Try our new research platform with insights from 80,000+ expert users
Software Engineer at Tigma Technologies
Real User
Helps to improve our incident response time, provides multiple search modes, and is stable
Pros and Cons
  • "Splunk Cloud Platform's search modes are a powerful feature."
  • "The Splunk Cloud Platform dashboard could benefit from some improvements."

What is our primary use case?

My manager typically requests dashboards, alerts, and scheduled reports. Based on their specific requirements, I create reports and dashboards that visualize the data. We leverage the Splunk Cloud Platform to fulfill these needs.

Additionally, my teammates may approach me for insights. I analyze the data and provide them with these insights, which they then use for team meetings and further data analysis. This ultimately helps them make informed decisions.

How has it helped my organization?

Splunk Cloud Platform improves our incident response time by enabling the retrieval of large data volumes. The platform offers impressive search speeds, and we don't need additional SQL commands to optimize response times.

We saw immediate benefits from the Splunk Cloud Platform. Being able to access and analyze logs provided valuable insights.

Splunk's impact on decision-making is significant. I have access to all the data I need, and it is always reliable.

What is most valuable?

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

What needs improvement?

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

Buyer's Guide
Splunk Cloud Platform
March 2025
Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,651 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Splunk Cloud Platform for 2 years.

What do I think about the stability of the solution?

It is reliable. In my experience working with virtual machines, any search lags are likely due to the VMs themselves, not Splunk.

I would rate the stability 8 out of 10.

What do I think about the scalability of the solution?

Splunk Cloud Platform is horizontal scaling. So it is easy to scale based on the data we are using.

I would rate the scalability of Splunk Cloud Platform 9 out of 10. 

How was the initial setup?

Deploying Splunk Cloud Platform requires knowledge of the Splunk architecture, the deployment server, and the components.

What was our ROI?

We have seen a return on investment.

What's my experience with pricing, setup cost, and licensing?

The certifications are costly.

What other advice do I have?

I would rate Splunk Cloud Platform 8 out of 10.

The maintenance required is minimal.

The resilience of Splunk is good.

I recommend the product.

Splunk Cloud Platform is a powerful tool for handling big data. To get the most out of it, understanding both the developer and administrator sides is beneficial. The platform offers broad compatibility with various technologies and allows for easy scaling to accommodate your needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2239938 - PeerSpot reviewer
Sr. Engineer Observability at a financial services firm with 10,001+ employees
Real User
Make staff's jobs better for resiliency purposes, reporting, and whatever they need to do
Pros and Cons
  • "It has definitely improved our organization by virtue of reducing the amount of overhead we would have had for those environments. Having to implement, maintain, or even update the existing stuff would have been extremely time-consuming. Splunk Cloud handles all of that for us. So it's definitely been helpful from that perspective. It's allowed them to maintain upgrades for far further than they are. Some of the hosts of that environment were still on version 7 so they could get upgraded feature parity."
  • "Some of the implementation is challenging. They're not very proxy-aware."

What is our primary use case?

We're looking to migrate an acquisition into the Splunk environment. We acquired a company and their Splunk environment was small and separate. We didn't want to have to maintain old Windows environments in unique use cases so we wanted to migrate it to the cloud as a proof of concept.

In their case, they had global data domicile requirements. We didn't have the same global deployment for our other larger environment that they did. So it made sense for us to migrate them to a bunch of small cloud stacks that were globally positioned rather than deploy a bunch of tiny enterprise environments to do the same thing.

The solutions are segregated at the moment. We're currently migrating the ACS environment. We have our own Splunk Enterprise implementation that we still use for Azure currently. It's fine, it doesn't drop.

How has it helped my organization?

It has definitely improved our organization by virtue of reducing the amount of overhead we would have had for those environments. Having to implement, maintain, or even update the existing stuff would have been extremely time-consuming. Splunk Cloud handles all of that for us. So it's definitely been helpful from that perspective. It's allowed them to maintain upgrades for far further than they are. Some of the hosts of that environment were still on version 7 so they could get upgraded feature parity.

