Try our new research platform with insights from 80,000+ expert users
FredericHebert - PeerSpot reviewer
Monitoring Administrator at a financial services firm with 1,001-5,000 employees
Real User
Manages indexes and brings value, but the security connection should have a seamless integration
Pros and Cons
  • "Index manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team."
  • "The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good."

What is our primary use case?

We are primarily using it for InfoSec, cybersecurity intelligence, information gathering, and forensics. We also do a little bit of application performance monitoring for some appliances that can only be monitored through log ingestion.

How has it helped my organization?

We are starting to monitor multiple cloud environments. We have our internal cloud, and we are migrating to AWS. We are engaged in that path. In terms of monitoring, it is more or less the same because we are using the same integration pattern, which is to use Ivy folders and gather logs. We use it at its minimum, but the way I see it at the Splunk conference, we can go further. Will we go further? That is a million-dollar question.

It has end-to-end visibility into our cloud-native environment. For sure, it is important for operation and application support, but we need to embark our staff and management for that. They are the ones who are committing big dollars to that.

It has not reduced our mean time to resolve because we are using other tools as well. We are aiming to go on that path in the coming months.

It specifically has not improved our organization's resilience. There are a myriad of modern tools that we are implementing. Splunk is one of them. It is one of them helping us.

What is most valuable?

Index Manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team.

What needs improvement?

The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good.

Buyer's Guide
Splunk Cloud Platform
October 2024
Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,562 professionals have used our research since 2012.

For how long have I used the solution?

We have owned Splunk Cloud Platform for the last year and a half.

What do I think about the stability of the solution?

The stability of the solution is quite good. 

What do I think about the scalability of the solution?

We had challenges with the sizing of the cloud tenant that we purchased, but that was based on past decisions, so we are stuck with that until our next move. That should come in the next year. At that time, we will resize the tenant in a more efficient way, so scalability does not apply because the tenant we bought is a closed one. There is no scalability on either side. I learned that after the fact, so I am not impressed because we did not buy it. I guess people who buy that type can have good feedback on scalability.

Which solution did I use previously and why did I switch?

We migrated from an on-premise solution that we had for about three years. We saw cost efficiency when we went from on-premise to the cloud, but I do not manage the budget.

We are using Dynatrace in parallel. We used Splunk as a cybersecurity tool, and we embraced Dynatrace a few years ago. So far, Dynatrace does a great job. Splunk is closing the gap. With today's announcement at the Splunk Conference, they are catching up. We are also using Microsoft SCOM, so it is a trio. It helps us do a better job.

How was the initial setup?

I was not involved with the setup of the on-prem one, but I was involved with the migration to the cloud. My experience was interesting because I started from zero, but with the help of Splunk's professional teams, we could achieve our project. On a personal side, it helped me to gather the knowledge that brought me here at the Splunk conference.

The setup is always challenging. We had four or five people involved in the migration. We also involved a lot of key players in application migration. We had 20 to 30 people involved at some point in the migration path.

What about the implementation team?

We used professional services.

What was our ROI?

We have, for sure, seen an ROI with Splunk. Our DevOps team is able to gather faster answers to their questions. Obviously, it brings value, whether it is Splunk or any other tool. 

We could see the ROI in a few months. We gave time to our DevOps specialists to embrace the solution and get used to it. From there, as they made their own usage and use cases of the tool, it gave them speed to achieve what they were looking for.

What other advice do I have?

I would rate Splunk Cloud Platform a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2207709 - PeerSpot reviewer
Senior InfoSec Manager at a pharma/biotech company with 5,001-10,000 employees
Real User
Top 20
Has improved uptime and helped us improve performance in areas where our network or servers were not performing well
Pros and Cons
  • "Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration."
  • "From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it."

What is our primary use case?

We use Splunk Cloud Platform for IT operations, IT security, and business value. 

How has it helped my organization?

We implemented Splunk Cloud Platform to resolve our IT security issues.

The federated search feature is a valuable tool that can be used effectively in the right architecture. However, the extent it is utilized will vary depending on the customer's needs. In my experience, more advanced customers tend to use this feature more heavily.

Splunk Cloud Platform provides good visibility into multiple environments, including cloud, on-premises, and hybrid.

