Splunk Cloud Platform Reviews

We use the Splunk Cloud Platform for phishing correlations, sifting through data loss prevention information in P2, and threat reporting.

The Splunk Cloud Platform has improved our observability. We can see a lot more information both good and bad, but at least we have the information.

It is important that Splunk Cloud Platform has visibility into our cloud-native environments. It comes to observability. And with the visibility, we're able to link, especially with our cloud environment, with Azure the correlations for threat reporting, correlations for account breaches, and correlations for compromised data ex-filtration that's going in and out.

Splunk Cloud Platform has improved our mean time to resolution. It stepped down our investigation times. An investigation that used to take ten minutes is now down to five or six minutes per incident.

It offers real-time threat detection by continuously analyzing incoming logs and correlations. These trigger pre-defined alerts, and any suspicious activity will be reported within five or six minutes.

Splunk Cloud has saved costs through time savings. I can focus that time on other tasks improving productivity.

We saw time to value within the first month of implementing the Splunk Cloud Platform.

Splunk Unified Platform helps consolidate networking, security, and IT observability tools. We're primarily focusing on the security area and building out the correlations. We haven't moved to the infrastructure side yet. That is something we have on our company roadmap. 

The most valuable feature is the SPL because without it we wouldn't be able to correlate and build our use cases and manage what we have for our data inside Splunk.

The Splunk Cloud Platform deployment process could be improved to reduce the time required.

I have been using Splunk Cloud Platform for three years.

I have not experienced any downtime with the Splunk Cloud Platform.

Splunk Cloud Platform is highly scalable.

The customer support is quick and helpful.

We had an old SIEM through our MSSP Trustwave and through them, we migrated to Splunk.

We made the switch to Splunk because of the usability, and observability. We can build out the product a lot better. We're able to customize it and mold it to our environment.

The deployment took 30 days to complete.

Trustwave and Splunk helped us implement the Splunk Cloud Platform. I was highly satisfied with Trustwave. They were the ones that sold us on Splunk initially.

We have seen ROI through metrics, data points, observability, and time saved. The observability provides visibility into our environment, allowing us to see real-time events and threats in our network and act on them faster.

The pricing was negotiated through Trustwave and for our first contract in three years, we got a good deal.

I would rate the Splunk Cloud Platform ten out of ten. I'm satisfied with what Splunk offers and where it's going, I see the growth path and am happy with that. Splunk answered a lot of what I would like to see in the platform and shortly they will be implementing those things. The platform is stable, can be accessed from anywhere, is easy to use, provides the information we need, and is super powerful.

Our security team uses the Splunk Cloud Platform heavily. We index that data that is relevant to security for over a year. Most of our indexes, we only keep for 30 to 45 days. But for security, we keep it for a year here. It is an essential tool for our security team in investigating incidents and looking at the potential compromises, and exploits, of all those types of things. That's one example.

I'm one of two Splunk Engineers in the organization and almost every department uses Splunk. We create dashboards for different organizations. For example, We have temples all over the world. We produce statistics for the temples about how many people have visited each day, and how many sessions were done in different languages. That type of thing is all done through Splunk dashboards. Our missionary department has over 80,000 missionaries all over the world, statistics about what they are doing and the applications they are using are all done through Splunk.

Splunk Cloud Platform helped remove a lot of that administrative work, but also, it's much easier on the cloud for us to ramp up our SVC units if we see more demand and to be able to add more storage to our indexers. That's one thing for us as administrators that helps to be able to ramp it up quickly. When we were using Splunk Enterprise, that was a much more involved process, but now with Splunk Cloud, it's much easier to ramp that up. My partner and I are good at making sure that all of our users are using Splunk efficiently. We give them training regularly to make sure that their queries are well written, that they're not using indexes they shouldn't be, and that they're using the proper commands to be able to get the information they want. We do have to do this periodically because more and more of our users are using Splunk frequently, and we'll have to talk to a Splunk rep to increase our SVCs. For us, as administrators, that's very helpful.

We monitor multiple cloud environments using Splunk Cloud. It's been quite easy for us. We have an in-house Cloud Foundry and we use AWS and Azure quite a bit. We haven't had problems integrating or monitoring with any of those platforms. It's been great for us.

The end-to-end visibility that Splunk Cloud Platform has in our cloud-native environments is important. We do a lot of correlation across the entire enterprise. We need to have good visibility into all of our logs across all of our cloud Platforms, and in-house on-premise stuff, which we're getting with Splunk.

