Splunk Cloud

We use Splunk Cloud Platform  for security and want to implement it as a SIEM  solution. We also want to replace our old legacy SIEM  solution because we are adopting a cloud solution instead of an on-premises solution. Another use case is that we want to use this tool in our managed service offering. We do not use the solution to resell licenses to our customers, but rather to provide services to them. We appreciate the powerful integration that Splunk Cloud Platform  offers, making it easy to integrate with any sources and any data. It is able to handle data that resides in an S3  bucket or elsewhere, not just ingested directly into the SIEM itself. We are also looking at Splunk Cloud Platform's strategy, which is very interesting because of the integration they will have regarding Agentic AI and automation. A unique solution for orchestration and automation, called SOAR  in cybersecurity, combined with SIEM in a unique platform is a very interesting strategy from our point of view.

It is Enterprise Security in the cloud. This is a cloud solution.

Splunk Cloud Platform is a very mature solution and an enterprise-grade solution that brings the work we have to do with customers to an enterprise-grade level. It is something that we can manage from a single pane, and it is quite easy to deploy. I see a benefit that is not strictly related to the features that Splunk Cloud Platform offers, but it depends on the company belonging to Cisco now because we are a Cisco partner and Splunk Cloud Platform is a pillar, a vertical technology in the security area of the partnership. The benefit of partnering with Splunk Cloud Platform falls into the Cisco partnership and the benefits we can have in this important partnership we have as a company.

Compared to my previous situation, the first benefit of this solution is the speed and the effort reduction in terms of onboarding new customers and maintaining the entire platform. I will not have any more effort for system upgrades and infrastructure maintenance. This is one of the biggest benefits I can have from the solution. I save a lot of money because I do not have to spend resources anymore to maintain and operate the infrastructure and the systems.

I think it is really effective, and we are still at the beginning. The capability to search for insights is very powerful and also supported by AI and machine learning. The capabilities are increasing day by day, and new features are being released and will be released soon.

I am not able to answer right now, but I am confident they will be able to predict a trend because they promise they are able to do this using machine learning algorithms and Agentic AI features. They say they will be able to predict the behavior of your network or your infrastructure. I am really confident about this, and I hope it will be true because I need this.

There is something that they say will be improved, and I am still waiting for it. This is the Agentic AI elements inside the platform that I mentioned before. There is something present today, but the full feature is not released yet. From my point of view, it is a bit late. It is okay for me because we are adopting it and we can work on this, and it is acceptable for my timing. However, from a market perspective, they are a bit late. Competitors in some cases are earlier adopters. But I am sure they will release a very powerful tool, as per the Cisco approach. They want to win when they start doing something, and I am confident they will release a very powerful tool.

I have been working with it for one month.

It is still a bit early to answer. We have just seen it on paper, and we have to check it.

In my previous experience, I had enterprise security, but on-premises a few years ago, three years ago. It was integrated with another SOAR  from another vendor.

It is something that we can manage from a single pane. It is quite easy to deploy.

Compared to my situation, it does not have any meaning because I have something legacy now. However, it is a good price on the market. It depends because if you look at the list price, it is a bit expensive from my point of view. But once you are in the partnership with Splunk Cloud Platform and with Cisco, you can have good discounts, you can make the deal and discuss, and they are willing to help you as a partner in finding the solution and finding your target. So it is good from my point of view. But if you look at the list price, it is expensive.

We evaluated QRadar, FortiSIEM , and Palo Alto SIEM. We chose Splunk Cloud Platform because of a combination of different aspects, not just for price or features. It is the whole combination of the features, the benefits, the cost, the partnership, and there is no one aspect leading the choice. It is a mix and a combination.

Today, we are working with the SIEM solution, which is quite a legacy term. Saying SIEM is not really effective. It is the Enterprise Security solution, and we are now in the process to implement it. We are adopting the solution and are at the beginning. We have studied a lot, we are training people, and we are changing and modifying our process as per what the technology allows us to do. We are also evaluating the observability solution. We are working on two different paths, and one is at a more mature stage, while the other one is at an evaluation stage.

We are setting up alerts as expected.

We are integrating Splunk Cloud Platform SIEM solution with our SOAR solution, which is today from another vendor and not Splunk Cloud Platform. Then we will see tomorrow what we want to do if we want to use the unique platform, the unique Splunk Cloud Platform with SOAR, Agentic AI, SOC automation, and everything, or if we want to keep using our actual SOAR. We are integrating Splunk Cloud Platform with this SOAR.

My recommendation is to look at the future and look at the strategy. Do not look at the features today but look at the features tomorrow and not just at the technical features but at the whole strategy to integrate in one single platform all the capabilities that a SIEM solution or a log gathering solution might have. Putting together orchestration, observability, security, this kind of strategy is what an integrator should evaluate in my opinion.

