Splunk Cloud Platform Reviews

One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me.

I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time.

We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.

Splunk Cloud saved us a lot of money because we're working with databases like MongoDB and Oracle and using Splunk as a sync tool. It has its own indexes that cut costs by 15 to 20 percent. 

It also improves our decision-making process. In one scenario, we compared the client's data from last year to this April and saw the year-on-year profit and loss. We could see which projects were successful. Compared to another SIEM or monitoring tool, it saved us time because the data is presented in a clean, customizable dashboard. 

In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that. 

If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.

It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview. 

When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be. 

The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.

First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.

Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client. 

I have been using the Splunk Cloud Platform for two years.

I rate Splunk Cloud seven out of 10 for stability. 

I rate Splunk Cloud eight out of 10 for scalability.

I rate Splunk support six out of 10. They're knowledgeable, but their response times are sometimes slow. 

Neutral

We have Prometheus, but that only monitors Grafana and shows you a dashboard. Splunk is not just monitoring or grabbing data you search for. I've worked with cloud and enterprise. When we started using Splunk Cloud, we used it more like a dashboard to search data. Based on my understanding, I could create applications. 

After moving into the enterprise side, I understood Splunk even more, including its components, bucket lifecycles, and how the indexes and configurations work. It's not simply transferring data from one to another. I can grab data from any system that consists of raw data. Splunk can also identify those data in the timestamp index form. We don't have any other vendors to compare it to. 

Deploying Splunk Cloud Platform is straightforward unless you use an automation tool like Ansible, Puppet, or Chef. It takes four to five hours. Installation can take a day in some cases, but it typically can be completed in less than five hours unless you're dealing with more complex data.

Splunk Cloud is affordable, depending on your license. I don't know how much it costs exactly, but my colleague said it depends on your licensing and which features you use. 

I rate Splunk Cloud Platform eight out of 10. I would recommend this product. 

I was working as a DevOps engineer in India. I was working for the payments domain of a client. We were mostly using Splunk for monitoring the production, deployment of API, and traffic. 

We had two cloud platforms. When I joined the team, we were deploying all our APIs in Pivotal Cloud Foundry (PCF). We then migrated to AWS Kubernetes. We were able to monitor both platforms in Splunk. When we migrated to Kubernetes, Splunk helped us. When we were having the transaction loss, we were able to find out which node was throwing the error. We were able to fetch the details according to the nodes in Splunk. We were using different keywords on these platforms for fetching the data. 

We could create our own query, and we could create our own alerts for a particular API. We could also configure these alert notifications to be mailed to particular managers and owners. We could just go through the alert to check if the API was running well or needed to be fixed.

As compared to other tools, it is very easy. It is very easy to learn. It also integrates well. 

The reporting features are very good. The dashboards are very nice. We could create our own dashboards to monitor any volume dips or transaction loss. 

The search for bulk data needs to be improved. When we were looking for the flow, we had to search really hard. I wanted to request the Splunk team to add some features for better search because getting the flow of the bulk data was sometimes hard.

I have worked with this solution for almost three years.

It is stable, but we did experience two or three downtimes.

We had three or four monitoring tools other than Splunk. We had AppDynamics, Grafana, and others, but we were mostly concentrating on Splunk because we were able to fetch all the details from a particular transaction using Splunk. We were able to create our own dashboard so that we get alerts regarding errors or transaction loss for the customer. The most useful thing was that when we were fetching details from a payment ID or a grid, we were able to track the complete workflow for that API. We were also able to fetch the details about whether the issue was in our team or the external team. We were able to track that very accurately using Splunk.

It is not that complex. We just need the knowledge. We just need to know how to query the alert and set up dashboards. As compared to AppDynamics and Grafana, it is a lot easier.

Our dev team could set up a dashboard and deploy everything in two weeks.

It is not that expensive.

If the company is working on API-based deployment and API-based developments, then I would recommend Splunk. It is useful for tracking the flow and fetching the data.

Overall, I would rate it a seven out of ten.

We are primarily using it for InfoSec, cybersecurity intelligence, information gathering, and forensics. We also do a little bit of application performance monitoring for some appliances that can only be monitored through log ingestion.

