Splunk Cloud

My usual use cases for Splunk Cloud Platform  include data, data integration, and dashboards. I currently have three use cases.

I find the features and capabilities of Splunk Cloud Platform  to be highly valuable because of how customizable it is for my view and the data we need to put into it. The ability to organize the data and set up different views is particularly useful.

I also appreciate how easy it is to work with coworkers on the platform to collaborate on the same issues.

The tangible benefits I've observed since starting with Splunk Cloud Platform are significant. It's pretty much the standard for what we use it for. If we're working with a consultant or we bring in someone new, most people know the platform or at least have been exposed to it. This exposure and the platform's big name and familiarity make it easy to direct people around in it, show them the data, and collaborate.

I'm not quite sure how Splunk Cloud Platform could be improved or enhanced. I would suggest keeping what works. Sometimes it can feel slightly slow in what it brings up, but I don't know if a lot of times that's on our end with the data that's getting in. Staying up to date with current trends and technologies will be good enough for me. It's already a good platform, and I wouldn't recommend too many changes or tweaks.

The major thing that could be optimized is the speed, so it could be a bit faster.

I've been working with Splunk Cloud Platform for about three years.

Splunk Cloud Platform has been living up to my expectations regarding reliability and stability so far.

I think we rarely ever have Splunk Cloud Platform crash or error out where we're not able to bring up the site and access what we need to do in it. Usually, in the rare case that it does happen, it's usually back up within 20 to 30 minutes. Stability-wise, sometimes it'll get slow, but usually, if we are patient, it pulls up everything we need it to.

I believe Splunk Cloud Platform scales pretty well. We use it for quite a bit of the data and things that we house and have coming in, and it's usually pretty snappy. Every once in a while, we may have to reload something or have trouble putting in data, but this happens maybe once every couple of days or so, which is expected for how heavy we use it. For the most part, it's pretty smooth.

I do not often communicate with the technical support of Splunk Cloud Platform. I've never communicated with their support.

I did not use a different solution for the same use cases before Splunk Cloud Platform.

I did not evaluate other options before choosing Splunk Cloud Platform; it was recommended.

Once everything was set up better for me, Splunk Cloud Platform provides pretty good visibility into the different data we put into it. I would rate the visibility and ease at about a seven out of ten.

I measure that ease by looking at failure rates, how long it takes to update anything, and the UI and how easy it is. I am confident and happy with these metrics.

I would rate the scalability level of Splunk Cloud Platform at about an eight.

I have not used the zero-setup feature for AI models in Splunk Cloud Platform. We have not really integrated that feature at all.

I decided to go with Splunk Cloud Platform because it is an industry widely used platform. It was vetted by the US government as a right to use, and that compliance is needed for the work I do. It's a vetted, trusted platform to move and organize very sensitive data.

I believe there was some Splunk training through a link. I'm not sure if it was on the website, training, documentation, and videos and things on just best use cases and features. That was a little while ago, though.

The materials I felt were surface level, good-to-know information. They were helpful, but very basic.

It was a while ago, and that was just my impression of it back then. I'm not exactly sure if I would want them to provide more detailed information at this stage.

I don't deal with the pricing side of it. I wouldn't know how the subscription model impacts my financial planning for data platform investments.

I prefer native models in Splunk's environment. I prefer it because it keeps me in control more and keeps the data local.

This preference influences my data strategy because it'll allow us to be within our own environment, not have to obfuscate or change the way we would use a model that wasn't local to us. Instead of having to navigate around or omit or change details, we can upload what we need to and know that the data won't go past our service.

My overall rating for Splunk Cloud Platform is an eight out of ten.

The main use case is for logs monitoring to get a clear vision about all the products and all the services that we have. We are giving multiple APIs to multiple platforms, and we have multiple services to maintain everything. We have created multiple logs to identify what is the root cause, which is taking much higher CPU usage and everything.

The favorite feature of Splunk Cloud Platform  is the infrastructure that has been provided to us, and the pricing that has been given to us is very low and very fit within our budget where we were looking at that point. The main feature is the reduction in time and manpower.

