Try our new research platform with insights from 80,000+ expert users
Darshan G Waghmare - PeerSpot reviewer
Senior Project Engineer at Wipro Limited
Real User
Offers alert scheduling, dashboard creation, and log monitoring
Pros and Cons
  • "It is a stable product."

    What is our primary use case?

    My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards. 

    We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.

    How has it helped my organization?

    Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline. 

    For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.

    According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.

    What is most valuable?

    The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

    Alert scheduling, dashboard creation, and log monitoring are the most valuable features. 

    Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

    We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

    Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

    For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

    For monitoring security logs, it's the best tool.

    For how long have I used the solution?

    I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.

    I have been using Splunk Cloud for more than three years. 

    Buyer's Guide
    Splunk Cloud Platform
    October 2024
    Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
    816,562 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.

    How was the initial setup?

    It's deployed across multiple locations.

    It does require maintenance. It depends on what Splunk vendor is being used.

    What's my experience with pricing, setup cost, and licensing?

    The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.

    What other advice do I have?

    Overall, I would rate the solution a seven out of ten, with ten being best. 

    All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.

    I would recommend it to others. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Chetankumar Savalagimath - PeerSpot reviewer
    Delivery Manager at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    A stable solution that can be used for security log monitoring and compliance
    Pros and Cons
    • "The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go."
    • "Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS."

    What is our primary use case?

    The primary use cases of Splunk Cloud Platform are security log monitoring and compliance.

    What is most valuable?

    The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go. Splunk has multiple features, but the cloud feature comes with that. It is built for a smaller organization, but that's how organizations grow. The solution is good for a new budding organizational group.

    What needs improvement?

    Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS.

    I would like to see more integrations because integration is related to bringing in more data. More integrations would increase the visibility and customer's point of scope. Customers are initially tied to one platform and stick to it because of its feasibility. Integration becomes a major challenge when they want to bring in different solutions.

    Once they have different integrations from Splunk, they need not worry about security, things to monitor, or what compliance they must meet. Everything will be physical, and integration will bring in a lot of things.

    For how long have I used the solution?

    I have been working with Splunk Cloud Platform for one and a half years.

    What do I think about the stability of the solution?

    Splunk Cloud Platform is a stable solution.

    How are customer service and support?

    Splunk Cloud Platform's technical support is good. The support's technical capabilities are always great because everyone who is capable joins in and contributes. However, at a high level, we understand there is always a gap in automation. We have process automation that can be resolved or detected by customers.

    The flaws in our cloud can be fixed. We can send an integration update to the customer and tell them that you must fix this so everything works fine. For a download-compatible system, you can update an older heavy forwarder version to a newer version to grasp the maximum out of it.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have worked with a lot of other products, but not as a cloud solution. I have designed cloud solutions for other products like what Splunk currently has. I have worked with IBM, which has its own cloud platform, cloud monitoring solutions, and security solutions. Similarly, we have other market solutions that will act as a security solution, but they are in different behaviors. We have designed one for other customers, which monitors other cloud and hybrid solutions.

    Splunk is currently at the top rating because I haven't explored other ones. I started exploring Microsoft Sentinel, which is a good competition for the Splunk Cloud Platform, and it's a healthy competition. I would like to see a very light-flavored source solution integrated with the Splunk Cloud. Once people start tasting source solutions, they will surely explore them more because that's how hunger is created. Other solutions already have the source solution in them. For example, Sentinel has its own source solution, which they give as an integrated part.

    How was the initial setup?

    Splunk Cloud Platform’s initial setup was quite easy.

    What about the implementation team?

    The Splunk team was involved in the solution's deployment.

    What's my experience with pricing, setup cost, and licensing?

    Splunk Cloud Platform's pricing is a little on the higher end. When smaller organizations start their journey of onboarding log sources or security solutions, they think Splunk is quite worth it. But when they start growing, they feel it's quite eating up their budget on security. So, it is fine for smaller organizations. It all depends on how the discounts are provided.

