I have been working in my current field for two years.
My use cases for Splunk Cloud Platform involve various applications that enhance data management and security.
I use it to streamline operations and improve analytics.
I have been working in my current field for two years.
My use cases for Splunk Cloud Platform involve various applications that enhance data management and security.
I use it to streamline operations and improve analytics.
What I appreciate most about Splunk Cloud Platform is its intuitive user interface, which makes navigation and data analysis efficient.
It has a favorite feature in its reporting capabilities, allowing me to generate insightful reports easily.
What I find challenging about Splunk Cloud Platform is that it occasionally has a steep learning curve for new users.
The platform could improve by offering more comprehensive onboarding resources and tutorials.
I have been working with Splunk Cloud Platform for six to eight months.
Regarding stability, Splunk Cloud Platform performs well with minimal lagging or crashing issues.
Regarding scalability, I find that Splunk Cloud Platform is highly scalable, accommodating growing data needs without major issues.
I have had to contact technical support for Splunk Cloud Platform before, and my experience was quite positive.
If I were to put the technical support on a scale from one to ten, I would rate it an eight for the support.
The initial deployment of Splunk Cloud Platform was somewhat challenging but manageable.
It had complexities that required careful configuration.
As for alternatives, I have used other data analytics tools before, but none quite match the capabilities of Splunk Cloud Platform.
I definitely prefer Splunk Cloud Platform more due to its superior features and support.
I think the app ecosystem for Splunk Cloud Platform is robust, and managing updates within this app ecosystem is relatively easy.
Splunk Cloud Platform's visibility into multiple environments offers excellent monitoring capabilities, whether I am using it in the cloud, on-premises, or in hybrid environments.
I leverage it primarily for cloud infrastructure.
Regarding Splunk Cloud Platform's zero-setup feature for AI models, my impression is that it is truly innovative and simplifies the integration of AI into my workflow, although I have not used it extensively.
Regarding the pricing, I think Splunk Cloud Platform is on the higher end, but the value it provides justifies the cost.
I would rate this product an eight overall.
Currently, I am working with Splunk Cloud Platform and other things for my clients.
I have been working with Splunk Cloud Platform for around 2 years now while integrating it.
What I appreciate about Splunk Cloud Platform is that it's an AI-driven SIEM platform, and for data fusion stock, we require Splunk Cloud Platform because none other than Splunk Cloud Platform can have this data-driven stock implemented; it allows you to get into the data repository.
The real-time search capability of this product enhances operational decision-making, and it's very convincing; this aspect is very convincing from Splunk Cloud Platform's side.
The disadvantage of Splunk Cloud Platform is that its integration process should be improved.
The challenges I have encountered while integrating Splunk Cloud Platform include that integration is a bit difficult due to the coding required for the integrations.
I have been working with Splunk Cloud Platform for around 2 years now while integrating it.
I would say that it was a bit difficult to deploy Splunk Cloud Platform; the user interface is easy, but deployment is difficult because it needs coding to integrate things.
I think it's a scalable solution; it's pretty much scalable.
I can rate the technical support of Splunk Cloud Platform as eight; they are quite helpful.
Positive
We are system integrators, but the client chose another vendor instead of NNTT.
The deployment took around 3 to 4 months.
Three people took part in deployment from my side.
It was indeed a huge deployment; it was one of the banks in Pakistan, so we required three resources to get it done.
Splunk Cloud Platform has impacted operational costs; it's a bit expensive, but it provides value for money.
If I were to rate the price for the product from 1 to 10, I would rate it nine.
I am currently working with the solution, but I need to know from which NNTT.
The interface is okay; its interface is good, and user interface is good.
I would recommend Splunk Cloud Platform to other users and organizations because it adds value to the organization; you can do different things with it because it's a pure analytical tool, not only a SIEM tool.
I am mostly focused on Splunk Cloud Platform because I chose this vendor due to the feature set that was offered by Splunk Cloud Platform; it was not being offered by any other vendor.
Splunk Cloud Platform is the vendor I am referring to, not NNTT.
Maintenance for Splunk Cloud Platform has been done manually, not automatically.
Usually, one person takes part in maintenance.
Regarding the number of users for Splunk Cloud Platform, it involves discussing the number of organizations or the number of people working in those organizations.
