Splunk Cloud Platform Reviews

We leverage the Splunk Cloud Platform for log ingestion. This allows us to create dashboards, alerts, and reports from security and application log data.

Splunk Cloud Platform offers real-time monitoring capabilities. It continuously ingests data from various sources, allowing us to track its flow. We can set up alerts to be notified of any anomalies, such as spikes in CPU or memory usage. These alerts can be configured to trigger email notifications, keeping us informed of potential issues. Additionally, Splunk Cloud Platform provides real-time dashboards that visualize the data as it's collected.

The federated search feature is useful for our cybersecurity team to complete their log analysis.

Splunk Cloud Platform offers seamless integration with other systems and applications. This is achieved through apps and add-ons developed by Splunk.

Splunk is a good reporting tool. It allows us to generate reports and attach them to emails in CSV or PDF format.

Splunk Cloud Platform has been instrumental in helping our cybersecurity team continuously monitor our data for anomalies and attacks. Its usefulness extends beyond security, though. Teams that ingest their logs into Splunk can monitor various services. If a service goes down, Splunk will trigger an alert. Splunk offers a robust monitoring suite, including dashboards, alerts, and reports. We can monitor system resources like memory and CPU consumption, application logs, Azure logs, and even Office 365 logs. For example, Splunk can reveal who sent emails, who participated in group email threads, and who added or removed members from Active Directory groups. This audit log capability allows us to investigate activity even months or years later. Splunk provides a wide range of use cases for our organization. We noticed these benefits as soon as Splunk started ingesting data.

Splunk has improved our decision-making process thanks to its clear dashboards that help us analyze information and make informed choices.

Splunk has been valuable as a compliance tool because it centralizes log ingestion. Any tool generating logs should be configured to send them to Splunk. This allows us to easily identify compliant applications – those whose logs are collected. Conversely, uncollected logs raise security concerns, as they represent a potential attack surface.

Splunk has significantly improved our organization's security posture. As a primary security tool, Splunk allows us to collect application logs, monitor activity for potential attacks, and conduct searches to identify suspicious behavior.

I like that Splunk Cloud Platform is managed by the vendor.

I like the Cloud monitoring console feature.

I like the support for all the apps and add-ons.

Splunk currently manages the components, which restricts our ability to access them directly. I would like to be granted read access to be able to review the components.

I have been using Splunk Cloud Platform for one and a half years.

The Splunk Cloud Platform is stable as long as we perform proper maintenance to prevent bugs.

This system is very scalable. That means it can be easily adapted to accommodate our needs. We can increase the number of licenses we use, or add more resources like CPU and memory. We can also request additional components, such as adding more user accounts if our team grows from four to eight members. Overall, the scalability of this system is a major advantage.

I would rate the scalability of Splunk Cloud Platform nine out of ten.

Splunk Cloud Platform offers excellent technical support that is both knowledgeable and responsive.

Positive

The initial setup is straightforward but it takes a month or two to complete because of the applications that need to be onboarded.

We first need to calculate the amount of data we need to ingest. Then, based on that amount, we can plan how much data we need to onboard and what components we'll need.

Two experienced people were involved in the deployment.

The implementation was completed in-house.

Splunk Cloud Platform is more expensive than some of its competitors, but it offers a wider range of features.

I would rate the Splunk Cloud Platform eight out of ten.

Splunk Cloud Platform is deployed in multiple locations.

Splunk Cloud Platform requires maintenance.

I recommend the Splunk Cloud Platform to others.

If you're using cloud services, Splunk Cloud Platform is a good option. It minimizes management overhead for you since Splunk handles the underlying infrastructure. Splunk Enterprise however requires more resources to manage.

My manager typically requests dashboards, alerts, and scheduled reports. Based on their specific requirements, I create reports and dashboards that visualize the data. We leverage the Splunk Cloud Platform to fulfill these needs.

Additionally, my teammates may approach me for insights. I analyze the data and provide them with these insights, which they then use for team meetings and further data analysis. This ultimately helps them make informed decisions.

