Splunk Cloud Platform Reviews

Our Splunk Cloud Platform centralizes logs from all OT assets, allowing OT business units to request various insights. These insights can include how often assets cycle down, memory storage usage, or data consumption over time. They can then configure dashboards to receive alerts based on these specific metrics.

The biggest benefit I have seen using the platform is the alerts because most of our sites are remote in the middle-of-nowhere deserts. If something goes down, they don't have direct eyes on them. Thanks to Splunk's automated alert that notifies us if something is down, we can quickly respond to it before it affects any other systems.

We do have several cloud environments that we're using because we got the Splunk Cloud Platform last month. We are integrating them all into one location, so we are still determining the ease of monitoring all the cloud environments using the Splunk Cloud Platform. Before having Splunk, it was a huge issue because we had to go to different locations. Having it all in one location under Splunk will make it much better for us.

It is important, especially for our cloud team to have end-to-end visibility into our cloud-native environments through Splunk Cloud Platform. The more visibility we have the better it is.

Splunk Cloud Platform has significantly reduced our mean time to resolve because instead of us having to go out to the site or having somebody on the site tell us a few hours later there is an issue, it could be within minutes now that we can resolve the issue. After all, as soon as it goes down, we get the logs, we get notified, and then we can immediately go in and check it out. So it is a significant amount of time that Splunk is helping us reduce for resolution.

Splunk Cloud Platform's ability to predict, identify, and resolve problems in real time has been huge, especially because our business units are operational technologies. They generate revenue for us. That's how our business stays afloat because we're in the energy sector. So If something goes down or if they want a quick dashboard, the biggest thing we're to be using as well besides the alerts is the dashboards showing how quickly we're remediating vulnerabilities and showing where they are vulnerable. That's going to be huge for the business side and will help us a lot.

Splunk Cloud Platform helps consolidate network security and IT observability tools. The cyber group gets all the alerts, but we can direct it to which person we want to send the alert to. That's good because they can go to IT, which is where we're at, Cyber, which can potentially help fix the problem, and then networking too in case something goes down. That is one of the requests is if an on-site asset goes down, the network team can see why it's off the network. So it's good that it spreads out everywhere, and whoever can help fix it can be on top of it.

Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.

The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people. 

I have been using the Splunk Cloud Platform for one month.

Splunk Cloud Platform is stable.

Splunk Cloud Platform can handle terabytes of data.

The support has always been great for the few times I have used it.

Positive

The deployment is super easy. We deployed the Splunk Forwarder file and from there, we have a batch file, a PowerShell file, and it runs in the background. The users don't even know it's being installed.

The implementation was completed in-house.

In regards to a return on investment, the metrics are the biggest thing. Data is everything. The business units enjoy the dashboards that Splunk Cloud presents. And it is quick to present them.

Splunk Cloud Platform fell within our budget so we pulled the trigger and implemented it.

I would rate Splunk Cloud Platform ten out of ten. All the applications I need are readily available in a user-friendly dropdown menu. Exploring them is a breeze, and the platform's speed is impressive.

We leverage the Splunk Cloud Platform to effectively manage the vast amounts of machine-generated data, thereby ensuring application management security compliance.

We implemented the Splunk Cloud Platform to enhance our customer experience and optimize the data storage costs. We can convert the log data into numerical data points when requested.

The Federated search helps retrieve data in a better way.

Splunk Cloud Platform simplifies monitoring across multiple cloud environments, providing real-time insights into operational flow. It also streamlines data conversion, reducing the data-driven process for the company.

Splunk Cloud Platform's machine learning and AI capabilities simplify data management and provide clear visibility into multiple environments.

The AI makes it easy to integrate with other systems and applications in our environment.

The Splunk Cloud Platform reporting provides good insight.

Splunk Cloud Platform significantly boosted our performance and cost-effectively optimized data sets, delivering immediate benefits.

Thanks to the Splunk Cloud Platform we can make decisions within the organization much faster.

Splunk Cloud Platform empowers our organization to access data efficiently, ensuring compliance with privacy and regulations through actionable insights.

Splunk Cloud Platform strengthens our security, particularly in handling complex processes.

The data management and instant search features are the most valuable ones for us, as they allow us to instantly retrieve information needed for reports and security compliance.

Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting. It has been over a year since any significant updates were added to the Splunk Cloud Platform.

I have been using the Splunk Cloud Platform for one year.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is scalable.

Splunk Cloud Platform's resilience is good.

The initial deployment was straightforward. The deployment took around four hours and required two people.