We are starting to monitor multiple cloud environments. We have our internal cloud, and we are migrating to AWS. We are engaged in that path. In terms of monitoring, it is more or less the same because we are using the same integration pattern, which is to use Ivy folders and gather logs. We use it at its minimum, but the way I see it at the Splunk conference, we can go further. Will we go further? That is a million-dollar question.

It has end-to-end visibility into our cloud-native environment. For sure, it is important for operation and application support, but we need to embark our staff and management for that. They are the ones who are committing big dollars to that.

It has not reduced our mean time to resolve because we are using other tools as well. We are aiming to go on that path in the coming months.

It specifically has not improved our organization's resilience. There are a myriad of modern tools that we are implementing. Splunk is one of them. It is one of them helping us.

Index Manager is most valuable because we do not have to bother about internal storage. It is all managed by the Splunk team.

The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good.

We have owned Splunk Cloud Platform for the last year and a half.

The stability of the solution is quite good. 

We had challenges with the sizing of the cloud tenant that we purchased, but that was based on past decisions, so we are stuck with that until our next move. That should come in the next year. At that time, we will resize the tenant in a more efficient way, so scalability does not apply because the tenant we bought is a closed one. There is no scalability on either side. I learned that after the fact, so I am not impressed because we did not buy it. I guess people who buy that type can have good feedback on scalability.

We migrated from an on-premise solution that we had for about three years. We saw cost efficiency when we went from on-premise to the cloud, but I do not manage the budget.

We are using Dynatrace in parallel. We used Splunk as a cybersecurity tool, and we embraced Dynatrace a few years ago. So far, Dynatrace does a great job. Splunk is closing the gap. With today's announcement at the Splunk Conference, they are catching up. We are also using Microsoft SCOM, so it is a trio. It helps us do a better job.

I was not involved with the setup of the on-prem one, but I was involved with the migration to the cloud. My experience was interesting because I started from zero, but with the help of Splunk's professional teams, we could achieve our project. On a personal side, it helped me to gather the knowledge that brought me here at the Splunk conference.

The setup is always challenging. We had four or five people involved in the migration. We also involved a lot of key players in application migration. We had 20 to 30 people involved at some point in the migration path.

We used professional services.

We have, for sure, seen an ROI with Splunk. Our DevOps team is able to gather faster answers to their questions. Obviously, it brings value, whether it is Splunk or any other tool. 

We could see the ROI in a few months. We gave time to our DevOps specialists to embrace the solution and get used to it. From there, as they made their own usage and use cases of the tool, it gave them speed to achieve what they were looking for.

I would rate Splunk Cloud Platform a seven out of ten.

We are using Splunk Cloud as a log aggregator. All our application logs come to one place, and we do the aggregation, troubleshooting, and investigation. It has many different kinds of production troubleshooting.

We went from a manually reviewing logs to an automated time-series base with Splunk Cloud. It has helped our organization a lot.

Splunk Cloud's most valuable features are log aggregations, dashboarding, business management, reporting, and business controls. Additionally, it has awesome indexing and the solution is always improving

Splunk Cloud could improve by having pre-defined templates. It has very good design views, but there is no predefined template. You have to define your own. If they could add predefined templates for different use cases.

I have been using Splunk Cloud for approximately three years.

Splunk Cloud is highly stable. However, we had minor issues but we were about to fix them. We needed more capacity. The search capacity had to be increased as we looked at it because our logs move a minute of latency, it is almost in real-time

Splunk Cloud is scalable. If we want to expand we only need to add new hardware. it is much easier having the solution be cloud.

We use the solution every day. All the production support analysts are using the solution. There are approximately 50 people using it in my area.

I have not needed to use the support.

We have not used another solution previously.

The initial setup of Splunk Cloud was complex because we have a lot of logs. We had a lot of architectural setup discussions but we were able to do it. The level of difficulty for the implementation is in the medium range. It took us approximately 25 minutes.

It's an agent-based system, and you only have to enable it. There is an access control setup to control what to send, and what not to send. The deployment was quick. The adaptation or the implementation takes time  because you've got to go through all the infrastructure setup

I rate the initial setup of Splunk Cloud a four out of five.

We did the implementation of Splunk Cloud in-house and using two contractors. After the solution is implemented we do not need someone to manage it very often.