They do well at empowering staff by providing business resilience. Users have the capability to utilize Splunk in ways to make their jobs better for resiliency purposes, reporting, and whatever it is that they need to do. Splunk is a very powerful platform in that way. 

What is most valuable?

In their case, they had global data domicile requirements. We didn't have the same global deployment for our other larger environment that they did. So it made sense for us to migrate them to a bunch of small cloud stacks that were globally positioned rather than deploy a bunch of tiny enterprise environments to do the same thing.

It's pretty important to us that Splunk has end-to-end visibility to our native cloud environment. We need to be able to figure out where the points of failure are. Knowing whether it's a forward, on our end, an index, the cloud environment,  a firewall, or something else entirely is important to troubleshooting that kind of process. 

Splunk has helped to reduce our mean time to resolve. For the specific use case, the ability to bring in more Splunk data and market makes work consistently accessible.

I think that Splunk's ability to predict, identify and solve problems in real time is better than what we use it for. Our observability journey is still pretty early so we haven't done a lot of predictive detection that is possible to do with Splunk. It looks like it can do the things that we needed to do in a pretty effective way. We just haven't done that yet.

What needs improvement?

Some of the implementation is challenging. They're not very proxy-aware. Their recommendation is to set up an intermediate forward in a DMZ environment or something like that. That's not always the most convenient way to do things. It would be better if we could use an HTTP proxy, send data out via HEC, HTTP, or in a way that is proxy-aware.

For how long have I used the solution?

We did the POC six months to a year ago. We've been in the process of migrating some smaller use cases over the last three or four months.

What do I think about the stability of the solution?

We haven't used it a lot but it's been pretty stable.

How are customer service and support?

Splunk support is pretty good. There's some work to be done. When I provide them with a bunch of data, they don't need to ask me some of the initial questions. But otherwise, they're pretty good.

How would you rate customer service and support?

Positive

What was our ROI?

I have seen ROI. The adoption of the company has increased dramatically. We have hundreds of alerts, hundreds of reports, and hundreds of dashboards that people use for their business cases, whether it's deliverables, resiliency, or troubleshooting.

What's my experience with pricing, setup cost, and licensing?

Splunk is expensive. We have had some challenges in ensuring that all data is available in Splunk due to its cost. It has definitely proven its value in the data that we have brought in. From a resiliency and reporting perspective, those things are all very valuable. But it's certainly not the most cost-effective product in the world.

It is a valuable product, but it is certainly challenging at times to be able to bring in as much data as I would want due to the cost of the product.

What other advice do I have?

I would rate Splunk Cloud Platform an eight out of ten.

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk Cloud Platform
March 2025
Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,651 professionals have used our research since 2012.
Support Engineer at American Express
Real User
Integrates well, provides good visibility, and reduces maintenance work
Pros and Cons
  • "Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side."
  • "In the case of knowledge objects, even a Splunk admin does not have access to delete them. If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects."

How has it helped my organization?

Splunk Cloud Platform was very useful for us. With the on-prem setup, we had to maintain all the servers and take care of the upgrades, whereas with Splunk Cloud Platform, we did not have to bother about that. Everything was handled by the Splunk support team.

It was sufficient for us to monitor multiple cloud environments. The visibility that it provided into multiple environments was good.

We used Splunk Cloud Platform for business processes and security. It helped us a lot. On the business side, as a banking organization, it was helpful for reports and alerts. On the security side as well, Splunk was helpful. We could see any security breach. It was also helpful for smooth operations. If any issue happened or any server was down, it automatically alerted us.

What is most valuable?

Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side.

We integrated it with other applications in our environment. It integrates well. We did not face any issues on the integration side.

The reporting offered by Splunk Cloud Platform is also good.

What needs improvement?