In general, I would rate Splunk Cloud Platform a nine.
We use the Splunk Cloud Platform for phishing correlations, sifting through data loss prevention information in P2, and threat reporting.
The Splunk Cloud Platform has improved our observability. We can see a lot more information both good and bad, but at least we have the information.
It is important that Splunk Cloud Platform has visibility into our cloud-native environments. It comes to observability. And with the visibility, we're able to link, especially with our cloud environment, with Azure the correlations for threat reporting, correlations for account breaches, and correlations for compromised data ex-filtration that's going in and out.
Splunk Cloud Platform has improved our mean time to resolution. It stepped down our investigation times. An investigation that used to take ten minutes is now down to five or six minutes per incident.
It offers real-time threat detection by continuously analyzing incoming logs and correlations. These trigger pre-defined alerts, and any suspicious activity will be reported within five or six minutes.
Splunk Cloud has saved costs through time savings. I can focus that time on other tasks improving productivity.
We saw time to value within the first month of implementing the Splunk Cloud Platform.
Splunk Unified Platform helps consolidate networking, security, and IT observability tools. We're primarily focusing on the security area and building out the correlations. We haven't moved to the infrastructure side yet. That is something we have on our company roadmap.
The most valuable feature is the SPL because without it we wouldn't be able to correlate and build our use cases and manage what we have for our data inside Splunk.
The Splunk Cloud Platform deployment process could be improved to reduce the time required.
I have been using Splunk Cloud Platform for three years.
I have not experienced any downtime with the Splunk Cloud Platform.
Splunk Cloud Platform is highly scalable.
The customer support is quick and helpful.
Positive
We had an old SIEM through our MSSP Trustwave and through them, we migrated to Splunk.
We made the switch to Splunk because of the usability, and observability. We can build out the product a lot better. We're able to customize it and mold it to our environment.
The deployment took 30 days to complete.
Trustwave and Splunk helped us implement the Splunk Cloud Platform. I was highly satisfied with Trustwave. They were the ones that sold us on Splunk initially.
We have seen ROI through metrics, data points, observability, and time saved. The observability provides visibility into our environment, allowing us to see real-time events and threats in our network and act on them faster.
The pricing was negotiated through Trustwave and for our first contract in three years, we got a good deal.
I would rate the Splunk Cloud Platform ten out of ten. I'm satisfied with what Splunk offers and where it's going, I see the growth path and am happy with that. Splunk answered a lot of what I would like to see in the platform and shortly they will be implementing those things. The platform is stable, can be accessed from anywhere, is easy to use, provides the information we need, and is super powerful.
Our security team uses the Splunk Cloud Platform heavily. We index that data that is relevant to security for over a year. Most of our indexes, we only keep for 30 to 45 days. But for security, we keep it for a year here. It is an essential tool for our security team in investigating incidents and looking at the potential compromises, and exploits, of all those types of things. That's one example.
I'm one of two Splunk Engineers in the organization and almost every department uses Splunk. We create dashboards for different organizations. For example, We have temples all over the world. We produce statistics for the temples about how many people have visited each day, and how many sessions were done in different languages. That type of thing is all done through Splunk dashboards. Our missionary department has over 80,000 missionaries all over the world, statistics about what they are doing and the applications they are using are all done through Splunk.
Splunk Cloud Platform helped remove a lot of that administrative work, but also, it's much easier on the cloud for us to ramp up our SVC units if we see more demand and to be able to add more storage to our indexers. That's one thing for us as administrators that helps to be able to ramp it up quickly. When we were using Splunk Enterprise, that was a much more involved process, but now with Splunk Cloud, it's much easier to ramp that up. My partner and I are good at making sure that all of our users are using Splunk efficiently. We give them training regularly to make sure that their queries are well written, that they're not using indexes they shouldn't be, and that they're using the proper commands to be able to get the information they want. We do have to do this periodically because more and more of our users are using Splunk frequently, and we'll have to talk to a Splunk rep to increase our SVCs. For us, as administrators, that's very helpful.
We monitor multiple cloud environments using Splunk Cloud. It's been quite easy for us. We have an in-house Cloud Foundry and we use AWS and Azure quite a bit. We haven't had problems integrating or monitoring with any of those platforms. It's been great for us.
