Splunk Cloud Platform Reviews

Currently, I am working with Splunk Cloud Platform and other things for my clients.

I have been working with Splunk Cloud Platform for around 2 years now while integrating it.

What I appreciate about Splunk Cloud Platform is that it's an AI-driven SIEM platform, and for data fusion stock, we require Splunk Cloud Platform because none other than Splunk Cloud Platform can have this data-driven stock implemented; it allows you to get into the data repository.

The real-time search capability of this product enhances operational decision-making, and it's very convincing; this aspect is very convincing from Splunk Cloud Platform's side.

The disadvantage of Splunk Cloud Platform is that its integration process should be improved.

The challenges I have encountered while integrating Splunk Cloud Platform include that integration is a bit difficult due to the coding required for the integrations.

I have been working with Splunk Cloud Platform for around 2 years now while integrating it.

I would say that it was a bit difficult to deploy Splunk Cloud Platform; the user interface is easy, but deployment is difficult because it needs coding to integrate things.

I think it's a scalable solution; it's pretty much scalable.

I can rate the technical support of Splunk Cloud Platform as eight; they are quite helpful.

We are system integrators, but the client chose another vendor instead of NNTT.

The deployment took around 3 to 4 months.

Three people took part in deployment from my side.

It was indeed a huge deployment; it was one of the banks in Pakistan, so we required three resources to get it done.

Splunk Cloud Platform has impacted operational costs; it's a bit expensive, but it provides value for money.

If I were to rate the price for the product from 1 to 10, I would rate it nine.

I am currently working with the solution, but I need to know from which NNTT.

The interface is okay; its interface is good, and user interface is good.

I would recommend Splunk Cloud Platform to other users and organizations because it adds value to the organization; you can do different things with it because it's a pure analytical tool, not only a SIEM tool.

I am mostly focused on Splunk Cloud Platform because I chose this vendor due to the feature set that was offered by Splunk Cloud Platform; it was not being offered by any other vendor.

Splunk Cloud Platform is the vendor I am referring to, not NNTT.

Maintenance for Splunk Cloud Platform has been done manually, not automatically.

Usually, one person takes part in maintenance.

Regarding the number of users for Splunk Cloud Platform, it involves discussing the number of organizations or the number of people working in those organizations.

In general, I would rate Splunk Cloud Platform a nine.

I use Splunk Cloud Platform for both IT alerting and incident management in my training.

I use it to find threats and strange behavior of applications or networking. I mostly use it for networking, strange processes, and behaviors. I use the alerting mechanism.

I appreciate the syntax that Splunk Cloud Platform uses because it is not KQL.

The whole product is really good, and I did not have much difficulty using it. The alerting mechanism is good to have, but in my personal training, I did not use it much because I did not need it that much.

The visualization feature in Splunk Cloud Platform is a pretty good feature because I did not need to go to any other vendors, for example, any.run or VirusTotal. This speeds the whole investigation up.

It is worth reconsidering the syntax language and changing it to KQL. The company would benefit from using the KQL language in queries. Pricing would be better.

My experience with Splunk Cloud Platform is three months.

I have not heard a lot of problems or disconnections, so I think nine is correct. That is also nine.

From what I heard, the technical support is pretty decent, so eight is okay.

I have tried Elastic, Sentinel, and I think that is all.

I cannot tell if the deployment is easy or complex. I cannot tell how long it took to deploy because I did not deploy it. I just started the session, and everything was already prepared for me.

I had some tasks to find, such as some strange processes. That was one big task to perform on Splunk Cloud Platform system. There were several of these tasks, but that was an example.

I have not tried the machine learning tools yet. I did not integrate Splunk Cloud Platform with any tools. In my case, it is just me using the solution, but I know the whole platform because I am using Cyber Defender platform for learning. The whole platform has a lot of people, but in my case, it is only me.

I cannot tell if it requires any maintenance, but I do not think it is really rough to do it.

