I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.
Sr. Manager, SOC, NOC, and Corporate Security at a computer software company with 1,001-5,000 employees
Can integrate easily with other tools and allow businesses to expand their use cases
Pros and Cons
- "The product's deployment phase was easy."
- "I think the tool has some scalability issues, especially when used in larger organizations."
What is our primary use case?
How has it helped my organization?
The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.
What is most valuable?
Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.
In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.
Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.
My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.
Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.
What needs improvement?
I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.
Buyer's Guide
Splunk Cloud Platform
October 2024
Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.
What do I think about the stability of the solution?
I think the stability is pretty good. I haven't noticed any outages.
What do I think about the scalability of the solution?
I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.
How are customer service and support?
When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.
How was the initial setup?
The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.
The product's deployment phase was easy.
The solution is deployed using the cloud services offered by AWS.
What about the implementation team?
My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.
Which other solutions did I evaluate?
I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.
What other advice do I have?
My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.
In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.
There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.
I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.
I rate the tool a seven to eight out of ten.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 8, 2024
Flag as inappropriateCloud DevOps Engineer at a financial services firm with 10,001+ employees
Good monitoring and automation capabilities but needs a more efficient UI
Pros and Cons
- "Its monitoring is completely automated."
- "It needs to mature; it's just getting established in the industry on a wider scale."
What is our primary use case?
I use Splunk on my phone, on-premises, and for the automation tasks that we carry out.
We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft.
Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk.
We create a dashboard. We are able to monitor everything from that dashboard.
Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.
How has it helped my organization?
The automation is the main advantage. When we need to search for data, as engineers, it's very easy.
What is most valuable?
I like that it's an independent cloud platform. It can work with AWS or Azure.
Its monitoring is completely automated. We do not have to put in other engineers just to maintain Splunk. It maintains itself, and it's very user-friendly. For the dashboards to be created or any sort of code that we want to do with Splunk, we can do it by ourselves. We do not need to have separate resources so it is very cost efficient. We do not require many people; it's resource-efficient as well.
We do use the federated search feature and find it helpful. Earlier, it was hard to withdraw data. We'd have to maintain it. Now, Splunk does it for us. It's a very time-efficient service. It's made a huge impact on automation. We can grab data in real-time any time we need to.
The solution integrates well with other applications and systems in our environment.
What needs improvement?
It could have a more efficient UI. If they could integrate more AI and make search more efficient so that other people can access and use it, not just engineers, that would be ideal.
It needs to mature; it's just getting established in the industry on a wider scale.
The API still needs some enhancements from a post-performance point of view.
From a monitoring point of view, Splunk is doing very well. However, if they could provide a post-provisioning aspect. Right now, we have to install a monitoring tool while we are post-provisioning every virtual machine. If they could be a provider that precluded having a virtual machine being created or provisioned, that would be ideal.
Alerting could be faster. Sometimes the actions that happen take some time to reflect on the Splunk dashboard. There is still latency. Especially when you work in a multi-cloud environment, you deal with a lot of regions. They still need to focus on availability across regions.
They need to have some security enhancements. Most users are using it with other single sign-on features like Okta. If they had their own SSOs that would be ideal. we'd be able to work independently. Right now, we have to log onto the virtual machines then move to Okta, then go to Splunk.
For how long have I used the solution?
I've been using the solution for somewhere around a year or one year and a half.
What do I think about the stability of the solution?
The stability is okay. Sometimes it goes down. I have not witnessed that as I do not use it continuously after the deployment. The resiliency is good. I'd recommend it four out of five.
What do I think about the scalability of the solution?
Everyone in the company uses Splunk.
The scalability is very good. It's extendible.
How are customer service and support?
I don't directly deal with technical support. We have a dedicated team that would work with Splunk.
Generally, my understanding is that if we have a query, we raise a ticket. There may be a separate portal or mailbox we can access as well to get assistance.
Which solution did I use previously and why did I switch?
We previously used Qualys. We switched mainly due to the costs involved. We also didn't want to migrate our resources to it. We simply wanted a monitoring tool, which is why we chose Splunk. Splunk in comparison is really cost-efficient.
How was the initial setup?
I was involved in the deployment of the solution.
Whenever a new resource or a new agent comes into the picture, in an organization, it's always complex. I don't blame Splunk for it, or my firm. It's like two pieces of a jigsaw puzzle and it's the developers who need to cut the pieces. It works really well as of now.
The deployment took somewhere between six to eight months.