    What other advice do I have?

    Splunk Cloud Platform is used in our customer's company. The solution is deployed on the Spunk Cloud in our organization.

    Splunk Cloud Platform is a very good product in the market, and you can use it wisely. Compared to other products for the cloud solution, you can use Splunk Cloud Platform for a wide range of tools. Splunk Cloud Platform is the best product to onboard for a new startup or a working good industry with a very small number of people. You don't have to sit in an office and work. You can work it from anywhere and integrate the log sources. That's how easy it is.

    The cloud is not for a bigger organization. The one which is sitting in the environment can be used. For example, if you have one terabyte of ingestion per day, that is not what we expect a bigger organization to ingest on a cloud. It would become quite expensive to store, manage, and process.

    It is good for smaller organizations because they have around 25, 30, or 100 GB of ingestion per day. If you want to grow bigger and bigger, you can use a hybrid model. If that model is available, that would be great for bigger organizations. For example, the cloud is integrated into the cloud, and on-premise is integrated into data centers. That should work fine.

    Splunk does the solution's maintenance. From our side, the local integration material has to be maintained as per the cloud instance. It all depends on the customer. If the customer is fully on the cloud, it should not be a problem. We still have to upgrade heavy forwarders, universal forwarders, and deployment servers. However, the rest is taken care of by Splunk itself.

    Our customers monitor multiple cloud environments, which are distinguished in their environment. It is integrated in a different format and not directly integrated. Monitoring multiple cloud environments using the Splunk Cloud Platform’s dashboards is quite easy and reliable.

    It's a standard thing. I don't know about other comparative tools, but the first time I used Splunk Cloud Platform, it was quite good enough and can be used for the current organization.

    I rate Splunk Cloud Platform's integration with other systems and applications in our environment a seven to eight. This is an average rating where you can see that the growth still has to be achieved. Splunk Cloud Platform should work on its integration with third-party products.

    Splunk Cloud Platform has different types of formats, and those are enough. The rest of the reporting, like the presentation, should be done by itself. No one gives those. The reporting that Splunk Cloud Platform currently provides is enough.

    It depends on the industry, but for financial or banking industries, Splunk Cloud Platform plays a major role in decision-making. If I want to rate it, you have to consider ten out of ten as Splunk or any other tool before they make any decision. If they have Splunk already, they should consider Splunk as a major partner to integrate and bring in more services apart from bringing any other solutions. That will create a multiple-glass observation, which will not be an easy decision. If one of our customers has Splunk, they must consider it a priority before bringing in any other solution.

    Splunk Cloud Platform helps our organization access data for compliance and privacy regulations. Right now, Splunk is so feasible that it can integrate with any tool, anytime, and in any data format. So, it should not be a problem. Anyone brings in data in any format, Splunk Cloud Platform will surely meet it. The only thing is they need a good engineer to design it properly so that it brings in data properly.

    An organization that does not have a security posture review is considered a zero, not a negative. We don't know when it becomes negative. The day they bring Splunk into the environment, it will obviously increase their visibility. Every time the security posture increases, they get to know the flaws.

    Their observation of 24/7 monitoring, compliance, log monitoring, and forensics will come into the picture. They can enable everything in a single solution or product.

    Splunk Cloud Platform is a resilient model. SIEM tools can perform post-detection. SIEM is not an EDR tool because it doesn't automatically detect something. A SIEM tool is used for compliance and audit. It is helpful for future investigation because it can record logs and keep them aside.

    However, a SIEM tool does not have an automatic detection module. Although it has a prediction model, it does not have an auto-detection or blocking model. It cannot be a resilient tool, but it can be a vigilant tool.

    Overall, I rate Splunk Cloud Platform a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Splunk Cloud Platform
    October 2024
    Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
    816,562 professionals have used our research since 2012.
    reviewer2239929 - PeerSpot reviewer
    Splunk Administrator at a government with 11-50 employees
    Real User
    We have good visibility and we don't have to maintain the infrastructure
    Pros and Cons
    • "I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform."
    • "When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud."