I faced a few minor issues with Splunk Cloud Platform. In the case of knowledge objects, even a Splunk admin does not have access to delete them.  If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects. 

Everything else was good. It already had all the features. We did not require any new features.

For how long have I used the solution?

I used this solution for almost ten months in my previous organization. Currently, I am not using it. I last used it about five months ago.

What do I think about the stability of the solution?

It was stable. We did not see many issues. Any issues were on the physical servers, not on the Splunk Cloud side.

What do I think about the scalability of the solution?

It is scalable. We had more than 2,000 users in our organization. It was being used by more than 150 departments.

Onboarding end-users was easy. I was a Splunk admin, and I was also an end-user. I could provide access to other end-users directly.

How are customer service and support?

Their technical support was good. I would rate them a five out of ten because we worked in the Australian time zone, and the tech support team that we usually got did not have much knowledge. They took time to resolve issues.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

In our organization, we used multiple products. We had Dynatrace and other products, but we mostly preferred Splunk. It was more user-friendly than others, and we could search everything easily. We could create dashboards. Other products were more difficult.

How was the initial setup?

It took us a long time to switch from on-prem to the cloud. It took almost four to five months.

What about the implementation team?

We took the help of the Splunk team for migration, but after that, we did not take their help. We took care of onboarding and other things. It was easy. If any issue came up, we contacted the Splunk support team.

What's my experience with pricing, setup cost, and licensing?

I do not have much idea about the price. We previously used 1 GB at the cost of $600. Both on-prem and cloud licenses have the same price. There is no difference. 

It did not impact the cost because the costs of the on-prem license and the cloud license are the same. We did not have any issues with that. Overall, its price is reasonable.

What other advice do I have?

I would recommend moving to the cloud because you do not have to maintain physical servers and infrastructure. Everything is handled by the cloud provider. 

Overall, I would rate Splunk Cloud Platform a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sahil Sanskar Jha - PeerSpot reviewer
Cloud DevOps Engineer at a financial services firm with 10,001+ employees
Real User
Top 10
Good monitoring and automation capabilities but needs a more efficient UI
Pros and Cons
  • "Its monitoring is completely automated."
  • "It needs to mature; it's just getting established in the industry on a wider scale."

What is our primary use case?

I use Splunk on my phone, on-premises, and for the automation tasks that we carry out.

We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft. 

Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk.

We create a dashboard. We are able to monitor everything from that dashboard. 

Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.

How has it helped my organization?

The automation is the main advantage. When we need to search for data, as engineers, it's very easy.

What is most valuable?

I like that it's an independent cloud platform. It can work with AWS or Azure

Its monitoring is completely automated. We do not have to put in other engineers just to maintain Splunk. It maintains itself, and it's very user-friendly. For the dashboards to be created or any sort of code that we want to do with Splunk, we can do it by ourselves. We do not need to have separate resources so it is very cost efficient. We do not require many people; it's resource-efficient as well.

We do use the federated search feature and find it helpful. Earlier, it was hard to withdraw data. We'd have to maintain it. Now, Splunk does it for us. It's a very time-efficient service. It's made a huge impact on automation. We can grab data in real-time any time we need to.

The solution integrates well with other applications and systems in our environment. 

What needs improvement?

It could have a more efficient UI. If they could integrate more AI and make search more efficient so that other people can access and use it, not just engineers, that would be ideal.

It needs to mature; it's just getting established in the industry on a wider scale. 

The API still needs some enhancements from a post-performance point of view.

From a monitoring point of view, Splunk is doing very well. However, if they could provide a post-provisioning aspect. Right now, we have to install a monitoring tool while we are post-provisioning every virtual machine. If they could be a provider that precluded having a virtual machine being created or provisioned, that would be ideal.

Alerting could be faster. Sometimes the actions that happen take some time to reflect on the Splunk dashboard. There is still latency. Especially when you work in a multi-cloud environment, you deal with a lot of regions. They still need to focus on availability across regions. 

