Splunk Cloud Platform Reviews

My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards. 

We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.

Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline. 

For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.

According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.

The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

Alert scheduling, dashboard creation, and log monitoring are the most valuable features. 

Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

For monitoring security logs, it's the best tool.

I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.

I have been using Splunk Cloud for more than three years. 

It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.

It's deployed across multiple locations.

It does require maintenance. It depends on what Splunk vendor is being used.

The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.

Overall, I would rate the solution a seven out of ten, with ten being best. 

All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.

I would recommend it to others. 

The primary use cases of Splunk Cloud Platform are security log monitoring and compliance.

The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go. Splunk has multiple features, but the cloud feature comes with that. It is built for a smaller organization, but that's how organizations grow. The solution is good for a new budding organizational group.

Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS.

I would like to see more integrations because integration is related to bringing in more data. More integrations would increase the visibility and customer's point of scope. Customers are initially tied to one platform and stick to it because of its feasibility. Integration becomes a major challenge when they want to bring in different solutions.

Once they have different integrations from Splunk, they need not worry about security, things to monitor, or what compliance they must meet. Everything will be physical, and integration will bring in a lot of things.

I have been working with Splunk Cloud Platform for one and a half years.

Splunk Cloud Platform is a stable solution.

Splunk Cloud Platform's technical support is good. The support's technical capabilities are always great because everyone who is capable joins in and contributes. However, at a high level, we understand there is always a gap in automation. We have process automation that can be resolved or detected by customers.

The flaws in our cloud can be fixed. We can send an integration update to the customer and tell them that you must fix this so everything works fine. For a download-compatible system, you can update an older heavy forwarder version to a newer version to grasp the maximum out of it.

Positive

I have worked with a lot of other products, but not as a cloud solution. I have designed cloud solutions for other products like what Splunk currently has. I have worked with IBM, which has its own cloud platform, cloud monitoring solutions, and security solutions. Similarly, we have other market solutions that will act as a security solution, but they are in different behaviors. We have designed one for other customers, which monitors other cloud and hybrid solutions.

Splunk is currently at the top rating because I haven't explored other ones. I started exploring Microsoft Sentinel, which is a good competition for the Splunk Cloud Platform, and it's a healthy competition. I would like to see a very light-flavored source solution integrated with the Splunk Cloud. Once people start tasting source solutions, they will surely explore them more because that's how hunger is created. Other solutions already have the source solution in them. For example, Sentinel has its own source solution, which they give as an integrated part.

Splunk Cloud Platform’s initial setup was quite easy.

The Splunk team was involved in the solution's deployment.

Splunk Cloud Platform's pricing is a little on the higher end. When smaller organizations start their journey of onboarding log sources or security solutions, they think Splunk is quite worth it. But when they start growing, they feel it's quite eating up their budget on security. So, it is fine for smaller organizations. It all depends on how the discounts are provided.

Splunk Cloud Platform is used in our customer's company. The solution is deployed on the Spunk Cloud in our organization.

Splunk Cloud Platform is a very good product in the market, and you can use it wisely. Compared to other products for the cloud solution, you can use Splunk Cloud Platform for a wide range of tools. Splunk Cloud Platform is the best product to onboard for a new startup or a working good industry with a very small number of people. You don't have to sit in an office and work. You can work it from anywhere and integrate the log sources. That's how easy it is.

The cloud is not for a bigger organization. The one which is sitting in the environment can be used. For example, if you have one terabyte of ingestion per day, that is not what we expect a bigger organization to ingest on a cloud. It would become quite expensive to store, manage, and process.

It is good for smaller organizations because they have around 25, 30, or 100 GB of ingestion per day. If you want to grow bigger and bigger, you can use a hybrid model. If that model is available, that would be great for bigger organizations. For example, the cloud is integrated into the cloud, and on-premise is integrated into data centers. That should work fine.

Splunk does the solution's maintenance. From our side, the local integration material has to be maintained as per the cloud instance. It all depends on the customer. If the customer is fully on the cloud, it should not be a problem. We still have to upgrade heavy forwarders, universal forwarders, and deployment servers. However, the rest is taken care of by Splunk itself.

Our customers monitor multiple cloud environments, which are distinguished in their environment. It is integrated in a different format and not directly integrated. Monitoring multiple cloud environments using the Splunk Cloud Platform’s dashboards is quite easy and reliable.

It's a standard thing. I don't know about other comparative tools, but the first time I used Splunk Cloud Platform, it was quite good enough and can be used for the current organization.