We use a lot of different monitoring tools, not just Splunk. We use Nagios, ThousandEyes, AppDynamics, and Dynatrace. Splunk is an important part of that. It is a mission-critical application for us. The alerts we set up in Splunk are ones we can't do with the other tools. Every one of those tools is a key piece of what we do as a monitoring team, but what we love about Splunk is that we can create alerts that we can't do with the other tools. That has helped us reduce our mean time to resolution.

The Splunk Cloud Platform has helped improve our organization's business resilience. Splunk helps predict, identify, and solve problems in real-time. What we love about Splunk is its flexibility to pull out data that we can't see in other applications or that the commercial office software has not produced itself. But through the logs and being able to adjust it to Splunk and being able to write the queries that we need to, we can pull that data out, and it helps us to be much more efficient in predicting potential problems because we know our applications well and know the red flags to watch for. We can create the alerts needed to predict when something can potentially go down or have problems.

We have seen cost efficiency by switching to the Splunk Cloud Platform. The biggest part for my partner and me is that Splunk Admins saves us time. I used to be the guy who would patch all of our enterprise indexers, servers, and distribution servers. That would take me quite a bit of time. Even though we had automated scripts that would do a lot of that, it still took a fair chunk of time to go out and do the maintenance and patching required. That freed up a lot of our time, made us a lot more efficient, and allowed us to work on other projects we couldn't do before. I do front-end development for some other products, but I didn't have the time before, and switching to Splunk Cloud has freed us up. Being able to ramp up our SVCs and storage is much easier than it was before. We had to spin up virtual servers, provision them, and ensure licensing. With Splunk Cloud, it's much faster and easier. The total cost of ownership has improved.

Before we started using Splunk Cloud, we were using Splunk Enterprise. My partner and I were spending quite a bit of our time keeping the servers patched, up to date, and running the way that we wanted them to. Now that's all gone with Splunk Cloud. That has freed up a lot of our time so that I can spend most of our time helping people, learning SPL, and helping them with their dashboards, alerts, and reports. Splunk Cloud has helped us to be able to focus on getting more information out of our data. Whereas before, we were doing mostly administrative stuff. Now we don't have to do that anymore.

We're interested in learning more about the new AI features, especially the natural language to SPL conversion. While we jokingly worry these features might replace us, our main focus is helping users understand Splunk and build dashboards. We're curious how these AI features will integrate into our work, how many people will use them, and if there will still be a need for our Splunk expertise. Overall, we're excited to see how AI will impact our work.

I have been using Splunk Cloud Platform for three years.

Splunk Cloud Platform has been extremely stable. In some of the major upgrades, like, when we switched over to version nine there were a few hiccups that caused performance slowdown, but as far as stability, it's been great. In the last year, it's been extremely stable and very performant. It's just in the months after some of the changes over to version nine, we had a few problems, but nothing since then.

We have no concerns about scalability. We frequently upgrade the number of SVC units we require. We're using Splunk Cloud enterprise-wide. We're getting more and more departments using Splunk or asking to use it. Everything is on Splunk on a basic level. Security is a big deal. All our virtual servers, cloud environments, and everything that ties into security are already being adjusted to Splunk. As far as the application level, people want to get more information out of their application or data. We don't have problems, questions, or concerns about scalability. We know it's there.

We have a big instance in the cloud, and we have occasionally had a few issues here and there that took some time to resolve. For the most part, the customer service and resolution of issues have been very responsive from Splunk. We just had a handful of issues here and there but for the most part, the support has been good.

Positive

We have been using Splunk for many years. Before Splunk Cloud, we were using Splunk Enterprise.

The deployment was straightforward because we migrated from Splunk Enterprise on-premises to the Splunk Cloud Platform.

We used an in-house Splunk consultant who worked with us for six to nine months to transition from Enterprise. He was efficient but it was a big process. It took at least six months to fully transition over because of our big footprint.

We saw a return on investment when we switched to the cloud platform from Enterprise. We were able to consolidate everything with the cloud.

We were involved in the renewal process, and our organization does reviews of all our partnerships that we have every two to three years to ensure they are meeting our needs, there isn't a better solution out there, and we won't save money by going somewhere else. It's usually a four to six-week process when reviewing software and partnerships, and every time we go through Splunk, the review only lasts one day. We love Splunk and we're not switching.

I would rate Splunk Cloud Platform ten out of ten.

Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity and ensure security. In cybersecurity, it is important to protect against all malwares, and the platform is effective in searching vulnerabilities or searching threats.