They need to have some security enhancements. Most users are using it with other single sign-on features like Okta. If they had their own SSOs that would be ideal. we'd be able to work independently. Right now, we have to log onto the virtual machines then move to Okta, then go to Splunk. 

For how long have I used the solution?

I've been using the solution for somewhere around a year or one year and a half.

What do I think about the stability of the solution?

The stability is okay. Sometimes it goes down. I have not witnessed that as I do not use it continuously after the deployment. The resiliency is good. I'd recommend it four out of five.

What do I think about the scalability of the solution?

Everyone in the company uses Splunk.

The scalability is very good. It's extendible.

How are customer service and support?

I don't directly deal with technical support. We have a dedicated team that would work with Splunk.

Generally, my understanding is that if we have a query, we raise a ticket. There may be a separate portal or mailbox we can access as well to get assistance.

Which solution did I use previously and why did I switch?

We previously used Qualys. We switched mainly due to the costs involved. We also didn't want to migrate our resources to it. We simply wanted a monitoring tool, which is why we chose Splunk. Splunk in comparison is really cost-efficient. 

How was the initial setup?

I was involved in the deployment of the solution. 

Whenever a new resource or a new agent comes into the picture, in an organization, it's always complex. I don't blame Splunk for it, or my firm. It's like two pieces of a jigsaw puzzle and it's the developers who need to cut the pieces. It works really well as of now. 

The deployment took somewhere between six to eight months.

We did need a lot of resources or staff members for the deployment. We have a vast infrastructure. We have a dedicated team inside as well who manage incidents and tickets using platforms like ServiceNow, and we still have a lot of resources dedicated to maintaining Splunk. The number of resources that are required to maintain it is more than the number of resources we use for development, actually.

How many people you need depends on the region. I work for Asia and North America. So for us, it was not much personnel. We needed four to five people in the development. There were somewhere around ten to fifteen people working on different parts.

What about the implementation team?

About 90% of the deployment was handled in-house.

What's my experience with pricing, setup cost, and licensing?

I'm only aware of general pricing terms, however, they have enterprise agreements as well. I can't speak to the exact cost. It's reasonable, from my understanding. I'd rate the affordability seven or eight out of ten. 

Which other solutions did I evaluate?

Evaluating other options would be a task reserved for the highest management personnel at our firm. I was not involved with that process.

What other advice do I have?

We aren't using the solution across all cloud platforms. We use Azure. However, we would have the flexibility to gather insights from others. We just don't use that particular capability.

Right now, the solution does not affect our decision-making. It's still a very new platform. We're not relying on it completely. It's a work in progress. We need some time with it, to build up trust with it. Splunk is great so far, however, we still need more time and it needs more of a presence in the market.

Right now, in terms of compliance and privacy policy regulations, we limit the features that are not compliant with us. However, they are very flexible. We just use the features we can and block the ones that are unnecessary.

It hasn't had an impact on our security posture. We have very detailed security layers and several processes and teams. We haven't had any real use cases for Splunk. It hasn't actively blocked anything. We already have what we need in place. 

I'd advise new users to check if this solution is reliable from a security point of view. Talk to Splunk about the cost as well. Splunk is really convenient for that. And whenever you deploy it in your infrastructure, make sure that the cloud providers or the on-prem solution that you are using are compatible with Splunk. We had issues in that some features that we were using in the cloud were not compatible with Splunk. So we had to make a lot of changes. That is something anyone who is trying to deploy Splunk needs to check - compatibility.

I'd rate the solution seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2207709 - PeerSpot reviewer
Senior InfoSec Manager at a pharma/biotech company with 5,001-10,000 employees
Real User
Top 20
Has improved uptime and helped us improve performance in areas where our network or servers were not performing well
Pros and Cons
  • "Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration."
  • "From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it."

What is our primary use case?

