pulling it from different monitoring tools besides Splunk. It is handy to be able to just pop it all in there quickly.

The firewall stuff is huge. Everybody is in there. All day long, people are hitting that dashboard searching for firewall blocks or denies. Sometimes, they access it just to see if it is connecting because we do drop a lot of data. A great thing about Splunk is that we can drop some of the data if we need to when it is ingesting. We do not keep all the connects, but we can see whenever a connection is closed. We can see that the connection had been made successfully and then closed. We are able to see that one way or the other. We can see whether things are being blocked or it is able to connect. That information is handy now. We have a complex network, and there are times when we have routing issues. We can see that there is no route in the logs and say that it is a routing issue. They then bring the network team. The firewall is the front point for all that, but the network team has to work closely.

We use Splunk Cloud Platform to ingest data from on-prem environments. Most people have Splunk Enterprise Security running on a server, but Splunk developed the Splunk Cloud Platform to ingest the data into the cloud. It works like Splunk Enterprise, but you must download apps to get some features. Our clients are mostly large enterprises in the financial industry. 

Splunk Cloud Platform improves our visibility and decision-making. Splunk helps us meet compliance standards. It's certified for multiple standards, such as PCI, GDPR, and HIPAA.

Splunk Cloud Platform is a product I use since my company has different platforms on Splunk, like Splunk ITSI and Splunk Enterprise Security. Splunk ITSI and Splunk Enterprise Security are the two packages known as paid packages under Splunk Cloud Platform, and my company also has an ad-hoc search head. Splunk ITSI is totally related to the infrastructure monitoring that my company does, and from it, we derive the service analyzers, episodes, and alerts and see if we want to integrate anything with ServiceNow, Jira, or any other monitoring tools we have. The product can be integrated with other tools, while my company can also use its alerting feature and its ability to notify the consumers with particular alerts, so the total infrastructure is covered under SIEM, making it possible to attach to security information. My company also created a couple of use cases, like in the case of continuous resetting of a password more than three or four times, then there will be a security incident that would be created so that if any end user is doing it as malpractice, like, phishing or something, my company can detect it and inform the user that you have crossed the four limits, and there is some attack happening owing to which we need to reset the password. Based on the aforementioned process, SIEM monitoring will be handled through its application. The aforementioned areas consist of the use cases related to the tool, along with a couple of more activities, like onboarding a user onto Splunk, creating apps for them, creating dashboards, creating alerts, and creating a couple of use cases for them as per their requirements.

In my organization, Splunk Cloud Platform has improved the issue revolving around transactions. If there are any issues with the transactions, then my company notifies the end users that their transactions failed, after which they can fix the issues so that there are no issues with the transaction part, especially regarding the application availability. The tool makes it possible to fix issues without any downtime.

We use the Splunk Cloud Platform for phishing correlations, sifting through data loss prevention information in P2, and threat reporting.

The Splunk Cloud Platform has improved our observability. We can see a lot more information both good and bad, but at least we have the information.

It is important that Splunk Cloud Platform has visibility into our cloud-native environments. It comes to observability. And with the visibility, we're able to link, especially with our cloud environment, with Azure the correlations for threat reporting, correlations for account breaches, and correlations for compromised data ex-filtration that's going in and out.

Splunk Cloud Platform has improved our mean time to resolution. It stepped down our investigation times. An investigation that used to take ten minutes is now down to five or six minutes per incident.

It offers real-time threat detection by continuously analyzing incoming logs and correlations. These trigger pre-defined alerts, and any suspicious activity will be reported within five or six minutes.

Splunk Cloud has saved costs through time savings. I can focus that time on other tasks improving productivity.

We saw time to value within the first month of implementing the Splunk Cloud Platform.

Splunk Unified Platform helps consolidate networking, security, and IT observability tools. We're primarily focusing on the security area and building out the correlations. We haven't moved to the infrastructure side yet. That is something we have on our company roadmap. 

We utilize the Splunk Cloud Platform for log ingestion related to security and troubleshooting purposes.

Splunk Cloud Platform helps us with our security incident response. The cloud security logs are integrated with all the cloud providers.

The federated search feature enables us to search between Europe and the US, from one Splunk instance to another, all from a single location. This federated search simplifies how we handle data, making it easy to swiftly search for and manage information.

We monitor several cloud environments and find it easy to utilize the Splunk Cloud Platform for this purpose. Each cloud provider offers its own prebuilt dashboard, or customers can create their own.

The Splunk Cloud Platform offers excellent visibility into multiple environments. In the past, we utilized hybrid integrations, and they seamlessly worked right out of the box.

The reporting functionality provided by the Splunk Cloud Platform resembles that of the on-premise platform. It is readily available without requiring integration or the installation of reporting visualizations.

From a security standpoint, the Splunk Cloud Platform provides us with comprehensive visibility into all security logs. This enables us to implement security incident responses with great efficiency. Additionally, we have discovered that internal employees, such as product teams, are utilizing the platform as intended for various other use cases. For instance, it has proven valuable in troubleshooting performance issues and monitoring within Kubernetes. As such, we are leveraging a wide array of use cases within the company.