My overall review rating for Splunk Cloud Platform is eight.

We have used Splunk Cloud Platform for the past one year. We use Splunk Cloud Platform for system monitoring and alerts, and we have personal dashboards to monitor our activities. We ingest logs and monitor all of our operations. We also use AWS along with Splunk Cloud Platform.

The powerful search capabilities using SPL are what I appreciate about Splunk Cloud Platform. The second feature we value is its real-time monitoring and alerting.

The best feature is that Splunk Cloud Platform is handled by the Splunk team itself, including installation and all related tasks. We do not have to touch anything; we simply use it for our case.

SPL search capability is one of the primary tools we use every day. We have different search queries configured for alerts, dashboards, and all related functions. It is one of the major tools we use in our daily operations.

Overall, Splunk Cloud Platform is cost-efficient for us because we are Splunk partners, and it offers better performance. It has improved our faster query execution and includes an inbuilt dashboard with better dashboard performance. We gain more meaningful insights using Splunk Cloud Platform compared to other SIEM tools.

The initial learning curve should be more personalized for new users who just started using Splunk Cloud Platform. Additionally, the documentation should be more beginner-friendly.

I have been using Splunk Cloud Platform  for the past one year.

Splunk Cloud Platform is working fine for us; it is superb.

It is super scalable for us, whether you consider horizontal or vertical scaling. We are expanding in both directions, so it is highly scalable for us.

We have escalated questions regarding Splunk Cloud to Splunk. During the upgrade, we experienced some issues with our forwarders not coming up and some issues with our search head. All of the issues were resolved. We raised support cases and our issues were solved by the Splunk team itself. It has been good for us so far.

We directly use Splunk Cloud Platform.

The initial setup was straightforward.

It is super smooth; Splunk Cloud Platform integrates with ServiceNow smoothly. We have experienced no problems so far in that regard.

We have seen a return on investment with Splunk Cloud Platform at 30 to 40 percent.

We are Splunk partners, so in Splunk Cloud Platform, pricing is not an issue. It is balanced, and from a pricing perspective, it is good for us.

If you are looking for a SIEM tool that has all the capabilities, you should definitely opt for Splunk Cloud Platform. I would rate this solution a 9 out of 10.

My usual use cases for Splunk Cloud Platform involve being an admin where we used to build Splunk clusters or distributed environments from scratch on the on-premises system, but now we have everything up and running on Splunk Cloud Platform, which operates on AWS. Splunk has developed it on AWS. Currently, as an admin, I just need to maintain and configure it according to our needs. It functions as a software as a service now, meaning we don't configure it from scratch the way we used to do with installation, configuration, and setup of the configs as we required. Now, it is software as a service that we use for both Splunk and Observability.

Splunk Cloud Platform has greatly improved my daily operations through enhanced integration with third-party tools. Earlier integrations from on-premises Splunk to third-party tools were quite difficult, lacking the necessary add-ons or applications that could be directly used from the UI. Now on Splunk Cloud Platform, they have introduced new add-ons and plugins that allow us to utilize and pass credentials directly for integration with third-party applications, making the process very efficient and fast. We have multiple new add-ons that let us connect directly to clouds such as AWS, Azure, and Google, as well as event management applications such as ServiceNow, requiring only the credentials and service accounts and eliminating the need to configure from scratch.

The features of Splunk Cloud Platform that I have found most valuable and useful relate to licensing. Previously, it was a daily quota that we purchased on-premises, but currently it is based on SVC, or Splunk virtual compute, which is based on CPU and memory utilization of the cloud for billing. There are two license types: Victoria and Base. As we utilize the SVCs, we are charged accordingly, and we have the option to purchase a fixed number of SVCs or pay based on how many we actually use.

The effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights is notable because as an admin or developer, we utilize saved searches that run on schedules that we set. The search capability utilizes the same compute assigned, and compared to on-premises, it is very efficient and fast because on-premises we had fixed compute assigned with limits set for searching per role or application. In the cloud, we find it very easy and fast to use.