We evaluated Victoria Experience but it was not suitable for our environment.

I would rate Splunk Cloud Platform an eight out of ten.

We have around 150 users.

No maintenance is required from our end.

I recommend Splunk Cloud Platform. It helps monitor all the respective functions.

Splunk Cloud Platform was very useful for us. With the on-prem setup, we had to maintain all the servers and take care of the upgrades, whereas with Splunk Cloud Platform, we did not have to bother about that. Everything was handled by the Splunk support team.

It was sufficient for us to monitor multiple cloud environments. The visibility that it provided into multiple environments was good.

We used Splunk Cloud Platform for business processes and security. It helped us a lot. On the business side, as a banking organization, it was helpful for reports and alerts. On the security side as well, Splunk was helpful. We could see any security breach. It was also helpful for smooth operations. If any issue happened or any server was down, it automatically alerted us.

Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side.

We integrated it with other applications in our environment. It integrates well. We did not face any issues on the integration side.

The reporting offered by Splunk Cloud Platform is also good.

I faced a few minor issues with Splunk Cloud Platform. In the case of knowledge objects, even a Splunk admin does not have access to delete them.  If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects. 

Everything else was good. It already had all the features. We did not require any new features.

I used this solution for almost ten months in my previous organization. Currently, I am not using it. I last used it about five months ago.

It was stable. We did not see many issues. Any issues were on the physical servers, not on the Splunk Cloud side.

It is scalable. We had more than 2,000 users in our organization. It was being used by more than 150 departments.

Onboarding end-users was easy. I was a Splunk admin, and I was also an end-user. I could provide access to other end-users directly.

Their technical support was good. I would rate them a five out of ten because we worked in the Australian time zone, and the tech support team that we usually got did not have much knowledge. They took time to resolve issues.

Neutral

In our organization, we used multiple products. We had Dynatrace and other products, but we mostly preferred Splunk. It was more user-friendly than others, and we could search everything easily. We could create dashboards. Other products were more difficult.

It took us a long time to switch from on-prem to the cloud. It took almost four to five months.

We took the help of the Splunk team for migration, but after that, we did not take their help. We took care of onboarding and other things. It was easy. If any issue came up, we contacted the Splunk support team.

I do not have much idea about the price. We previously used 1 GB at the cost of $600. Both on-prem and cloud licenses have the same price. There is no difference. 

It did not impact the cost because the costs of the on-prem license and the cloud license are the same. We did not have any issues with that. Overall, its price is reasonable.

I would recommend moving to the cloud because you do not have to maintain physical servers and infrastructure. Everything is handled by the cloud provider. 

Overall, I would rate Splunk Cloud Platform a nine out of ten.

We use the Splunk Cloud Platform to log all the network devices, whether it's switches, routers, firewalls, wireless controllers, wireless access points, and applications such as MuleSoft or Adobe AEM. 

The team I manage is small and we don't have much time to maintain the on-prem infrastructure with patches and updates. With Splunk Cloud, we don't have to worry about patches or upgrades. It's always up to date with the latest and greatest features. That's the biggest benefit for us so far. It saves us time and headaches that come along with all the upgrades, patching, and administration of the Platform in general.

Splunk Cloud Platform has more features than the on-premise Splunk Enterprise version that we previously used. My team seems to like the GUI better.

Splunk Cloud Platform's ability to provide end-to-end visibility into our cloud-native environment is extremely important because we don't have any tool that has that feature.

It has sped up our mean time to resolve by 40 to 50 percent compared to the on-premise version of Splunk.

Our on-premises setup used an outdated Splunk version on aging Red Hat seven hardware. Upgrading would have required new Red Hat eight systems and consultant deployment expertise. By going to the cloud, we don't have to worry about hiring consultants or upgrades. That saved us time and money. The pricing that we were given was the same as renewing our maintenance and support for our on-prem version. So it was a no-brainer decision.

As soon as we migrated, my team liked the GUI because it made them more efficient. There are more functions and features that are not available with the on-premise version of Splunk.

We use Splunk Cloud primarily as a troubleshooting tool, so the most valuable features are the analysis and visualization.

Areas of improvement for Splunk Cloud Platform are difficult to say because we're still learning about the platform. I want to have the ability to process the ingestion before it is sent to the back end and Splunk just announced that the feature is coming, so now it just needs to be released.

I have been using the Splunk Cloud Platform for three months.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is easily scaled on the cloud.

The few times we reached out to technical support, they were helpful and able to address the issues.