My thoughts about the overall app ecosystem in Splunk Cloud Platform  are that it is very good. We don't have to think about where the error has occurred or where we have to solve it; we don't have to spend two to three hours just to find where the error is. It is very easy to get out of it.

The dislike about Splunk Cloud Platform is the learning resources and the learning materials that they have. In the starting of my phase with Splunk Cloud Platform, I was very new to this, and I was not able to understand each and everything. We don't have much of a resource from where we can learn things about Splunk Cloud Platform, but if there is a specific platform from where we can learn things from, it would be great if we get a platform to learn how we have to use it.

I would like to see better training material or something like that for Splunk Cloud Platform.

I have been involved in Splunk Cloud Platform for the last six months, but our company has been using it for eight to nine months.

My thoughts on the stability of Splunk Cloud Platform, regarding lagging, crashing, and downtime, are that earlier we faced this issue on a very large scale of logs. However, because we were very new at that time, we didn't know much about things, but now we do. The things are not too tough for us anymore.

Splunk Cloud Platform is very scalable. We are scaling right now in our multiple applications, and it is very scalable.

We have contacted the technical support for Splunk Cloud Platform many times to get out of issues and have raised many issues with them. If I were to put the support of Splunk Cloud Platform on the scale from one to ten, I would give it a nine, because every time we are getting very decent support from them that is very reliable and very good.

Earlier, we were using a 24/7 monitoring solution as an alternative to Splunk Cloud Platform. We had built our own dashboards with Python scripts and everything to manage each platform, with each platform having their individual platform in their domain with Python, and we created all that, but it was very messy to handle in the end.

The initial deployment of Splunk Cloud Platform is difficult. It was difficult because we were very new to Splunk Cloud Platform and everything. Earlier we were thinking to buy DataDog, but then we skipped that and had an eye on Splunk Cloud Platform. It was tough to get to know about things at first, but now we are good at this and know more about it.

Splunk Cloud Platform does not require any maintenance on my end. We have four applications where we have integrated this platform, and the last time I maintained it was around two to three months back. Once everything has been set in any particular area, we don't have to maintain it every time; it is very reliable.

The return on investment from Splunk Cloud Platform is substantial. I don't know how much investment is being put into it, but the return is very high and very good.

I don't know much about the pricing of Splunk Cloud Platform, but I know that it is very less as compared to what we thought to manage this platform. It is very less, but I don't know the exact number; that is on the management side.

In Splunk Cloud Platform, the updates and everything are very easy. We don't have to worry about any other things, so it is not that difficult; it is easy. Splunk Cloud Platform can handle their own problems.

Regarding AI models in Splunk Cloud Platform, I think we are not using any specific ones.

We have used the zero setup feature for AI models in Splunk Cloud Platform. Splunk Cloud Platform is giving us a Machine Learning Toolkit, MLTK, and we are now learning about it. We are also evolving our things on it, and it is good to know that it is helpful very much.

We are just a customer of Splunk Cloud Platform, not in any partnerships.

I would give Splunk Cloud Platform an overall score of 8.5 out of 10.

Splunk Cloud Platform  serves as our main platform to bring all our log and machine data into one place so that we can easily monitor, troubleshoot, and investigate issues. On a daily basis, we collect data from different sources including applications, servers, security tools, and cloud services. Whenever an issue occurs, instead of checking multiple systems manually, we use Splunk Cloud Platform  to search events, compare timelines, and understand exactly what happened. For example, if an application error or suspicious activity occurs, we can quickly check related logs, identify the affected systems or users, and take action faster. Beyond troubleshooting, we also use it for dashboards, alerts, security monitoring, and operational insights so that our team can detect problems earlier rather than reacting after users are affected.

The most valuable features I found in Splunk Cloud Platform are mainly the search capabilities, dashboards, and alerting system. The biggest advantage for me is the SPL search capability. When investigating issues, I can quickly filter millions of events, connect different logs together, and find the root cause without manually going through multiple systems. Another feature I really value is custom dashboards. We create dashboards for system health, security events, and application monitoring which give the team a quick overview of what is happening. Real-time alerting is also very useful because we do not have to continuously watch logs, and Splunk Cloud Platform automatically notifies us when unusual activity or failure happens. Since it is a cloud platform, we do not spend much time managing servers or upgrades, which allows us to focus more on analysis and solving issues.