Splunk Cloud Platform is the best tool for a reason. It is a high-functioning solution with high integration for getting data in and out, and it is customizable.

The most significant benefit of using Splunk Cloud Platform is the freedom of data. The security team can see the data that's relevant to them, IT Ops can see the data that's relevant to them, and the business can see the data that's relevant to them. Sometimes, the same data is applicable to all three groups. Sometimes, it's not. But everyone has access to the data, and it's immutable. It can't be changed or deleted. The ability of all of these departments to leverage the same data is how Splunk Cloud Platform has benefited our company the most.

Splunk Cloud Platform has helped us make key decisions, such as cost-saving decisions related to licensing. It has also improved uptime and helped us improve performance in areas where our network or servers were not performing well. Additionally, it has helped us make better business and IT decisions and has supported our planned growth.

Splunk Cloud Platform helps us access data for compliance and privacy regulations. It currently has the features to mask data, perform the least privileged access, and provide only certain commands and functions within the platform.

We are the best in the industry because of Splunk Cloud Platform. Splunk Cloud Platform fills the SIEM role for our organization, and without the best SIEM, we would be no better than our competitors.

Splunk's extensibility is one of its best features. It offers a wide variety of ways to ingest data, generate reports, and create dashboards. Its integrations with other systems are also very impressive.

What is most valuable?

Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration.

What needs improvement?

The reporting provided by Splunk Cloud Platform is often good, but it only provides the data and not the flash, whereas the other platforms provide both. From an enterprise standpoint, we are more limited in terms of what data we can export and how we can present it.

Navigating the solution can be more user-friendly.

The documentation has room for improvement and the price is high and can be improved.

For how long have I used the solution?

I have been using the Splunk Cloud Platform for over five years.

What do I think about the stability of the solution?

When architected properly and maintained to an optimum level, Splunk Cloud Platform is unbelievably stable.

What do I think about the scalability of the solution?

One of Splunk Cloud Platform's key selling points is its ability to scale to petabytes and beyond.

How are customer service and support?

Base-level support is suboptimal. Enterprise customers need the premium support package. Responses are often delayed, and resolution is slow.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Over the past 25 years, I have used several different solutions. In the past, I preferred using a terminal interface rather than a web interface. Splunk has an API and a mobile app, but ultimately, Splunk users are confined to their browsers. This is one thing I would like to change, as I would prefer to be able to use Splunk outside of a browser. However, this is also one of Splunk's biggest advantages, as it is a universal platform.

We used Splunk Enterprise before migrating to Splunk Cloud Platform.

How was the initial setup?

My knowledge of Splunk has since grown exponentially, but the first time I deployed Splunk Enterprise eight years ago, it was unbelievably hard. There were so many moving parts and things to consider. It was too much for one person to figure out, and I didn't have the budget to get help from the Splunk team.

What's my experience with pricing, setup cost, and licensing?

The cost of using Splunk Cloud Platform is high, but the value it provides is worth the investment.

What other advice do I have?

I give Splunk Cloud Platform a nine out of ten.

Monitoring multiple cloud environments is never easy. We are looking forward to new features from our cloud partners, such as AWS Security Data Lake, Google, and Microsoft. These features will make it easier to integrate our cloud environments. Splunk Cloud Platform is currently the best solution for collecting data from multiple cloud environments. AWS has five million different ways to export data, and we need to use all of them to collect all of the security and IT-related data. Splunk supports all of these data sources.

A year ago, I would have said that Splunk needed automated response, an easy-to-detect, easy-to-run, and manage business analytics platform, a user and entity-based business analytics platform that is integrated within the product, threat intelligence, and a current dashboarding tool. Splunk now has all of these features. A year ago, Splunk's competitors had these features, but Splunk did not. Splunk has since acquired or developed these features in-house. Very little in Splunk's product is not tightly integrated into the current releases. If someone is starting from scratch, meaning they are just rolling out a new security solution, and they do not choose Splunk, they are making a mistake. Splunk provides so much of everything that it is the best choice for most organizations.

We perform daily maintenance on the solution.