Positive

We previously used Splunk Enterprise and wanted to stick with Splunk because we feel it is the best product. So switching to the Splunk Cloud Platform was an easy decision for us.

The deployment was not difficult. We had consultants helping us. We thought it was going to take three weeks to migrate from on-premises to the Cloud, and it took half that time. It was a lot easier than we anticipated. And we were able to do most of the work ourselves without using the consultants.

We used Bitzios Consulting to help us with the implementation.

By moving to the Splunk Cloud Platform we saved on having to hire consultants to build a new environment and install it on-premises.

The price for Splunk Cloud Platform is the same as our maintenance costs for Splunk Enterprise on-premises.

I would rate Splunk Cloud Platform nine out of ten. Splunk Cloud offers several advantages in terms of ease of use. Since it's cloud-based, there's no need to worry about infrastructure maintenance, availability, or scalability. New features are automatically available, eliminating the need for manual upgrades and potential downtime that can occur with on-premise installations.

We have AWS and GCP but are using the Splunk Cloud Platform to monitor only the AWS for now.

While we currently use Splunk Cloud, we don't have Splunk security. We plan on implementing Splunk security and that's also going to integrate with all of our Cisco equipment. For now, I can't say that Splunk's unified platform has helped consolidate networking, security, and IT observability, but soon, it will because we'll be able to have one source, one point of reference for all of our logging and security information instead of managing separate tools for different tasks. Once we implement Splunk Security, it will be one single pane of glass where we will have everything.

I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.

The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.

Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.

In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.

Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.

My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.

Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.

I think the stability is pretty good. I haven't noticed any outages.

I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.

When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.

Neutral

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.

The product's deployment phase was easy.

The solution is deployed using the cloud services offered by AWS.

My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.

I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.

My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.

In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.

There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.

I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.

I rate the tool a seven to eight out of ten.

We use it for security monitoring and application monitoring.

We monitor multiple cloud environments. We monitor AWS and Oracle Cloud. It is easy to get all the data into Splunk from our AWS and Oracle Cloud. The integration is comparatively easy when it comes to on-prem versus Splunk Cloud.

It has end-to-end visibility into our cloud-native environment, which is pretty important for us. About 80% of our infrastructure is on AWS. It is pretty important for our digital resiliency to monitor our AWS and Oracle Cloud platforms end to end.

It definitely reduces our mean time to resolve, but I am not sure exactly how much time it has reduced because as a Splunk Cloud customer, we provide our platform to our application teams. 

We have Splunk Enterprise Security and our regular Splunk Enterprise. We use Splunk Enterprise Security for monitoring all our security use cases and our regular Splunk Enterprise for application monitoring. We have our own custom digital apps that we monitor on the enterprise cloud, and all our enterprise security monitoring happens on the Splunk Enterprise Security app. There are so many custom applications that we currently support. 

We do digital transaction monitoring, so when a customer sends some money to a different customer, we monitor the end-to-end transaction of that customer when it happens on the digital platform. It is pretty important for our L1 and L2 teams to monitor that end-to-end transaction. 

With Splunk in place, we can identify the bottlenecks where transactions are getting held and immediately take necessary actions to release the transaction and reach the customer. That improves the transaction time frame. There is improvement in terms of how many analysts are monitoring how many transactions and how fast transactions are happening from end to end. It improves our performance and customer experience. It is also easy to monitor end to end transactions.

They can offer more self-service capability to their customers. Currently, most of the things happen behind the Splunk Cloud Platform. As a customer, I do not have an opportunity to see my platform. If they can offer more self-service to see the health of my endpoints and stack, it would be appreciated. 

Their support also needs improvement. I have had issues with the support team. When I run into issues, it is always hard to get hold of them and get things done with the support team. Other than that, product-wise, it is very good.

I have been using the Splunk Cloud Platform for more than four years.

Its stability is 99.5%, but I have had pretty bad incidents in the last couple of years. Last month, we had an outage for the whole day. Support-wise, I am not happy.

In typical cloud infrastructure, you can add your EC2 on demand based on the load of your customers, but with the Splunk Cloud, that is not the case. They assign a fixed number of searches and indexes. They have named it as a cloud, but it is still an on-prem instance sitting in their cloud, so in terms of scalability, I do not see much advantage with Splunk Cloud because, at the end of the day, you get approval from your Splunk account team or a management team to add a new instance into your cluster. 