    What is our primary use case?

    We collect almost everything that we log and push it into the Splunk Cloud Platform. That is pretty much our use case. It is mostly for our cyber monitoring tool, firewalls, normal cyber logs, Windows event logs, etc.

    How has it helped my organization?

    Splunk Cloud Platform has helped improve our organization's business resilience a little bit. It is a big organization, and I am just a little part of it. Its impact on the whole business has been a little bit.

    We use ES for correlation, incident handling, and things like that. It reduces the mean time to resolve a little bit as compared to the other SIEMs that we were using. We are not using SOAR right now, but that is where we want to be.

    What is most valuable?

    I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform. We do not have to worry about maintaining the infrastructure that is out there. We just push things up and maintain our infrastructure on-premises. This is important for us because we just do not have the manpower and resources to manage all the infrastructure. 

    We used to use another SIEM with which we constantly had to replace hardware and things like that, so it is a good benefit to have that cloud infrastructure there whether it is coming from a SaaS environment or we just build it in the cloud.

    What needs improvement?

    One thing that is a stickler for us is the ability to download apps. I guess it depends on what kind of license you have. It allows some of them if I want, but this is something that we need on a day-to-day basis. When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud.

    Another issue is that if I build my own app to some configuration, I cannot load it up there myself. They have to vet it, which is important but it takes a long time to do all that.

    For how long have I used the solution?

    We have been using this solution for a little less than one year.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    Scalability does not apply to our environment. Because it is a cloud, scalability is relative to how much you can afford. It scales itself if your data increases because it is a cloud environment. 

    How are customer service and support?

    Splunk's support is very good, but because the cloud environment was pretty new, I ran into a couple of stumbling blocks with the support for the Splunk Cloud Platform. However, it started to get a lot better. Currently, it is a lot better than when I first started. At that time, a lot of the support staff was probably new to the whole cloud environment, and I realized that. We were the first DOD department to go into the cloud, so it was tough in the beginning with their support. I would rate them a nine out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were using ArcSight. The decision to switch to Splunk did not come from me. It was the decision of the company itself. It was a requirement. We could not track the up/down status with the other SIEM. Splunk can do that better. That was one thing. 

    Another thing was the way Splunk can put things like MITRE ATT&CK into their platform. The way it handles rules and things like that makes it a lot better with the processing power. Splunk is search-based, whereas ArcSight is real-time. It fires the minute an event comes up, whereas Splunk has a separate way of doing it. They run a search every hour or so. It is not resource intensive. A lot of times, I can only turn on a minimum amount of rules, especially correlation rules, in ArcSight. I used to have about 300 or so in ArcSight. I probably have about 400 or 500 in Splunk, so the hardware processing power is a lot better.

    How was the initial setup?

    I was involved in its deployment. Its complexity level was 50/50, but that was expected because of the lack of training initially. We had an awesome team from Splunk that helped us out. They were there for us for at least a month. They helped us and then trained us on the environment. By the time they left, we were good to go.

    What was our ROI?

    The return on investment is not in a monetary sense. Things are a lot less stressful in our environment. We are able to see things that we were not able to see before. It gives us a little calm because we know if something is up or down. We are able to see things that we could not see before in other SIEMs. So, there is a reduction in the stress level. 

    We have seen a time to value. I can do plenty of things a lot faster than I could previously.

    Which other solutions did I evaluate?

    We evaluated Sentinel, QRadar, and LogRhythm. All of them were very good SIEMs, but we had a lot of challenges when it came to getting them certified on government L5. IBM has its own private cloud. They do not use AWS. We did not have that issue with Sentinel, but it is not as robust. Even though it is at a high level in terms of industry-level SIEM, it could not meet our requirements. It is still a challenge. Sentinel is the only one that is a competition to Splunk if you talk about cloud, not on-premises. It is native to the cloud.