I advise new users to find someone who knows Splunk. Even a good technical person will not be able to do this on their own. They are not going to train them on day one. Good technical people who know Splunk are valuable assets, so they should seek them out and get them on the project.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Splunk Cloud Platform
October 2024
Learn what your peers think about Splunk Cloud Platform. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,562 professionals have used our research since 2012.
Cloud Architect at Sainsbury's Supermarkets Ltd
Real User
Good documentation, nice dashboards, and customizable reporting capability
Pros and Cons
  • "We haven't had any limitations or problems connecting to our network devices."
  • "The training models can only be accessed for 30 days, even if it is paid training."

What is our primary use case?

This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis. 

What is most valuable?

The reporting and dashboards are very good.

In terms of reporting, everything is customizable. You can write a query to have the reports and dashboards created for you, and it will be based on that data.

The documentation is pretty good.

Integration with products and devices works well. We haven't had any limitations or problems connecting to our network devices.

What needs improvement?

The training models can only be accessed for 30 days, even if it is paid training. This is a limitation that I feel should be lifted because if we are paying for it then we want to be able to continue to use it.

For how long have I used the solution?

I have been working with Splunk Cloud for a year and a half.

What do I think about the stability of the solution?

This solution is pretty stable. It is used on a daily basis and in the past year and a half, I haven't faced any issues.

What do I think about the scalability of the solution?

We have a team of 20 for our SOC operations who will be monitoring the results of Splunk Cloud.

How are customer service and technical support?

The support is pretty good. We are a premium customer so when we raise a ticket, they deal with it right away. Also, if it needs to be escalated then the account manager will get involved.

Which solution did I use previously and why did I switch?

We did not use another log management solution prior to this one.

How was the initial setup?

Splunk Cloud is pretty straightforward and easy to set up. It is a SaaS solution, so we don't have to do anything on our end.

What about the implementation team?

We are a team of six people who maintain our security solution.

What's my experience with pricing, setup cost, and licensing?

Compared to other products, Splunk Cloud is expensive.

The licensing is based on the amount of data that we send to the cloud on a daily basis. It is expensive, although it has more features than other SIEM tools.

What other advice do I have?

Overall, I find that Splunk is pretty good. It is a very mature product and I can see that compared to when I used to five years ago as an end-user, they have been improving in every way. The interface is something that has become more user-friendly over time. When there is something missing, it is handled by another product from the vendor. For example, if you need to add predictive analysis then you use Splunk Phantom.

There are many other SIEM tools on the market, such as IBM QRadar and ArcSight Logger. Splunk is comparatively more expensive but it has many features and good functionality. I definitely recommend it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2499690 - PeerSpot reviewer
Principal Site Reliability Engineer at a pharma/biotech company with 1,001-5,000 employees
Real User
Information is easier to get now that it is all aggregated and centralized in one place with one interface
Pros and Cons
  • "Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need."

    What is our primary use case?

    I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.

    How has it helped my organization?

    Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.

    What is most valuable?

    The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

    My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

    It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

    It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

    I don't know how much the product has helped my organization improve business resilience.

    I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

    I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

    What needs improvement?

    I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

    So far, it meets my needs, so I don't need to see any additional features in the tool.

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.

    What do I think about the stability of the solution?

    I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.

    What do I think about the scalability of the solution?

    I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.

    How are customer service and support?

    I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.

    Which solution did I use previously and why did I switch?

    I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.

    How was the initial setup?

    The product was deployed before I joined the organization.

    The solution is deployed on a hybrid cloud model, and my company has opted for AWS.

    What about the implementation team?

    I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.

    What was our ROI?

    I don't know about the ROI part.

    What's my experience with pricing, setup cost, and licensing?

    I don't know about the pricing, setup cost, and licensing part.

    What other advice do I have?

    I rate the solution a ten out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Principal, Cybersecty and Infra at PNM Resources Inc
    Real User
    Improves availability and makes infrastructure administration easy
    Pros and Cons
    • "There is definitely the ease of the infrastructure administration. It frees up a lot of time."
    • "I would love to be able to manage my own apps."

    What is our primary use case?

    We are onboarding everything on it. We have infrastructure, applications, and network-related things on it.

    How has it helped my organization?

    The availability has improved. There is the ease of upgrades. We are able to show value quicker with some of our add-ons and things like that because of the stability in the base.

    It is extremely important to me that Splunk Cloud Platform has end-to-end visibility into our cloud-native environment.