Splunk Cloud Platform improves our incident response time by enabling the retrieval of large data volumes. The platform offers impressive search speeds, and we don't need additional SQL commands to optimize response times.

We saw immediate benefits from the Splunk Cloud Platform. Being able to access and analyze logs provided valuable insights.

Splunk's impact on decision-making is significant. I have access to all the data I need, and it is always reliable.

Splunk Cloud Platform's search modes are a powerful feature. There are 3 main modes: Fast, Verbose, and Smart. These modes allow us to customize our search based on our needs, which can significantly improve our response time.

Splunk Cloud Platform's dashboard could benefit from some improvements. While it functions adequately, it appears very minimalistic. It's built using a simple XML format, and while newer dashboard options have been released, it still lacks the visual capabilities of tools like Power BI and Tableau. While I understand these are different platforms, having a more powerful dashboard option for the Splunk Cloud Platform would be valuable.

There is a lack of comprehensive learning materials offered by Splunk to prepare for their certifications.

Splunk uses SQL as its search language. One challenge I've encountered is with subsearches used in joins. These subsearches can only handle a maximum of 50,000 entries. If our data set is larger, we won't be able to join it using a subsearch. This limitation has been a significant obstacle for me. I've searched the Splunk community forums, and even reached out to my colleagues and seniors for a solution, but haven't found a definitive answer yet.

I have been using Splunk Cloud Platform for 2 years.

It is reliable. In my experience working with virtual machines, any search lags are likely due to the VMs themselves, not Splunk.

I would rate the stability 8 out of 10.

Splunk Cloud Platform is horizontal scaling. So it is easy to scale based on the data we are using.

I would rate the scalability of Splunk Cloud Platform 9 out of 10. 

Deploying Splunk Cloud Platform requires knowledge of the Splunk architecture, the deployment server, and the components.

We have seen a return on investment.

The certifications are costly.

I would rate Splunk Cloud Platform 8 out of 10.

The maintenance required is minimal.

The resilience of Splunk is good.

I recommend the product.

Splunk Cloud Platform is a powerful tool for handling big data. To get the most out of it, understanding both the developer and administrator sides is beneficial. The platform offers broad compatibility with various technologies and allows for easy scaling to accommodate your needs.

We are primarily using it for InfoSec, cybersecurity intelligence, information gathering, and forensics. We also do a little bit of application performance monitoring for some appliances that can only be monitored through log ingestion.

We are starting to monitor multiple cloud environments. We have our internal cloud, and we are migrating to AWS. We are engaged in that path. In terms of monitoring, it is more or less the same because we are using the same integration pattern, which is to use Ivy folders and gather logs. We use it at its minimum, but the way I see it at the Splunk conference, we can go further. Will we go further? That is a million-dollar question.

It has end-to-end visibility into our cloud-native environment. For sure, it is important for operation and application support, but we need to embark our staff and management for that. They are the ones who are committing big dollars to that.

It has not reduced our mean time to resolve because we are using other tools as well. We are aiming to go on that path in the coming months.

It specifically has not improved our organization's resilience. There are a myriad of modern tools that we are implementing. Splunk is one of them. It is one of them helping us.

Index Manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team.

The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good.

We have owned Splunk Cloud Platform for the last year and a half.

The stability of the solution is quite good. 

We had challenges with the sizing of the cloud tenant that we purchased, but that was based on past decisions, so we are stuck with that until our next move. That should come in the next year. At that time, we will resize the tenant in a more efficient way, so scalability does not apply because the tenant we bought is a closed one. There is no scalability on either side. I learned that after the fact, so I am not impressed because we did not buy it. I guess people who buy that type can have good feedback on scalability.

We migrated from an on-premise solution that we had for about three years. We saw cost efficiency when we went from on-premise to the cloud, but I do not manage the budget.