The end-to-end visibility that Splunk Cloud Platform has in our cloud-native environments is important. We do a lot of correlation across the entire enterprise. We need to have good visibility into all of our logs across all of our cloud Platforms, and in-house on-premise stuff, which we're getting with Splunk.
We use a lot of different monitoring tools, not just Splunk. We use Nagios, ThousandEyes, AppDynamics, and Dynatrace. Splunk is an important part of that. It is a mission-critical application for us. The alerts we set up in Splunk are ones we can't do with the other tools. Every one of those tools is a key piece of what we do as a monitoring team, but what we love about Splunk is that we can create alerts that we can't do with the other tools. That has helped us reduce our mean time to resolution.
The Splunk Cloud Platform has helped improve our organization's business resilience. Splunk helps predict, identify, and solve problems in real-time. What we love about Splunk is its flexibility to pull out data that we can't see in other applications or that the commercial office software has not produced itself. But through the logs and being able to adjust it to Splunk and being able to write the queries that we need to, we can pull that data out, and it helps us to be much more efficient in predicting potential problems because we know our applications well and know the red flags to watch for. We can create the alerts needed to predict when something can potentially go down or have problems.
We have seen cost efficiency by switching to the Splunk Cloud Platform. The biggest part for my partner and me is that Splunk Admins saves us time. I used to be the guy who would patch all of our enterprise indexers, servers, and distribution servers. That would take me quite a bit of time. Even though we had automated scripts that would do a lot of that, it still took a fair chunk of time to go out and do the maintenance and patching required. That freed up a lot of our time, made us a lot more efficient, and allowed us to work on other projects we couldn't do before. I do front-end development for some other products, but I didn't have the time before, and switching to Splunk Cloud has freed us up. Being able to ramp up our SVCs and storage is much easier than it was before. We had to spin up virtual servers, provision them, and ensure licensing. With Splunk Cloud, it's much faster and easier. The total cost of ownership has improved.
Before we started using Splunk Cloud, we were using Splunk Enterprise. My partner and I were spending quite a bit of our time keeping the servers patched, up to date, and running the way that we wanted them to. Now that's all gone with Splunk Cloud. That has freed up a lot of our time so that I can spend most of our time helping people, learning SPL, and helping them with their dashboards, alerts, and reports. Splunk Cloud has helped us to be able to focus on getting more information out of our data. Whereas before, we were doing mostly administrative stuff. Now we don't have to do that anymore.
We're interested in learning more about the new AI features, especially the natural language to SPL conversion. While we jokingly worry these features might replace us, our main focus is helping users understand Splunk and build dashboards. We're curious how these AI features will integrate into our work, how many people will use them, and if there will still be a need for our Splunk expertise. Overall, we're excited to see how AI will impact our work.
I have been using Splunk Cloud Platform for three years.
Splunk Cloud Platform has been extremely stable. In some of the major upgrades, like, when we switched over to version nine there were a few hiccups that caused performance slowdown, but as far as stability, it's been great. In the last year, it's been extremely stable and very performant. It's just in the months after some of the changes over to version nine, we had a few problems, but nothing since then.
We have no concerns about scalability. We frequently upgrade the number of SVC units we require. We're using Splunk Cloud enterprise-wide. We're getting more and more departments using Splunk or asking to use it. Everything is on Splunk on a basic level. Security is a big deal. All our virtual servers, cloud environments, and everything that ties into security are already being adjusted to Splunk. As far as the application level, people want to get more information out of their application or data. We don't have problems, questions, or concerns about scalability. We know it's there.
We have a big instance in the cloud, and we have occasionally had a few issues here and there that took some time to resolve. For the most part, the customer service and resolution of issues have been very responsive from Splunk. We just had a handful of issues here and there but for the most part, the support has been good.
Positive
We have been using Splunk for many years. Before Splunk Cloud, we were using Splunk Enterprise.
The deployment was straightforward because we migrated from Splunk Enterprise on-premises to the Splunk Cloud Platform.
We used an in-house Splunk consultant who worked with us for six to nine months to transition from Enterprise. He was efficient but it was a big process. It took at least six months to fully transition over because of our big footprint.
We saw a return on investment when we switched to the cloud platform from Enterprise. We were able to consolidate everything with the cloud.