Splunk is a highly mature software that has been in the market for many years, which greatly influenced our decision-making process. Another factor was the user-friendly nature of the latest version, making it easy to initiate. We don't require a large workforce for installing components; it's as simple as out-of-the-box. Consequently, minimal time investment is needed for training.

The Splunk Cloud Platform assists us in accessing data to meet critical compliance and privacy regulations. For instance, this is particularly important for regulations such as GDPR and HIPAA. We are utilizing Splunk Cloud with a specific focus on HIPAA compliance, allocating extra attention to this aspect. In the case of GDPR, Splunk offers a range of built-in capabilities. For instance, it allows for log masking. Moreover, there are novel features available in Splunk Cloud, such as ingest actions. This feature is exceptionally useful as it enables us to mask the data before it's ingested into Splunk. Consequently, this approach ensures our adherence to compliance regulations, exemplified by GDPR.

The Splunk Cloud Platform has had a significant impact on our organization's security posture. It serves as our primary visibility tool and is the main source of trust for all login activities. Without Splunk, we would lose essential visibility and access to security updates. Currently, Splunk stands as one of the primary tools we utilize due to its utmost importance.

Our security team uses the Splunk Cloud Platform heavily. We index that data that is relevant to security for over a year. Most of our indexes, we only keep for 30 to 45 days. But for security, we keep it for a year here. It is an essential tool for our security team in investigating incidents and looking at the potential compromises, and exploits, of all those types of things. That's one example.

I'm one of two Splunk Engineers in the organization and almost every department uses Splunk. We create dashboards for different organizations. For example, We have temples all over the world. We produce statistics for the temples about how many people have visited each day, and how many sessions were done in different languages. That type of thing is all done through Splunk dashboards. Our missionary department has over 80,000 missionaries all over the world, statistics about what they are doing and the applications they are using are all done through Splunk.

Splunk Cloud Platform helped remove a lot of that administrative work, but also, it's much easier on the cloud for us to ramp up our SVC units if we see more demand and to be able to add more storage to our indexers. That's one thing for us as administrators that helps to be able to ramp it up quickly. When we were using Splunk Enterprise, that was a much more involved process, but now with Splunk Cloud, it's much easier to ramp that up. My partner and I are good at making sure that all of our users are using Splunk efficiently. We give them training regularly to make sure that their queries are well written, that they're not using indexes they shouldn't be, and that they're using the proper commands to be able to get the information they want. We do have to do this periodically because more and more of our users are using Splunk frequently, and we'll have to talk to a Splunk rep to increase our SVCs. For us, as administrators, that's very helpful.

We monitor multiple cloud environments using Splunk Cloud. It's been quite easy for us. We have an in-house Cloud Foundry and we use AWS and Azure quite a bit. We haven't had problems integrating or monitoring with any of those platforms. It's been great for us.

The end-to-end visibility that Splunk Cloud Platform has in our cloud-native environments is important. We do a lot of correlation across the entire enterprise. We need to have good visibility into all of our logs across all of our cloud Platforms, and in-house on-premise stuff, which we're getting with Splunk.

We use a lot of different monitoring tools, not just Splunk. We use Nagios, ThousandEyes, AppDynamics, and Dynatrace. Splunk is an important part of that. It is a mission-critical application for us. The alerts we set up in Splunk are ones we can't do with the other tools. Every one of those tools is a key piece of what we do as a monitoring team, but what we love about Splunk is that we can create alerts that we can't do with the other tools. That has helped us reduce our mean time to resolution.

The Splunk Cloud Platform has helped improve our organization's business resilience. Splunk helps predict, identify, and solve problems in real-time. What we love about Splunk is its flexibility to pull out data that we can't see in other applications or that the commercial office software has not produced itself. But through the logs and being able to adjust it to Splunk and being able to write the queries that we need to, we can pull that data out, and it helps us to be much more efficient in predicting potential problems because we know our applications well and know the red flags to watch for. We can create the alerts needed to predict when something can potentially go down or have problems.

We have seen cost efficiency by switching to the Splunk Cloud Platform. The biggest part for my partner and me is that Splunk Admins saves us time. I used to be the guy who would patch all of our enterprise indexers, servers, and distribution servers. That would take me quite a bit of time. Even though we had automated scripts that would do a lot of that, it still took a fair chunk of time to go out and do the maintenance and patching required. That freed up a lot of our time, made us a lot more efficient, and allowed us to work on other projects we couldn't do before. I do front-end development for some other products, but I didn't have the time before, and switching to Splunk Cloud has freed us up. Being able to ramp up our SVCs and storage is much easier than it was before. We had to spin up virtual servers, provision them, and ensure licensing. With Splunk Cloud, it's much faster and easier. The total cost of ownership has improved.

We use Splunk Cloud Platform for data aggregation and correlation for centralized logging and monitoring.

Splunk Cloud Platform has helped our organization reduce risk and allow for threat investigation to catch potential malicious traffic before it causes damage.