We are using Dynatrace in parallel. We used Splunk as a cybersecurity tool, and we embraced Dynatrace a few years ago. So far, Dynatrace does a great job. Splunk is closing the gap. With today's announcement at the Splunk Conference, they are catching up. We are also using Microsoft SCOM, so it is a trio. It helps us do a better job.

I was not involved with the setup of the on-prem one, but I was involved with the migration to the cloud. My experience was interesting because I started from zero, but with the help of Splunk's professional teams, we could achieve our project. On a personal side, it helped me to gather the knowledge that brought me here at the Splunk conference.

The setup is always challenging. We had four or five people involved in the migration. We also involved a lot of key players in application migration. We had 20 to 30 people involved at some point in the migration path.

We used professional services.

We have, for sure, seen an ROI with Splunk. Our DevOps team is able to gather faster answers to their questions. Obviously, it brings value, whether it is Splunk or any other tool. 

We could see the ROI in a few months. We gave time to our DevOps specialists to embrace the solution and get used to it. From there, as they made their own usage and use cases of the tool, it gave them speed to achieve what they were looking for.

I would rate Splunk Cloud Platform a seven out of ten.

We use Splunk Cloud Platform for IT operations, IT security, and business value. 

We implemented Splunk Cloud Platform to resolve our IT security issues.

The federated search feature is a valuable tool that can be used effectively in the right architecture. However, the extent it is utilized will vary depending on the customer's needs. In my experience, more advanced customers tend to use this feature more heavily.

Splunk Cloud Platform provides good visibility into multiple environments, including cloud, on-premises, and hybrid.

Splunk Cloud Platform is the best tool for a reason. It is a high-functioning solution with high integration for getting data in and out, and it is customizable.

The most significant benefit of using Splunk Cloud Platform is the freedom of data. The security team can see the data that's relevant to them, IT Ops can see the data that's relevant to them, and the business can see the data that's relevant to them. Sometimes, the same data is applicable to all three groups. Sometimes, it's not. But everyone has access to the data, and it's immutable. It can't be changed or deleted. The ability of all of these departments to leverage the same data is how Splunk Cloud Platform has benefited our company the most.

Splunk Cloud Platform has helped us make key decisions, such as cost-saving decisions related to licensing. It has also improved uptime and helped us improve performance in areas where our network or servers were not performing well. Additionally, it has helped us make better business and IT decisions and has supported our planned growth.

Splunk Cloud Platform helps us access data for compliance and privacy regulations. It currently has the features to mask data, perform the least privileged access, and provide only certain commands and functions within the platform.

We are the best in the industry because of Splunk Cloud Platform. Splunk Cloud Platform fills the SIEM role for our organization, and without the best SIEM, we would be no better than our competitors.

Splunk's extensibility is one of its best features. It offers a wide variety of ways to ingest data, generate reports, and create dashboards. Its integrations with other systems are also very impressive.

Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration.

The reporting provided by Splunk Cloud Platform is often good, but it only provides the data and not the flash, whereas the other platforms provide both. From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it.

Navigating the solution can be more user-friendly.

The documentation has room for improvement and the price is high and can be improved.

I have been using the Splunk Cloud Platform for over five years.

When architected properly and maintained to an optimum level, Splunk Cloud Platform is unbelievably stable.

One of Splunk Cloud Platform's key selling points is its ability to scale to petabytes and beyond.

Base-level support is suboptimal. Enterprise customers need the premium support package. Responses are often delayed, and resolution is slow.

Neutral

Over the past 25 years, I have used several different solutions. In the past, I preferred using a terminal interface rather than a web interface. Splunk has an API and a mobile app, but ultimately, Splunk users are confined to their browsers. This is one thing I would like to change, as I would prefer to be able to use Splunk outside of a browser. However, this is also one of Splunk's biggest advantages, as it is a universal platform.

We used Splunk Enterprise before migrating to Splunk Cloud Platform.

My knowledge of Splunk has since grown exponentially, but the first time I deployed Splunk Enterprise eight years ago, it was unbelievably hard. There were so many moving parts and things to consider. It was too much for one person to figure out, and I didn't have the budget to get help from the Splunk team.