We use Splunk Cloud Platform for IT operations, IT security, and business value. 

How has it helped my organization?

We implemented Splunk Cloud Platform to resolve our IT security issues.

The federated search feature is a valuable tool that can be used effectively in the right architecture. However, the extent it is utilized will vary depending on the customer's needs. In my experience, more advanced customers tend to use this feature more heavily.

Splunk Cloud Platform provides good visibility into multiple environments, including cloud, on-premises, and hybrid.

Splunk Cloud Platform is the best tool for a reason. It is a high-functioning solution with high integration for getting data in and out, and it is customizable.

The most significant benefit of using Splunk Cloud Platform is the freedom of data. The security team can see the data that's relevant to them, IT Ops can see the data that's relevant to them, and the business can see the data that's relevant to them. Sometimes, the same data is applicable to all three groups. Sometimes, it's not. But everyone has access to the data, and it's immutable. It can't be changed or deleted. The ability of all of these departments to leverage the same data is how Splunk Cloud Platform has benefited our company the most.

Splunk Cloud Platform has helped us make key decisions, such as cost-saving decisions related to licensing. It has also improved uptime and helped us improve performance in areas where our network or servers were not performing well. Additionally, it has helped us make better business and IT decisions and has supported our planned growth.

Splunk Cloud Platform helps us access data for compliance and privacy regulations. It currently has the features to mask data, perform the least privileged access, and provide only certain commands and functions within the platform.

We are the best in the industry because of Splunk Cloud Platform. Splunk Cloud Platform fills the SIEM role for our organization, and without the best SIEM, we would be no better than our competitors.

Splunk's extensibility is one of its best features. It offers a wide variety of ways to ingest data, generate reports, and create dashboards. Its integrations with other systems are also very impressive.

What is most valuable?

Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration.

What needs improvement?

The reporting provided by Splunk Cloud Platform is often good, but it only provides the data and not the flash, whereas the other platforms provide both. From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it.

Navigating the solution can be more user-friendly.

The documentation has room for improvement and the price is high and can be improved.

For how long have I used the solution?

I have been using the Splunk Cloud Platform for over five years.

What do I think about the stability of the solution?

When architected properly and maintained to an optimum level, Splunk Cloud Platform is unbelievably stable.

What do I think about the scalability of the solution?

One of Splunk Cloud Platform's key selling points is its ability to scale to petabytes and beyond.

How are customer service and support?

Base-level support is suboptimal. Enterprise customers need the premium support package. Responses are often delayed, and resolution is slow.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Over the past 25 years, I have used several different solutions. In the past, I preferred using a terminal interface rather than a web interface. Splunk has an API and a mobile app, but ultimately, Splunk users are confined to their browsers. This is one thing I would like to change, as I would prefer to be able to use Splunk outside of a browser. However, this is also one of Splunk's biggest advantages, as it is a universal platform.

We used Splunk Enterprise before migrating to Splunk Cloud Platform.

How was the initial setup?

My knowledge of Splunk has since grown exponentially, but the first time I deployed Splunk Enterprise eight years ago, it was unbelievably hard. There were so many moving parts and things to consider. It was too much for one person to figure out, and I didn't have the budget to get help from the Splunk team.

What's my experience with pricing, setup cost, and licensing?

The cost of using Splunk Cloud Platform is high, but the value it provides is worth the investment.

What other advice do I have?

I give Splunk Cloud Platform a nine out of ten.

Monitoring multiple cloud environments is never easy. We are looking forward to new features from our cloud partners, such as AWS Security Data Lake, Google, and Microsoft. These features will make it easier to integrate our cloud environments. Splunk Cloud Platform is currently the best solution for collecting data from multiple cloud environments. AWS has five million different ways to export data, and we need to use all of them to collect all of the security and IT-related data. Splunk supports all of these data sources.