We did need a lot of resources or staff members for the deployment. We have a vast infrastructure. We have a dedicated team inside as well who manage incidents and tickets using platforms like ServiceNow, and we still have a lot of resources dedicated to maintaining Splunk. The number of resources that are required to maintain it is more than the number of resources we use for development, actually.
How many people you need depends on the region. I work for Asia and North America. So for us, it was not much personnel. We needed four to five people in the development. There were somewhere around ten to fifteen people working on different parts.
What about the implementation team?
About 90% of the deployment was handled in-house.
What's my experience with pricing, setup cost, and licensing?
I'm only aware of general pricing terms, however, they have enterprise agreements as well. I can't speak to the exact cost. It's reasonable, from my understanding. I'd rate the affordability seven or eight out of ten.
Which other solutions did I evaluate?
Evaluating other options would be a task reserved for the highest management personnel at our firm. I was not involved with that process.
What other advice do I have?
We aren't using the solution across all cloud platforms. We use Azure. However, we would have the flexibility to gather insights from others. We just don't use that particular capability.
Right now, the solution does not affect our decision-making. It's still a very new platform. We're not relying on it completely. It's a work in progress. We need some time with it, to build up trust with it. Splunk is great so far, however, we still need more time and it needs more of a presence in the market.
Right now, in terms of compliance and privacy policy regulations, we limit the features that are not compliant with us. However, they are very flexible. We just use the features we can and block the ones that are unnecessary.
It hasn't had an impact on our security posture. We have very detailed security layers and several processes and teams. We haven't had any real use cases for Splunk. It hasn't actively blocked anything. We already have what we need in place.
I'd advise new users to check if this solution is reliable from a security point of view. Talk to Splunk about the cost as well. Splunk is really convenient for that. And whenever you deploy it in your infrastructure, make sure that the cloud providers or the on-prem solution that you are using are compatible with Splunk. We had issues in that some features that we were using in the cloud were not compatible with Splunk. So we had to make a lot of changes. That is something anyone who is trying to deploy Splunk needs to check - compatibility.
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk Cloud Platform
October 2024
Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Senior Project Engineer at Wipro Limited
Offers alert scheduling, dashboard creation, and log monitoring
Pros and Cons
- "It is a stable product."
What is our primary use case?
My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards.
We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.
How has it helped my organization?
Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline.
For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.
According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.
What is most valuable?
The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.
Alert scheduling, dashboard creation, and log monitoring are the most valuable features.
Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.
We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.
Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.
For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.
For monitoring security logs, it's the best tool.
For how long have I used the solution?
I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.
I have been using Splunk Cloud for more than three years.
What do I think about the stability of the solution?
It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.
How was the initial setup?
It's deployed across multiple locations.
It does require maintenance. It depends on what Splunk vendor is being used.
What's my experience with pricing, setup cost, and licensing?
The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.
What other advice do I have?
Overall, I would rate the solution a seven out of ten, with ten being best.
All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.
I would recommend it to others.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Sep 24, 2024
Flag as inappropriateIncident Manager at a manufacturing company with 10,001+ employees
A stable solution used for visualization and alerting, but it needs to be made more user-friendly
Pros and Cons
- "The most valuable feature of Splunk Cloud Platform is the alerting feature."
- "Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly."
What is our primary use case?
We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.
What is most valuable?
The most valuable feature of Splunk Cloud Platform is the alerting feature.
What needs improvement?
Currently, Splunk Cloud Platform is very easy to use and read. The solution's visualization for the end users is also good. However, setting up the solution or an alert is not straightforward. There's a lot of incompatibility and areas that you have to consider while setting up the solution.
All those things make setting up the solution very complex for regular people who know the business operation. So, they have to hire a third party or a technical person who doesn't understand the business to set it up for them, which usually creates a gap.
When someone who cares about the business and understands its operation sets up the solution, they would set it right. There's always a gap when a technical person or third party sets it up. It may lead to many workarounds to fix issues like alert fatigue or false security. Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly.
For how long have I used the solution?
I have been using Splunk Cloud Platform for four to five years.
What do I think about the stability of the solution?
Splunk Cloud Platform is pretty stable, and I don't have any issues.
What do I think about the scalability of the solution?
Splunk Cloud Platform is a scalable solution.
How are customer service and support?
I usually go to forums and discussions to get answers to my issues. You might need a Splunk account username to talk to technical support. When most users I have talked to face a problem, they Google it. I don't know if the technical support would provide you with support if you were stuck.
Which solution did I use previously and why did I switch?
I have previously used different solutions like DataStage, Datadog, Grafana, and ClickView.