The support that we get from Splunk is not always great. Whenever we have issues, we have to chase them to get the answers. When we have an incident, identifying the root cause of that incident with the Splunk Cloud support team is always a pain. The Splunk team should improve their customer support experience. I love the product, but the only issue is getting support. I would rate them a three out of ten.

Negative

We had IBM QRadar, and we moved from IBM QRadar to Splunk Cloud. Cost-wise, Splunk is a premium solution. We pay more, but we get a better experience with Splunk Cloud Platform. It is easy to manage. There is a better user experience. When it comes to identifying issues, it is pretty easy with Splunk. Cost-wise, we have not saved much, but in terms of resiliency and digital experience, we get a lot from Splunk.

We get a lot of capabilities with Splunk Cloud and Splunk Enterprise Security. We also do application monitoring, and we wanted to embed both solutions into one. That is the whole reason we got Splunk.

We have a bunch of tools, not just Splunk, in our ecosystem. Splunk is one of our tools for monitoring purposes. We have other tools for alert management, global alert repository, etc. In our ecosystem, Splunk serves the main purpose of detecting and bringing the issues to our analysts to resolve them. Splunk plays a vital role.

I was initially involved in the whole migration process. We used to have the Splunk on-prem instance, and only application teams were utilizing it. We bought the Splunk Cloud Platform, and we merged both the application and security into the Splunk Cloud Platform.

Cloud deployment is pretty easy because you do not have to manage any of your infrastructure. They take care of that. 

We could see its time to value in roughly one year to sixteen months. We started the migration and moved to the cloud, and in a year to sixteen months, we could see a return on investment.

The ROI is in terms of the mean time to resolve the issues. We could do all of our security monitoring and enterprise security. We integrated security monitoring with our SOAR platform. We have so many L1 and L2 teams using Splunk day in and day out to monitor the transactions. They definitely have more visibility and reduced mean time to resolve the issues. They can identify an issue pretty fast. 

Currently, we have the ingest-based license. They are offering SVC-based licenses as well, but I am not a fan of SVC-based licensing. At the end of the day, I want to predict my budget and how much I am going to pay to the vendor so that I can plan my yearly budget.

I would always suggest going with the ingest-based license because you can control how much you want to ingest. It feels like you will be paying less when you switch to SVC-based licensing, but this is not true because you cannot control your users and what kind of searches they want to run. If you go for that, you will need a whole lot of manual effort to control your users.

We evaluated Elasticsearch. We evaluated Exabeam. We evaluated one more solution. Among all the solutions in the market, Splunk is the best.

The good thing with Splunk is that you can search your data across all the indexes pretty fast. The way the processing language works with Splunk is awesome. Most of my analysts can search the data as quickly as possible, whereas, with the other solution, there was always a lag while searching for data. With Elasticsearch, you have very limited capability to search across the whole platform. It is very easy with Splunk. The secret sauce of Splunk is the way they index the data. That is the main difference between Splunk and its competitors.

I would rate the Splunk Cloud Platform a nine out of ten. The product is good. The only issue is the support.

The primary benefit that I get from attending the Splunk Conference is to be able to see all the new features that Splunk is releasing and how to use them and implement them in my infrastructure, platform, or ecosystem. I also get to know how other organizations are using Splunk to solve their use cases. Another thing is that we have so many vendors utilizing Splunk as their base and building so many new products. I visited one of the booths, and I was very impressed with their booth. They are doing all the content validation, security validation, and simulation of attacks. They are using their tool, and they have integrated it with Splunk. They are bringing all the data into Splunk to showcase how to maintain the hygiene of the content. That impressed me a lot. When I attend Splunk conferences, I get to see how others are utilizing Splunk as their base and building new tools out of that. It gives me some ideas of how to implement it in our organization. Of course, we cannot implement everything, but at least we can see the best fit for our platform.

I use Splunk on my phone, on-premises, and for the automation tasks that we carry out.

We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft. 

Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk.

We create a dashboard. We are able to monitor everything from that dashboard. 

Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.

The automation is the main advantage. When we need to search for data, as engineers, it's very easy.

I like that it's an independent cloud platform. It can work with AWS or Azure. 

Its monitoring is completely automated. We do not have to put in other engineers just to maintain Splunk. It maintains itself, and it's very user-friendly. For the dashboards to be created or any sort of code that we want to do with Splunk, we can do it by ourselves. We do not need to have separate resources so it is very cost efficient. We do not require many people; it's resource-efficient as well.

We do use the federated search feature and find it helpful. Earlier, it was hard to withdraw data. We'd have to maintain it. Now, Splunk does it for us. It's a very time-efficient service. It's made a huge impact on automation. We can grab data in real-time any time we need to.