I rate Splunk Cloud Platform's integration with other systems and applications in our environment a seven to eight. This is an average rating where you can see that the growth still has to be achieved. Splunk Cloud Platform should work on its integration with third-party products.

Splunk Cloud Platform has different types of formats, and those are enough. The rest of the reporting, like the presentation, should be done by itself. No one gives those. The reporting that Splunk Cloud Platform currently provides is enough.

It depends on the industry, but for financial or banking industries, Splunk Cloud Platform plays a major role in decision-making. If I want to rate it, you have to consider ten out of ten as Splunk or any other tool before they make any decision. If they have Splunk already, they should consider Splunk as a major partner to integrate and bring in more services apart from bringing any other solutions. That will create a multiple-glass observation, which will not be an easy decision. If one of our customers has Splunk, they must consider it a priority before bringing in any other solution.

Splunk Cloud Platform helps our organization access data for compliance and privacy regulations. Right now, Splunk is so feasible that it can integrate with any tool, anytime, and in any data format. So, it should not be a problem. Anyone brings in data in any format, Splunk Cloud Platform will surely meet it. The only thing is they need a good engineer to design it properly so that it brings in data properly.

An organization that does not have a security posture review is considered a zero, not a negative. We don't know when it becomes negative. The day they bring Splunk into the environment, it will obviously increase their visibility. Every time the security posture increases, they get to know the flaws.

Their observation of 24/7 monitoring, compliance, log monitoring, and forensics will come into the picture. They can enable everything in a single solution or product.

Splunk Cloud Platform is a resilient model. SIEM tools can perform post-detection. SIEM is not an EDR tool because it doesn't automatically detect something. A SIEM tool is used for compliance and audit. It is helpful for future investigation because it can record logs and keep them aside.

However, a SIEM tool does not have an automatic detection module. Although it has a prediction model, it does not have an auto-detection or blocking model. It cannot be a resilient tool, but it can be a vigilant tool.

Overall, I rate Splunk Cloud Platform a nine out of ten.

We collect almost everything that we log and push it into the Splunk Cloud Platform. That is pretty much our use case. It is mostly for our cyber monitoring tool, firewalls, normal cyber logs, Windows event logs, etc.

Splunk Cloud Platform has helped improve our organization's business resilience a little bit. It is a big organization, and I am just a little part of it. Its impact on the whole business has been a little bit.

We use ES for correlation, incident handling, and things like that. It reduces the mean time to resolve a little bit as compared to the other SIEMs that we were using. We are not using SOAR right now, but that is where we want to be.

I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform. We do not have to worry about maintaining the infrastructure that is out there. We just push things up and maintain our infrastructure on-premises. This is important for us because we just do not have the manpower and resources to manage all the infrastructure. 

We used to use another SIEM with which we constantly had to replace hardware and things like that, so it is a good benefit to have that cloud infrastructure there whether it is coming from a SaaS environment or we just build it in the cloud.

One thing that is a stickler for us is the ability to download apps. I guess it depends on what kind of license you have. It allows some of them if I want, but this is something that we need on a day-to-day basis. When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud.

Another issue is that if I build my own app to some configuration, I cannot load it up there myself. They have to vet it, which is important but it takes a long time to do all that.

We have been using this solution for a little less than one year.

It is very stable.

Scalability does not apply to our environment. Because it is a cloud, scalability is relative to how much you can afford. It scales itself if your data increases because it is a cloud environment. 

Splunk's support is very good, but because the cloud environment was pretty new, I ran into a couple of stumbling blocks with the support for the Splunk Cloud Platform. However, it started to get a lot better. Currently, it is a lot better than when I first started. At that time, a lot of the support staff was probably new to the whole cloud environment, and I realized that. We were the first DOD department to go into the cloud, so it was tough in the beginning with their support. I would rate them a nine out of ten.

Positive

We were using ArcSight. The decision to switch to Splunk did not come from me. It was the decision of the company itself. It was a requirement. We could not track the up/down status with the other SIEM. Splunk can do that better. That was one thing. 

Another thing was the way Splunk can put things like MITRE ATT&CK into their platform. The way it handles rules and things like that makes it a lot better with the processing power. Splunk is search-based, whereas ArcSight is real-time. It fires the minute an event comes up, whereas Splunk has a separate way of doing it. They run a search every hour or so. It is not resource intensive. A lot of times, I can only turn on a minimum amount of rules, especially correlation rules, in ArcSight. I used to have about 300 or so in ArcSight. I probably have about 400 or 500 in Splunk, so the hardware processing power is a lot better.