A year ago, I would have said that Splunk needed automated response, an easy-to-detect, easy-to-run, and manage business analytics platform, a user and entity-based business analytics platform that is integrated within the product, threat intelligence, and a current dashboarding tool. Splunk now has all of these features. A year ago, Splunk's competitors had these features, but Splunk did not. Splunk has since acquired or developed these features in-house. Very little in Splunk's product is not tightly integrated into the current releases. If someone is starting from scratch, meaning they are just rolling out a new security solution, and they do not choose Splunk, they are making a mistake. Splunk provides so much of everything that it is the best choice for most organizations.

We perform daily maintenance on the solution.

I advise new users to find someone who knows Splunk. Even a good technical person will not be able to do this on their own. They are not going to train them on day one. Good technical people who know Splunk are valuable assets, so they should seek them out and get them on the project.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2499690 - PeerSpot reviewer
Principal Site Reliability Engineer at a pharma/biotech company with 1,001-5,000 employees
Real User
Information is easier to get now that it is all aggregated and centralized in one place with one interface
Pros and Cons
  • "Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need."

    What is our primary use case?

    I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.

    How has it helped my organization?

    Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.

    What is most valuable?

    The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

    My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

    It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

    It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

    I don't know how much the product has helped my organization improve business resilience.

    I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

    I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

    What needs improvement?

    I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

    So far, it meets my needs, so I don't need to see any additional features in the tool.

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.

    What do I think about the stability of the solution?

    I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.

    What do I think about the scalability of the solution?

    I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.

    How are customer service and support?

    I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.

    Which solution did I use previously and why did I switch?

    I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.

    How was the initial setup?

    The product was deployed before I joined the organization.

    The solution is deployed on a hybrid cloud model, and my company has opted for AWS.

    What about the implementation team?

    I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.

    What was our ROI?

    I don't know about the ROI part.

    What's my experience with pricing, setup cost, and licensing?

    I don't know about the pricing, setup cost, and licensing part.

    What other advice do I have?

    I rate the solution a ten out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    reviewer2491965 - PeerSpot reviewer
    Infrastructure Engineer at a insurance company with 5,001-10,000 employees
    Real User
    Top 20
    Excellent reporting and dashboarding, but it is expensive
    Pros and Cons
    • "Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve."
    • "It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it."

    What is our primary use case?

    We mainly use it for the purposes of analyzing application logs to get a bit of understanding of what is normal application performance and then use that to highlight errors and inconsistencies when they occur.

    How has it helped my organization?

    Resilience is incredibly important to us. We are in the medical field. It is insurance. When people are using our service, we should be able to provide that. Having that resilience is key for us because we are helping people. The resilience that Splunk offers has been valuable in that regard. There is peace of mind for us and our customers.

    We have multiple cloud vendors that are being utilized in Splunk. It has been useful. Splunk is able to handle a lot of things out of the box. There is a good bit of value in being able to make sense of multiple types of logs in one environment and being able to cross-reference them. It has just taken a lot of effort out of that.

    We have integrated it with other tools. At the moment, it has been with Cribl as a pipeline tool so that we can be agnostic with Splunk in some regards. Cribl handles the logs being sent to Splunk, and then from there, if there is anywhere else where we want to send them, Cribl can handle that too. That has been our main integration. The ease of integration varies. Splunk offers out-of-the-box support for some tools and applications. Integration with them has been quite simple. Other things have been a bit more difficult. Integration can be more difficult if it does not have a Splunk base, but there is a good range of things that are available out of the box.

    Its reporting has been excellent. We have integrated it with tools like ServiceNow, so we are able to create an instance for teams and integrate it with our NOC. The reporting has been incredibly valuable.

    I come from a monitoring background. I knew from the get-go the value that we could get from Splunk, but we actually started to see its value once we started enforcing logging standards. It made it very easy for us to validate if something was or was not following our standards.

    It has been great from the compliance perspective. It began to show value to some of our customers when they were able to search multiple applications because of the standards and compliance built into it.