Which other solutions did I evaluate?
We evaluated other options before choosing the Splunk Cloud Platform. But when a company buys Splunk services, the end users have to use what they have as a resource.
What other advice do I have?
Splunk Cloud Platform is a really good tool for getting alerts and better information about incident management and maintenance. Because of the solution's complex setup, most alerts are set by developers or people who create multiple unnecessary alerts, creating alert fatigue. Compared to other systems, like Dynatrace, Splunk Cloud Platform is not a smart system for analyzing alerts.
As a project manager, I oversee the process of contacting the concerned parties, knowing what needs to be monitored and why they need the alerting mechanism. I was not directly involved in the scripting and adding Splunk Cloud Platform in the back end.
As business requirements change, Splunk Cloud Platform needs maintenance in terms of setting up different parameters, which is not an easy task.
Everybody uses the Splunk Cloud Platform in a different way. I would advise users to share their experiences about technical difficulties in the forums and community. Sometimes, others might go through the same problem without much documentation, and sharing your technical problems might help others.
Overall, I rate Splunk Cloud Platform a seven out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Splunk Administrator at a government with 11-50 employees
We have good visibility and we don't have to maintain the infrastructure
Pros and Cons
- "I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform."
- "When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud."
What is our primary use case?
We collect almost everything that we log and push it into the Splunk Cloud Platform. That is pretty much our use case. It is mostly for our cyber monitoring tool, firewalls, normal cyber logs, Windows event logs, etc.
How has it helped my organization?
Splunk Cloud Platform has helped improve our organization's business resilience a little bit. It is a big organization, and I am just a little part of it. Its impact on the whole business has been a little bit.
We use ES for correlation, incident handling, and things like that. It reduces the mean time to resolve a little bit as compared to the other SIEMs that we were using. We are not using SOAR right now, but that is where we want to be.
What is most valuable?
I like the fact that we do not have to maintain all the cloud infrastructure. That is probably the main thing about the Splunk Cloud Platform. We do not have to worry about maintaining the infrastructure that is out there. We just push things up and maintain our infrastructure on-premises. This is important for us because we just do not have the manpower and resources to manage all the infrastructure.
We used to use another SIEM with which we constantly had to replace hardware and things like that, so it is a good benefit to have that cloud infrastructure there whether it is coming from a SaaS environment or we just build it in the cloud.
What needs improvement?
One thing that is a stickler for us is the ability to download apps. I guess it depends on what kind of license you have. It allows some of them if I want, but this is something that we need on a day-to-day basis. When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud.
Another issue is that if I build my own app to some configuration, I cannot load it up there myself. They have to vet it, which is important but it takes a long time to do all that.
For how long have I used the solution?
We have been using this solution for a little less than one year.
What do I think about the stability of the solution?
It is very stable.
What do I think about the scalability of the solution?
Scalability does not apply to our environment. Because it is a cloud, scalability is relative to how much you can afford. It scales itself if your data increases because it is a cloud environment.
How are customer service and support?
Splunk's support is very good, but because the cloud environment was pretty new, I ran into a couple of stumbling blocks with the support for the Splunk Cloud Platform. However, it started to get a lot better. Currently, it is a lot better than when I first started. At that time, a lot of the support staff was probably new to the whole cloud environment, and I realized that. We were the first DOD department to go into the cloud, so it was tough in the beginning with their support. I would rate them a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using ArcSight. The decision to switch to Splunk did not come from me. It was the decision of the company itself. It was a requirement. We could not track the up/down status with the other SIEM. Splunk can do that better. That was one thing.
Another thing was the way Splunk can put things like MITRE ATT&CK into their platform. The way it handles rules and things like that makes it a lot better with the processing power. Splunk is search-based, whereas ArcSight is real-time. It fires the minute an event comes up, whereas Splunk has a separate way of doing it. They run a search every hour or so. It is not resource intensive. A lot of times, I can only turn on a minimum amount of rules, especially correlation rules, in ArcSight. I used to have about 300 or so in ArcSight. I probably have about 400 or 500 in Splunk, so the hardware processing power is a lot better.
How was the initial setup?
I was involved in its deployment. Its complexity level was 50/50, but that was expected because of the lack of training initially. We had an awesome team from Splunk that helped us out. They were there for us for at least a month. They helped us and then trained us on the environment. By the time they left, we were good to go.
What was our ROI?