We were involved in the renewal process, and our organization does reviews of all our partnerships that we have every two to three years to ensure they are meeting our needs, there isn't a better solution out there, and we won't save money by going somewhere else. It's usually a four to six-week process when reviewing software and partnerships, and every time we go through Splunk, the review only lasts one day. We love Splunk and we're not switching.
I would rate Splunk Cloud Platform ten out of ten.
Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity and ensure security. In cybersecurity, it is important to protect against all malwares, and the platform is effective in searching vulnerabilities or searching threats.
Splunk Cloud Platform's ingest and visualization features help with data reporting. The platform's alerting mechanism is valuable, as there is software that makes alarms in case of attacks. Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity as a question of security to ensure the security.
I think that Splunk Cloud Platform is good, and I rate it seven or eight.
We have worked with Splunk Cloud Platform for approximately three years. We have also been working with Splunk Observability Cloud for approximately three years.
Splunk Cloud Platform is a good platform for us.
The technical support of Splunk is good as well, and they are helpful.
Positive
Implementation has some benefit for the company.
We think that the price of the product is quite reasonable.
We have clients that use Splunk, but we do not use Splunk ourselves. As a person with deployment experience, I find it difficult to answer the question about implementation because we are obliged to have a platform. There are many platforms, and the implementation is not simple, but we have no special difficulties with Splunk. We think that integration of Splunk Cloud Platform with third-party tools is easy to implement.
We use the Splunk Cloud Platform to log all the network devices, whether it's switches, routers, firewalls, wireless controllers, wireless access points, and applications such as MuleSoft or Adobe AEM.
The team I manage is small and we don't have much time to maintain the on-prem infrastructure with patches and updates. With Splunk Cloud, we don't have to worry about patches or upgrades. It's always up to date with the latest and greatest features. That's the biggest benefit for us so far. It saves us time and headaches that come along with all the upgrades, patching, and administration of the Platform in general.
Splunk Cloud Platform has more features than the on-premise Splunk Enterprise version that we previously used. My team seems to like the GUI better.
Splunk Cloud Platform's ability to provide end-to-end visibility into our cloud-native environment is extremely important because we don't have any tool that has that feature.
It has sped up our mean time to resolve by 40 to 50 percent compared to the on-premise version of Splunk.
Our on-premises setup used an outdated Splunk version on aging Red Hat seven hardware. Upgrading would have required new Red Hat eight systems and consultant deployment expertise. By going to the cloud, we don't have to worry about hiring consultants or upgrades. That saved us time and money. The pricing that we were given was the same as renewing our maintenance and support for our on-prem version. So it was a no-brainer decision.
As soon as we migrated, my team liked the GUI because it made them more efficient. There are more functions and features that are not available with the on-premise version of Splunk.
We use Splunk Cloud primarily as a troubleshooting tool, so the most valuable features are the analysis and visualization.
Areas of improvement for Splunk Cloud Platform are difficult to say because we're still learning about the platform. I want to have the ability to process the ingestion before it is sent to the back end and Splunk just announced that the feature is coming, so now it just needs to be released.
I have been using the Splunk Cloud Platform for three months.
Splunk Cloud Platform is stable.
Splunk Cloud Platform is easily scaled on the cloud.
The few times we reached out to technical support, they were helpful and able to address the issues.
Positive
We previously used Splunk Enterprise and wanted to stick with Splunk because we feel it is the best product. So switching to the Splunk Cloud Platform was an easy decision for us.
The deployment was not difficult. We had consultants helping us. We thought it was going to take three weeks to migrate from on-premises to the Cloud, and it took half that time. It was a lot easier than we anticipated. And we were able to do most of the work ourselves without using the consultants.
We used Bitzios Consulting to help us with the implementation.
By moving to the Splunk Cloud Platform we saved on having to hire consultants to build a new environment and install it on-premises.
The price for Splunk Cloud Platform is the same as our maintenance costs for Splunk Enterprise on-premises.
I would rate Splunk Cloud Platform nine out of ten. Splunk Cloud offers several advantages in terms of ease of use. Since it's cloud-based, there's no need to worry about infrastructure maintenance, availability, or scalability. New features are automatically available, eliminating the need for manual upgrades and potential downtime that can occur with on-premise installations.
We have AWS and GCP but are using the Splunk Cloud Platform to monitor only the AWS for now.