    Splunk Cloud Platform has definitely helped reduce our mean time to resolve. It is a little hard to measure. It has at least saved 3% of our time.

    Splunk's unified platform has helped consolidate networking, security, and IT observability tools. There is ease on resources.

    What is most valuable?

    There is definitely the ease of the infrastructure administration. It frees up a lot of time.

    What needs improvement?

    I would love to be able to manage my own apps. 

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for two years.

    What do I think about the stability of the solution?

    Stability and scalability have been the main benefits of this solution.

    How are customer service and support?

    We have had some confusion around some of our requests, but I understand. We have to work through and get proper responses.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We were using on-prem Splunk.

    How was the initial setup?

    There was a professional service involved. I came into the team right at the time of the cutover. They were pushed into the cloud because things had gotten so out of control on-prem, so we had to clean that up first, and then finish the migration. It was kind of bumpy, but we got through.

    We are using AWS. It is managed by Splunk.

    What about the implementation team?

    We had Aquila as our partner for help with implementation.

    What was our ROI?

    We are definitely starting to see an ROI. We have been focused on metrics because we are trying to get very comprehensive and overall monitoring of the environment both from the security standpoint and the infrastructure standpoint.

    We have not yet seen any cost efficiencies by switching to Splunk Cloud Platform. We are still maturing it out.

    What's my experience with pricing, setup cost, and licensing?

    As far as the pricing goes, it was what was expected. It is a premium product. There were no surprises there.

    Which other solutions did I evaluate?

    We did not evaluate other solutions. We have always been with Splunk.

    What other advice do I have?

    We are not monitoring multiple cloud environments, but it seems it would be easy to monitor them.

    Overall, I would rate Splunk Cloud Platform an eight out of ten. There is always room for improvement, but it has been good.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    reviewer2499189 - PeerSpot reviewer
    Senior technical consultant at a healthcare company with 1,001-5,000 employees
    Consultant
    Top 20
    Offers good dashboards that show us search or user search activity

    What is our primary use case?

    It's a better pricing model. The main aspect is that we don't have to manage our infrastructure. Since we migrated, we've found we don't have as many outages. 

    This allows our admins to focus more on the day-to-day onboarding instead of wasting time dealing with outages.

    How has it helped my organization?

    Our organization monitors multiple cloud environments. We monitor AWS. We have other logging platforms that monitor our infrastructure as well.

    It's very important for our organization that Splunk Cloud Platform has end-to-end visibility into our cloud-native provider environments. With the increasing changes in technology, being able to consistently get insights into those new data sources in a quick amount of time is everything.

    Moreover, we have seen a reduction in our mean lead time to resolve (MTTR). Our enterprise has some of those dashboards for incidents. Splunk is mainly used to resolve those incidents and identify what's wrong. Over year over year, these times are lower. And Splunk has helped with that. There's other operational things that are probably helping too, Splunk plays a big part, so it is helpful.

    What is most valuable?

    I like the Splunk Monitor console. I like how Splunk continually updates it with new features. We don't have to do anything on our end, we just get access to that. 

    Splunk has some good dashboards that show us search or user search activity. There are some things that could cause the environment to go awry, like skip searches or searches that are more intensive. 

    By being able to identify those, we could reach out to those customers and work with them on improving their standard practice. Since moving to SaaS, we're able to focus more on that.

    What needs improvement?

    There's one specific use case I work with. I work with some Splunk experts, and it lacks workload management rules.

    It can identify specific dashboards e.g., or all-time searches. When I try to track back to the user, I don't have additional information within those logs to help me know, "This is the dashboard this guy accessed."

    Instead of relying on those particular workload management logs, I have to do an investigation that takes time. It takes too much time when it shouldn't.

    For how long have I used the solution?

    It's only been a full year so far. We migrated recently.

    What do I think about the stability of the solution?

    Stability has been so far, so good. Data is growing, not just for us but for everyone. From what we've seen, it looks like it's handling it accordingly.

    How are customer service and support?

    We frequently engage with support now since we have a lot of incidents. They consistently ask for feedback on our support cases. We recently had something that was very urgent. Splunk was able to escalate it accordingly and get back to us with a solution. It means a lot to my management.

    Which solution did I use previously and why did I switch?

    We've been with Splunk for several years now.

    How was the initial setup?