    What other advice do I have?

    It is awesome. I love it. Anything is possible in Splunk. I have gone through a lot of challenges with use cases. When I needed to figure something out, I got it resolved sooner or later. I either got Splunk support or I went to the community and looked it up. I have never run into anything that I could not do with Splunk. It is very good.

    Overall, I would rate the Splunk Cloud Platform a nine out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer2238930 - PeerSpot reviewer
    Manager Cloud Operations at a computer software company with 201-500 employees
    Real User
    Top 20
    Makes searching for issues very easy
    Pros and Cons
    • "Splunk helped reduce our mean time to resolve by around 60%."
    • "Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved."

    What is our primary use case?

    My primary use cases are for troubleshooting, monitoring, and anomaly detection.

    How has it helped my organization?

    Splunk helped reduce our mean time to resolve by around 60%. We have realized these savings through it solving problems and the proactive monitoring. But it comes with a huge cost. We have to evaluate other products that are comparable to Splunk in the market and see if they offer the same value.

    It improved our business resilience.

    Splunk has improved my organization by troubleshooting issues. When we have an issue, if we didn't have Splunk, it could take hours or days to figure out where the problem is. With Splunk, it only takes hours or minutes sometimes.

    It saves us money by changing our product or process to work in a better way. Splunk is great. It has a lot of value ads and features. But overall, Splunk Cloud is expensive compared to other products in the market.

    What is most valuable?

    The most valuable feature is the search options. Our infrastructure is huge so if an issue happens, it's hard to find where it is. That's where Splunk comes in handy. You just go to their user interface and do a Google-type search. Just put in a keyword, search it, and you'll figure out where it is. If you have thousands of servers, it's very hard to see where the issue is and where the transaction is logged. Splunk makes it very easy. That's the best part of Splunk.

    I would rate Splunk's ability to provide business resilience by empowering oneself a seven out of ten. Whenever we have an issue, Splunk is handy. We have a lot of monitoring in place so if an issue happens, our monitoring helps proactively figure out the issue, and in that way, we can make sure that our environment and infrastructure are up and running, and our customers don't have any issues.

    What needs improvement?

    It's improved a lot since we began using it. We have been seeing issues, but they get resolved by working with the support. It's just getting expensive with time.

    Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved. To date, we have cases open for two or three months without a resolution. Support is the worst part.

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for four years. 

    What do I think about the stability of the solution?

    It's stable and highly available. We had issues, but all of these types of platforms have. 

    What do I think about the scalability of the solution?

    Scalability depends on what kind of license you have. If you have ingest-based licenses and you hit your cap, I think they still let you ingest more, but then you have to work with your account team and buy more licenses so you don't lose data. It's scalable, but not automated because it has its own license limitations.

    How are customer service and support?

    I would rate support a four out of ten. The reason is that they are not proactive, they are reactive. If we notify them about an issue, they are supposed to monitor their infrastructure and tell us that there is an issue and that they are working on it. But rather than doing that, we have to do that, and after doing that, it takes time for them to work on it and solve the problem.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    My company previously used a custom, on-premises solution. Splunk was already implemented when I started at my company. 

    We're asking ourselves now why we use Splunk. Our next step is to go out and evaluate other products in the market that may be not as costly and offer the same feature set.

    How was the initial setup?

    It's a cloud, it's all managed service. The only thing we had to do is onboard our applications, which is something I do every day.

    It's very straightforward and very easy. You only need to configure and get data and you can be onboarded within minutes. We don't have to go through a lot of configurations, manual steps, or training.

    What other advice do I have?

    Its ability to predict, identify and solve problems in real time is looking promising. We're looking into it now. 

    I would rate Splunk an eight out of ten. It has a lot of features and enables us to focus only on our applications and logs. I don't need to worry about the infrastructure behind it.