While we currently use Splunk Cloud, we don't have Splunk security. We plan on implementing Splunk security and that's also going to integrate with all of our Cisco equipment. For now, I can't say that Splunk's unified platform has helped consolidate networking, security, and IT observability, but soon, it will because we'll be able to have one source, one point of reference for all of our logging and security information instead of managing separate tools for different tasks. Once we implement Splunk Security, it will be one single pane of glass where we will have everything.
One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me.
I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time.
We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.
Splunk Cloud saved us a lot of money because we're working with databases like MongoDB and Oracle and using Splunk as a sync tool. It has its own indexes that cut costs by 15 to 20 percent.
It also improves our decision-making process. In one scenario, we compared the client's data from last year to this April and saw the year-on-year profit and loss. We could see which projects were successful. Compared to another SIEM or monitoring tool, it saved us time because the data is presented in a clean, customizable dashboard.
In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that.
If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.
It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview.
When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be.
The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.
First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.
Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client.
I have been using the Splunk Cloud Platform for two years.
I rate Splunk Cloud seven out of 10 for stability.
I rate Splunk Cloud eight out of 10 for scalability.
I rate Splunk support six out of 10. They're knowledgeable, but their response times are sometimes slow.
Neutral
We have Prometheus, but that only monitors Grafana and shows you a dashboard. Splunk is not just monitoring or grabbing data you search for. I've worked with cloud and enterprise. When we started using Splunk Cloud, we used it more like a dashboard to search data. Based on my understanding, I could create applications.
After moving into the enterprise side, I understood Splunk even more, including its components, bucket lifecycles, and how the indexes and configurations work. It's not simply transferring data from one to another. I can grab data from any system that consists of raw data. Splunk can also identify those data in the timestamp index form. We don't have any other vendors to compare it to.
Deploying Splunk Cloud Platform is straightforward unless you use an automation tool like Ansible, Puppet, or Chef. It takes four to five hours. Installation can take a day in some cases, but it typically can be completed in less than five hours unless you're dealing with more complex data.
Splunk Cloud is affordable, depending on your license. I don't know how much it costs exactly, but my colleague said it depends on your licensing and which features you use.
I rate Splunk Cloud Platform eight out of 10. I would recommend this product.
Our Splunk Cloud Platform centralizes logs from all OT assets, allowing OT business units to request various insights. These insights can include how often assets cycle down, memory storage usage, or data consumption over time. They can then configure dashboards to receive alerts based on these specific metrics.
The biggest benefit I have seen using the platform is the alerts because most of our sites are remote in the middle-of-nowhere deserts. If something goes down, they don't have direct eyes on them. Thanks to Splunk's automated alert that notifies us if something is down, we can quickly respond to it before it affects any other systems.
We do have several cloud environments that we're using because we got the Splunk Cloud Platform last month. We are integrating them all into one location, so we are still determining the ease of monitoring all the cloud environments using the Splunk Cloud Platform. Before having Splunk, it was a huge issue because we had to go to different locations. Having it all in one location under Splunk will make it much better for us.
It is important, especially for our cloud team to have end-to-end visibility into our cloud-native environments through Splunk Cloud Platform. The more visibility we have the better it is.
Splunk Cloud Platform has significantly reduced our mean time to resolve because instead of us having to go out to the site or having somebody on the site tell us a few hours later there is an issue, it could be within minutes now that we can resolve the issue. After all, as soon as it goes down, we get the logs, we get notified, and then we can immediately go in and check it out. So it is a significant amount of time that Splunk is helping us reduce for resolution.
Splunk Cloud Platform's ability to predict, identify, and resolve problems in real time has been huge, especially because our business units are operational technologies. They generate revenue for us. That's how our business stays afloat because we're in the energy sector. So If something goes down or if they want a quick dashboard, the biggest thing we're to be using as well besides the alerts is the dashboards showing how quickly we're remediating vulnerabilities and showing where they are vulnerable. That's going to be huge for the business side and will help us a lot.
Splunk Cloud Platform helps consolidate network security and IT observability tools. The cyber group gets all the alerts, but we can direct it to which person we want to send the alert to. That's good because they can go to IT, which is where we're at, Cyber, which can potentially help fix the problem, and then networking too in case something goes down. That is one of the requests is if an on-site asset goes down, the network team can see why it's off the network. So it's good that it spreads out everywhere, and whoever can help fix it can be on top of it.
Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.
The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people.
I have been using the Splunk Cloud Platform for one month.
Splunk Cloud Platform is stable.
Splunk Cloud Platform can handle terabytes of data.
The support has always been great for the few times I have used it.
Positive
The deployment is super easy. We deployed the Splunk Forwarder file and from there, we have a batch file, a PowerShell file, and it runs in the background. The users don't even know it's being installed.
The implementation was completed in-house.
In regards to a return on investment, the metrics are the biggest thing. Data is everything. The business units enjoy the dashboards that Splunk Cloud presents. And it is quick to present them.
Splunk Cloud Platform fell within our budget so we pulled the trigger and implemented it.
I would rate Splunk Cloud Platform ten out of ten. All the applications I need are readily available in a user-friendly dropdown menu. Exploring them is a breeze, and the platform's speed is impressive.
I work on corporate investigations and incident response. I use Splunk Cloud Platform to investigate user frauds, cases related to malware investigations, and anomalies.
In terms of the benefits of the product, I would say it is my go-to tool. Regarding getting all the data from Windows event logs, and considering the other reporting tools we have in our company like Forcepoint, Proofpoint Email Protection, Office 365, or Microsoft Defender, we have to search and get all the data in one place and to do so, Splunk Cloud Platform is super valuable.
The solution's most valuable features are search, reporting, and dashboards.
Splunk Cloud Platform is useful in our organization's monitoring of multiple cloud environments involving cloud services like AWS. I cannot speak about the ease or difficulty of using the tool to monitor multiple cloud environments since I am not on the administration side.
Considering the product's ease of use, the tool offers me the ability to search all the data and get it in a format before giving it to an investigator so that they can get it in a format they can understand.
The expensive nature of the product is an area of concern that needs to be considered for improvement.
I have been using Splunk Cloud Platform for twelve to fourteen months.
The product has been pretty stable for me. I have never seen any outages in the tool, and it has been a pretty solid solution.
I have no experience with the solution's technical support team.
I was not using any other solution in the past.
I don't know anything about the product's deployment phase.
I know that Splunk Cloud Platform is an expensive product.
I rate the tool a ten out of ten.
We utilize the Splunk Cloud Platform for log ingestion related to security and troubleshooting purposes.
Splunk Cloud Platform helps us with our security incident response. The cloud security logs are integrated with all the cloud providers.
The federated search feature enables us to search between Europe and the US, from one Splunk instance to another, all from a single location. This federated search simplifies how we handle data, making it easy to swiftly search for and manage information.
We monitor several cloud environments and find it easy to utilize the Splunk Cloud Platform for this purpose. Each cloud provider offers its own prebuilt dashboard, or customers can create their own.
The Splunk Cloud Platform offers excellent visibility into multiple environments. In the past, we utilized hybrid integrations, and they seamlessly worked right out of the box.
The reporting functionality provided by the Splunk Cloud Platform resembles that of the on-premise platform. It is readily available without requiring integration or the installation of reporting visualizations.
From a security standpoint, the Splunk Cloud Platform provides us with comprehensive visibility into all security logs. This enables us to implement security incident responses with great efficiency. Additionally, we have discovered that internal employees, such as product teams, are utilizing the platform as intended for various other use cases. For instance, it has proven valuable in troubleshooting performance issues and monitoring within Kubernetes. As such, we are leveraging a wide array of use cases within the company.
Splunk is a highly mature software that has been in the market for many years, which greatly influenced our decision-making process. Another factor was the user-friendly nature of the latest version, making it easy to initiate. We don't require a large workforce for installing components; it's as simple as out-of-the-box. Consequently, minimal time investment is needed for training.
The Splunk Cloud Platform assists us in accessing data to meet critical compliance and privacy regulations. For instance, this is particularly important for regulations such as GDPR and HIPAA. We are utilizing Splunk Cloud with a specific focus on HIPAA compliance, allocating extra attention to this aspect. In the case of GDPR, Splunk offers a range of built-in capabilities. For instance, it allows for log masking. Moreover, there are novel features available in Splunk Cloud, such as ingest actions. This feature is exceptionally useful as it enables us to mask the data before it's ingested into Splunk. Consequently, this approach ensures our adherence to compliance regulations, exemplified by GDPR.