Splunk Cloud Platform's ingest and visualization features help with data reporting. The platform's alerting mechanism is valuable, as there is software that makes alarms in case of attacks. Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity as a question of security to ensure the security.

I think that Splunk Cloud Platform is good, and I rate it seven or eight.

We have worked with Splunk Cloud Platform for approximately three years. We have also been working with Splunk Observability Cloud for approximately three years.

Splunk Cloud Platform is a good platform for us.

The technical support of Splunk is good as well, and they are helpful.

Positive

Implementation has some benefit for the company.

We think that the price of the product is quite reasonable.

We have clients that use Splunk, but we do not use Splunk ourselves. As a person with deployment experience, I find it difficult to answer the question about implementation because we are obliged to have a platform. There are many platforms, and the implementation is not simple, but we have no special difficulties with Splunk. We think that integration of Splunk Cloud Platform with third-party tools is easy to implement. 

I use the solution in my company, and its primary use cases have been related to the log correlation engine. Splunk Cloud Platform can be considered a central ingest point for gathering logs from all over our company's network, after which it is used to take and create reports. Security, detection, dashboards, and similar features are some of the use cases that can be associated with the tool.

The benefits my company has seen from using the tool would be that it gives you more of a single place to look at rather than having to jump from a bunch of different screens to look at current logs, as well as the ability to correlate data amongst different log sources.

Regarding the solution's most valuable features, I think that since many of our company's applications are Splunk-based, they can integrate with other tools within our tech stack, which allows us to expand our use cases.

In our organization, Splunk Cloud Platform provides end-to-end visibility into our cloud-native environment, and it is a very important area where we need visibility within our environment. It is one of the main tools I use for end-to-end visibility.

Splunk Cloud Platform has helped reduce the mean time to resolve. It helps find issues, which can lead to a better mean time to resolve overall. Depending on the detection type, it reduces the mean time to resolve by anywhere from 20 to 50 percent.

My company saw time to value using Splunk Cloud Platform pretty quickly, and we continue to see the value, specifically when we add in new sources and tune-up. In general, it has been pretty quick.

Splunk's unified platform helps consolidate networking, security, and IT observability tools since it gives our company a single platform where we can collect logs from all different sources.

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

I have been using Splunk Cloud Platform for about six years. In general, I have been a Splunk customer for eight years.

I think the stability is pretty good. I haven't noticed any outages.

I think the scalability could be a little bit better because our company runs into some resource constraints that slow down our searches.

When it comes to the solution's technical support, I would say it all depends on what the request is or who is actually responding to our company's queries. We have had some people who have been great, but we have also had times where we had to escalate some issues to get our tickets looked at by someone from the support team. I rate the technical support a five or six out of ten.

Neutral

I think the tool has some scalability issues, especially when used in larger organizations. I feel the searching part gets really slow, which is based on one's resources.

The product's initial setup phase was fairly expensive since my company had to get some professional services to help us with the set up of everything. Overall, the tool freed up some manpower, resources, and hours from our personnel and management, so having the tool in our company made sense. Yeah.

The product's deployment phase was easy.

The solution is deployed using the cloud services offered by AWS.

My company had to get some professional services from a reseller named Resultant to help us with the setup of the tool.

I don't remember whether my company had evaluated other products against Splunk Cloud Platform. In the environment where our company made the switch over, I can say that we are happy with our Splunk usage in general. We just wanted a tool that was more resilient and didn't have to worry about the management on the back end.

My organization monitors one cloud environment with the help of Splunk Cloud Platform. The ease or difficulty of monitoring multiple cloud environments is not something that is applicable to my company.

In terms of Splunk Cloud Platform's ability to help improve our organization's business resilience and predict, identify, and solve problems in real time, I would say it is not possible in real-time. The solution gives our company the ability to do more of a retrospective analysis, which helps us with the current backup.

There are not any cost efficiencies I can think of that I have experienced after switching to Splunk Cloud Platform.

I think Splunk Cloud Platform is still probably one of the best tools out there in the market for enterprise organizations.

I rate the tool a seven to eight out of ten.

We use the Splunk Cloud Platform to log all the network devices, whether it's switches, routers, firewalls, wireless controllers, wireless access points, and applications such as MuleSoft or Adobe AEM. 

The team I manage is small and we don't have much time to maintain the on-prem infrastructure with patches and updates. With Splunk Cloud, we don't have to worry about patches or upgrades. It's always up to date with the latest and greatest features. That's the biggest benefit for us so far. It saves us time and headaches that come along with all the upgrades, patching, and administration of the Platform in general.

