Splunk Cloud Platform Reviews

The Splunk Cloud platform is for anyone who wants to save money and doesn't want to manage an on-prem infrastructure. I like the Cloud platform because we don't have to handle any maintenance. Any server downtime, upgrades, or patches are no longer our responsibility, which is great. That's the biggest advantage of Splunk Cloud.

Before COVID-19, the Splunk Cloud platform was much more difficult to manage. I've heard it causes a lot of frustration. Thankfully, it's come a long way since then. Now, it's user-friendly and allows app and add-on installations without worrying about accidental breakdowns.

I wouldn't have released Splunk Cloud myself when they did but the shift to remote work during COVID-19 drove everyone to the cloud, making the Splunk Cloud platform a great solution. While the updates focus on features, patches, and maintenance, there's nothing about the Splunk Cloud platform itself that I love other than the fact that we can use it in the cloud without the hassle of any on-prem requirements.

The importance of having one cloud platform depends on an organization's data goals, but at the end of the day, we onboarded the data because it's important. So as long as we have a use case, it's high up there.

Splunk Cloud Platform has improved our mean time to resolve incidents 100 percent. The cloud eliminates the need for upgrades to multi-cluster environments and the risk of errors during configuration, which can cause major problems. While we are not responsible for any Cloud maintenance, Splunk's support is helpful for escalations. Their clear communication about maintenance minimizes the need for their involvement.

While I can't speak to personal cost savings, moving to Splunk Cloud likely saves on storage costs compared to on-premises setups. This is especially valuable because many organizations use Splunk alongside other security products for specific needs. However, some competitors offer better data storage and faster results as add-ons for Splunk. Overall, the biggest cost savings come from eliminating the need for in-house server maintenance, storage management, and future data migrations. This reduces headaches and frees up IT resources, even if the migration itself wasn't a major issue.

I like the idea of being able to list the IPs that we want without having to open up a ticket to get it done so that way if anything changes we can add a new IP. The platform itself is the most valuable because if we're using the product, we're paying a lot for it. So we're searching our data and doing the triage we need to with the events. In reality, our biggest benefit of the Splunk Cloud Platform is not having the hassle on-prem.

Splunk Cloud's SVC licensing model lacks transparency. Customers are unsure of how SVC consumption translates to costs, and there's no easy way to identify what's driving SVC usage within the platform. While some external applications provide limited insight, Splunk Cloud itself doesn't offer a clear view into SVC consumption. This lack of clarity makes it difficult to explain cost spikes to customers, as the cause could be anything within the platform.

I have been using the Splunk Cloud Platform for four years.

The Splunk Cloud Platform is stable.

I have some concerns about the SVC licensing model for deployments under 1 terabyte, and it's separate from Splunk Cloud. The bigger challenge customers face is managing the surge of data and historical information they ingest. This can lead to situations like an admin setting up numerous queries and then leaving, making users hesitant to disable them for fear of breaking something. While this can happen with any product with unchecked admin access, Splunk and Splunk Cloud themselves function as intended for large-scale environments. Ultimately, it's up to the customer to manage their Splunk instance effectively.

Many people complain about back-and-forth interactions with Splunk support. It feels like a repetitive loop of explaining the problem, being asked for information and questioning why it's needed. There's frustration on both sides: support needs details to diagnose the issue, while users might feel it's a simple problem and supplying extra information is unnecessary. This can be true for any customer support experience.

Splunk Cloud deployment complexity varies by use case. Starting fresh is simple: install, configure, and point data to the cloud. However, migrating from on-premises to the cloud with existing data can be complex. Deciding what data to migrate and the migration process itself adds significant challenges, although these are likely to become easier over time.

Splunk Cloud's value is clear: it eliminates maintenance headaches and simplifies connection, offering a hassle-free experience.

The lack of transparency around the SVC licensing makes it difficult to explain the costs to our clients.

I would rate the Splunk Cloud Platform nine out of ten. The rating is not because of customer service. I am strictly looking at the product. I've worked with it for seven years. I've been on over 70 engagements with other customers over those years, and I rarely find a use case that a customer can't solve when it comes to an architect-type scenario, which is great. It's the same thing for data. For the most part, if you know you have data and can get it written down to a file, you can adjust it, which is phenomenal. The on-prem infrastructure consists of only 12 CPUs and 12 RAM if it's hardware, and then you double it if it's virtual. Overall that's very inexpensive to stand up major components. I'm not including storage or any other sizing that can get more complicated. Overall, it doesn't ask much from actual servers if you want to host it on-prem. Even managing it yourself on-prem, is not terrible. The commands are still there, the resources are there to do it yourself. You have community groups out there that help you with questions. There are tons of providers out there that can get you from point A to point B. 