The return on investment is not in a monetary sense. Things are a lot less stressful in our environment. We are able to see things that we were not able to see before. It gives us a little calm because we know if something is up or down. We are able to see things that we could not see before in other SIEMs. So, there is a reduction in the stress level.
We have seen a time to value. I can do plenty of things a lot faster than I could previously.
Which other solutions did I evaluate?
We evaluated Sentinel, QRadar, and LogRhythm. All of them were very good SIEMs, but we had a lot of challenges when it came to getting them certified on government L5. IBM has its own private cloud. They do not use AWS. We did not have that issue with Sentinel, but it is not as robust. Even though it is at a high level in terms of industry-level SIEM, it could not meet our requirements. It is still a challenge. Sentinel is the only one that is a competition to Splunk if you talk about cloud, not on-premises. It is native to the cloud.
What other advice do I have?
It is awesome. I love it. Anything is possible in Splunk. I have gone through a lot of challenges with use cases. When I needed to figure something out, I got it resolved sooner or later. I either got Splunk support or I went to the community and looked it up. I have never run into anything that I could not do with Splunk. It is very good.
Overall, I would rate the Splunk Cloud Platform a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager Cloud Operations at a computer software company with 201-500 employees
Makes searching for issues very easy
Pros and Cons
- "Splunk helped reduce our mean time to resolve by around 60%."
- "Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved."
What is our primary use case?
My primary use cases are for troubleshooting, monitoring, and anomaly detection.
How has it helped my organization?
Splunk helped reduce our mean time to resolve by around 60%. We have realized these savings through it solving problems and the proactive monitoring. But it comes with a huge cost. We have to evaluate other products that are comparable to Splunk in the market and see if they offer the same value.
It improved our business resilience.
Splunk has improved my organization by troubleshooting issues. When we have an issue, if we didn't have Splunk, it could take hours or days to figure out where the problem is. With Splunk, it only takes hours or minutes sometimes.
It saves us money by changing our product or process to work in a better way. Splunk is great. It has a lot of value ads and features. But overall, Splunk Cloud is expensive compared to other products in the market.
What is most valuable?
The most valuable feature is the search options. Our infrastructure is huge so if an issue happens, it's hard to find where it is. That's where Splunk comes in handy. You just go to their user interface and do a Google-type search. Just put in a keyword, search it, and you'll figure out where it is. If you have thousands of servers, it's very hard to see where the issue is and where the transaction is logged. Splunk makes it very easy. That's the best part of Splunk.
I would rate Splunk's ability to provide business resilience by empowering oneself a seven out of ten. Whenever we have an issue, Splunk is handy. We have a lot of monitoring in place so if an issue happens, our monitoring helps proactively figure out the issue, and in that way, we can make sure that our environment and infrastructure are up and running, and our customers don't have any issues.
What needs improvement?
It's improved a lot since we began using it. We have been seeing issues, but they get resolved by working with the support. It's just getting expensive with time.
Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved. To date, we have cases open for two or three months without a resolution. Support is the worst part.
For how long have I used the solution?
I have been using Splunk Cloud Platform for four years.
What do I think about the stability of the solution?
It's stable and highly available. We had issues, but all of these types of platforms have.
What do I think about the scalability of the solution?
Scalability depends on what kind of license you have. If you have ingest-based licenses and you hit your cap, I think they still let you ingest more, but then you have to work with your account team and buy more licenses so you don't lose data. It's scalable, but not automated because it has its own license limitations.
How are customer service and support?
I would rate support a four out of ten. The reason is that they are not proactive, they are reactive. If we notify them about an issue, they are supposed to monitor their infrastructure and tell us that there is an issue and that they are working on it. But rather than doing that, we have to do that, and after doing that, it takes time for them to work on it and solve the problem.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
My company previously used a custom, on-premises solution. Splunk was already implemented when I started at my company.
We're asking ourselves now why we use Splunk. Our next step is to go out and evaluate other products in the market that may be not as costly and offer the same feature set.
How was the initial setup?
It's a cloud, it's all managed service. The only thing we had to do is onboard our applications, which is something I do every day.
It's very straightforward and very easy. You only need to configure and get data and you can be onboarded within minutes. We don't have to go through a lot of configurations, manual steps, or training.
What other advice do I have?
Its ability to predict, identify and solve problems in real time is looking promising. We're looking into it now.
I would rate Splunk an eight out of ten. It has a lot of features and enables us to focus only on our applications and logs. I don't need to worry about the infrastructure behind it.
The best value I get from attending Splunk conferences is getting experts' help for specific use cases.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director, Operations at a hospitality company with 10,001+ employees
Good reliability snf definitely saved us time
Pros and Cons
- "The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance."
