Splunk Cloud Platform Reviews

My role is in observability. 

Some of our internal systems send data into Splunk Cloud. We had dashboards for our team's KPIs. We can check to see how fast the team reacts to events. Those reaction times a recordreed and sent to Splunk. From there, we can draw some dashboards. We can check to see who is doing well and who needs to improve. The power Splunk admins started moving into the Cloud.

The primary use cases are for team KPIs, log analytics, and error search. We would look for the relation of different events and draw dashboards to see how bad things were veering off from the timeline that we wanted to see. 

Splunk helped us shape the picture of our team and enabled management to see who should be rewarded and who should be coached. It helped outline where KPIs were not being met. We could sit down and discuss what happened, and why it did not go as planned, and then we could make improvements in the processes. It helped us draw a broader picture of the entire team's capabilities.

With Splunk, everything is centralized, everything is in one place. We don't have to scramble and approach Splunk admins where to look. 

In terms of networking, we managed to build good dashboards. We have a lot of firewalls and rules. If a new service comes up, if they don't have a firewall and nothing works, we can look at the Splunk dashboard and see the particular network flow and see if firewalls are blocking traffic. This is a Splunk function that people are happy and excited about. It shows us valuable information in an easy-to-understand way.

It's very important for us that Cloud Platform offers end-to-end visibility into our cloud-native environment. More and more functions are moving to the cloud, so it's not only for observability to see the system, but it's also for management and senior management to see that all of their applications are running as intended. If we try to spread out applications through multiple vendors, multiple regions, access groups, and whatnot, it becomes pretty important. It may become a challenge because of that spread. It brings resilience, but it also makes it more difficult to look after everything.

We want to achieve having everything in a single view. Senior management wants to make sure that everything is running well. The application team's developers want to have a granular review. 

Splunk reduced our mean time to resolve by 30%. If an application starts misbehaving, we send logs to Splunk and check to see what's going on and see what's happening.

The dashboards are the most valuable feature. It's all of the information in one place. We can build it ourselves, so we can make it the way we like. 

Since I work on data collection from external sources and send them into Splunk, I miss its ability to collect that data through REST API applications. I would like the ability to configure an endpoint, set it on Splunk, and set a schedule for it to pull information every ten minutes, and pull this endpoint information. I could search through it, look for keywords, restructure the data that's brought back to me, and then store it in the Splunk index. This is not available and if it is available, it is bare bones. I would like Splunk to have this function by default.

We started using Splunk seven years ago. We started with Splunk on-prem and then moved to Splunk Cloud. 

I never had any stability issues. 

I use support rarely but so far, it's been fine. 

I would rate it an eight out of ten. My cases weren't that critical so it took a little longer to solve. 

Positive

We have not achieved cost efficiencies by switching to Splunk. There will be some cost discussions in cost optimization. 

We log a lot of data which may have impacted our licensing cost.

We also looked at Datadog but it wasn't cost-efficient to log with two tools.

We monitor multiple cloud environments. I heard that it's more straightforward to monitor multiple cloud environments with AWS. Azure doesn't work as intended, there were some issues collecting data from it.

I would rate Splunk Cloud Platform seven out of ten. I really miss REST API abilities. 

Our Splunk Cloud Platform centralizes logs from all OT assets, allowing OT business units to request various insights. These insights can include how often assets cycle down, memory storage usage, or data consumption over time. They can then configure dashboards to receive alerts based on these specific metrics.

The biggest benefit I have seen using the platform is the alerts because most of our sites are remote in the middle-of-nowhere deserts. If something goes down, they don't have direct eyes on them. Thanks to Splunk's automated alert that notifies us if something is down, we can quickly respond to it before it affects any other systems.

We do have several cloud environments that we're using because we got the Splunk Cloud Platform last month. We are integrating them all into one location, so we are still determining the ease of monitoring all the cloud environments using the Splunk Cloud Platform. Before having Splunk, it was a huge issue because we had to go to different locations. Having it all in one location under Splunk will make it much better for us.

It is important, especially for our cloud team to have end-to-end visibility into our cloud-native environments through Splunk Cloud Platform. The more visibility we have the better it is.

Splunk Cloud Platform has significantly reduced our mean time to resolve because instead of us having to go out to the site or having somebody on the site tell us a few hours later there is an issue, it could be within minutes now that we can resolve the issue. After all, as soon as it goes down, we get the logs, we get notified, and then we can immediately go in and check it out. So it is a significant amount of time that Splunk is helping us reduce for resolution.