    It has had an impact on the decision-making processes in our organization. It has been mainly around compliance. Given it is a financial and medical sector, decisions have been made around what information we are storing in the logs and how we are managing the data that comes directly from Splunk.

    It has been good for helping our organization access data for compliance and privacy regulations. It has been useful for pinpointing things. We are able to ensure that we are abiding by those standards. It has been incredibly useful in that space.

    What is most valuable?

    Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve.

    What needs improvement?

    It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it.

    For how long have I used the solution?

    I have been using this solution for two years.

    What do I think about the stability of the solution?

    I have not had any issues related to stability.

    What do I think about the scalability of the solution?

    This is outside of my department, but it seems like it would be easy to scale up. However, there is a cost concern. That always seems to be the linchpin when people discuss Splunk. It comes at a cost.

    When it comes to extensibility, they make it relatively simple, but it is an expensive tool. There are always going to be conversations that need to be had.

    How are customer service and support?

    The quality of the answer has been good. We have had to leverage the support only a small number of times. We found the actual portal to get support difficult. Some members of the team were not able to raise certain types of requests. However, when we got through to support, we had no issues.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Prior to Splunk, we had a mixture of things. LogViewer and Graylog were used. Some folks had their logs locally. There was not one central system. 

    I was not directly involved in decision-making, but some of the things that I called out as useful were the analytical tools that Splunk offers. We can very quickly get to the root cause by using its query language. It provides a lot of power with little effort. That is what initially drew me to it.

    Moving to Splunk allowed standardization. That is the key. It does not matter which part of the company you are from. Splunk has given us a mechanism to say that we expect the logs to look like this, and we all are going to abide by that. It has made standardization a lot easier. Previously, you would not know what you were getting while dealing with a logging problem.

    How was the initial setup?

    I was involved in its deployment only in a small cluster. I was mainly involved in setting up standards around logging. It was challenging. It was dense, but it was manageable. The feature set of Splunk allowed us to know what we could or could not do.

    The main part of maintenance is the ingestion of new logs. New teams and applications get stood up every day, or a new cloud vendor comes in, so there is some maintenance involved there.

    What about the implementation team?

    We had Splunk technical support. We had a mixture of people from other departments. We had some folks from security, and we had some folks from operations. There were 15 regular faces and 2 Splunk contractors. We involved other teams on an ad hoc basis, but the core team had 15 people.

    Overall, we had 20 to 30 people who directly worked with Splunk in some way or for some period of time. We also had to involve all of the teams to get their feedback and educate them on how to use Splunk.

    What's my experience with pricing, setup cost, and licensing?

    I do not personally deal with that side, but from discussions, I know that it is one of the more expensive tools. I do not have anything to compare it with.

    What other advice do I have?

    New users should focus on the Splunk free courses. They are an excellent resource. If you are a customer, you should take up the search and reporting classes. That is probably going to be what 99% of people are using it for day to day. If you are a sysadmin user or someone setting up the instance, there are free classes for managing licenses and ingesting data. I would highly recommend them. The free classes are a great start, and if you think it would be valuable, take some of the paid classes as well. They are incredibly detailed.

    When it comes to security, we definitely have a stricter attitude when things are going to the cloud because they are not fully in our control. Going to the cloud is always a little bit scary, but we have put in a refined approach for the data going into Splunk.

    I have not made much use of federated search. I have come across it, but it is not something I have leveraged.

    I would rate this solution a seven out of ten. What it does, it does well, but I do have qualms with it here and there. There are obvious features that are missing from time to time, but I am happy with what is there.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Software Engineer at Wipro Limited
    Real User
    Offers real-time monitoring, seamless integration, and improves security posture
    Pros and Cons
    • "I like the Cloud monitoring console feature."
    • "Splunk currently manages the components, which restricts our ability to access them directly."

    What is our primary use case?