There are additional features that you would need to purchase depending on your use case.

I rate Splunk Cloud a seven out of ten.

We use it for a lot of different things. I primarily use it for monitoring, alerting, and dashboarding.

It was a slow adoption at first, but as our development teams are learning the tool, we now have our teams making their own metrics for each of the different apps. I work in the web, mobile app, and email area. It provides insights into metrics that are happening and problems when they are happening. We also have alerting.

We monitor multiple cloud environments. It is pretty transparent because we have some on-prem stuff and we have off-prem in the cloud, so we are using both. We are transitioning from on-prem to off-prem. It is seamless because it does not matter from where data comes. When we switch to a new data source, I do not have to reinvent it. We are using AWS.

Splunk Cloud Platform has helped reduce our mean time to resolve (MTTR). I get alerts every day. Anytime things are out of kilter, it gives us an alert asking us to better go look and see if something is happening. A lot of times, something is happening. It could be serious. It could be not serious, but we use it a lot for monitoring. Identifying a problem is a lot quicker. Once you know what the problem is, it makes it a lot faster to resolve the problem. That is where different other tools come into play. I believe they now have the APM tool, and we are trying to ramp that up. For us, it is pretty critical that we quickly identify that we are having a problem. It probably makes the resolution 80% faster.

Splunk Cloud Platform has helped improve our organization’s business resilience. We manage multiple websites over nine different states. We have millions of users as our members. When we are having a problem, we do not want to impact them.

For my purposes, I like the ability to aggregate lots of data from different sources. I like being able to report for management and being able to get alerts on thresholds being out of sync.

It is sometimes slow. Some of that has to do with the queries themselves not being efficient, but sometimes it is slow. They changed their model a few years back. It seems to be working better for us as opposed to having some limits that they had.

I have been using Splunk since 2019.

I have not had any issues with it going down or not performing. It is sometimes slow, but that might not be because of Splunk Cloud. That could be because of our firewalls and other things that lead to Splunk Cloud.

Its scalability is fine. We have ITSI. We have Splunk Enterprise. We have some internal Splunk and external Splunk. Our company at first was weary about putting data on the cloud. We do not have those concerns now.

We have pretty good support. 

It is hard for me to rate them because I don't use their support much. We have a lot of expertise in-house.

I have used several old competitors. Computer Associates used to have a tool. New Relic was another tool. We are primarily using Splunk now.

We switched from New Relic. We have had Computer Associates's tool. A problem with these types of tools is they are costly to put in and then not that many people use them. You then have to justify it, so the adoption is the issue.

The setup is way easier for Splunk and the way the data is aggregated is easier. Overall, reporting and dashboarding are easier. A lot of the setup involved such as tagging and so forth is not as cumbersome in Splunk.

With Splunk, looking at our servers and all types of log files is excellent. I am kind of disappointed with our particular infrastructure. We invested all this money in Splunk. We are using it for monitoring, recording, and alerting, but our company has to embrace it for using it for security. We have already bought it. Our security team should be using and leveraging it, but they are not. They are using other tools. Our security team just does not want to use it, and they need a push and need to be shown that we are paying for it. They can still use the tools that they want, but maybe they need to be shown what all these tools can do. We could leverage what we are paying for better. Our management can push our security team and say that we are paying for this, and they should leverage this more or more now.

We had a consultant come in from Splunk and a third party. We did both.

I do not know what that is anymore. I have not been involved with that for a couple of years, but I know we are paying a lot.

Overall, I would rate Splunk Cloud Platform at least an eight out of ten. For the things that I do, such as dashboarding, reporting, and alerting, it is great. It does a good job.

Splunk is an event log manager. We have reservation and event logging dashboards integrated from the data dock to Splunk and we have all the specific dashboards that we work with in Splunk for log management.  

We became pretty complete with our reporting using Splunk for all the log and event capabilities. I would rate this product as somewhere around seven or eight-out-of-ten for the logging capabilities and how that has added to the oversight of our business.  

The log event capabilities and the flexibility in the search engine for finding what we need in the logs are some of the more valuable features in this product.  

The pricing models should be improved and optimized. Right now, the pricing is a bit too expensive.  

One other thing you need is more ability to customize the dashboard to the way you want to have it. If you had a template that you could create and label inside of Splunk that would be good.  