Splunk Cloud Platform's ability to predict, identify, and resolve problems in real time has been huge, especially because our business units are operational technologies. They generate revenue for us. That's how our business stays afloat because we're in the energy sector. So If something goes down or if they want a quick dashboard, the biggest thing we're to be using as well besides the alerts is the dashboards showing how quickly we're remediating vulnerabilities and showing where they are vulnerable. That's going to be huge for the business side and will help us a lot.

Splunk Cloud Platform helps consolidate network security and IT observability tools. The cyber group gets all the alerts, but we can direct it to which person we want to send the alert to. That's good because they can go to IT, which is where we're at, Cyber, which can potentially help fix the problem, and then networking too in case something goes down. That is one of the requests is if an on-site asset goes down, the network team can see why it's off the network. So it's good that it spreads out everywhere, and whoever can help fix it can be on top of it.

Alerts are a huge benefit because we can customize them to each business unit's needs. Splunk automates the process and sends email notifications directly, which saves me time.

The AI features will be a huge improvement for Splunk. Using basic natural language in English instead of writing a regex expression will be helpful. For example, I can tell Splunk AI that I need to get the logs from last week between eight AM and ten PM on a specific asset. Instead of me going in, doing the regex expression, and then having to Google what it is because it's super hard to do sometimes. That is the biggest area for improvement. Hopefully, it will be released soon because that will simplify things for me and non-technical people. 

I have been using the Splunk Cloud Platform for one month.

Splunk Cloud Platform is stable.

Splunk Cloud Platform can handle terabytes of data.

The support has always been great for the few times I have used it.

Positive

The deployment is super easy. We deployed the Splunk Forwarder file and from there, we have a batch file, a PowerShell file, and it runs in the background. The users don't even know it's being installed.

The implementation was completed in-house.

In regards to a return on investment, the metrics are the biggest thing. Data is everything. The business units enjoy the dashboards that Splunk Cloud presents. And it is quick to present them.

Splunk Cloud Platform fell within our budget so we pulled the trigger and implemented it.

I would rate Splunk Cloud Platform ten out of ten. All the applications I need are readily available in a user-friendly dropdown menu. Exploring them is a breeze, and the platform's speed is impressive.

Splunk Cloud Platform is a product I use since my company has different platforms on Splunk, like Splunk ITSI and Splunk Enterprise Security. Splunk ITSI and Splunk Enterprise Security are the two packages known as paid packages under Splunk Cloud Platform, and my company also has an ad-hoc search head. Splunk ITSI is totally related to the infrastructure monitoring that my company does, and from it, we derive the service analyzers, episodes, and alerts and see if we want to integrate anything with ServiceNow, Jira, or any other monitoring tools we have. The product can be integrated with other tools, while my company can also use its alerting feature and its ability to notify the consumers with particular alerts, so the total infrastructure is covered under SIEM, making it possible to attach to security information. My company also created a couple of use cases, like in the case of continuous resetting of a password more than three or four times, then there will be a security incident that would be created so that if any end user is doing it as malpractice, like, phishing or something, my company can detect it and inform the user that you have crossed the four limits, and there is some attack happening owing to which we need to reset the password. Based on the aforementioned process, SIEM monitoring will be handled through its application. The aforementioned areas consist of the use cases related to the tool, along with a couple of more activities, like onboarding a user onto Splunk, creating apps for them, creating dashboards, creating alerts, and creating a couple of use cases for them as per their requirements.

In my organization, Splunk Cloud Platform has improved the issue revolving around transactions. If there are any issues with the transactions, then my company notifies the end users that their transactions failed, after which they can fix the issues so that there are no issues with the transaction part, especially regarding the application availability. The tool makes it possible to fix issues without any downtime.

I mainly work with Splunk SIEM and Splunk ITSI, and these are the two major products recommended for all consumers. If it is related to security, I recommend Splunk SIEM, and if it is related to infrastructure monitoring, I recommend Splunk ITSI to others. I used to take care of the observability part as well with the aforementioned tools. For observability purposes, I use Splunk-related applications. I also do the onboarding of the data into Splunk with the help of observability functionality.

If I focus on the observability part of the product, I see that it is an area that doesn't offer more integrations compared to what Splunk Cloud Platform or Splunk Enterprise offers. When it comes to the integrations with the other platforms, there is a little bit of a lag in the observability part, making it an area where improvements are required.