The solution integrates well with other applications and systems in our environment. 

It could have a more efficient UI. If they could integrate more AI and make search more efficient so that other people can access and use it, not just engineers, that would be ideal.

It needs to mature; it's just getting established in the industry on a wider scale. 

The API still needs some enhancements from a post-performance point of view.

From a monitoring point of view, Splunk is doing very well. However, if they could provide a post-provisioning aspect. Right now, we have to install a monitoring tool while we are post-provisioning every virtual machine. If they could be a provider that precluded having a virtual machine being created or provisioned, that would be ideal.

Alerting could be faster. Sometimes the actions that happen take some time to reflect on the Splunk dashboard. There is still latency. Especially when you work in a multi-cloud environment, you deal with a lot of regions. They still need to focus on availability across regions. 

They need to have some security enhancements. Most users are using it with other single sign-on features like Okta. If they had their own SSOs that would be ideal. we'd be able to work independently. Right now, we have to log onto the virtual machines then move to Okta, then go to Splunk. 

I've been using the solution for somewhere around a year or one year and a half.

The stability is okay. Sometimes it goes down. I have not witnessed that as I do not use it continuously after the deployment. The resiliency is good. I'd recommend it four out of five.

Everyone in the company uses Splunk.

The scalability is very good. It's extendible.

I don't directly deal with technical support. We have a dedicated team that would work with Splunk.

Generally, my understanding is that if we have a query, we raise a ticket. There may be a separate portal or mailbox we can access as well to get assistance.

We previously used Qualys. We switched mainly due to the costs involved. We also didn't want to migrate our resources to it. We simply wanted a monitoring tool, which is why we chose Splunk. Splunk in comparison is really cost-efficient. 

I was involved in the deployment of the solution. 

Whenever a new resource or a new agent comes into the picture, in an organization, it's always complex. I don't blame Splunk for it, or my firm. It's like two pieces of a jigsaw puzzle and it's the developers who need to cut the pieces. It works really well as of now. 

The deployment took somewhere between six to eight months.

We did need a lot of resources or staff members for the deployment. We have a vast infrastructure. We have a dedicated team inside as well who manage incidents and tickets using platforms like ServiceNow, and we still have a lot of resources dedicated to maintaining Splunk. The number of resources that are required to maintain it is more than the number of resources we use for development, actually.

How many people you need depends on the region. I work for Asia and North America. So for us, it was not much personnel. We needed four to five people in the development. There were somewhere around ten to fifteen people working on different parts.

About 90% of the deployment was handled in-house.

I'm only aware of general pricing terms, however, they have enterprise agreements as well. I can't speak to the exact cost. It's reasonable, from my understanding. I'd rate the affordability seven or eight out of ten. 

Evaluating other options would be a task reserved for the highest management personnel at our firm. I was not involved with that process.

We aren't using the solution across all cloud platforms. We use Azure. However, we would have the flexibility to gather insights from others. We just don't use that particular capability.

Right now, the solution does not affect our decision-making. It's still a very new platform. We're not relying on it completely. It's a work in progress. We need some time with it, to build up trust with it. Splunk is great so far, however, we still need more time and it needs more of a presence in the market.

Right now, in terms of compliance and privacy policy regulations, we limit the features that are not compliant with us. However, they are very flexible. We just use the features we can and block the ones that are unnecessary.

It hasn't had an impact on our security posture. We have very detailed security layers and several processes and teams. We haven't had any real use cases for Splunk. It hasn't actively blocked anything. We already have what we need in place. 

I'd advise new users to check if this solution is reliable from a security point of view. Talk to Splunk about the cost as well. Splunk is really convenient for that. And whenever you deploy it in your infrastructure, make sure that the cloud providers or the on-prem solution that you are using are compatible with Splunk. We had issues in that some features that we were using in the cloud were not compatible with Splunk. So we had to make a lot of changes. That is something anyone who is trying to deploy Splunk needs to check - compatibility.

I'd rate the solution seven out of ten.

My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards. 

We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.

Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline. 

For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.

According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.

The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

Alert scheduling, dashboard creation, and log monitoring are the most valuable features. 

Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

For monitoring security logs, it's the best tool.

I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.

I have been using Splunk Cloud for more than three years. 

It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.

It's deployed across multiple locations.

It does require maintenance. It depends on what Splunk vendor is being used.

The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.

Overall, I would rate the solution a seven out of ten, with ten being best. 

All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.

I would recommend it to others.