The biggest benefit we have seen from Splunk Cloud Platform is that it has made troubleshooting and monitoring much faster. Previously, when issues happened, we had to check multiple systems separately to collect logs and understand the problem. Now with Splunk Cloud Platform, everything is available in one place so we can quickly search across different data sources and find the root cause. Another benefit is better proactive monitoring. With dashboards and alerts, we can identify unusual behavior or failure earlier instead of waiting for users to report problems. It has also reduced operational workload because Splunk Cloud Platform manages the cloud infrastructure, updates, and maintenance, allowing our team to spend more time improving security and reliability rather than managing the platform itself.

The overall experience is positive, but there are a few areas where I think Splunk Cloud Platform can improve. One area is the learning experience for new users. Splunk Cloud Platform is very powerful, but understanding SPL queries, data models, and advanced features takes time. More guided recommendations or AI-assisted query building would make onboarding easier. Another area involves cost visibility and optimization. Since the environment generates a lot of data, having simpler ways to understand usage patterns and optimize ingestion would help teams manage expenses better. I also feel that some advanced configuration and troubleshooting options could be made more self-service in the cloud environment so that teams can make changes faster without depending on support. These are not major issues, but improving them would make Splunk Cloud Platform even easier to adopt and manage.

I would not say that there are any missing functionality features, as Splunk Cloud Platform already covers most of our monitoring and analytics requirements. However, there are some areas that would improve the experience. One thing I would suggest is more built-in intelligence for query creation and troubleshooting. SPL is very powerful, but having more AI-based suggestions for building searches and optimizing queries would help users work faster. Another area is automated data optimization recommendations, such as suggestions on which logs are less valuable, which searches are expensive, or where we can improve performance. Additionally, more ready-made dashboards and use case templates for common scenarios would help teams get value faster without building everything manually. Overall, the core functionality is strong, but more automation and guidance will make Splunk Cloud Platform even better.

I have been working with Splunk Cloud Platform for around 1.5 to 2 years.

Overall, we have not faced any major performance issues with Splunk Cloud Platform. The platform has been stable and handles large amounts of data quite well. Search performance, dashboards, and alerts generally work smoothly even when working with high volumes of logs from different data sources. The only times performance can be affected is when searches are not optimized. Running very broad queries across a large time range can take longer, for example. However, this is usually improved by following best practices such as optimizing SPL queries, using the proper index, and managing data correctly. From my experience, performance depends not only on the platform but also on how well the data and searches are designed. Overall, it has been reliable for our cases.

From my experience, Splunk Cloud Platform scales very well as the organization grows. As we add more applications, users, or data sources, we can continue bringing that data into Splunk Cloud Platform without worrying about managing additional infrastructure. The platform allows us to expand gradually. We can start with important logs and later add more sources based on business needs. The biggest improvement we noticed is that even with increasing data volume, the team still has one central place to search, monitor, and analyze information, which helps maintain visibility as the environment becomes more complex. Because Splunk Cloud Platform manages the cloud-side capabilities and updates, scaling becomes much easier compared to maintaining everything ourselves.

My experience with customer service and technical support has been positive overall. The support team is knowledgeable, especially when it comes to troubleshooting platform issues, configuration questions, or best practices. The documentation and community resources are also very helpful because many common problems already have detailed solutions available. For normal issues, responses are usually quick and we are able to resolve things without much delay. For more complex technical problems involving custom configuration or deeper investigation, it can take a little longer and requires escalation to a specialized team. Overall, I would say the support experience is reliable, and the combination of official support, documentation, and community makes it easier to manage Splunk Cloud Platform.

I have also worked with and evaluated tools such as CrowdStrike Falcon  LogScale and Elastic Stack  for similar log management and analytics use cases. Falcon LogScale  is very strong when it comes to fast searching and threat hunting, especially for security-focused work. It provides very quick performance and is lightweight for analyzing large amounts of data. Elastic Stack  is also flexible and provides good search and visualization capabilities for teams looking for more customization. Where Splunk Cloud Platform stands out is its overall maturity, ecosystem, and ability to support multiple teams and use cases from a single platform. It is not only for security; we can use it for operations, application monitoring, troubleshooting, and business insights. The strong integration, dashboard, SPL capabilities, and managed cloud experience were the main reasons Splunk Cloud Platform was a better fit for our environment.