Splunk Cloud Platform has more features than the on-premise Splunk Enterprise version that we previously used. My team seems to like the GUI better.

Splunk Cloud Platform's ability to provide end-to-end visibility into our cloud-native environment is extremely important because we don't have any tool that has that feature.

It has sped up our mean time to resolve by 40 to 50 percent compared to the on-premise version of Splunk.

Our on-premises setup used an outdated Splunk version on aging Red Hat seven hardware. Upgrading would have required new Red Hat eight systems and consultant deployment expertise. By going to the cloud, we don't have to worry about hiring consultants or upgrades. That saved us time and money. The pricing that we were given was the same as renewing our maintenance and support for our on-prem version. So it was a no-brainer decision.

As soon as we migrated, my team liked the GUI because it made them more efficient. There are more functions and features that are not available with the on-premise version of Splunk.

We use Splunk Cloud primarily as a troubleshooting tool, so the most valuable features are the analysis and visualization.

Areas of improvement for Splunk Cloud Platform are difficult to say because we're still learning about the platform. I want to have the ability to process the ingestion before it is sent to the back end and Splunk just announced that the feature is coming, so now it just needs to be released.

I have been using the Splunk Cloud Platform for three months.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is easily scaled on the cloud.

The few times we reached out to technical support, they were helpful and able to address the issues.

Positive

We previously used Splunk Enterprise and wanted to stick with Splunk because we feel it is the best product. So switching to the Splunk Cloud Platform was an easy decision for us.

The deployment was not difficult. We had consultants helping us. We thought it was going to take three weeks to migrate from on-premises to the Cloud, and it took half that time. It was a lot easier than we anticipated. And we were able to do most of the work ourselves without using the consultants.

We used Bitzios Consulting to help us with the implementation.

By moving to the Splunk Cloud Platform we saved on having to hire consultants to build a new environment and install it on-premises.

The price for Splunk Cloud Platform is the same as our maintenance costs for Splunk Enterprise on-premises.

I would rate Splunk Cloud Platform nine out of ten. Splunk Cloud offers several advantages in terms of ease of use. Since it's cloud-based, there's no need to worry about infrastructure maintenance, availability, or scalability. New features are automatically available, eliminating the need for manual upgrades and potential downtime that can occur with on-premise installations.

We have AWS and GCP but are using the Splunk Cloud Platform to monitor only the AWS for now.

While we currently use Splunk Cloud, we don't have Splunk security. We plan on implementing Splunk security and that's also going to integrate with all of our Cisco equipment. For now, I can't say that Splunk's unified platform has helped consolidate networking, security, and IT observability, but soon, it will because we'll be able to have one source, one point of reference for all of our logging and security information instead of managing separate tools for different tasks. Once we implement Splunk Security, it will be one single pane of glass where we will have everything.

One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me.

I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time.

We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.

Splunk Cloud saved us a lot of money because we're working with databases like MongoDB and Oracle and using Splunk as a sync tool. It has its own indexes that cut costs by 15 to 20 percent. 

It also improves our decision-making process. In one scenario, we compared the client's data from last year to this April and saw the year-on-year profit and loss. We could see which projects were successful. Compared to another SIEM or monitoring tool, it saved us time because the data is presented in a clean, customizable dashboard. 

In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that. 

If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.

It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview. 

When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be. 

The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.

First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.

Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client. 

I have been using the Splunk Cloud Platform for two years.

I rate Splunk Cloud seven out of 10 for stability. 

I rate Splunk Cloud eight out of 10 for scalability.

I rate Splunk support six out of 10. They're knowledgeable, but their response times are sometimes slow. 

Neutral

We have Prometheus, but that only monitors Grafana and shows you a dashboard. Splunk is not just monitoring or grabbing data you search for. I've worked with cloud and enterprise. When we started using Splunk Cloud, we used it more like a dashboard to search data. Based on my understanding, I could create applications. 

After moving into the enterprise side, I understood Splunk even more, including its components, bucket lifecycles, and how the indexes and configurations work. It's not simply transferring data from one to another. I can grab data from any system that consists of raw data. Splunk can also identify those data in the timestamp index form. We don't have any other vendors to compare it to. 

Deploying Splunk Cloud Platform is straightforward unless you use an automation tool like Ansible, Puppet, or Chef. It takes four to five hours. Installation can take a day in some cases, but it typically can be completed in less than five hours unless you're dealing with more complex data.