I was involved in its deployment. Its complexity level was 50/50, but that was expected because of the lack of training initially. We had an awesome team from Splunk that helped us out. They were there for us for at least a month. They helped us and then trained us on the environment. By the time they left, we were good to go.

The return on investment is not in a monetary sense. Things are a lot less stressful in our environment. We are able to see things that we were not able to see before. It gives us a little calm because we know if something is up or down. We are able to see things that we could not see before in other SIEMs. So, there is a reduction in the stress level. 

We have seen a time to value. I can do plenty of things a lot faster than I could previously.

We evaluated Sentinel, QRadar, and LogRhythm. All of them were very good SIEMs, but we had a lot of challenges when it came to getting them certified on government L5. IBM has its own private cloud. They do not use AWS. We did not have that issue with Sentinel, but it is not as robust. Even though it is at a high level in terms of industry-level SIEM, it could not meet our requirements. It is still a challenge. Sentinel is the only one that is a competition to Splunk if you talk about cloud, not on-premises. It is native to the cloud.

It is awesome. I love it. Anything is possible in Splunk. I have gone through a lot of challenges with use cases. When I needed to figure something out, I got it resolved sooner or later. I either got Splunk support or I went to the community and looked it up. I have never run into anything that I could not do with Splunk. It is very good.

Overall, I would rate the Splunk Cloud Platform a nine out of ten. 

My primary use cases are for troubleshooting, monitoring, and anomaly detection.

Splunk helped reduce our mean time to resolve by around 60%. We have realized these savings through it solving problems and the proactive monitoring. But it comes with a huge cost. We have to evaluate other products that are comparable to Splunk in the market and see if they offer the same value.

It improved our business resilience.

Splunk has improved my organization by troubleshooting issues. When we have an issue, if we didn't have Splunk, it could take hours or days to figure out where the problem is. With Splunk, it only takes hours or minutes sometimes.

It saves us money by changing our product or process to work in a better way. Splunk is great. It has a lot of value ads and features. But overall, Splunk Cloud is expensive compared to other products in the market.

The most valuable feature is the search options. Our infrastructure is huge so if an issue happens, it's hard to find where it is. That's where Splunk comes in handy. You just go to their user interface and do a Google-type search. Just put in a keyword, search it, and you'll figure out where it is. If you have thousands of servers, it's very hard to see where the issue is and where the transaction is logged. Splunk makes it very easy. That's the best part of Splunk.

I would rate Splunk's ability to provide business resilience by empowering oneself a seven out of ten. Whenever we have an issue, Splunk is handy. We have a lot of monitoring in place so if an issue happens, our monitoring helps proactively figure out the issue, and in that way, we can make sure that our environment and infrastructure are up and running, and our customers don't have any issues.

It's improved a lot since we began using it. We have been seeing issues, but they get resolved by working with the support. It's just getting expensive with time.

Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved. To date, we have cases open for two or three months without a resolution. Support is the worst part.

I have been using Splunk Cloud Platform for four years. 

It's stable and highly available. We had issues, but all of these types of platforms have. 

Scalability depends on what kind of license you have. If you have ingest-based licenses and you hit your cap, I think they still let you ingest more, but then you have to work with your account team and buy more licenses so you don't lose data. It's scalable, but not automated because it has its own license limitations.

I would rate support a four out of ten. The reason is that they are not proactive, they are reactive. If we notify them about an issue, they are supposed to monitor their infrastructure and tell us that there is an issue and that they are working on it. But rather than doing that, we have to do that, and after doing that, it takes time for them to work on it and solve the problem.

Neutral

My company previously used a custom, on-premises solution. Splunk was already implemented when I started at my company. 

We're asking ourselves now why we use Splunk. Our next step is to go out and evaluate other products in the market that may be not as costly and offer the same feature set.

It's a cloud, it's all managed service. The only thing we had to do is onboard our applications, which is something I do every day.

It's very straightforward and very easy. You only need to configure and get data and you can be onboarded within minutes. We don't have to go through a lot of configurations, manual steps, or training.

Its ability to predict, identify and solve problems in real time is looking promising. We're looking into it now. 

I would rate Splunk an eight out of ten. It has a lot of features and enables us to focus only on our applications and logs. I don't need to worry about the infrastructure behind it.

The best value I get from attending Splunk conferences is getting experts' help for specific use cases.

We use it for security investigations and alerting.

The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance. 

The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.

I have been using it for about two years.

From what I've seen so far, stability has been great.

The actual technical reps we've had have been fair. I'd rate them a seven on a scale from one to ten.

