Engineer at a tech services company with 501-1,000 employees
Real User
Top 20
2024-09-06T16:45:00Z
Sep 6, 2024
One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me. I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time. We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.
Senior technical consultant at a healthcare company with 1,001-5,000 employees
Consultant
Top 20
2024-06-11T23:30:00Z
Jun 11, 2024
It's a better pricing model. The main aspect is that we don't have to manage our infrastructure. Since we migrated, we've found we don't have as many outages. This allows our admins to focus more on the day-to-day onboarding instead of wasting time dealing with outages.
Infrastructure Engineer at a insurance company with 5,001-10,000 employees
Real User
Top 20
2024-06-04T16:23:00Z
Jun 4, 2024
We mainly use it for the purposes of analyzing application logs to get a bit of understanding of what is normal application performance and then use that to highlight errors and inconsistencies when they occur.
We use Splunk Cloud Platform to ingest data from on-prem environments. Most people have Splunk Enterprise Security running on a server, but Splunk developed the Splunk Cloud Platform to ingest the data into the cloud. It works like Splunk Enterprise, but you must download apps to get some features. Our clients are mostly large enterprises in the financial industry.
Splunk Cloud Platform is a product I use since my company has different platforms on Splunk, like Splunk ITSI and Splunk Enterprise Security. Splunk ITSI and Splunk Enterprise Security are the two packages known as paid packages under Splunk Cloud Platform, and my company also has an ad-hoc search head. Splunk ITSI is totally related to the infrastructure monitoring that my company does, and from it, we derive the service analyzers, episodes, and alerts and see if we want to integrate anything with ServiceNow, Jira, or any other monitoring tools we have. The product can be integrated with other tools, while my company can also use its alerting feature and its ability to notify the consumers with particular alerts, so the total infrastructure is covered under SIEM, making it possible to attach to security information. My company also created a couple of use cases, like in the case of continuous resetting of a password more than three or four times, then there will be a security incident that would be created so that if any end user is doing it as malpractice, like, phishing or something, my company can detect it and inform the user that you have crossed the four limits, and there is some attack happening owing to which we need to reset the password. Based on the aforementioned process, SIEM monitoring will be handled through its application. The aforementioned areas consist of the use cases related to the tool, along with a couple of more activities, like onboarding a user onto Splunk, creating apps for them, creating dashboards, creating alerts, and creating a couple of use cases for them as per their requirements.
To gain deep visibility into our entire cloud infrastructure, we deployed the Splunk Cloud Platform. This tool allows us to monitor, analyze, and investigate all aspects of our cloud environment.
We use Splunk Cloud for monitoring various ticketing tools, servers, applications, URLs, and client transactions. We're monitoring the transactions and data flow.
Head of Cloud at a consultancy with 11-50 employees
Real User
Top 20
2024-02-16T10:50:00Z
Feb 16, 2024
I used it in my last organization for monitoring, intrusion detection, and intrusion prevention. We wanted to take preventative actions so we implemented it.
We leverage the Splunk Cloud Platform to effectively manage the vast amounts of machine-generated data, thereby ensuring application management security compliance. We implemented the Splunk Cloud Platform to enhance our customer experience and optimize the data storage costs. We can convert the log data into numerical data points when requested.
Incident Manager at a manufacturing company with 10,001+ employees
Real User
Top 20
2023-08-29T20:29:00Z
Aug 29, 2023
We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.
I use Splunk on my phone, on-premises, and for the automation tasks that we carry out. We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft. Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk. We create a dashboard. We are able to monitor everything from that dashboard. Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.
Security Compliance Program Manager at a educational organization with 5,001-10,000 employees
Real User
Top 10
2023-02-02T18:05:00Z
Feb 2, 2023
Splunk helps us to be proactive and it integrates with many devices. It offers visibility from many different levels, areas, zones, and devices rather than from a single system. We can use this intelligence to create correlations, system solutions, etc. Splunk reduces the risk factors and helps us in many ways beyond just collecting logs. Though Splunk is costly, it has many features like threat intelligence which is very useful. It helps us be proactive about reducing risks.
Founder at a marketing services firm with 11-50 employees
Real User
2021-09-09T13:07:37Z
Sep 9, 2021
My primary use case was trying to build a centralized log database and making some logs on my servers. I also use it to install tools in Splunk Forwarder. I'm a company founder.
CHRO at a computer software company with 5,001-10,000 employees
MSP
2021-07-02T11:48:00Z
Jul 2, 2021
As there is no SIEM solution here at present, we are building it up through the assistance of a vendor. In the past I worked in the Splunk Cloud, which was seven-point something. With QRadar I worked on version 7.3. We use Splunk Cloud as a SIEM solution and to monitor traffic and the network for detection purposes. We can create use cases so that if the solution picks up on anything entering our organization, the malicious IP can be blocked. In respect of ones which are suspicious, based on the logs we pull from the data source, we can build the use cases accordingly and have our analysts work on these.
Sr BigData Infrastructure Architect at a hospitality company with 10,001+ employees
Real User
2020-09-27T04:10:01Z
Sep 27, 2020
Splunk is an event log manager. We have reservation and event logging dashboards integrated from the data dock to Splunk and we have all the specific dashboards that we work with in Splunk for log management.
Director - Corporate Infrastructure at NTT Data India Enterprise Application Services Pri
Real User
2020-07-13T06:55:00Z
Jul 13, 2020
We use it for Log Management and also for another bit of management. It feeds data into Splunk and Splunk writes the rules and based on that, it will pick up incidents. It is good from a cost perspective, in terms of the cost of the data you're looking at. There is no cost barrier.