I have been using Splunk Cloud Platform for 5 years. My company has a partnership with Splunk.

It is a stable solution. Cisco has acquired Splunk recently, so I think it will be a more stable product in the coming days.

It takes a lot of time for the support team to resolve issues. In short, it takes a lot of time for Splunk's support team to troubleshoot an issue, meaning they are unable to resolve issues within a certain time frame. I rate the technical support a 6-7 out of 10.

The product's deployment phase was straightforward, especially compared to the ones I have dealt with in the past.

The solution is deployed on a hybrid cloud model.

For deployments starting from scratch, I deal with the documentation part. I prefer to look through Splunk's recommendations on the limits of how much the server configuration should be while trying to meet the configuration requirements of the consumer. In general, I deal with whatever configuration files are needed and how the consumers want to approach it, like if it should be a heavy forwarder or universal forwarder or if they don't want to directly ingest data to the indexer bypassing the heavy forwarder. Basically, I try to understand the consumer requirements before taking care of the deployment part.

For a limited deployment involving four to five servers, only a single person is required. If the deployment involves twenty to thirty servers, the number of people required to deploy the product will have to be increased depending on the requirements, and my company will also have to manage everything. The number of people required for deployment is based on the capacity at which my company plans to do the deployment.

My company has the entire Splunk Enterprise package, and we have many universal forwarders set up at fifty different locations. In around twenty locations, universal forwarders have been set up. My company also has fifteen indexes that directly send data to indexers. My company also has four heavy forwarders that collect information from applications like Azure. My company uses add-ons with the heavy forwarders in Splunk.

I was involved in the product's deployment phase.

My company has a license for Splunk Cloud Platform. My company also has a license for Splunk Enterprise. There are two packages that my company has access to when it comes to Splunk, and I am also aware of the configurations and setup phases related to the tool, from scratch to production.

Splunk Cloud Platform has improved our company's incident response time. For example, if any event is ingested into Splunk, within less than a minute, we trigger an incident to the end user based on the assignment group in ServiceNow.

There are many benefits attached to the tool in the areas of machine learning and predictive analysis. In Splunk ITSI, there is predictive analysis, which can be used for protection with the alert capabilities, especially if there is an alert storm coming up. My company can directly detect particular alerts from the trail to the attack and notify the end user about it. With the machine learning toolkit, my company does anomaly detection with the help of Splunk SIEM platform. With Splunk ITSI, my company does predictive analysis. The aforementioned area covers the two different platforms my company uses, along with two different approaches and the tool's machine learning capabilities.

My company interacts with our consumers. For example, if I am a consumer of Azure products, I would want to onboard all the data from Azure, even if it consists of user data. I recommend that more space be set on a particular index so that Azure data can be used. My company has all data related to Azure about its users and the changes if you have a license or if you have Azure Event Hubs, including any other things that it may have. I recommend more space in Azure, but if it is a network-related application like Aruba, I recommend that it has a little bit less space compared to Azure. The scalability of Splunk Cloud Platform can impact our company's data management, though I recommend the space required for a tool based on the use cases.

I am aware of the federated search features in the product. If a search is not running up, then my company needs to check whether any permission related to the search has any issue or if anything is going wrong, after which my company needs to check and fix those searches. I have not used much of the tool's federated search features.

My organization monitors multiple cloud environments with the tool's help. It is easy to monitor multiple cloud environments using the product. For example, if my company takes into account Splunk ITSI with service analyzers, then we define how one service is related to GCP. One service will be under the cloud services offered by Azure, while another service will be related to AWS. My company can divide the services based on locations and KPIs. My company monitors the total locations of the cloud so that we can get more insights from the service breakdown, which is why I recommend the use of Splunk ITSI. I used to work more with Splunk ITSI, a reason why I recommend it to others, as it is easy to understand and handle, even if you have 1,000 or 20,000 applications. With Splunk ITSI service breakdown, it is very easy to handle applications.

The visibility of the tool in multiple environments can be explained with the help of an example, where, if my company considers Splunk Cloud Platform, the visibility will be less compared to what we get from Splunk Enterprise. Splunk Cloud Platform is totally managed by Splunk's support team, so if anyone needs to do anything, my company needs to raise a request for a change in the tool, though we can modify a couple of services, like a couple of applications using ACS, which was introduced by Splunk. With ACS, if you want to update, create a token, or modify anything from the HEC token information, you can do it with the particular services offered by the solution. Considering the aforementioned area, I recommend that 30 percent of the work be done with ACS, and 70 percent of the work needs to seek assistance from Splunk's support team. Our company handles Splunk Enterprise, and we have 100 percent visibility on it compared to Splunk Cloud Platform.