    The best value I get from attending Splunk conferences is getting experts' help for specific use cases.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer2499666 - PeerSpot reviewer
    Director, Operations at a hospitality company with 10,001+ employees
    Real User
    Good reliability snf definitely saved us time
    Pros and Cons
    • "The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance."
    • "The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening."

    What is our primary use case?

    We use it for security investigations and alerting.

    What is most valuable?

    The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance. 

    What needs improvement?

    The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.

    For how long have I used the solution?

    I have been using it for about two years.

    What do I think about the stability of the solution?

    From what I've seen so far, stability has been great.

    How are customer service and support?

    The actual technical reps we've had have been fair. I'd rate them a seven on a scale from one to ten.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We previously used LogRhythm. We switched to Splunk. It was an on-prem setup, so it was tough to maintain. It wasn't very reliable, and we always had to deal with hardware issues.

    How was the initial setup?

    I haven't been hands-on with the deployment, but Splunk's deployment has been smooth. We also have Enterprise Security, which has been a little more difficult.

    What was our ROI?

    We have not calculated in dollars, but it has definitely saved us time.

    Which other solutions did I evaluate?

    We evaluated other options. I wasn't directly involved in all the decision-making processes, but from a user standpoint, it was the cost and the future possibilities of adding SOAR that made Splunk Cloud Platform seem like the best option for us.

    What other advice do I have?

    I would rate it an eight out of ten, mainly due to the difficulty we've had with the Enterprise Security side.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Head of Cloud at a consultancy with 11-50 employees
    Real User
    Top 20
    Great support, good pricing model, and good integration with various clouds
    Pros and Cons
    • "Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable."
    • "There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that."

    What is our primary use case?

    I used it in my last organization for monitoring, intrusion detection, and intrusion prevention.

    We wanted to take preventative actions so we implemented it.

    How has it helped my organization?

    The monthly security reports were detailed, and we got to know about a lot of vulnerabilities that we did not know about before.

    It integrated well with other systems and applications in our environment. I would rate it a ten out of ten in terms of integration.

    Splunk Cloud Platform had a good impact on decision-making processes in our organization.

    It was helpful for data access for compliance and privacy regulations. I would rate it a nine out of ten in this aspect.

    Splunk Cloud Platform had a very good impact on our organization’s security posture. The resilience that it offered was very important because we were dealing with client data.

    For reporting, a lot of manual intervention was required to create the reports, but after that, it worked well.

    What is most valuable?

    Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable. 

    We had multiple cloud environments. It was easy to monitor multiple cloud environments using the Splunk Cloud Platform’s dashboard.

    What needs improvement?

    Considering its price point, it does not need any improvement. However, it does require manual implementation.

    There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that.

    For how long have I used the solution?

    I worked with this solution for one year and a half.

    What do I think about the stability of the solution?

    It is stable. I would rate it a ten out of ten for stability.

    What do I think about the scalability of the solution?

    It is scalable. I would rate it a ten out of ten for scalability and extensibility.

    How are customer service and support?

    I got great support from them every time. I would rate them a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were not using any similar solution previously.

    How was the initial setup?

    It was deployed on a public cloud. Its setup was quite complicated. A lot of steps were involved in implementing it.

    What about the implementation team?

    We had some engineers from Splunk to advise on a couple of things.

    We had three people involved in the deployment. They were all cloud engineers.

    It did require maintenance. We had one person involved in the maintenance.

    What's my experience with pricing, setup cost, and licensing?

    It was a good model.

    Which other solutions did I evaluate?

    We evaluated other solutions, but I do not remember the names. I know there was one from AT&T.

    What other advice do I have?

    I would rate Splunk Cloud Platform a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    John David Cabanglan - PeerSpot reviewer
    Splunk Architect Application Software Developer at a tech vendor with 10,001+ employees
    MSP
    Resilient, helps with decision making, and is very fast
    Pros and Cons
    • "The cloud is very fast."
    • "Support could be improved."

    What is our primary use case?

    I use the solution to create alerts for different servers. I also create dashboards in Splunk.