    We leverage the Splunk Cloud Platform for log ingestion. This allows us to create dashboards, alerts, and reports from security and application log data.

    How has it helped my organization?

    Splunk Cloud Platform offers real-time monitoring capabilities. It continuously ingests data from various sources, allowing us to track its flow. We can set up alerts to be notified of any anomalies, such as spikes in CPU or memory usage. These alerts can be configured to trigger email notifications, keeping us informed of potential issues. Additionally, Splunk Cloud Platform provides real-time dashboards that visualize the data as it's collected.

    The federated search feature is useful for our cybersecurity team to complete their log analysis.

    Splunk Cloud Platform offers seamless integration with other systems and applications. This is achieved through apps and add-ons developed by Splunk.

    Splunk is a good reporting tool. It allows us to generate reports and attach them to emails in CSV or PDF format.

    Splunk Cloud Platform has been instrumental in helping our cybersecurity team continuously monitor our data for anomalies and attacks. Its usefulness extends beyond security, though. Teams that ingest their logs into Splunk can monitor various services. If a service goes down, Splunk will trigger an alert. Splunk offers a robust monitoring suite, including dashboards, alerts, and reports. We can monitor system resources like memory and CPU consumption, application logs, Azure logs, and even Office 365 logs. For example, Splunk can reveal who sent emails, who participated in group email threads, and who added or removed members from Active Directory groups. This audit log capability allows us to investigate activity even months or years later. Splunk provides a wide range of use cases for our organization. We noticed these benefits as soon as Splunk started ingesting data.

    Splunk has improved our decision-making process thanks to its clear dashboards that help us analyze information and make informed choices.

    Splunk has been valuable as a compliance tool because it centralizes log ingestion. Any tool generating logs should be configured to send them to Splunk. This allows us to easily identify compliant applications – those whose logs are collected. Conversely, uncollected logs raise security concerns, as they represent a potential attack surface.

    Splunk has significantly improved our organization's security posture. As a primary security tool, Splunk allows us to collect application logs, monitor activity for potential attacks, and conduct searches to identify suspicious behavior.

    What is most valuable?

    I like that Splunk Cloud Platform is managed by the vendor.

    I like the Cloud monitoring console feature.

    I like the support for all the apps and add-ons.

    What needs improvement?

    Splunk currently manages the components, which restricts our ability to access them directly. I would like to be granted read access to be able to review the components.

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for one and a half years.

    What do I think about the stability of the solution?

    The Splunk Cloud Platform is stable as long as we perform proper maintenance to prevent bugs.

    What do I think about the scalability of the solution?

    This system is very scalable. That means it can be easily adapted to accommodate our needs. We can increase the number of licenses we use, or add more resources like CPU and memory. We can also request additional components, such as adding more user accounts if our team grows from four to eight members. Overall, the scalability of this system is a major advantage.

    I would rate the scalability of Splunk Cloud Platform nine out of ten.

    How are customer service and support?

    Splunk Cloud Platform offers excellent technical support that is both knowledgeable and responsive.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is straightforward but it takes a month or two to complete because of the applications that need to be onboarded.

    We first need to calculate the amount of data we need to ingest. Then, based on that amount, we can plan how much data we need to onboard and what components we'll need.

    Two experienced people were involved in the deployment.

    What about the implementation team?

    The implementation was completed in-house.

    What's my experience with pricing, setup cost, and licensing?

    Splunk Cloud Platform is more expensive than some of its competitors, but it offers a wider range of features.

    What other advice do I have?

    I would rate the Splunk Cloud Platform eight out of ten.

    Splunk Cloud Platform is deployed in multiple locations.

    Splunk Cloud Platform requires maintenance.

    I recommend the Splunk Cloud Platform to others.

    If you're using cloud services, Splunk Cloud Platform is a good option. It minimizes management overhead for you since Splunk handles the underlying infrastructure. Splunk Enterprise however requires more resources to manage.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user