The integration of the product with other services is possible. I have integrated it with ServiceNow, Jira, Slack, and Microsoft Teams, and I can say that it has been okay till now. It is good to integrate Splunk Cloud Platform with other tools. If we take a cloud service like GCP into consideration as an example and say that it is not working properly, then there will be an incident directly assigned to the support team based on the integration with ServiceNow. If you want to notify all the consumers in a scenario where GCP is not working properly through particular notifications with Slack channel particular notifications, then one can inform all the thousand consumers in a particular company about it, and it is possible with a single integration.

My company uses the tool for alert reporting. For example, if the top management of an organization is looking for the availability of websites, especially a couple of websites that are critical to their applications, then my company monitors such applications with the data in the report from the last thirty days or seven days, to ensure that availability of a particular website is 100 percent. If anything goes wrong as per the reports from the previous seven days, then the availability is reduced to 80 or 95 percent, which is based on how much time it was down, and it will be then notified to the consumer or top management, stating that the availability got reduced, and how there is need to fix a couple of applications in the back-end so that the availability can be increased. The top management will be made aware of the things that have been going on for the last seven or forty days. In general, a report is good for notifying the top management or consumers so that they can make decisions or check if their licenses or server capacity needs to be increased. With the alerting report feature, my company can be confident that the top management or consumers know about a particular issue in the tool that we can fix as soon as possible, but there will be a cost involved in doing so every time. If the consumer or top management is aware of the issues in the tool with the help of the alerting report feature, then they can make a decision.

I am currently not aware of how the product has an impact on decision-making.

The product has helped my organization with data compliance and privacy regulations since we were able to set up the terms and conditions with Splunk. In general, it is good when it comes to the terms and conditions revolving around the security part.

Maintenance is required to upgrade the applications, so we need a downtime of no more than fifteen minutes.

The product offers value in terms of resilience. Whenever my company faces difficulties, it is the solution we use for all our monitoring purposes.

In terms of the extensibility of the product, I feel it is a good solution.

Everything is supported by Splunk support, though it may take some time to find and resolve certain issues. If Splunk's support team resolves issues within a certain time frame, I can provide a nine out of ten rating for Splunk's technical team. Splunk Enterprise is totally handled by our company, so I can give it a nine out of ten.

I recommend Splunk Enterprise to others, especially when compared to Splunk Cloud Platform. If any notifications are needed, it can be done with no downtime, and it can even be completed within a week. If we want Splunk's support team to do the same aforementioned procedure for our company, then it may take a little bit more time.

I rate the overall tool a 7-8 out of 10.

We're migrating our on-prem environment to Splunk Cloud Platform. We're consolidating two separate Spark clusters because of a merger. Our primary use case is for unifying all of that data into one place.

It's made searching for data easier. Users like it. We're still in the migration process, but overall, it's a lot easier to use.

It's important to use that Splunk has end-to-end visibility in our native environments. We have to have that visibility because we manage multiple app applications that rely on it.

Splunk helped to improve our organization's business resilience. That's very important to us. Our users rely on Splunk heavily for the health of their applications. It helps them to get ahead of issues, and if there is an outage, it enables them to resolve them faster.

Splunk gives the different application owners the ability to configure alerting specific to their needs so they can customize it however they want. If they know their applications better than you know, admins, I'll give them that flexibility.

The administration could use improvement. We have to rely on support more often than we're used to.

We have been using Splunk Cloud Platform for nine months.

Stability has so far been good. We haven't had any issues.

Their support is great, especially the agent that we have now. They're very responsive, willing to help out, and give suggestions.

Positive

We previously used Splunk Enterprise. We switched to Cloud Platform because we wanted to consolidate a couple of instances to one place and we're moving our security team to the cloud. 

I wasn't involved in the setup directly but I was aware of what they were doing. The setup is a little complex. We had some issues we had to deal with. Bringing both environments together and getting the different environments to communicate with Splunk Cloud was complex. We have a lot of data. Getting a handle on that before we were able to start sending data to the cloud was complex. 

It's expensive. We're still trying to figure out Cloud licensing. 