- "The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening."
What is our primary use case?
We use it for security investigations and alerting.
What is most valuable?
The most valuable features are reliability and logging. It's in the cloud so it has more stability and easy maintenance.
What needs improvement?
The support from the Splunk team is generally good, but sometimes, there's a lack of coordination between our account reps and the hands-on technical people. This misalignment can lead to issues with getting what we need done and what is happening.
For how long have I used the solution?
I have been using it for about two years.
What do I think about the stability of the solution?
From what I've seen so far, stability has been great.
How are customer service and support?
The actual technical reps we've had have been fair. I'd rate them a seven on a scale from one to ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used LogRhythm. We switched to Splunk. It was an on-prem setup, so it was tough to maintain. It wasn't very reliable, and we always had to deal with hardware issues.
How was the initial setup?
I haven't been hands-on with the deployment, but Splunk's deployment has been smooth. We also have Enterprise Security, which has been a little more difficult.
What was our ROI?
We have not calculated in dollars, but it has definitely saved us time.
Which other solutions did I evaluate?
We evaluated other options. I wasn't directly involved in all the decision-making processes, but from a user standpoint, it was the cost and the future possibilities of adding SOAR that made Splunk Cloud Platform seem like the best option for us.
What other advice do I have?
I would rate it an eight out of ten, mainly due to the difficulty we've had with the Enterprise Security side.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 9, 2024
Flag as inappropriateHead of Cloud at a consultancy with 11-50 employees
Great support, good pricing model, and good integration with various clouds
Pros and Cons
- "Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable."
- "There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that."
What is our primary use case?
I used it in my last organization for monitoring, intrusion detection, and intrusion prevention.
We wanted to take preventative actions so we implemented it.
How has it helped my organization?
The monthly security reports were detailed, and we got to know about a lot of vulnerabilities that we did not know about before.
It integrated well with other systems and applications in our environment. I would rate it a ten out of ten in terms of integration.
Splunk Cloud Platform had a good impact on decision-making processes in our organization.
It was helpful for data access for compliance and privacy regulations. I would rate it a nine out of ten in this aspect.
Splunk Cloud Platform had a very good impact on our organization’s security posture. The resilience that it offered was very important because we were dealing with client data.
For reporting, a lot of manual intervention was required to create the reports, but after that, it worked well.
What is most valuable?
Its interconnectivity with the cloud platforms, such as Azure and AWS, was valuable.
We had multiple cloud environments. It was easy to monitor multiple cloud environments using the Splunk Cloud Platform’s dashboard.
What needs improvement?
Considering its price point, it does not need any improvement. However, it does require manual implementation.
There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that.
For how long have I used the solution?
I worked with this solution for one year and a half.
What do I think about the stability of the solution?
It is stable. I would rate it a ten out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a ten out of ten for scalability and extensibility.
How are customer service and support?
I got great support from them every time. I would rate them a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were not using any similar solution previously.
How was the initial setup?
It was deployed on a public cloud. Its setup was quite complicated. A lot of steps were involved in implementing it.
What about the implementation team?
We had some engineers from Splunk to advise on a couple of things.
We had three people involved in the deployment. They were all cloud engineers.
It did require maintenance. We had one person involved in the maintenance.
What's my experience with pricing, setup cost, and licensing?
It was a good model.
Which other solutions did I evaluate?
We evaluated other solutions, but I do not remember the names. I know there was one from AT&T.
What other advice do I have?
I would rate Splunk Cloud Platform a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Feb 27, 2024
Flag as inappropriateBuyer's Guide
Download our free Splunk Cloud Platform Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Splunk Enterprise Security
Elastic Security
LogRhythm SIEM
Fortinet FortiAnalyzer
SolarWinds Kiwi Syslog Server
Apache Superset
ManageEngine Log360
Coralogix
Check Point Security Management
Microsoft Purview Audit
Amazon Detective
Buyer's Guide
Download our free Splunk Cloud Platform Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What's your experience or opinion about Spotfire vs. Tableau vs. Qlik?
- A journalist is writing a story about which Data Visualization software product to choose. Can you help him?
- What enterprise data analytics platform has the most powerful data visualization capabilities?
- When evaluating Data Visualization, what aspect do you think is the most important to look for?
- What are the best self-service and Excel-like filtering / display tools?
- What data visualization tool/s do you find to be the best?
- How many users on average are licensed users of Data Visualization software in a company?
- Why is Data Visualization important for companies?