I have always used Splunk but I am open to learning Chronicle soon depending on industry trends. While I believe Splunk remains the top SIEM tool. According to Gartner, competitors like Azure and Oracle are emerging. However, I have not needed to look for other solutions.

We have a public URL that allows anyone to authenticate for ADFS. This allows them to connect using Active Directory. 

The most valuable feature for me is the flexibility of being able to send the log to the https endpoint. I know that it is possible to export the logs, although it is easier for me to communicate with the endpoints concerning what I am interested in.

This is a feature-rich product.

Although there is documentation available, it is really hard for me to find relevant topics on what it is that I'm searching for. For example, when something goes wrong, I can spend hours trying to figure out the problem and have nothing to refer to. I find that it confuses me somewhat, so it is something that can be improved.

I feel that technical support can be improved because it is always done through the use of a support ticket, which is not very convenient.

Setting up and configuring integrations are not easy to do. 

We implement this solution within the past year.

Splunk Cloud is quite stable. I do not remember having any issues with bugs or glitches.

I would expect that the scalability is quite good, albeit expensive.

Technical support is okay, although they are not as quick to respond as I believe they should be. I feel that some of the support processes are not very convenient.

The initial setup is straightforward, although we still revisit it. We started several months ago and are still trying to set it up in a more structured way. Really, we are still in the deployment stage in some regards because we are struggling with exactly how it should be set up.

We had some assistance from a consultant after the initial setup was completed. It worked well for simple uses, but now, we have some help in trying to configure it to meet our needs.

The price is something that people complain about.

My advice to anybody who is implementing Splunk Cloud is to dedicate the time and resources required to learn it and use it. Investigate the features.

I would rate this solution a seven out of ten.

The Splunk search is powerful compared to similar solutions. We get millions of data points within seconds.

The Splunk interface is on-premises, so we have limited access to Splunk Cloud. Splunk support is not so good on Splunk Cloud. The Splunk side of the Splunk Cloud should also be more customizable. Integrating Splunk UBA, Splunk Phantom, and Splunk Cloud is also a bit difficult. 

I've been using Splunk Cloud for about four years. 

Splunk Cloud is reliable. 

Splunk Cloud's scalability is pretty good. 

Splunk support isn't so great. It takes a lot of time for them to respond. 

The initial setup is straightforward. 

We deployed Splunk in-house.

The license costs around 100,000-150,000 rupees. Splunk Cloud is the basic version. It costs extra if you need Splunk interface or Splunk ICSA. Those are premium additions. There are additional costs if you want to use the other premium aspects of Splunk.

I rate Splunk Cloud eight out of 10. It's a good solution that can index data in a short time. That's one advantage of Splunk over other solutions. However, the support isn't good, and you can't customize the Splunk interface. 

Splunk Cloud helps us to combine all our environments. For example, multiple business units can be combined into one even if they are in different geographic locations. 

It helps us with hosting from different geographical locations. 

The speed of the cloud environment is great. 

We only buy the services we need. We don't have to pay for other things we don't. It makes the pricing very economical. 

We use the solution's federated search feature. It's easy for us to use. It helps us search logs, analyze, and manage data.

We are able to monitor multiple cloud environments using our Splunk Cloud dashboards. It makes the process very simple. We just have to maintain different teams for different environments.

The solution is great within hybrid environments. It gives us good visibility across everything. 

It works well for sizable environments. 

The product integrates well with other systems and applications in our environment. We haven't had any issues with integration at all. However, if we ran into issues, we could call Splunk support. Having an issue would be a very rare event. 

Reporting is very good. It's the same for all Splunk solutions. Having multi-cloud instances in one place is great.

We have multiple business units and easily integrate them into the cloud, as well as different infrastructures from different areas. We can deploy a Splunk agent on any cloud - AWS, Google, etc.

The company can access data easily for compliance and privacy regulations. The privacy aspect has been very good.

Having resilience has been very helpful in our organization. 

Training should be free of cost. They need to provide more training options. 

There are no missing features at this time. 

I've been using the solution for two and a half years. 

The solution is stable.

We have 30 people using the solution in our organization. The product is scalable.

Technical support has been good. 

Positive

We did also use LogRhythm. It has a very good UI in comparison to Splunk, yet it doesn't have as many capabilities and does have a few more restrictions. That said, it's a good product for creating use cases and automation, which is easier than Splunk. We moved to Splunk as LogRhythm did have some restrictions. 

I have previously done deployments of Splunk. The setup is pretty straightforward. 