It's not so easy to monitor multi-cloud environments using Splunk. We have some difficulties, but we have some things in place, but it's not easy.

I would rate Splunk Cloud Platform an eight out of ten. There's a lot we haven't tapped into yet, so the rating can go up.

We mostly use Splunk Cloud Platform for monitoring performance and looking for performance events.

We have seen many benefits of Splunk Cloud Platform, which is why we are still using it. With the alerting, we can find outages faster, and we can find performance impacts faster. We are then able to use them to diagnose and dig through our logs to find out what possibly caused it or look for a time when it happened to find a correlating deployment or something else that caused the problem.

We monitor multiple cloud environments. Splunk Cloud Platform is pretty good for monitoring multiple cloud environments. We have it all come into the same index irrespective of the system. Even though we have multiple data centers, everything comes into the same Splunk index, so we monitor it all in the same place.

Splunk Cloud Platform has end-to-end visibility into our cloud-native environment, which is very important for us because otherwise, we would not be able to have the data or be able to diagnose and find issues.

We have been using Splunk Cloud Platform for a very long time. I do not even know a time without it, so it is hard to say how much it has reduced our mean time to resolve (MTTR).

Splunk Cloud Platform has improved our organization’s business resilience. We use it very heavily to look for issues that may arise. In terms of Splunk’s ability to predict, identify, and solve problems in real-time, we mostly rely on our own searches. We do not rely on a lot of advanced observability features. We are mostly using our own alerts that we have written and our own dashboards.

Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening.

Its performance can be better. The searches sometimes take a long time. There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use.

Their support can also be better.

I have been using this platform for 12 years.

Its stability has been very good. We have only had a few outages that I can remember where Splunk has been down.

Its scalability seems okay. Most of our issues come with our data storage. We are storing mass amounts of data, and it seems to handle that right now.

Their support has been lacking a little bit. We have several outstanding bugs that have not been fixed yet, and we are still waiting for Splunk to fix them. For example, we cannot use Splunk Mobile because of an issue with the authentication and what permissions are available. We have not been able to use Splunk Mobile since the new app. I have used the old apps, and I was quite disappointed when they were broken. I have never been able to use the new app.

I would rate them a seven out of ten. For emergency issues, they are good. For lower-priority issues, we are still waiting.

Neutral

I was not involved in its deployment.

I know that the company evaluated a few other solutions, but I have not been as involved in those. We are still using Splunk.

I would rate Splunk Cloud Platform a nine out of ten because it does a good job at what it does. I wish I could use the mobile app, but the rest of it works very well.

The best value that I have received by attending Splunk conferences is finding out new things that I can do with my own job. Most of the time, it is disappointing because a lot of the new features have new applications that we have to buy, and I have no say in the purchase of new applications. However, there have been some new improvements in the applications that we already have, and I come for those updates. I am able to see if the new features in the existing applications are more useful to me.

We mainly use it for the purposes of analyzing application logs to get a bit of understanding of what is normal application performance and then use that to highlight errors and inconsistencies when they occur.

Resilience is incredibly important to us. We are in the medical field. It is insurance. When people are using our service, we should be able to provide that. Having that resilience is key for us because we are helping people. The resilience that Splunk offers has been valuable in that regard. There is peace of mind for us and our customers.

We have multiple cloud vendors that are being utilized in Splunk. It has been useful. Splunk is able to handle a lot of things out of the box. There is a good bit of value in being able to make sense of multiple types of logs in one environment and being able to cross-reference them. It has just taken a lot of effort out of that.

We have integrated it with other tools. At the moment, it has been with Cribl as a pipeline tool so that we can be agnostic with Splunk in some regards. Cribl handles the logs being sent to Splunk, and then from there, if there is anywhere else where we want to send them, Cribl can handle that too. That has been our main integration. The ease of integration varies. Splunk offers out-of-the-box support for some tools and applications. Integration with them has been quite simple. Other things have been a bit more difficult. Integration can be more difficult if it does not have a Splunk base, but there is a good range of things that are available out of the box.

Its reporting has been excellent. We have integrated it with tools like ServiceNow, so we are able to create an instance for teams and integrate it with our NOC. The reporting has been incredibly valuable.

I come from a monitoring background. I knew from the get-go the value that we could get from Splunk, but we actually started to see its value once we started enforcing logging standards. It made it very easy for us to validate if something was or was not following our standards.

It has been great from the compliance perspective. It began to show value to some of our customers when they were able to search multiple applications because of the standards and compliance built into it.