Splunk Cloud is affordable, depending on your license. I don't know how much it costs exactly, but my colleague said it depends on your licensing and which features you use. 

I rate Splunk Cloud Platform eight out of 10. I would recommend this product. 

Our Splunk Cloud Platform centralizes logs from all OT assets, allowing OT business units to request various insights. These insights can include how often assets cycle down, memory storage usage, or data consumption over time. They can then configure dashboards to receive alerts based on these specific metrics.

The biggest benefit I have seen using the platform is the alerts because most of our sites are remote in the middle-of-nowhere deserts. If something goes down, they don't have direct eyes on them. Thanks to Splunk's automated alert that notifies us if something is down, we can quickly respond to it before it affects any other systems.

We do have several cloud environments that we're using because we got the Splunk Cloud Platform last month. We are integrating them all into one location, so we are still determining the ease of monitoring all the cloud environments using the Splunk Cloud Platform. Before having Splunk, it was a huge issue because we had to go to different locations. Having it all in one location under Splunk will make it much better for us.

It is important, especially for our cloud team to have end-to-end visibility into our cloud-native environments through Splunk Cloud Platform. The more visibility we have the better it is.

Splunk Cloud Platform has significantly reduced our mean time to resolve because instead of us having to go out to the site or having somebody on the site tell us a few hours later there is an issue, it could be within minutes now that we can resolve the issue. After all, as soon as it goes down, we get the logs, we get notified, and then we can immediately go in and check it out. So it is a significant amount of time that Splunk is helping us reduce for resolution.

Splunk Cloud Platform's ability to predict, identify, and resolve problems in real time has been huge, especially because our business units are operational technologies. They generate revenue for us. That's how our business stays afloat because we're in the energy sector. So If something goes down or if they want a quick dashboard, the biggest thing we're to be using as well besides the alerts is the dashboards showing how quickly we're remediating vulnerabilities and showing where they are vulnerable. That's going to be huge for the business side and will help us a lot.

Splunk Cloud Platform helps consolidate network security and IT observability tools. The cyber group gets all the alerts, but we can direct it to which person we want to send the alert to. That's good because they can go to IT, which is where we're at, Cyber, which can potentially help fix the problem, and then networking too in case something goes down. That is one of the requests is if an on-site asset goes down, the network team can see why it's off the network. So it's good that it spreads out everywhere, and whoever can help fix it can be on top of it.

Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.

The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people. 

I have been using the Splunk Cloud Platform for one month.

Splunk Cloud Platform is stable.

Splunk Cloud Platform can handle terabytes of data.

The support has always been great for the few times I have used it.

Positive

The deployment is super easy. We deployed the Splunk Forwarder file and from there, we have a batch file, a PowerShell file, and it runs in the background. The users don't even know it's being installed.

The implementation was completed in-house.

In regards to a return on investment, the metrics are the biggest thing. Data is everything. The business units enjoy the dashboards that Splunk Cloud presents. And it is quick to present them.

Splunk Cloud Platform fell within our budget so we pulled the trigger and implemented it.

I would rate Splunk Cloud Platform ten out of ten. All the applications I need are readily available in a user-friendly dropdown menu. Exploring them is a breeze, and the platform's speed is impressive.

I work on corporate investigations and incident response. I use Splunk Cloud Platform to investigate user frauds, cases related to malware investigations, and anomalies.

In terms of the benefits of the product, I would say it is my go-to tool. Regarding getting all the data from Windows event logs, and considering the other reporting tools we have in our company like Forcepoint, Proofpoint Email Protection, Office 365, or Microsoft Defender, we have to search and get all the data in one place and to do so, Splunk Cloud Platform is super valuable.

The solution's most valuable features are search, reporting, and dashboards.

Splunk Cloud Platform is useful in our organization's monitoring of multiple cloud environments involving cloud services like AWS. I cannot speak about the ease or difficulty of using the tool to monitor multiple cloud environments since I am not on the administration side.

Considering the product's ease of use, the tool offers me the ability to search all the data and get it in a format before giving it to an investigator so that they can get it in a format they can understand.

The expensive nature of the product is an area of concern that needs to be considered for improvement.

I have been using Splunk Cloud Platform for twelve to fourteen months.

The product has been pretty stable for me. I have never seen any outages in the tool, and it has been a pretty solid solution.

I have no experience with the solution's technical support team.

I was not using any other solution in the past.

I don't know anything about the product's deployment phase.

I know that Splunk Cloud Platform is an expensive product.

I rate the tool a ten out of ten.