One good thing that could be added to the AWS side of the solution is that you should have an OPS (Operation Alert) alert built into the dashboard that comes with Splunk. That would be very useful. For example, if you have a pre-defined template creator to fill in the information to forms that are loaded. That would be really beneficial.  

I have been using Splunk Cloud for more than four years now, in total.  

We have not experienced or even heard much about bugs or other problems people are having with Splunk. It seems pretty stable.  

Scalability is good, but the cost factor in scaling is really high. That is the reason why we are interested in working with products and solutions that will help us optimize our costs and may be looking into other solutions.  

We probably have something around a hundred users who work with Splunk. Mainly they are architects, enterprise architects, and data-link architects. We also have business analyst systems. We have not had a problem in changing or growing these roles.  

I have not had direct experience with the Splunk technical support because I leave it to the other teams in our organization because I am not really in a position to use Splunk support.  

I have only been working with Splunk for these past three years. I am not too much of an expert. I left my role as an officer in an organization in 2014, so from 2014 to 2017 I was not in touch with the advancements of products in the industry. But I was using other solutions prior to Splunk.  

The setup and installation of the product are straightforward.  

The pricing model makes this an expensive solution.  

Advice-wise, I do not really have much to say to potential users considering the solution as something to apply as an end-user. My job role is data organization so it might not be appropriate for me to give these opinions. This seems to me to have more to do with system functionality. But from my side, I am good with the product.  

Interface-wise, I think the product is good.  

Security-wise, it is all approved from the CSOs (Chief Security Officer) perspective.  

Enhancement-wise, we have to put in a lot of effort. The end-users who are working with the solution should know SQL. If they lack training in SQL, there will not really be a use case for them.  

Whatever the use cases we had for Splunk, we were able to make it work.  

Cost optimization is the only thing that needs to be reconsidered.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall around seven, or somewhere between six to eight. Six to eight so make that around seven-out-of-ten.  

We use it a lot for IT operations. We monitor various services that we manage. 

We do not monitor a multi-cloud environment. We have a single stack. 

It is very stable. Many things get managed at the backend. The infrastructure is managed by Splunk. We just have to focus on the use cases and the value we can drive from Splunk. Being able to focus only on the outcome of the product is valuable for any organization.

There has not been a significant difference when it comes to the meantime to resolution because it all depends on the use case and how much time it takes to run. However, as an admin, just focusing on giving valuable insights and not having to manage the infrastructure has been the most beneficial. Otherwise, the quality of the use cases is still the same. There is no difference as such.

Not having to maintain any infrastructure is valuable. That frees up a lot of time as well.

We are on the classic Cloud that is hosted on GCP. There are a lot of functionalities that are missing for Splunk Cloud hosted on GCP but they are available on AWS. Adding more IPs to allow lists and many other functionalities are not supported on Splunk Cloud hosted on GCP. One good example is the ingest action which is not there in Splunk Cloud hosted on GCP. I wish they would add these missing features to the GCP platform.

I have been using Splunk Cloud Platform for a year.

It is very stable.

We definitely have room to scale. In the future, we might scale our environment. The amount of ingestion is going to increase.

I would rate them a seven out of ten based on my experience. There were many instances where we did not receive proper help, so we had to escalate the issue through our account team and our customer success manager.

After the migration, whenever there was any maintenance, there would be an email saying that it was just maintenance. There were not many details about it. Once we started talking about it and giving feedback, they started adding more information. There are still some gaps in the support or the quality of service. From that perspective, I would rate them a seven out of ten.

Neutral

We migrated to Splunk Cloud Platform from on-prem Splunk Enterprise a year ago. The main reason was to have no infrastructure management on our side. That was the main reason we shifted from Splunk Enterprise to Splunk Cloud Platform.

It was completely a smooth transition. There was a lot of data that we moved from on-premise to cloud. The transition was definitely smooth. The licensing and pricing were handled by the higher management. I have no idea about it, but the entire process of moving the data over was very smooth.

We are using Splunk Cloud hosted on GCP.

We utilized the professional services from Splunk for the migration, but after the migration, we have been taking care of everything.

We did not look into any other solution. We are totally into Splunk. We wanted a no-infrastructure-management environment and a better solution, so we moved to Splunk Cloud Platform.