Splunk Cloud Platform helps in proactive issue resolution by allowing us to set alerts based on data flow to find errors or anomalies that need identification. The saved searches run based on these conditions to find errors or identify anything unusual in the data. We get alerts based on the conditions we set, which is quite effective.

Areas of Splunk Cloud Platform that could be improved or enhanced in the future include data visualization, as the way we use data for security and other purposes could further benefit from enhanced visualization to support monitoring, threat analysis, and other aspects.

Overall, I would rate Splunk Cloud Platform an eight out of ten as a solution for us.

Regarding stability and reliability so far, we are not yet live and are still in the migration process, but comparing it to on-premises, it seems promising.

My thoughts on the scalability of Splunk Cloud Platform are that it scales up quite well. However, I haven't encountered any specific scenarios to validate it thoroughly yet, but overall, it appears to be good.

My opinion on the technical support and customer service of Splunk, based on my cases, is that it is quite good with the credits we have along with the vendor. However, when we don't have credits, they charge us based on time as well as the criticality of the issue.

Positive

In my opinion, there is room for improvement, as we used to raise multiple issues via the process, but they pick them up slowly, and the response times are not as prompt as we would like.

Regarding how Splunk Cloud Platform's ingest and visualization features help improve my data reporting, I have some insights on dashboards, but from a fully comprehensive perspective of data flow and ingestion, I haven't been hands-on that much. As an admin, I have worked on the infrastructure side of it, so I am unable to provide thorough feedback on that.

I would rate Splunk Cloud Platform an eight out of ten overall as a solution for our organization.

Splunk Cloud Platform is primarily used for data visualization, as it allows us to gain insightful perspectives on our data.

The best features of Splunk Cloud Platform include its powerful analytics and intuitive user interface. I particularly appreciate how it simplifies complex data operations.

The ingestion and visualization features of Splunk Cloud Platform are integral to our data reporting, as they help transform raw data into meaningful visual formats effortlessly.

I believe there are a few areas of Splunk Cloud Platform that have room for improvement, particularly in user customization and documentation clarity.

I have been using Splunk Cloud Platform for quite some time.

The stability of Splunk Cloud Platform is commendable, and I would rate it a nine from one to ten.

Regarding scalability, I find Splunk Cloud Platform to be highly scalable; I would rate it an eight from one to ten, as it meets our growing needs efficiently.

From one to ten, with ten being the best, I would rate the technical support of Splunk Cloud Platform as a solid eight.

The deployment of Splunk Cloud Platform itself is straightforward; I would categorize it as easy, with minimal challenges along the way.

We have approximately one hundred users using Splunk Cloud Platform across various teams in our organization.

Overall, I would rate Splunk Cloud Platform a solid eight from one to ten, as it meets a wide range of our business requirements effectively.

When it comes to the cost of Splunk Cloud Platform, I would rate it a five from one to ten, with one being cheap and ten being expensive.

In comparison to other solutions such as DataDog, Microsoft, and Sumo, I find Splunk Cloud Platform to be quite competitive, offering unique capabilities that are valuable to our operations.

My advice for others looking into Splunk Cloud Platform would be to take full advantage of its versatile features and ensure proper training for your team.

I have Splunk Cloud Platform deployed in the cloud, and I utilize AWS as my cloud provider.

Regarding machine learning tools, I find them to be quite impressive in their ability to enhance data analysis and predictive insights.

My thoughts on the alerting mechanisms in Splunk Cloud Platform are positive; they work effectively to notify us of important changes or issues in our data.

I assess the effectiveness of the search capabilities in uncovering operational insights as quite robust, as they provide detailed results swiftly and efficiently.

My thoughts on the integration with third-party providers is that it generally is seamless, allowing us to synchronize various tools with Splunk Cloud Platform easily.

Overall, I would rate this review an eight from one to ten.