Were a system integrator of Splunk. We help clients set up the solution. 

We've had six or seven people setting up the solution. 

The maintenance is pretty manageable. I'd rate maintenance needs seven out of ten. 

I'm not sure if we have noted any ROI while using Splunk.

The pricing is reasonable. They provide good options for licensing. 

I did not evaluate any other options. 

We are integrators and also users of Splunk. 

We have multiple solutions we use for security, of which Splunk is one of them. So far, it's been very good from a security perspective, although we don't solely rely on it.

I'd recommend users work with Splunk in the cloud environment. I'd recommend the product in general to others. 

I would rate the solution nine out of ten. 

We use it for Log Management and also for another bit of management. It feeds data into Splunk and Splunk writes the rules and based on that, it will pick up incidents. 

It is good from a cost perspective, in terms of the cost of the data you're looking at. There is no cost barrier. 

For my current requirements, the tool theme seems to be meeting my requirements, from a cost and requirements perspective.

The only thing I would say is an issue is the cost. It matches other products. The costs can be justified for the value that we gain. The entire threat analysis stack should come in a bundle. If the cost was matchable with other products I think Splunk would pick up in the market. 

I did evaluate other products and installations. I can't compare it to Splunk. 

I have been using Splunk Cloud for a year. 

There are two people who are part of admin that use Splunk in my company. 

We have a policy where we have to keep the domain controllers on lock with sensitive servers for about 90 days. We look at the controls around once a week to check if they need to be attended to. 

We initially contacted their support during the implementation. It was not for a very complex issue. It was more for a consultation. 

Their support is good. 

I was new to Splunk and had a problem with understanding the forwarders and worker safety management.

My team was able to install it themselves. 

In terms of how long it took to deploy, between coding, testing, and other things, it took about four weeks to complete the project to complete the initial installation. Altogether it was four to five weeks. They should improve the customization. 

Splunk is a leader in its marker. 

Splunk offers more features than its competitors. Other solutions are not on the same level to be able to compare them. 

I would rate Splunk a nine out of ten. 

The queries and pulling out the exact reports is a little challenging. I get complaints about it. I would like to see more reports or default out of the box reports. That would be more useful, useful, and then people can avoid writing inquiries.

We are a Splunk reseller and Splunk Cloud is one of the main products that we work with.

Our customers implement this product for log management, application management, application testing, and process management. They also have it for customer service use cases.

The most valuable feature of Splunk Cloud is the quick setup.

The only thing that is missing compared with Splunk Enterprise is the ability to manually edit all config files. This task is easily handled with support tickets but sometimes is would be nice to experiment directly.

I have been selling Splunk products for ten years.

We have not heard any complaints about stability. 

Scalability with Splunk is the best because it scales to anything. Their promise to users is scalability and availability. Our customers range in size from very small companies to large ones.

Over the past ten years that we have been selling Splunk products, they have been in constant contact for support. I would say that it is invaluable. They have great response time and great skills, and I couldn't compare it with any other software company.

Installing Splunk Cloud, itself, is nothing. The length of time for the total deployment depends on how many log sources that you have. It can be completed in a matter of hours.

Being a cloud-based product, Splunk does all of the maintenance. We don't have to do anything to maintain it.

The licensing costs depend on the data ingest volume. If you weigh the costs and the benefits, the benefits are great and it is money well spent. 

I feel that Splunk Cloud is good as it is. It is the best tool on the market.

My advice to anybody who is considering this solution is to start now and don't wait. Every day that you wait, you can be wasting time and money.

I would rate this solution a nine out of ten.

Our primary use case for the solution is login collections.

The documentation available could be improved as there is sometimes no documentation or updated documentation available. For example, I tried to get the metrics from MongoDB, and there's very low documentation for the module.

We have been using this solution for a few months.

We haven't used it enough to comment on its scalability. We have approximately 100 people utilizing the solution.

We don't have experience with customer service and support.

The initial setup was straightforward and took approximately 20 minutes.

I rate the solution a five out of ten. The documentation available could be improved.

My primary use case was trying to build a centralized log database and making some logs on my servers. I also use it to install tools in Splunk Forwarder. I'm a company founder.

Splunk is a very user-friendly tool and it's very extensive compared to other tools.

From my perspective, customization needs to be simplified and I'd like to see a reduction in the cost of the solution.

It's stable, but if you try to customize it, it will take some time because there's a specific language behind Splunk. Thankfully they have a good community which is a big help.

The solution is scalable.

The initial setup is very straightforward. 

Licensing costs are paid annually and are quite expensive.

I recommend this solution for any company that has the money to buy it and rate it eight out of 10.