The cost of using Splunk Cloud Platform is high, but the value it provides is worth the investment.

I give Splunk Cloud Platform a nine out of ten.

Monitoring multiple cloud environments is never easy. We are looking forward to new features from our cloud partners, such as AWS Security Data Lake, Google, and Microsoft. These features will make it easier to integrate our cloud environments. Splunk Cloud Platform is currently the best solution for collecting data from multiple cloud environments. AWS has five million different ways to export data, and we need to use all of them to collect all of the security and IT-related data. Splunk supports all of these data sources.

A year ago, I would have said that Splunk needed automated response, an easy-to-detect, easy-to-run, and manage business analytics platform, a user and entity-based business analytics platform that is integrated within the product, threat intelligence, and a current dashboarding tool. Splunk now has all of these features. A year ago, Splunk's competitors had these features, but Splunk did not. Splunk has since acquired or developed these features in-house. Very little in Splunk's product is not tightly integrated into the current releases. If someone is starting from scratch, meaning they are just rolling out a new security solution, and they do not choose Splunk, they are making a mistake. Splunk provides so much of everything that it is the best choice for most organizations.

We perform daily maintenance on the solution.

I advise new users to find someone who knows Splunk. Even a good technical person will not be able to do this on their own. They are not going to train them on day one. Good technical people who know Splunk are valuable assets, so they should seek them out and get them on the project.

This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis. 

The reporting and dashboards are very good.

In terms of reporting, everything is customizable. You can write a query to have the reports and dashboards created for you, and it will be based on that data.

The documentation is pretty good.

Integration with products and devices works well. We haven't had any limitations or problems connecting to our network devices.

The training models can only be accessed for 30 days, even if it is paid training. This is a limitation that I feel should be lifted because if we are paying for it then we want to be able to continue to use it.

I have been working with Splunk Cloud for a year and a half.

This solution is pretty stable. It is used on a daily basis and in the past year and a half, I haven't faced any issues.

We have a team of 20 for our SOC operations who will be monitoring the results of Splunk Cloud.

The support is pretty good. We are a premium customer so when we raise a ticket, they deal with it right away. Also, if it needs to be escalated then the account manager will get involved.

We did not use another log management solution prior to this one.

Splunk Cloud is pretty straightforward and easy to set up. It is a SaaS solution, so we don't have to do anything on our end.

We are a team of six people who maintain our security solution.

Compared to other products, Splunk Cloud is expensive.

The licensing is based on the amount of data that we send to the cloud on a daily basis. It is expensive, although it has more features than other SIEM tools.

Overall, I find that Splunk is pretty good. It is a very mature product and I can see that compared to when I used to five years ago as an end-user, they have been improving in every way. The interface is something that has become more user-friendly over time. When there is something missing, it is handled by another product from the vendor. For example, if you need to add predictive analysis then you use Splunk Phantom.

There are many other SIEM tools on the market, such as IBM QRadar and ArcSight Logger. Splunk is comparatively more expensive but it has many features and good functionality. I definitely recommend it.

I would rate this solution a nine out of ten.

I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.

Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.

The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

I don't know how much the product has helped my organization improve business resilience.

I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

So far, it meets my needs, so I don't need to see any additional features in the tool.

I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.

I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.

I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.

I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.

I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.

The product was deployed before I joined the organization.

The solution is deployed on a hybrid cloud model, and my company has opted for AWS.

I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.

I don't know about the ROI part.

I don't know about the pricing, setup cost, and licensing part.

I rate the solution a ten out of ten.

We are onboarding everything on it. We have infrastructure, applications, and network-related things on it.

The availability has improved. There is the ease of upgrades. We are able to show value quicker with some of our add-ons and things like that because of the stability in the base.

It is extremely important to me that Splunk Cloud Platform has end-to-end visibility into our cloud-native environment.

Splunk Cloud Platform has definitely helped reduce our mean time to resolve. It is a little hard to measure. It has at least saved 3% of our time.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools. There is ease on resources.