My major use case for Splunk Cloud Platform is for SOC, SIEM mostly.

What I like about Splunk Cloud Platform is the easy reading of the dashboards and finding the data, which brought me the biggest benefits.

The alerting mechanism in Splunk Cloud Platform is customizable, so we could adapt it to our needs and assign the right priorities and based on this, define the action.

Visualization features and ingesting in Splunk Cloud Platform helped to improve my data reporting, but that was also a different team that was providing the log ingestion.

Other features that were really great in Splunk Cloud Platform include real-life monitoring, so we could have logs right away, and parsing was fine, so when it was correctly ingested and Splunk Cloud Platform parsed it correctly, then we had no issues with receiving the correct alerts.

Splunk Cloud Platform could improve in how quickly it reacts to users reporting issues.

Splunk Cloud Platform can be complex depending on the log source in terms of deployment.

I used Splunk Cloud Platform for seven years.

Splunk Cloud Platform was stable, and I did not see any performance issues or downtime, although it happened; the issue was that we had to really fine-tune the log quality so that it would not be ingested too much and handled for nothing.

Regarding the scalability of Splunk Cloud Platform, I would say it is scalable, but maybe the pricing may affect the scalability because it may not be that beneficial to onboard too many log sources if they generate too many false positives and then you reach over the limit of the license.

I would rate the technical support for Splunk Cloud Platform probably a three, because there was some support, but I remember that we were using our proxy company to submit it for us because they were bigger and maybe more convincing to Splunk.

Negative

The biggest issue during deployment of Splunk Cloud Platform was correct log parsing.

I can describe the impact of integration with third-party solutions in Splunk Cloud Platform as limited experience since I was the only one on the receiving end of it, and I was not integrating it with any solutions or with any other vendors; we also had the company who was supporting us in the configuration part, so we didn't even have to do it fully by ourselves.

I don't see ROI with Splunk Cloud Platform, such as time saving or money saving because I'm security operations, so I don't think in management terms.

I have about the same amount of experience in this domain with SOC solutions, as I haven't worked with SOC SIEM solutions such as Splunk Cloud Platform before, so it's the same. My overall review rating for Splunk Cloud Platform is 8.

I use the Splunk Cloud Platform for security monitoring. My company is a technology company with over 40,000 employees.

The Splunk Cloud Platform offers easy data ingestion and a user-friendly interface for product teams, particularly for straightforward log shipping.

Splunk Cloud Platform offers easy integration due to its robust and well-documented APIs. These allow seamless integration into existing pipelines and other products and the flexibility to create custom integrations as needed.

Splunk Cloud Platform helps access data for compliance and privacy regulations. While some manual work remains, it assists with meeting compliance and regulatory requirements, especially regarding logging, reporting, and monitoring, solidifying its position as the industry standard.

The most valuable feature of Splunk Cloud Platform is its robustness and ability to ingest logs.

Splunk Cloud Platform needs improvement in its security offerings, specifically in cybersecurity. It has not kept pace with competitors over recent years, and integration with the Cisco ecosystem after Cisco's acquisition of Splunk has also been slow. The product should incorporate more readily available features, especially in security monitoring.

The federated search feature is costly.

Extracting meaningful insights beyond essential log data proves challenging due to the product's reliance on manual processes. Users must manually configure detections, develop logic for insights, and manage dashboards. While the product boasts numerous out-of-the-box capabilities, these often require extensive modification to align with specific user needs, limiting their practical applicability.

Splunk Cloud Platform doesn't inherently provide visibility as a standalone product. It's a platform for building custom visibility solutions. We need to feed it data and then write logic to define what insights we want to extract. While pre-built solutions might be available in the marketplace, Splunk doesn't offer out-of-the-box visibility. If we know our requirements, we can utilize code and research to create custom dashboards, but it requires effort and expertise.

The pre-built reports in Splunk Cloud Platform are generic and require manual adjustments to extract specific, granular information, which requires the user to be knowledgeable.