    How has it helped my organization?

    We have a lot of servers. It was hard to track which were down as we didn't have a monitoring platform. Splunk changes that. It receives data and if it doesn't get any data, it creates an alert so we are notified if something is down.

    We also use it for making reports to help make management easier. 

    The monitoring of servers for high CPU utilization helps us out. If there are offline servers or high utilizations, we can see the incidents and optimize our processes. 

    What is most valuable?

    The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way. 

    The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support. 

    We can monitor multiple cloud environments, including Azure and AWS. 

    It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.

    We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.

    We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability. 

    The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems. 

    The cloud has helped us with decision-making. It helps make maintenance decisions very easy.

    It's very resilient. 

    What needs improvement?

    Testing can handle a lot of logs, however, we are unsure if the speed will be affected.

    When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.

    There are some issues with Splunk blocking some shared mailboxes. 

    Support could be improved. 

    For how long have I used the solution?

    I have been using the solution for five years.

    What do I think about the stability of the solution?

    The Splunk cloud is very stable. I've never experienced crashing. If there are issues, they will notify us. It doesn't take long to resolve issues at all. Things tend to be resolved in an hour or so. 

    What do I think about the scalability of the solution?

    The solution is very scalable. 

    I haven't experienced the extensibility, or the ability to extend the system, however, my understanding is that it is very good. We have yet to upgrade it.

    How are customer service and support?

    When we have high-priority tickets, it's hard getting help efficiently. We'd prefer to call. It takes time to get someone to help. We've had to submit tickets via the portal, and they asked us to call instead. It's hard to get above P1.

    It would be ideal to get a specific phone number or email so that we do not have to wait hours to get help.

    We do have different Splunk support services where we talk to them bi-weekly, and at that point, we can talk about any high-priority issues. They do try to help us with queries. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We previously used Splunk on-premises. 

    How was the initial setup?

    I do not have any experience with the initial setup. Since it is a cloud deployment, Splunk handles the maintenance mainly.

    What's my experience with pricing, setup cost, and licensing?

    I'm not aware of the exact pricing. That said, my understanding is that it is very reasonable. However, every application has a price. We need separate licenses for everything. They don't have any bundles. 

    What other advice do I have?

    For the first few years, I used the solution on-premises, and then I moved over to the cloud. 

    I use the classic dashboard; I don't yet use the studio. 

    It has not yet affected our security posture. 

    We have not yet explored federated search. 

    I'd rate the solution ten out of ten.

    If a user is planning to use the Cloud Platform is to consider the pricing. It's fast to access and there is no downtime. It's very good from a user perspective. I'm happy with it. It's helpful.

    Users should work to maximize the power of Splunk to get the most out of it. Leverage the applications, including security. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Automation Developer at TNS
    MSP
    Reduces infrastructure overhead, but the process for custom apps can be streamlined
    Pros and Cons
    • "Not having to manage Splunk Cloud's infrastructure is valuable."
    • "They can streamline the process of creating custom apps."

    What is our primary use case?

    On Splunk Cloud, I mainly look for errors in applications or issues that come up with our internal applications. I have also used it to create dashboards and display customer data to customers in an effective way so that they have insights into their data.

    How has it helped my organization?

    There is less overhead now for infrastructure management. There are fewer issues that we have to worry about on the infrastructure side. This has freed up more of our resources' time to work toward initiatives on the Splunk platform itself. It is hard to measure the time savings. If one resource was working on it, that resource could save anywhere between 15 to 20 hours a week.

    It must have reduced our MTTR, but I have been with Splunk for as long as I have been in my current environment, so I do not have anything to compare it with.

    It helped improve our organization’s business resilience. The solution helps us find where errors are and potentially where threats are a lot faster. We can more effectively push out alerts not only to our team but also to the teams across the enterprise. It is nice to have on hand.