    For the cloud, the deployment is easy. 

    We just have the standard. We download our packages, upload them via the cloud, upload our apps, and use the App Inspect. 

    Before on-prem, we had some CI/CD pipelines to deploy on-prem. Those change calls lasted up to an hour and a half just to verify the change was successful and that everything was coming in as expected. 

    Cloud is just uploaded and deployed in a matter of minutes. That's a big plus. It saves us time and a lot of hassle. 

    What was our ROI?

    We use our valuable time and do not waste effort. We just work on more important things like onboarding new data sources as log data continues to grow.

    By being able to have more time to onboard data sources with customers, we provide our company more visibility and value into our entire environment.

    What other advice do I have?

    I have no major gripes other than some detailed grievances, so I would rate it an eight out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    reviewer2267181 - PeerSpot reviewer
    Incident Manager at a manufacturing company with 10,001+ employees
    Real User
    Top 20
    A stable solution used for visualization and alerting, but it needs to be made more user-friendly
    Pros and Cons
    • "The most valuable feature of Splunk Cloud Platform is the alerting feature."
    • "Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly."

    What is our primary use case?

    We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.

    What is most valuable?

    The most valuable feature of Splunk Cloud Platform is the alerting feature.

    What needs improvement?

    Currently, Splunk Cloud Platform is very easy to use and read. The solution's visualization for the end users is also good. However, setting up the solution or an alert is not straightforward. There's a lot of incompatibility and areas that you have to consider while setting up the solution.

    All those things make setting up the solution very complex for regular people who know the business operation. So, they have to hire a third party or a technical person who doesn't understand the business to set it up for them, which usually creates a gap.

    When someone who cares about the business and understands its operation sets up the solution, they would set it right. There's always a gap when a technical person or third party sets it up. It may lead to many workarounds to fix issues like alert fatigue or false security. Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly.

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for four to five years.

    What do I think about the stability of the solution?

    Splunk Cloud Platform is pretty stable, and I don't have any issues.

    What do I think about the scalability of the solution?

    Splunk Cloud Platform is a scalable solution.

    How are customer service and support?

    I usually go to forums and discussions to get answers to my issues. You might need a Splunk account username to talk to technical support. When most users I have talked to face a problem, they Google it. I don't know if the technical support would provide you with support if you were stuck.

    Which solution did I use previously and why did I switch?

    I have previously used different solutions like DataStage, Datadog, Grafana, and ClickView.

    Which other solutions did I evaluate?

    We evaluated other options before choosing the Splunk Cloud Platform. But when a company buys Splunk services, the end users have to use what they have as a resource.

    What other advice do I have?

    Splunk Cloud Platform is a really good tool for getting alerts and better information about incident management and maintenance. Because of the solution's complex setup, most alerts are set by developers or people who create multiple unnecessary alerts, creating alert fatigue. Compared to other systems, like Dynatrace, Splunk Cloud Platform is not a smart system for analyzing alerts.

    As a project manager, I oversee the process of contacting the concerned parties, knowing what needs to be monitored and why they need the alerting mechanism. I was not directly involved in the scripting and adding Splunk Cloud Platform in the back end.

    As business requirements change, Splunk Cloud Platform needs maintenance in terms of setting up different parameters, which is not an easy task.

    Everybody uses the Splunk Cloud Platform in a different way. I would advise users to share their experiences about technical difficulties in the forums and community. Sometimes, others might go through the same problem without much documentation, and sharing your technical problems might help others.

    Overall, I rate Splunk Cloud Platform a seven out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    SIEM Engineer at a manufacturing company with 11-50 employees
    Real User
    Top 20
    Offers excellent visibility, and cloud performance, and requires zero maintenance on our end
    Pros and Cons
    • "he cloud performance is good."
    • "Splunk should offer various options for real-time monitoring."

    What is our primary use case?

    We use Splunk Cloud Platform to monitor our environment.

    How has it helped my organization?

    Monitoring multiple cloud environments is made easy with the Splunk Cloud Platform due to its fast ingestion and data recovery times.

    Splunk's visibility into multiple environments is excellent. I have found that a hybrid environment works the best, as the login portion remains on-premises while the rest is in the cloud. This reduces the maintenance required on-premises.