The initial setup of Splunk Cloud Platform was quite straightforward compared to traditional on-premises deployment. Since Splunk Cloud Platform manages the cloud infrastructure, we did not have to spend time setting up servers, storage, or handling backend maintenance. Most of our efforts focused on connecting data sources, configuring inputs, creating indexes, and setting up dashboards and alerts. The basic deployment was smooth, but the important part was planning the data onboarding properly, deciding what logs to collect, how to structure them, and setting permissions for different teams. There was a small learning curve in the beginning, especially around SPL queries and optimization. Once the foundation was ready, managing and expanding Splunk Cloud Platform became much easier. Overall, the setup experience was smooth and manageable.

We mainly handle Splunk Cloud Platform setup in-house with our internal team because it is a managed cloud platform. The infrastructure side is already handled by Splunk. Our team focused on the actual implementation work, including connecting data sources, setting up indexes, configuring dashboards, and creating alerts and managing user access. For some best practices and documentation, we referred to Splunk resources, but day-to-day configuration and customization we managed internally. Overall, having an in-house setup worked well because the cloud model reduced a lot of infrastructure complexity.

We looked at a few alternatives such as Elastic Stack, Datadog , and CrowdStrike Falcon  LogScale before going with Splunk Cloud Platform. Each tool had its own strengths. Datadog  was good for cloud monitoring, Elastic provided flexibility, and Falcon LogScale  performed very well in high-speed log searches. The reason we preferred Splunk Cloud Platform was that it gave us a more complete solution. We needed something that could handle security monitoring, operational troubleshooting, dashboards, and analytics together instead of using different tools for different teams. Another important factor was Splunk's maturity and ecosystem. The availability of integrations, apps, documentation, and community support made this option more attractive. For our use case, Splunk Cloud Platform provided the right balance of scalability, reliability, and flexibility.

My advice would be to plan your data strategy before starting with Splunk Cloud Platform. Splunk Cloud Platform is very powerful, but the value you get depends on how well you organize your data sources, indexes, and use cases. Do not try to bring every log into Splunk Cloud Platform from day one. Start with the most important systems, create useful dashboards and alerts, and then expand gradually. I would also recommend investing some time in learning SPL and best practices because that is where you can really unlock the power of Splunk Cloud Platform. Overall, Splunk Cloud Platform is a great solution, especially for organizations that need strong visibility and analytics without spending time managing infrastructure. I rate this product a 9 out of 10.

Splunk Cloud Platform  is used for our on-premise server. Our organization uses it as a cloud SaaS product. We have deployed our server on Splunk Cloud Platform . We have partnered with AWS  and Splunk Cloud Platform because we already use Splunk Enterprise Security . Additionally, we get Splunk Cloud Platform in that form.

The best features in Splunk Cloud Platform are that it is very fast compared to any other cloud because we have integrated Splunk with Splunk Cloud Platform. We get the logs from the agent to Splunk, and we store those logs on the cloud. We are using it for real-time monitoring. The SPL, meaning search processing language, is also very easy. Any other SOC analyst can learn that language for searching. The searching query language is very powerful.

For monitoring, it is a very good cloud. We have integrated it with the Splunk SIEM  tool only. Additionally, the platform's app ecosystem is very easy to use even in the initial starting phase, and it supports responsibilities including real-time alert monitoring and event correlation. It is very easy to learn the cloud because we have integrated it with the SIEM  tool.

Compared to other clouds we were using before, the price of Splunk Cloud Platform is very nominal because our sales team is already a partner with the Splunk team. We get some benefits in pricing. We already purchased existing Splunk. They also offer a cloud service to our organization. Improvement-wise, I do not see anything, because compared to AWS —and we also partner with the AWS cloud—it is very cheap.

Our entire SOC is deployed on that cloud only. I would suggest going for Splunk Cloud Platform because AWS, Microsoft Azure , and Google Cloud  are very expensive in comparison. Improvement-wise, I do not see anything. You can go for it.