We are a Splunk reseller and Splunk Cloud is one of the main products that we work with. Our customers implement this product for log management, application management, application testing, and process management. They also have it for customer service use cases.
This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis.
Splunk Cloud Platform is widely used for log management, security monitoring, application performance monitoring, troubleshooting, data aggregation, and IT operations. It centralizes logs from numerous sources, enabling detailed analysis, incident detection, and effective dashboard creation.
Companies across various industries leverage Splunk Cloud Platform for cybersecurity, compliance, user activity monitoring, and alerts. It helps in managing cloud environments, optimizing data...
One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me. I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time. We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.
It's a better pricing model. The main aspect is that we don't have to manage our infrastructure. Since we migrated, we've found we don't have as many outages. This allows our admins to focus more on the day-to-day onboarding instead of wasting time dealing with outages.
We mainly use it for the purposes of analyzing application logs to get a bit of understanding of what is normal application performance and then use that to highlight errors and inconsistencies when they occur.
We use Splunk Cloud Platform to ingest data from on-prem environments. Most people have Splunk Enterprise Security running on a server, but Splunk developed the Splunk Cloud Platform to ingest the data into the cloud. It works like Splunk Enterprise, but you must download apps to get some features. Our clients are mostly large enterprises in the financial industry.
Splunk Cloud Platform is a product I use since my company has different platforms on Splunk, like Splunk ITSI and Splunk Enterprise Security. Splunk ITSI and Splunk Enterprise Security are the two packages known as paid packages under Splunk Cloud Platform, and my company also has an ad-hoc search head. Splunk ITSI is totally related to the infrastructure monitoring that my company does, and from it, we derive the service analyzers, episodes, and alerts and see if we want to integrate anything with ServiceNow, Jira, or any other monitoring tools we have. The product can be integrated with other tools, while my company can also use its alerting feature and its ability to notify the consumers with particular alerts, so the total infrastructure is covered under SIEM, making it possible to attach to security information. My company also created a couple of use cases, like in the case of continuous resetting of a password more than three or four times, then there will be a security incident that would be created so that if any end user is doing it as malpractice, like, phishing or something, my company can detect it and inform the user that you have crossed the four limits, and there is some attack happening owing to which we need to reset the password. Based on the aforementioned process, SIEM monitoring will be handled through its application. The aforementioned areas consist of the use cases related to the tool, along with a couple of more activities, like onboarding a user onto Splunk, creating apps for them, creating dashboards, creating alerts, and creating a couple of use cases for them as per their requirements.
To gain deep visibility into our entire cloud infrastructure, we deployed the Splunk Cloud Platform. This tool allows us to monitor, analyze, and investigate all aspects of our cloud environment.
We use Splunk Cloud for monitoring various ticketing tools, servers, applications, URLs, and client transactions. We're monitoring the transactions and data flow.
I used it in my last organization for monitoring, intrusion detection, and intrusion prevention. We wanted to take preventative actions so we implemented it.
We leverage the Splunk Cloud Platform to effectively manage the vast amounts of machine-generated data, thereby ensuring application management security compliance. We implemented the Splunk Cloud Platform to enhance our customer experience and optimize the data storage costs. We can convert the log data into numerical data points when requested.
We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.
We use Splunk Cloud Platform to monitor our environment.
I use Splunk on my phone, on-premises, and for the automation tasks that we carry out. We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft. Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk. We create a dashboard. We are able to monitor everything from that dashboard. Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.
We mostly use Splunk Cloud Platform for monitoring performance and looking for performance events.
My primary use cases are for troubleshooting, monitoring, and anomaly detection.
We use Splunk Cloud Platform for IT operations, IT security, and business value.
Splunk helps us to be proactive and it integrates with many devices. It offers visibility from many different levels, areas, zones, and devices rather than from a single system. We can use this intelligence to create correlations, system solutions, etc. Splunk reduces the risk factors and helps us in many ways beyond just collecting logs. Though Splunk is costly, it has many features like threat intelligence which is very useful. It helps us be proactive about reducing risks.
Our primary use case for the solution is login collections.
We primarily use the solution for monitoring, intrusion detection, and prevention. It is mostly a lot of security and network and server monitoring.
My primary use case was trying to build a centralized log database and making some logs on my servers. I also use it to install tools in Splunk Forwarder. I'm a company founder.
As there is no SIEM solution here at present, we are building it up through the assistance of a vendor. In the past I worked in the Splunk Cloud, which was seven-point something. With QRadar I worked on version 7.3. We use Splunk Cloud as a SIEM solution and to monitor traffic and the network for detection purposes. We can create use cases so that if the solution picks up on anything entering our organization, the malicious IP can be blocked. In respect of ones which are suspicious, based on the logs we pull from the data source, we can build the use cases accordingly and have our analysts work on these.
Splunk is an event log manager. We have reservation and event logging dashboards integrated from the data dock to Splunk and we have all the specific dashboards that we work with in Splunk for log management.
We use it for Log Management and also for another bit of management. It feeds data into Splunk and Splunk writes the rules and based on that, it will pick up incidents. It is good from a cost perspective, in terms of the cost of the data you're looking at. There is no cost barrier.
We are a Splunk reseller and Splunk Cloud is one of the main products that we work with. Our customers implement this product for log management, application management, application testing, and process management. They also have it for customer service use cases.
We have a public URL that allows anyone to authenticate for ADFS. This allows them to connect using Active Directory.
This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis.