Splunk Cloud Platform Reviews

One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me.

I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time.

We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.

Splunk Cloud saved us a lot of money because we're working with databases like MongoDB and Oracle and using Splunk as a sync tool. It has its own indexes that cut costs by 15 to 20 percent. 

It also improves our decision-making process. In one scenario, we compared the client's data from last year to this April and saw the year-on-year profit and loss. We could see which projects were successful. Compared to another SIEM or monitoring tool, it saved us time because the data is presented in a clean, customizable dashboard. 

In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that. 

If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.

It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview. 

When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be. 

The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.

First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.

Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client. 

I have been using the Splunk Cloud Platform for two years.

I rate Splunk Cloud seven out of 10 for stability. 

I rate Splunk Cloud eight out of 10 for scalability.

I rate Splunk support six out of 10. They're knowledgeable, but their response times are sometimes slow. 

Neutral

We have Prometheus, but that only monitors Grafana and shows you a dashboard. Splunk is not just monitoring or grabbing data you search for. I've worked with cloud and enterprise. When we started using Splunk Cloud, we used it more like a dashboard to search data. Based on my understanding, I could create applications. 

After moving into the enterprise side, I understood Splunk even more, including its components, bucket lifecycles, and how the indexes and configurations work. It's not simply transferring data from one to another. I can grab data from any system that consists of raw data. Splunk can also identify those data in the timestamp index form. We don't have any other vendors to compare it to. 

Deploying Splunk Cloud Platform is straightforward unless you use an automation tool like Ansible, Puppet, or Chef. It takes four to five hours. Installation can take a day in some cases, but it typically can be completed in less than five hours unless you're dealing with more complex data.

Splunk Cloud is affordable, depending on your license. I don't know how much it costs exactly, but my colleague said it depends on your licensing and which features you use. 

I rate Splunk Cloud Platform eight out of 10. I would recommend this product. 

We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.

The most valuable feature of Splunk Cloud Platform is the alerting feature.

Currently, Splunk Cloud Platform is very easy to use and read. The solution's visualization for the end users is also good. However, setting up the solution or an alert is not straightforward. There's a lot of incompatibility and areas that you have to consider while setting up the solution.

All those things make setting up the solution very complex for regular people who know the business operation. So, they have to hire a third party or a technical person who doesn't understand the business to set it up for them, which usually creates a gap.

When someone who cares about the business and understands its operation sets up the solution, they would set it right. There's always a gap when a technical person or third party sets it up. It may lead to many workarounds to fix issues like alert fatigue or false security. Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly.

I have been using Splunk Cloud Platform for four to five years.

Splunk Cloud Platform is pretty stable, and I don't have any issues.

Splunk Cloud Platform is a scalable solution.

I usually go to forums and discussions to get answers to my issues. You might need a Splunk account username to talk to technical support. When most users I have talked to face a problem, they Google it. I don't know if the technical support would provide you with support if you were stuck.

I have previously used different solutions like DataStage, Datadog, Grafana, and ClickView.

We evaluated other options before choosing the Splunk Cloud Platform. But when a company buys Splunk services, the end users have to use what they have as a resource.

Splunk Cloud Platform is a really good tool for getting alerts and better information about incident management and maintenance. Because of the solution's complex setup, most alerts are set by developers or people who create multiple unnecessary alerts, creating alert fatigue. Compared to other systems, like Dynatrace, Splunk Cloud Platform is not a smart system for analyzing alerts.

As a project manager, I oversee the process of contacting the concerned parties, knowing what needs to be monitored and why they need the alerting mechanism. I was not directly involved in the scripting and adding Splunk Cloud Platform in the back end.

As business requirements change, Splunk Cloud Platform needs maintenance in terms of setting up different parameters, which is not an easy task.

Everybody uses the Splunk Cloud Platform in a different way. I would advise users to share their experiences about technical difficulties in the forums and community. Sometimes, others might go through the same problem without much documentation, and sharing your technical problems might help others.

Overall, I rate Splunk Cloud Platform a seven out of ten.

We use Splunk Cloud Platform to monitor our environment.

Monitoring multiple cloud environments is made easy with the Splunk Cloud Platform due to its fast ingestion and data recovery times.