It has had an impact on the decision-making processes in our organization. It has been mainly around compliance. Given it is a financial and medical sector, decisions have been made around what information we are storing in the logs and how we are managing the data that comes directly from Splunk.

It has been good for helping our organization access data for compliance and privacy regulations. It has been useful for pinpointing things. We are able to ensure that we are abiding by those standards. It has been incredibly useful in that space.

Dashboarding has been very powerful. I work with a lot of different customers, so being able to tailor the data for different customers has been valuable. I am able to make visuals and have reports where they can self-serve.

It would be nice to see more comparisons between Splunk and other log management tools. There are some legacy tools that people are often coming off. It will ease the transition if you are coming off a Windows LogViewer or any other logging tool. Splunk could offer more advice on how to transition into it or onboard it.

I have been using this solution for two years.

I have not had any issues related to stability.

This is outside of my department, but it seems like it would be easy to scale up. However, there is a cost concern. That always seems to be the linchpin when people discuss Splunk. It comes at a cost.

When it comes to extensibility, they make it relatively simple, but it is an expensive tool. There are always going to be conversations that need to be had.

The quality of the answer has been good. We have had to leverage the support only a small number of times. We found the actual portal to get support difficult. Some members of the team were not able to raise certain types of requests. However, when we got through to support, we had no issues.

Neutral

Prior to Splunk, we had a mixture of things. LogViewer and Graylog were used. Some folks had their logs locally. There was not one central system. 

I was not directly involved in decision-making, but some of the things that I called out as useful were the analytical tools that Splunk offers. We can very quickly get to the root cause by using its query language. It provides a lot of power with little effort. That is what initially drew me to it.

Moving to Splunk allowed standardization. That is the key. It does not matter which part of the company you are from. Splunk has given us a mechanism to say that we expect the logs to look like this, and we all are going to abide by that. It has made standardization a lot easier. Previously, you would not know what you were getting while dealing with a logging problem.

I was involved in its deployment only in a small cluster. I was mainly involved in setting up standards around logging. It was challenging. It was dense, but it was manageable. The feature set of Splunk allowed us to know what we could or could not do.

The main part of maintenance is the ingestion of new logs. New teams and applications get stood up every day, or a new cloud vendor comes in, so there is some maintenance involved there.

We had Splunk technical support. We had a mixture of people from other departments. We had some folks from security, and we had some folks from operations. There were 15 regular faces and 2 Splunk contractors. We involved other teams on an ad hoc basis, but the core team had 15 people.

Overall, we had 20 to 30 people who directly worked with Splunk in some way or for some period of time. We also had to involve all of the teams to get their feedback and educate them on how to use Splunk.

I do not personally deal with that side, but from discussions, I know that it is one of the more expensive tools. I do not have anything to compare it with.

New users should focus on the Splunk free courses. They are an excellent resource. If you are a customer, you should take up the search and reporting classes. That is probably going to be what 99% of people are using it for day to day. If you are a sysadmin user or someone setting up the instance, there are free classes for managing licenses and ingesting data. I would highly recommend them. The free classes are a great start, and if you think it would be valuable, take some of the paid classes as well. They are incredibly detailed.

When it comes to security, we definitely have a stricter attitude when things are going to the cloud because they are not fully in our control. Going to the cloud is always a little bit scary, but we have put in a refined approach for the data going into Splunk.

I have not made much use of federated search. I have come across it, but it is not something I have leveraged.

I would rate this solution a seven out of ten. What it does, it does well, but I do have qualms with it here and there. There are obvious features that are missing from time to time, but I am happy with what is there.

We leverage the Splunk Cloud Platform for log ingestion. This allows us to create dashboards, alerts, and reports from security and application log data.

Splunk Cloud Platform offers real-time monitoring capabilities. It continuously ingests data from various sources, allowing us to track its flow. We can set up alerts to be notified of any anomalies, such as spikes in CPU or memory usage. These alerts can be configured to trigger email notifications, keeping us informed of potential issues. Additionally, Splunk Cloud Platform provides real-time dashboards that visualize the data as it's collected.

The federated search feature is useful for our cybersecurity team to complete their log analysis.

Splunk Cloud Platform offers seamless integration with other systems and applications. This is achieved through apps and add-ons developed by Splunk.

Splunk is a good reporting tool. It allows us to generate reports and attach them to emails in CSV or PDF format.