I have been using the Splunk Cloud Platform for over ten years.

The customer service and support for Splunk Cloud Platform are mediocre and often hit or miss. Premium support is costly and may not always provide a satisfactory experience, as even the support engineers can sometimes be stumped.

Neutral

The initial setup of the Splunk Cloud Platform is straightforward. Professional services are available to assist in deployment, including setting up Splunk forwarders and building data models. With adequate support, full deployment can be efficiently achieved.

Full deployment is a lengthy process, but achieving 50 percent deployment can be achieved within one to two quarters.

Deploying Splunk Cloud may require different resources depending on the size of the data ingested daily. Two to three people may be sufficient for smaller terabyte ingestion, whereas a team of four to five might be needed for larger ingestion.

The return on investment with Splunk Cloud Platform has been poor. There is a significant possibility we will be replacing it in the next quarter or two.

Splunk Cloud is considered too expensive, with its two product offerings both being costly. I would rate the cost an eight out of ten, with ten being the most costly.

Splunk Cloud Platform is not impacting a lot of decisions. But if we write very good reports and dashboards, then we can derive insights from them for leadership to make concrete decisions on. So we have to do the legwork to get that output.

While Splunk Cloud Platform may not be a significant factor in decision-making, generating high-quality reports and dashboards can provide valuable insights for leadership to take concrete action. However, we must dedicate ourselves to the necessary work to produce those impactful outputs.

I would rate Splunk Cloud Platform a five out of ten due to its gradual decline over the last few years. While I would have rated it an eight out of ten four years ago, its performance and features have deteriorated, leading to my current lower rating.

In the data and analytics domain, I work with Splunk Cloud Platform where we handle system logs and large scale data. I use Splunk Cloud Platform to monitor applications. I analyze logs and then build dashboards that provide real time insight for our technical team.

Splunk Cloud Platform is fully managed, so we do not need to handle infrastructure. The next thing I appreciate is its powerful search using SPL. It is easy to build dashboards in Splunk Cloud Platform and its visualization is also solid.

The alerting mechanisms of Splunk Cloud Platform have definitely helped in proactive issue resolution. Alerting is one of the most prominent features of Splunk Cloud Platform because we have set numerous alerts for daily ingestions. Health monitoring of Splunk dashboards is another valuable feature. We have alerts for thresholds, alerts for users, and alerts for failed logons. For example, if someone is trying to log in more than five times and failing, we have alerts for that as well. This is very useful for us.

Machine learning tools of Splunk Cloud Platform have helped to predict trends in our data. Using machine learning libraries, it is easy for us to analyze data and predict our upcoming data. This makes it pretty straightforward for us in daily operations using the machine learning toolkit.

One aspect I dislike about Splunk Cloud Platform is that cost can become high as data ingestion increases. The initial learning curve for SPL and cloud setup is also difficult for some new beginners.

I have been using Splunk Cloud Platform for the past one year.

Regarding stability, Splunk Cloud Platform does not lag or crash. It is highly scalable and stable for us.

Splunk Cloud Platform is very scalable for us because we conduct day-to-day operations in Splunk Cloud Platform itself. We are increasing our team both horizontally and vertically.

The technical support regarding Splunk Cloud Platform is good because they are always helpful. Whenever there is an upgrade, we notify them and they upgrade it for us. Everything is straightforward and simple with them. So far, we have had no issues with them.

Since Splunk Cloud Platform is a fully managed service, there is no need to handle servers, upgrades, or maintenance. Everything is managed by Splunk, which makes it pretty straightforward for us to use and complete every everyday task. There is no infrastructure management required and it enables faster development. It is highly scalable for us.

For new users, my advice is that if you are looking for a SIEM tool and you can afford it, then Splunk Cloud Platform is the best SIEM tool you can use because it is highly scalable and solves our day-to-day operations and use case. Everything is available within a single platform. I would rate this solution a nine out of ten.