Splunk's visibility into multiple environments is excellent. I have found that a hybrid environment works the best, as the login portion remains on-premises while the rest is in the cloud. This reduces the maintenance required on-premises.

There are two types of integration. The first involves bringing something into Splunk, while the second entails moving something out of Splunk. Bringing data into Splunk is relatively straightforward, with multiple options such as RAS, SysLog, and Splunk's built-in functions. However, exporting data from Splunk is more challenging and not as straightforward as the process of bringing data into Splunk.

Splunk Cloud Platform has influenced our decision-making processes. Splunk is primarily employed for security purposes; thus, it excels particularly in SIM. It encompasses an asset and identity framework that effectively gathers information about an organization's assets and individual identities, encompassing all users. Therefore, when considering Unified Business and SIM, Splunk proves to be highly proficient. 

The cloud performance is good.

Not having to perform any maintenance because it is handled by Splunk saves our administrators time which is valuable.

Splunk should offer various options for real-time monitoring. If we could enhance the speed of data ingestion or data retrieval, that would be an added advantage. Additionally, there is room for improvement in SaaS-to-SaaS integration. I believe that reintroducing HTML dashboards would be beneficial, as they provide dedicated web features. This, in turn, gives users the flexibility and freedom to create custom dashboards more easily.

I have been using Splunk Cloud Platform for five years.

I would rate the stability of the Splunk Cloud Platform as an eight out of ten. We still encounter some lagging and errors, but not as much as with the on-premises deployment.

I occasionally get in touch with Splunk technical support, usually regarding data onboarding. These include routine activities like installing or uninstalling applications, as well as making changes to existing ones. On average, we submit at least one ticket per week to them.

Positive

I have used many tools including Elastic, Grafana, Tableau, and Sumo Logic.

Splunk is indeed superior in many cases, but other tools are also making progress to catch up, with Elastic being one of them. They have begun developing their own SIM offering, complete with its own SIM features. Similar to Splunk Cloud, Elastic also has its Elastic Cloud Stack. Some of the features provided by Elastic seem to outperform Splunk. Therefore, there is room for Splunk to enhance these aspects. As for pricing, it could be more competitive, considering that other tools also provide the freedom to choose the Cloud Stack. Although Splunk offers this flexibility, the process often involves extensive discussions, making it less adaptable compared to other tools.

The initial setup is somewhat complex regarding the CI/CD pipeline, and Splunk manages the deployment. Splunk provides a feature called ACS, which enables us to manage the deployment ourselves if desired, but it's simpler to have Splunk handle the deployment on our behalf.

The deployment took around one month and required ten people from Splunk's DevOps team.

The implementation was completed by Splunk.

The pricing is high for small organizations. The cost makes more sense for organizations that have a large amount of data ranges.

I would rate Splunk Cloud Platform an eight out of ten.

There are numerous tools that offer real-time reporting and alerting capabilities. Splunk is indeed effective, but due to the prerequisite of registering logs beforehand, a delay is inevitably introduced. Therefore, while Splunk is suitable for real-time reporting alerts, it may not be as optimal as some alternative solutions.

Resilience has added value and contributed to the improvement of our organization. This is highly significant. In most cases, the SOC team relies on the tool for issue mitigation and ticket resolution. Therefore, it is crucial for Splunk to remain consistently up-to-date and respond as quickly as possible. This holds immense importance.

The extensibility is good, but there is room for improvement, especially in integrating certain logs. Enhancing the process of incorporating raised logs is possible. In most cases now there are limitations on log creation. Previously, a direct option existed to import logs. However, this process has been altered, requiring users to develop an add-on for log integration, leading to increased complexity. Furthermore, users are expected to have knowledge of Python. This can be problematic in cases where users lack such expertise. Therefore, this aspect could certainly be enhanced.

For those who want to evaluate Splunk, it comes down to the volume of data. If they are dealing with a substantial amount of data flowing into their SIM, Splunk would be the superior option. Splunk effectively manages extensive datasets in comparison to other technologies. It also offers numerous additional functionalities, such as an enterprise security suite, assets, and identity framework. Moreover, it has undergone industry testing and has been employed in the field for a considerable duration. In contrast to other organizations, they provide a wealth of features.

I use the solution to create alerts for different servers. I also create dashboards in Splunk.

We have a lot of servers. It was hard to track which were down as we didn't have a monitoring platform. Splunk changes that. It receives data and if it doesn't get any data, it creates an alert so we are notified if something is down.

We also use it for making reports to help make management easier. 

The monitoring of servers for high CPU utilization helps us out. If there are offline servers or high utilizations, we can see the incidents and optimize our processes. 

The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way. 

The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support. 

We can monitor multiple cloud environments, including Azure and AWS. 

It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.

We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.

We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability. 

The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems. 

The cloud has helped us with decision-making. It helps make maintenance decisions very easy.

It's very resilient. 

Testing can handle a lot of logs, however, we are unsure if the speed will be affected.

When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.

There are some issues with Splunk blocking some shared mailboxes. 

Support could be improved. 

I have been using the solution for five years.

The Splunk cloud is very stable. I've never experienced crashing. If there are issues, they will notify us. It doesn't take long to resolve issues at all. Things tend to be resolved in an hour or so. 

The solution is very scalable. 

I haven't experienced the extensibility, or the ability to extend the system, however, my understanding is that it is very good. We have yet to upgrade it.

When we have high-priority tickets, it's hard getting help efficiently. We'd prefer to call. It takes time to get someone to help. We've had to submit tickets via the portal, and they asked us to call instead. It's hard to get above P1.

It would be ideal to get a specific phone number or email so that we do not have to wait hours to get help.

We do have different Splunk support services where we talk to them bi-weekly, and at that point, we can talk about any high-priority issues. They do try to help us with queries. 

Positive

We previously used Splunk on-premises. 

I do not have any experience with the initial setup. Since it is a cloud deployment, Splunk handles the maintenance mainly.

I'm not aware of the exact pricing. That said, my understanding is that it is very reasonable. However, every application has a price. We need separate licenses for everything. They don't have any bundles. 

For the first few years, I used the solution on-premises, and then I moved over to the cloud. 

I use the classic dashboard; I don't yet use the studio. 

It has not yet affected our security posture. 

We have not yet explored federated search. 

I'd rate the solution ten out of ten.

If a user is planning to use the Cloud Platform is to consider the pricing. It's fast to access and there is no downtime. It's very good from a user perspective. I'm happy with it. It's helpful.

Users should work to maximize the power of Splunk to get the most out of it. Leverage the applications, including security. 

To gain deep visibility into our entire cloud infrastructure, we deployed the Splunk Cloud Platform. This tool allows us to monitor, analyze, and investigate all aspects of our cloud environment.

Splunk Cloud Platform integrates seamlessly with other systems, including Slack. This allows us to receive real-time alerts triggered within the tool. We can then analyze the output and take timely action to resolve the issue, ensuring continued security.

Splunk Cloud Platform improved our security posture. We could easily and efficiently obtain detailed analyses of any log, including UPC flow logs and others, promptly. The benefits of Splunk Cloud Platform were visible within two days.

Splunk Cloud Platform does a good job helping to maintain the complaints and privacy regulations within our infrastructure.

Splunk Cloud Platform excels at correlating data from a wide range of sources, including applications, websites, and servers. It efficiently handles the challenge of managing large volumes of data. This has secured our data and demonstrably improved our security posture.

The ability to correlate data and then present it in a meaningful and valuable way is crucial. Splunk offered this functionality, providing us with insights into threats, vulnerabilities, and all the identity information we fed into it. We sought a SIEM tool because we lacked a solution that could effectively analyze recent data. We needed a tool that could not only ingest our data but also correlate it and present it in an easily understandable format.

The cost of Splunk Cloud Platform is high and has room for improvement.

The current visuals on the dashboard could be more impactful.

We conducted a POC of Splunk Cloud Platform 6 months back.

During our POC, I did not encounter any stability issues with the Splunk Cloud Platform.

I would rate the resilience offered by Splunk Cloud Platform 8 out of 10.

I would rate the scalability of Splunk Cloud Platform 9 out of 10.

The technical support is good.

Positive

The initial deployment was straightforward. Two people were required for the deployment.

The Splunk Cloud Platform is expensive.

Splunk Cloud Platform performed well in the POC but the cost was higher than other tools.