    It is quite effective at helping us identify problems very quickly. We do not participate in real-time searches within our Splunk environment, but close to real-time is possible, and it is quite effective.

    What is most valuable?

    Not having to manage Splunk Cloud's infrastructure is valuable. Being able to deploy within the cloud and not having to manually manage our configs on the infrastructure side and set up our own architectures has been the biggest help.

    Other than that, the new Dashboard Studio has been a pretty big win, but I do not know whether that is more cloud-specific or not. Dashboard Studio has a cleaner look for customers that want to see their data but not necessarily search. For the customers that want to see their data, having an easy and effective way to drag and drop to see where things are going to be if they want to change them has been pretty beneficial.

    What needs improvement?

    They can streamline the process of creating custom apps. I do not have a lot of experience with it. It was not very difficult for me to do so, but there is probably a better way to present the ability for people to push their own custom apps to the platform and go through Splunk's manual and automatic reviewing process.

    For how long have I used the solution?

    I have been using this solution for about three years.

    What do I think about the stability of the solution?

    I have not seen any downsides when it comes to uptime and availability. Being in the cloud reduces downtime, especially compared to being on-prem where if something goes wrong, you will have to go in and fix that infrastructure yourself.  I have not necessarily seen significant downtime with Splunk Cloud or on-prem at this time.

    What do I think about the scalability of the solution?

    I quite enjoy the fact that if we need more indexes or search heads, it is very easy to plug and play with Splunk Cloud. With the infrastructure model that we had before, we would have to go in, set up a new search head out to the cluster, and add a new indexer to the cluster if we needed it. It will have more benefits going forward as we move more and more into the cloud.

    How are customer service and support?

    I have worked with Splunk support, and I would rate them an eight out of ten. It depends on where you are and what project you are working on at the time. It would be quite beneficial to work with them if you have a specific project that you are working on, and they have some insight into it. I do not work with support too often myself. Usually, one of our Splunk Infrastructure managers works with them, but there is always room for improvement. Availability in terms of making the time to gain insight into specific projects and problems that we are having is an area that can be improved.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    My company has been with Splunk for quite some time now. We are well integrated at this point, and we are in the process of migrating over to Splunk Cloud specifically. We used Splunk on-prem for a while. We are currently in a hybrid situation, and we are making our way toward being completely on the cloud.

    How was the initial setup?

    I help from time to time with the migration process, but I am not necessarily in charge of the total migration functions that we currently have today. The most I have done in terms of deploying to the cloud was creating a custom alert action for the cloud environment, which is one of my biggest contributions so far. I am not completely in charge of it, but from time to time, I will assist in the migration process. It is a bit of a learning curve, but once you get more and more familiarized with the cloud and how to benefit from it by using features like federated search, it becomes easier. It is somewhere in between in terms of complexity.

    What was our ROI?

    We would have seen an ROI. I do not have a specific number, but assuming that we did not have Splunk Cloud, we would have to manage our own infrastructure. Not having to manage nearly as much infrastructure and not having to have the personnel to manage that infrastructure on a regular basis, frees up that time for them to do what they are really designed to do. This has definitely added value.

    What's my experience with pricing, setup cost, and licensing?

    I am a little bit familiar with the pricing and licensing model. I am not sure about the particular pieces of the actual price that we have, but I do like the idea of going towards a more CPU-based approach rather than the ingesting approach. This CPU-based approach gives us the ability to ingest more data if we need it.

    What other advice do I have?

    The biggest value that I get from attending Splunk conferences is the insights from everybody here. You have people from many different companies doing very different things and deploying very different models within their different Splunk instances. You get an idea of where everybody lands and maybe grab some ideas that you would not necessarily have thought of by looking at it from the inside of someone who is in a completely different field than you are.

    There is definitely a big difference between Splunk Cloud and on-prem. For me, one of Splunk on-prem's biggest features is being able to deploy my own custom applications internally, which is something that is a bit of a process with Splunk Cloud. So, given the information that I have, I would rate it a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user