Neutral

We previously used LogRhythm. We switched to Splunk. It was an on-prem setup, so it was tough to maintain. It wasn't very reliable, and we always had to deal with hardware issues.

I haven't been hands-on with the deployment, but Splunk's deployment has been smooth. We also have Enterprise Security, which has been a little more difficult.

We have not calculated in dollars, but it has definitely saved us time.

We evaluated other options. I wasn't directly involved in all the decision-making processes, but from a user standpoint, it was the cost and the future possibilities of adding SOAR that made Splunk Cloud Platform seem like the best option for us.

I would rate it an eight out of ten, mainly due to the difficulty we've had with the Enterprise Security side.

I used it in my last organization for monitoring, intrusion detection, and intrusion prevention.

We wanted to take preventative actions so we implemented it.

The monthly security reports were detailed, and we got to know about a lot of vulnerabilities that we did not know about before.

It integrated well with other systems and applications in our environment. I would rate it a ten out of ten in terms of integration.

Splunk Cloud Platform had a good impact on decision-making processes in our organization.

It was helpful for data access for compliance and privacy regulations. I would rate it a nine out of ten in this aspect.

Splunk Cloud Platform had a very good impact on our organization’s security posture. The resilience that it offered was very important because we were dealing with client data.

For reporting, a lot of manual intervention was required to create the reports, but after that, it worked well.

Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable. 

We had multiple cloud environments. It was easy to monitor multiple cloud environments using the Splunk Cloud Platform’s dashboard.

Considering its price point, it does not need any improvement. However, it does require manual implementation.

There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that.

I worked with this solution for one year and a half.

It is stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability and extensibility.

I got great support from them every time. I would rate them a ten out of ten.

Positive

We were not using any similar solution previously.

It was deployed on a public cloud. Its setup was quite complicated. A lot of steps were involved in implementing it.

We had some engineers from Splunk to advise on a couple of things.

We had three people involved in the deployment. They were all cloud engineers.

It did require maintenance. We had one person involved in the maintenance.

It was a good model.

We evaluated other solutions, but I do not remember the names. I know there was one from AT&T.

I would rate Splunk Cloud Platform a nine out of ten.

I use the solution to create alerts for different servers. I also create dashboards in Splunk.

We have a lot of servers. It was hard to track which were down as we didn't have a monitoring platform. Splunk changes that. It receives data and if it doesn't get any data, it creates an alert so we are notified if something is down.

We also use it for making reports to help make management easier. 

The monitoring of servers for high CPU utilization helps us out. If there are offline servers or high utilizations, we can see the incidents and optimize our processes. 

The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way. 

The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support. 

We can monitor multiple cloud environments, including Azure and AWS. 

It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.

We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.

We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability. 

The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems. 

The cloud has helped us with decision-making. It helps make maintenance decisions very easy.

It's very resilient. 

Testing can handle a lot of logs, however, we are unsure if the speed will be affected.

When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.

There are some issues with Splunk blocking some shared mailboxes. 

Support could be improved. 

I have been using the solution for five years.

The Splunk cloud is very stable. I've never experienced crashing. If there are issues, they will notify us. It doesn't take long to resolve issues at all. Things tend to be resolved in an hour or so. 

The solution is very scalable. 

I haven't experienced the extensibility, or the ability to extend the system, however, my understanding is that it is very good. We have yet to upgrade it.

When we have high-priority tickets, it's hard getting help efficiently. We'd prefer to call. It takes time to get someone to help. We've had to submit tickets via the portal, and they asked us to call instead. It's hard to get above P1.

It would be ideal to get a specific phone number or email so that we do not have to wait hours to get help.

We do have different Splunk support services where we talk to them bi-weekly, and at that point, we can talk about any high-priority issues. They do try to help us with queries. 

Positive

We previously used Splunk on-premises. 

I do not have any experience with the initial setup. Since it is a cloud deployment, Splunk handles the maintenance mainly.

I'm not aware of the exact pricing. That said, my understanding is that it is very reasonable. However, every application has a price. We need separate licenses for everything. They don't have any bundles. 

For the first few years, I used the solution on-premises, and then I moved over to the cloud. 

I use the classic dashboard; I don't yet use the studio. 

It has not yet affected our security posture. 

We have not yet explored federated search. 

I'd rate the solution ten out of ten.

If a user is planning to use the Cloud Platform is to consider the pricing. It's fast to access and there is no downtime. It's very good from a user perspective. I'm happy with it. It's helpful.