We chose Palo Alto Networks over Splunk due to its combined advantage of cost-effectiveness and superior threat analysis capabilities.

I would rate Splunk Cloud Platform eight out of ten.

My primary use cases are for troubleshooting, monitoring, and anomaly detection.

Splunk helped reduce our mean time to resolve by around 60%. We have realized these savings through it solving problems and the proactive monitoring. But it comes with a huge cost. We have to evaluate other products that are comparable to Splunk in the market and see if they offer the same value.

It improved our business resilience.

Splunk has improved my organization by troubleshooting issues. When we have an issue, if we didn't have Splunk, it could take hours or days to figure out where the problem is. With Splunk, it only takes hours or minutes sometimes.

It saves us money by changing our product or process to work in a better way. Splunk is great. It has a lot of value ads and features. But overall, Splunk Cloud is expensive compared to other products in the market.

The most valuable feature is the search options. Our infrastructure is huge so if an issue happens, it's hard to find where it is. That's where Splunk comes in handy. You just go to their user interface and do a Google-type search. Just put in a keyword, search it, and you'll figure out where it is. If you have thousands of servers, it's very hard to see where the issue is and where the transaction is logged. Splunk makes it very easy. That's the best part of Splunk.

I would rate Splunk's ability to provide business resilience by empowering oneself a seven out of ten. Whenever we have an issue, Splunk is handy. We have a lot of monitoring in place so if an issue happens, our monitoring helps proactively figure out the issue, and in that way, we can make sure that our environment and infrastructure are up and running, and our customers don't have any issues.

It's improved a lot since we began using it. We have been seeing issues, but they get resolved by working with the support. It's just getting expensive with time.

Support is the bigger issue when we have a problem. When we need their help, it takes weeks or months to actually get resolved. To date, we have cases open for two or three months without a resolution. Support is the worst part.

I have been using Splunk Cloud Platform for four years. 

It's stable and highly available. We had issues, but all of these types of platforms have. 

Scalability depends on what kind of license you have. If you have ingest-based licenses and you hit your cap, I think they still let you ingest more, but then you have to work with your account team and buy more licenses so you don't lose data. It's scalable, but not automated because it has its own license limitations.

I would rate support a four out of ten. The reason is that they are not proactive, they are reactive. If we notify them about an issue, they are supposed to monitor their infrastructure and tell us that there is an issue and that they are working on it. But rather than doing that, we have to do that, and after doing that, it takes time for them to work on it and solve the problem.

Neutral

My company previously used a custom, on-premises solution. Splunk was already implemented when I started at my company. 

We're asking ourselves now why we use Splunk. Our next step is to go out and evaluate other products in the market that may be not as costly and offer the same feature set.

It's a cloud, it's all managed service. The only thing we had to do is onboard our applications, which is something I do every day.

It's very straightforward and very easy. You only need to configure and get data and you can be onboarded within minutes. We don't have to go through a lot of configurations, manual steps, or training.

Its ability to predict, identify and solve problems in real time is looking promising. We're looking into it now. 

I would rate Splunk an eight out of ten. It has a lot of features and enables us to focus only on our applications and logs. I don't need to worry about the infrastructure behind it.

The best value I get from attending Splunk conferences is getting experts' help for specific use cases.

My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards. 

We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.

Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline. 

For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.

According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.

The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

Alert scheduling, dashboard creation, and log monitoring are the most valuable features. 

Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

For monitoring security logs, it's the best tool.

I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.

I have been using Splunk Cloud for more than three years. 

It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.

It's deployed across multiple locations.

It does require maintenance. It depends on what Splunk vendor is being used.

The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.

Overall, I would rate the solution a seven out of ten, with ten being best. 

All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.

I would recommend it to others. 

I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.

Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.

The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

I don't know how much the product has helped my organization improve business resilience.

I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

So far, it meets my needs, so I don't need to see any additional features in the tool.

I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.

I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.

I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.

I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.

I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.

The product was deployed before I joined the organization.

The solution is deployed on a hybrid cloud model, and my company has opted for AWS.

I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.

I don't know about the ROI part.

I don't know about the pricing, setup cost, and licensing part.

I rate the solution a ten out of ten.