The Splunk Cloud Platform has had a significant impact on our organization's security posture. It serves as our primary visibility tool and is the main source of trust for all login activities. Without Splunk, we would lose essential visibility and access to security updates. Currently, Splunk stands as one of the primary tools we utilize due to its utmost importance.
The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based.
The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps.
The Splunk Cloud Platform is not a very mature solution; it has only been on the market for four or five years. While they have made significant improvements, there are still limitations, such as the absence of CLI access. Therefore, there are several limitations that still exist with the CLI.
The standard support has room for improvement.
I have been using Splunk Cloud Platform for four years.
The Splunk Cloud Platform offers 99.9 percent availability, ensuring that we never experience downtime.
I would give Splunk Cloud Platforms' scalability an eight out of ten.
Technical support needs more knowledgeable people.
Neutral
We used Sumo Logic in the past, but it wasn't an enterprise-grade solution, so it couldn't support the scale we required. Additionally, Sumo Logic lacked support for many integrations. The Splunk Cloud Platform fulfills our scaling requirements and integration needs. Moreover, our team possesses skills that align well with Splunk, making it a better fit for us.
The Initial deployment was very straightforward because we had the skills. But I would not say that this is straightforward without the skills. We need to learn at least the basics.
The deployment took six months to create this multi-tenant environment because it's a highly specialized setting. It's distinct from a typical Splunk deployment that might only take a day or two. However, the process of configuring, migrating all the data from Sumo Logic to the new Splunk Cloud, and setting up the multi-tenant system along with product dashboards, required approximately six months of effort on our part.
We utilize Splunk in a multi-tenant manner, wherein we allocate costs back to the product teams in each department based on their usage. We are a healthcare company engaged in the development of healthcare applications tailored for doctors and hospitals. Splunk plays a pivotal role in assisting us with this endeavor. I would estimate that we have experienced a return on investment of approximately 30 to 40 percent.
The cost of the Splunk Cloud Platform is high, and in addition to the standard licensing fee, we also have a premium support fee.
Now, we are paying less because, instead of being charged based on ingestion, we are paying for SVCs, which stands for Splunk Virtual Compute. This implies that our costs have decreased. Despite ingesting a larger volume of logs, our expenses are lower than they were before. However, it's important to note that if our usage of the tool increases, our expenses will also increase. Therefore, this represents a distinct licensing model from Splunk's.
I would give Splunk Cloud Platform an eight out of ten. Splunk Cloud has shown significant improvement over the past four years, and I highly recommend it.
We operate two distinct Splunk Cloud platforms: one in Europe and another in the US. These platforms are linked through a federated search. This setup ensures that specific data, such as European data stored in the AWS cloud, is directed to the European Splunk platform, while data from the US Cloud is directed to the US Splunk platform. However, it's worth noting that all users primarily log into the Splunk US Cloud. From this point, they have the capability to transmit data to the Splunk Europe platform.
We have around 400 users.
The maintenance is primarily conducted by Splunk on the backend, and any on-premises maintenance we perform has been reduced by 80 percent.
The value that Resilience provides for SIEM solutions is significant for us. Therefore, if we inquire with various customers, they might provide different perspectives. However, concerning security, this holds substantial value. I would assert that it's the primary tool in our arsenal; indeed, we do possess other security tools, but the most frequently utilized one, which also delivers the utmost value, is undoubtedly Splunk.
The method to expand a SIEM system is achieved by extending the licenses. This expansion enables greater capabilities, increased log retention, and the ability to process more logs. In our specific scenario, we were previously restricted by the capacity of the ingest license. Our log ingestion was limited to, for instance, one terabyte per day. However, with the introduction of this new licensing model that's based on CPU usage, we now have the flexibility to ingest any amount of data while paying according to our actual tool usage. Consequently, if we intend to expand for additional servers, we simply need to contact Splunk and communicate our requirement for increased server capacity to enhance system performance. This process is streamlined because we aren't required to take any additional actions ourselves.
I would highly recommend Splunk Cloud because we don't require personnel for maintenance or server installation and management, as all these backend tasks are taken care of. Additionally, for those who are currently using a competitor of Splunk for SIEM purposes, I would also recommend transitioning to Splunk if they have the budget for it.