Users should work to maximize the power of Splunk to get the most out of it. Leverage the applications, including security. 

On Splunk Cloud, I mainly look for errors in applications or issues that come up with our internal applications. I have also used it to create dashboards and display customer data to customers in an effective way so that they have insights into their data.

There is less overhead now for infrastructure management. There are fewer issues that we have to worry about on the infrastructure side. This has freed up more of our resources' time to work toward initiatives on the Splunk platform itself. It is hard to measure the time savings. If one resource was working on it, that resource could save anywhere between 15 to 20 hours a week.

It must have reduced our MTTR, but I have been with Splunk for as long as I have been in my current environment, so I do not have anything to compare it with.

It helped improve our organization’s business resilience. The solution helps us find where errors are and potentially where threats are a lot faster. We can more effectively push out alerts not only to our team but also to the teams across the enterprise. It is nice to have on hand.

It is quite effective at helping us identify problems very quickly. We do not participate in real-time searches within our Splunk environment, but close to real-time is possible, and it is quite effective.

Not having to manage Splunk Cloud's infrastructure is valuable. Being able to deploy within the cloud and not having to manually manage our configs on the infrastructure side and set up our own architectures has been the biggest help.

Other than that, the new Dashboard Studio has been a pretty big win, but I do not know whether that is more cloud-specific or not. Dashboard Studio has a cleaner look for customers that want to see their data but not necessarily search. For the customers that want to see their data, having an easy and effective way to drag and drop to see where things are going to be if they want to change them has been pretty beneficial.

They can streamline the process of creating custom apps. I do not have a lot of experience with it. It was not very difficult for me to do so, but there is probably a better way to present the ability for people to push their own custom apps to the platform and go through Splunk's manual and automatic reviewing process.

I have been using this solution for about three years.

I have not seen any downsides when it comes to uptime and availability. Being in the cloud reduces downtime, especially compared to being on-prem where if something goes wrong, you will have to go in and fix that infrastructure yourself.  I have not necessarily seen significant downtime with Splunk Cloud or on-prem at this time.

I quite enjoy the fact that if we need more indexes or search heads, it is very easy to plug and play with Splunk Cloud. With the infrastructure model that we had before, we would have to go in, set up a new search head out to the cluster, and add a new indexer to the cluster if we needed it. It will have more benefits going forward as we move more and more into the cloud.

I have worked with Splunk support, and I would rate them an eight out of ten. It depends on where you are and what project you are working on at the time. It would be quite beneficial to work with them if you have a specific project that you are working on, and they have some insight into it. I do not work with support too often myself. Usually, one of our Splunk Infrastructure managers works with them, but there is always room for improvement. Availability in terms of making the time to gain insight into specific projects and problems that we are having is an area that can be improved.

Positive

My company has been with Splunk for quite some time now. We are well integrated at this point, and we are in the process of migrating over to Splunk Cloud specifically. We used Splunk on-prem for a while. We are currently in a hybrid situation, and we are making our way toward being completely on the cloud.

I help from time to time with the migration process, but I am not necessarily in charge of the total migration functions that we currently have today. The most I have done in terms of deploying to the cloud was creating a custom alert action for the cloud environment, which is one of my biggest contributions so far. I am not completely in charge of it, but from time to time, I will assist in the migration process. It is a bit of a learning curve, but once you get more and more familiarized with the cloud and how to benefit from it by using features like federated search, it becomes easier. It is somewhere in between in terms of complexity.

We would have seen an ROI. I do not have a specific number, but assuming that we did not have Splunk Cloud, we would have to manage our own infrastructure. Not having to manage nearly as much infrastructure and not having to have the personnel to manage that infrastructure on a regular basis, frees up that time for them to do what they are really designed to do. This has definitely added value.

I am a little bit familiar with the pricing and licensing model. I am not sure about the particular pieces of the actual price that we have, but I do like the idea of going towards a more CPU-based approach rather than the ingesting approach. This CPU-based approach gives us the ability to ingest more data if we need it.

The biggest value that I get from attending Splunk conferences is the insights from everybody here. You have people from many different companies doing very different things and deploying very different models within their different Splunk instances. You get an idea of where everybody lands and maybe grab some ideas that you would not necessarily have thought of by looking at it from the inside of someone who is in a completely different field than you are.

There is definitely a big difference between Splunk Cloud and on-prem. For me, one of Splunk on-prem's biggest features is being able to deploy my own custom applications internally, which is something that is a bit of a process with Splunk Cloud. So, given the information that I have, I would rate it a seven out of ten.