Splunk's unified platform has not helped consolidate networking, security, and IT observability tools. The only product we use is Splunk Cloud. We are not using any of the other products like ITES, enterprise security, etc. No consolidation is required for us.

I would rate Splunk Cloud Platform an eight out of ten.

We have a lot of third-party contractors that come in on our network and do the work. We use it to pretty much check what they are doing and make sure they are not doing anything that they are not supposed to be doing.

We do a lot of user interaction. We have users logging in, and we mainly look into failures and what is causing them to get locked out. We do a lot of that.

We also have Duo. We use Splunk Cloud Platform to keep an eye on who is using Duo, where they have failures, and why. We have quite a few people who are not supposed to be using Duo, and then they end up, for whatever reason, on the Duo side of the house. We use it to keep an eye on them so that we can help them get back to where they are supposed to be.

The improvement is in terms of helping those users who get locked out because we have that happen quite often. Daily, we have users getting locked out, and using Splunk makes it so much easier to help them. Rather than trying to go to the server and find those logs, we can just go to Splunk and then the dashboard for that particular user and find out exactly which machine is causing the lockout.

It helps us to easily find out which machine is causing the lockout. A lot of people know that customers can exaggerate. We can bring that back into perspective. They might say that they get locked out every day, whereas it might be once a week. We can see that. We do have a dashboard that tells us who is locked out right now. We do use that, and it helps us a lot because even before the user realizes it, we can go back and help. That helps us because they almost do not even know that it is happening. We can see it in real time, and we can fix it and unlock it. If it is something that is reoccurring, we can say, "You have been getting locked out multiple times in the same place for the last couple of hours. Go check this." We can also see why they were locked out. If somebody is putting in the wrong password, we can ignore that and unlock it. We, of course, are going to see where it is coming from. If we see some weird IP address or some weird computer that looks like it belongs to us, we will address that, but it helps us to help the user quickly. We are told what is happening as opposed to having to ask what is happening. We have definitely seen time to value. Instead of having to research, we are told it is there.

The Splunk Cloud Platform has reduced our mean time to resolve. It has easily saved 20 to 30 minutes every time someone gets locked out. We get 10 or 15 instances per day where people get locked out. It definitely saves a few hours per day.

Splunk Cloud Platform definitely frees us up to handle true problems and do true troubleshooting as opposed to handling lock-out issues. It is, of course, big for the user, but it is minute for us because it is answering a question that does not really matter to us. It matters to the user, but for us, we can just unlock their account, and we can figure out why at another time, whereas now, we can unlock their account and figure out why immediately. For example, if it was a machine that they logged into but they do not remember, or they have a cell phone that they logged into but they have not changed their password on, we can figure that out a lot quicker. That helps them quicker. It keeps us from having to go back to that user, and we can knock that out right then and there.

We have not gone into its ability to predict, identify, and solve problems in real time because we use it more after the fact. We do have an MSP, and they handle more of the security side. Their software does real-time monitoring, and they get alerts. We use the Splunk Cloud Platform to see what has already happened.

All the features are very equal for me. I do not use any one feature more than the other. They all are pretty equal to me.

It works as needed, and it does everything that we want to do. I have not come across anything that I would consider missing as such. If anything, sometimes we have dashboards that would not go into the dark mode. It is a minor issue, but it is the only thing that I wish was there. The dark mode would definitely help.

We have been using the Splunk Cloud Platform for about three years.

It has always worked when we needed it.

We are a very small shop. We only have 150 gigs a day, and we are not anywhere near that 150. However, from what I see, if there is an easy transition from 150 gigs to 300 terabytes, that is easy scalability.

We did not use any similar solution.

I was not involved in its deployment. It was already implemented.

Splunk Cloud Platform has been able to provide business resilience by empowering our staff, but currently, only two of us use it. One thing about coming to the Splunk conference is that we learn a lot. It is a lot more than what we probably can do. We also learned that for most people here, Splunk is a big part of their job. That is their main focus, whereas we have so many different things. We use Splunk; we do a little bit of networking. We do troubleshooting from swapping computers to the almost top level of moving cables.

I would rate the Splunk Cloud Platform a ten out of ten.