There is definitely the ease of the infrastructure administration. It frees up a lot of time.

I would love to be able to manage my own apps. 

I have been using Splunk Cloud Platform for two years.

Stability and scalability have been the main benefits of this solution.

We have had some confusion around some of our requests, but I understand. We have to work through and get proper responses.

Neutral

We were using on-prem Splunk.

There was a professional service involved. I came into the team right at the time of the cutover. They were pushed into the cloud because things had gotten so out of control on-prem, so we had to clean that up first, and then finish the migration. It was kind of bumpy, but we got through.

We are using AWS. It is managed by Splunk.

We had Aquila as our partner for help with implementation.

We are definitely starting to see an ROI. We have been focused on metrics because we are trying to get very comprehensive and overall monitoring of the environment both from the security standpoint and the infrastructure standpoint.

We have not yet seen any cost efficiencies by switching to Splunk Cloud Platform. We are still maturing it out.

As far as the pricing goes, it was what was expected. It is a premium product. There were no surprises there.

We did not evaluate other solutions. We have always been with Splunk.

We are not monitoring multiple cloud environments, but it seems it would be easy to monitor them.

Overall, I would rate Splunk Cloud Platform an eight out of ten. There is always room for improvement, but it has been good.

It's a better pricing model. The main aspect is that we don't have to manage our infrastructure. Since we migrated, we've found we don't have as many outages. 

This allows our admins to focus more on the day-to-day onboarding instead of wasting time dealing with outages.

Our organization monitors multiple cloud environments. We monitor AWS. We have other logging platforms that monitor our infrastructure as well.

It's very important for our organization that Splunk Cloud Platform has end-to-end visibility into our cloud-native provider environments. With the increasing changes in technology, being able to consistently get insights into those new data sources in a quick amount of time is everything.

Moreover, we have seen a reduction in our mean lead time to resolve (MTTR). Our enterprise has some of those dashboards for incidents. Splunk is mainly used to resolve those incidents and identify what's wrong. Over year over year, these times are lower. And Splunk has helped with that. There's other operational things that are probably helping too, Splunk plays a big part, so it is helpful.

I like the Splunk Monitor console. I like how Splunk continually updates it with new features. We don't have to do anything on our end, we just get access to that. 

Splunk has some good dashboards that show us search or user search activity. There are some things that could cause the environment to go awry, like skip searches or searches that are more intensive. 

By being able to identify those, we could reach out to those customers and work with them on improving their standard practice. Since moving to SaaS, we're able to focus more on that.

There's one specific use case I work with. I work with some Splunk experts, and it lacks workload management rules.

It can identify specific dashboards e.g., or all-time searches. When I try to track back to the user, I don't have additional information within those logs to help me know, "This is the dashboard this guy accessed."

Instead of relying on those particular workload management logs, I have to do an investigation that takes time. It takes too much time when it shouldn't.

It's only been a full year so far. We migrated recently.

Stability has been so far, so good. Data is growing, not just for us but for everyone. From what we've seen, it looks like it's handling it accordingly.

We frequently engage with support now since we have a lot of incidents. They consistently ask for feedback on our support cases. We recently had something that was very urgent. Splunk was able to escalate it accordingly and get back to us with a solution. It means a lot to my management.

We've been with Splunk for several years now.

For the cloud, the deployment is easy. 

We just have the standard. We download our packages, upload them via the cloud, upload our apps, and use the App Inspect. 

Before on-prem, we had some CI/CD pipelines to deploy on-prem. Those change calls lasted up to an hour and a half just to verify the change was successful and that everything was coming in as expected. 

Cloud is just uploaded and deployed in a matter of minutes. That's a big plus. It saves us time and a lot of hassle. 

We use our valuable time and do not waste effort. We just work on more important things like onboarding new data sources as log data continues to grow.

By being able to have more time to onboard data sources with customers, we provide our company more visibility and value into our entire environment.

I have no major gripes other than some detailed grievances, so I would rate it an eight out of ten.