I have been using Splunk Cloud Platform for six months.

Stability-wise, with Splunk Cloud Platform, I did not find any issue because it is a cloud. If it is down, then our whole server and client servers are all down. Stability-wise, it is very stable. There is no issue with using Splunk Cloud Platform. Any other cloud is very stable, which is why we are using the cloud service rather than having a hard disk in our organization. We do not require any hardware as a service. That is why we pay clients to have SaaS, a cloud as a service. Stability-wise, it is good. There are no issues. If an issue occurs in our organization, we usually raise a ticket to the team to handle it. If there is a storage issue or any integration issue that happens with our customer, we directly schedule a call with the customer and the tech team.

Regarding the ability to scale with Splunk Cloud Platform, you can. We have integrated Splunk with Splunk Cloud Platform, but as I told you, we also have Wazuh  and Microsoft Sentinel . We deploy all the servers on Splunk Cloud Platform only. It is up to you how you scale because it integrates with any other SIEM tool. We just want API keys to integrate with it. We have to pay for the amount of data or cloud we are using. That much we have to pay to the Splunk Cloud team.

All our data is on Splunk Cloud Platform. We have multiple customers, so as per their requirement and their purchasing from the SIEM tool, we deploy all the servers in Splunk Cloud Platform only.

I would rate the technical support of Splunk Cloud Platform as nine, because Splunk Enterprise has good technical support. Splunk Cloud Platform provides good support as a cloud service.

Regarding the deployment on AWS Cloud, it is very easy compared to others. It is very easy because I also work with the Azure  cloud because I am working with the Microsoft Sentinel  SIEM tool. Deployment is very easy for the cloud. We just require an API key to integrate with it or with any other tool. For cloud, the deployment is very easy.

My impressions of the visibility into cloud, on-prem, and hybrid models while using Splunk Cloud Platform are that there are no challenges. It is more that you want to know about the language for searching on the cloud. I already told you about the SPL language, for Splunk and for the cloud. If you have the knowledge about how to manage and search in the cloud, it is very easy. I am in the learning phase. It is new to me right now, but I am still learning.

When I compare Splunk Cloud Platform with other solutions or other vendors, I compare it with Microsoft Azure Sentinel . They are both cloud platforms. Compared to Microsoft Sentinel, Splunk Cloud Platform has a good area. Microsoft also gives a very wide area, such as Defender XDR , connectors, and threat intelligence. It is also the same in Splunk, but I prefer the Splunk one compared to Microsoft Sentinel because it is very easy to use.

In Sentinel , there are many roles and responsibilities for reader, contributor, and responder. However, in Splunk Cloud Platform, we can additionally give admin tasks or role-based tasks to the SOC analyst role. It is very easy for a SOC analyst to handle.

For others looking to implement Splunk Cloud Platform, my advice would be to go for it. First, you have to do the pilot deployment. Second, you have to learn the SQL language for Splunk Cloud Platform because it is very important to learn. If you do not learn that query language, the SPL search processing language, you cannot find or do threat hunting and investigation for alert analysis. You can follow the investigation chart, such as a process tree, analyzing the IP, and verifying the IOC with the PF. Most effectively, learn the SPL language. If you learn it, you can easily handle Splunk Cloud Platform.

To be a ten out of ten, when I compare Splunk Cloud Platform with others, Splunk Cloud Platform is leading the market. Our sales team is also going to tell customers to go for Splunk Cloud Platform because we are pushing Splunk only. We get the SIEM tool and cloud in one platform. We did not have to find a different way to store the logs or storage on another AWS cloud. As our organization's option, we are also pushing clients to use Splunk Cloud Platform as a cloud and SIEM tool. It is beneficial for us and for them.

Splunk Cloud Platform's cloud is AI, so I can say ten out of ten. However, there is one issue: when our storage limit is crossed, they directly charge higher. From a charging point of view, it is about cost and AI. If there is an improvement, or if they give some discount to our organization, such as we are using two hundred GB per day, but if on any day we exceed that limit, they charge our organization a higher amount. They charge high.

I would rate this review nine out of ten overall.