    There are two types of integration. The first involves bringing something into Splunk, while the second entails moving something out of Splunk. Bringing data into Splunk is relatively straightforward, with multiple options such as RAS, SysLog, and Splunk's built-in functions. However, exporting data from Splunk is more challenging and not as straightforward as the process of bringing data into Splunk.

    Splunk Cloud Platform has influenced our decision-making processes. Splunk is primarily employed for security purposes; thus, it excels particularly in SIM. It encompasses an asset and identity framework that effectively gathers information about an organization's assets and individual identities, encompassing all users. Therefore, when considering Unified Business and SIM, Splunk proves to be highly proficient. 

    What is most valuable?

    The cloud performance is good.

    Not having to perform any maintenance because it is handled by Splunk saves our administrators time which is valuable.

    What needs improvement?

    Splunk should offer various options for real-time monitoring. If we could enhance the speed of data ingestion or data retrieval, that would be an added advantage. Additionally, there is room for improvement in SaaS-to-SaaS integration. I believe that reintroducing HTML dashboards would be beneficial, as they provide dedicated web features. This, in turn, gives users the flexibility and freedom to create custom dashboards more easily.

    For how long have I used the solution?

    I have been using Splunk Cloud Platform for five years.

    What do I think about the stability of the solution?

    I would rate the stability of the Splunk Cloud Platform as an eight out of ten. We still encounter some lagging and errors, but not as much as with the on-premises deployment.

    How are customer service and support?

    I occasionally get in touch with Splunk technical support, usually regarding data onboarding. These include routine activities like installing or uninstalling applications, as well as making changes to existing ones. On average, we submit at least one ticket per week to them.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have used many tools including Elastic, Grafana, Tableau, and Sumo Logic.

    Splunk is indeed superior in many cases, but other tools are also making progress to catch up, with Elastic being one of them. They have begun developing their own SIM offering, complete with its own SIM features. Similar to Splunk Cloud, Elastic also has its Elastic Cloud Stack. Some of the features provided by Elastic seem to outperform Splunk. Therefore, there is room for Splunk to enhance these aspects. As for pricing, it could be more competitive, considering that other tools also provide the freedom to choose the Cloud Stack. Although Splunk offers this flexibility, the process often involves extensive discussions, making it less adaptable compared to other tools.

    How was the initial setup?

    The initial setup is somewhat complex regarding the CI/CD pipeline, and Splunk manages the deployment. Splunk provides a feature called ACS, which enables us to manage the deployment ourselves if desired, but it's simpler to have Splunk handle the deployment on our behalf.

    The deployment took around one month and required ten people from Splunk's DevOps team.

    What about the implementation team?

    The implementation was completed by Splunk.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is high for small organizations. The cost makes more sense for organizations that have a large amount of data ranges.

    What other advice do I have?

    I would rate Splunk Cloud Platform an eight out of ten.

    There are numerous tools that offer real-time reporting and alerting capabilities. Splunk is indeed effective, but due to the prerequisite of registering logs beforehand, a delay is inevitably introduced. Therefore, while Splunk is suitable for real-time reporting alerts, it may not be as optimal as some alternative solutions.

    Resilience has added value and contributed to the improvement of our organization. This is highly significant. In most cases, the SOC team relies on the tool for issue mitigation and ticket resolution. Therefore, it is crucial for Splunk to remain consistently up-to-date and respond as quickly as possible. This holds immense importance.

    The extensibility is good, but there is room for improvement, especially in integrating certain logs. Enhancing the process of incorporating raised logs is possible. In most cases now there are limitations on log creation. Previously, a direct option existed to import logs. However, this process has been altered, requiring users to develop an add-on for log integration, leading to increased complexity. Furthermore, users are expected to have knowledge of Python. This can be problematic in cases where users lack such expertise. Therefore, this aspect could certainly be enhanced.

    For those who want to evaluate Splunk, it comes down to the volume of data. If they are dealing with a substantial amount of data flowing into their SIM, Splunk would be the superior option. Splunk effectively manages extensive datasets in comparison to other technologies. It also offers numerous additional functionalities, such as an enterprise security suite, assets, and identity framework. Moreover, it has undergone industry testing and has been employed in the field for a considerable duration. In contrast to other organizations, they provide a wealth of features.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user