Splunk Cloud Platform has been instrumental in helping our cybersecurity team continuously monitor our data for anomalies and attacks. Its usefulness extends beyond security, though. Teams that ingest their logs into Splunk can monitor various services. If a service goes down, Splunk will trigger an alert. Splunk offers a robust monitoring suite, including dashboards, alerts, and reports. We can monitor system resources like memory and CPU consumption, application logs, Azure logs, and even Office 365 logs. For example, Splunk can reveal who sent emails, who participated in group email threads, and who added or removed members from Active Directory groups. This audit log capability allows us to investigate activity even months or years later. Splunk provides a wide range of use cases for our organization. We noticed these benefits as soon as Splunk started ingesting data.

Splunk has improved our decision-making process thanks to its clear dashboards that help us analyze information and make informed choices.

Splunk has been valuable as a compliance tool because it centralizes log ingestion. Any tool generating logs should be configured to send them to Splunk. This allows us to easily identify compliant applications – those whose logs are collected. Conversely, uncollected logs raise security concerns, as they represent a potential attack surface.

Splunk has significantly improved our organization's security posture. As a primary security tool, Splunk allows us to collect application logs, monitor activity for potential attacks, and conduct searches to identify suspicious behavior.

I like that Splunk Cloud Platform is managed by the vendor.

I like the Cloud monitoring console feature.

I like the support for all the apps and add-ons.

Splunk currently manages the components, which restricts our ability to access them directly. I would like to be granted read access to be able to review the components.

I have been using Splunk Cloud Platform for one and a half years.

The Splunk Cloud Platform is stable as long as we perform proper maintenance to prevent bugs.

This system is very scalable. That means it can be easily adapted to accommodate our needs. We can increase the number of licenses we use, or add more resources like CPU and memory. We can also request additional components, such as adding more user accounts if our team grows from four to eight members. Overall, the scalability of this system is a major advantage.

I would rate the scalability of Splunk Cloud Platform nine out of ten.

Splunk Cloud Platform offers excellent technical support that is both knowledgeable and responsive.

Positive

The initial setup is straightforward but it takes a month or two to complete because of the applications that need to be onboarded.

We first need to calculate the amount of data we need to ingest. Then, based on that amount, we can plan how much data we need to onboard and what components we'll need.

Two experienced people were involved in the deployment.

The implementation was completed in-house.

Splunk Cloud Platform is more expensive than some of its competitors, but it offers a wider range of features.

I would rate the Splunk Cloud Platform eight out of ten.

Splunk Cloud Platform is deployed in multiple locations.

Splunk Cloud Platform requires maintenance.

I recommend the Splunk Cloud Platform to others.

If you're using cloud services, Splunk Cloud Platform is a good option. It minimizes management overhead for you since Splunk handles the underlying infrastructure. Splunk Enterprise however requires more resources to manage.

My manager typically requests dashboards, alerts, and scheduled reports. Based on their specific requirements, I create reports and dashboards that visualize the data. We leverage the Splunk Cloud Platform to fulfill these needs.

Additionally, my teammates may approach me for insights. I analyze the data and provide them with these insights, which they then use for team meetings and further data analysis. This ultimately helps them make informed decisions.

Splunk Cloud Platform improves our incident response time by enabling the retrieval of large data volumes. The platform offers impressive search speeds, and we don't need additional SQL commands to optimize response times.

We saw immediate benefits from the Splunk Cloud Platform. Being able to access and analyze logs provided valuable insights.

Splunk's impact on decision-making is significant. I have access to all the data I need, and it is always reliable.

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

I have been using Splunk Cloud Platform for 2 years.

It is reliable. In my experience working with virtual machines, any search lags are likely due to the VMs themselves, not Splunk.

I would rate the stability 8 out of 10.

Splunk Cloud Platform is horizontal scaling. So it is easy to scale based on the data we are using.

I would rate the scalability of Splunk Cloud Platform 9 out of 10. 

Deploying Splunk Cloud Platform requires knowledge of the Splunk architecture, the deployment server, and the components.

We have seen a return on investment.

The certifications are costly.

I would rate Splunk Cloud Platform 8 out of 10.

The maintenance required is minimal.

The resilience of Splunk is good.

I recommend the product.

Splunk Cloud Platform is a powerful tool for handling big data. To get the most out of it, understanding both the developer and administrator sides is beneficial. The platform offers broad compatibility with various technologies and allows for easy scaling to accommodate your needs.