I would rate this product an 8 out of 10.

The main use cases for Splunk Cloud Platform  include data collection, parsing activities, use case building, data ingestion, and creating dashboards and reports. My clients use it for similar purposes.

The best thing about Splunk Cloud Platform  is that you can bring any data and store it in one place. You can build meaningful insights from it, have the same data ingested, create beautiful insights, have alerting done on it, and have dashboards and reports built on top of it.

Splunk Cloud Platform's ingest and visualization features do not bind you with a limitation in the volume you want to ingest. Since we are using the compute-based licensing feature of Splunk Cloud Platform, there is no limitation to the volume of data we ingest on the platform. All Splunk Cloud Platform instances are also Smart Store supported, so that eases storage utilization concerns.

One of the best advantages of using Splunk Cloud Platform is that there are lots of proactive alert notifications from Splunk support if anything goes down on the infrastructure end or if there is anything wrong with your environment. Splunk support is on top of things, notifying you beforehand if something is going wrong and that their team is already aware and working on a fix.

I don't see any new requirements in terms of improvements for Splunk Cloud Platform at this time. Splunk's dashboarding, reporting, and visualizations are evolving at a larger scale with the new Splunk Dashboard Studio in place. There were some limitations with the classic dashboard where you had to be aware of different HTML, CSS, and custom JavaScript for better visualizations. That's being migrated towards Splunk Dashboard Studio, which is evolving at a great pace, providing similar functionalities. I have not faced any current challenges regarding Splunk Cloud Platform's limitations. I still think, however, that better configuration and customization options for workload management could be enhanced, but that applies to Splunk Enterprise as well. It's just my understanding and what I foresee, but I'm not sure if it will be a priority right now, as even without workload management, a lot can be done, and the product team might have a different roadmap.

I have been working with Splunk Cloud Platform for almost six years.

My feedback remains that you have your designated account manager who helps navigate all the cases. Sometimes, the support team may not be fully knowledgeable about the challenge you face, but through their internal escalation structure, they manage to find viable solutions sooner or later or provide updates on when issues will be fixed. I think their support is pretty good on that part.

The best thing about the initial setup process of Splunk Cloud Platform is that you don't have to deploy your own Splunk Cloud Platform deployment; Splunk handles it for you. For the on-premises setup, you do need the initial configuration for end devices to send logs to Splunk Cloud Platform, but it's straightforward. It's just one package that you install on your end device, and after restarting, everything is sorted. There is no hassle in configuring Splunk Cloud Platform or getting on-premises devices to send data to it.

We do use Splunk Cloud Platform's alerting mechanism. We have set up hundreds and thousands of alerts for different use cases. For example, if any of the data sources stop the ingestion or the volume has been relatively quite down, we have set up alerting for that. It creates a ServiceNow  incident that falls under our team's responsibility and sends an email as a notification that this alert has been triggered, such as when XYZ feed has gone down or the data from XYZ feed has decreased up to 80% or 70%, whatever the threshold set. We definitely use all the different alerting mechanisms and alert actions provided by Splunk Cloud Platform.

Whenever we see a situation where we don't want to be reactive, we attempt to do a predictive analysis of the data ingested in our Splunk Cloud Platform. This analysis depends on an alert-to-alert basis. For instance, when talking about a data source going down, if the situation arises, we should be triggered at a threshold of around 80% decrease. In that situation, we keep a buffer of 10% and alert ourselves to notify at a 70% decrease in the feed so that we can take preemptive measures to ensure that the feed comes back online before the situation escalates.

In terms of machine learning, we are using the Splunk-supported machine learning toolkit that also has new features for artificial intelligence. We do use them for outlier detection and predictive analysis in terms of different alerting we have enabled in our environment.

To predict trends in our data, the example I shared previously involves understanding if the volume is going down or not. We do this using the machine learning toolkit itself. We have our data ingested into Splunk Cloud Platform, and each index and source type has some dedicated volume getting ingested daily. We create an average of the total volume ingested over the past 60 days, 45 days, and 90 days, and then we identify the volume ingested yesterday. We compare it with the average of the last 45 days and try to detect any deviation. All of this is part of the machine learning toolkit application itself. That's how predictive analysis and outlier detection work, and we're using that in our daily operations as well.

With different vendors, there is no problem having Splunk Cloud Platform integrated with them. For example, we already have our alerting enabled so that whenever any alert gets triggered, an incident is created in ServiceNow . I have also worked on integrating Jira  and other different Atlassian products with Splunk Cloud Platform. It's user-friendly and straightforward to integrate Splunk Cloud Platform with different vendors without much issue.

For any organizations looking to configure Splunk Cloud Platform, I believe it's a simple process. It's just important to stick to the fundamentals and understand how Splunk Cloud Platform operates. The documentation is quite clear. One notable advantage of Splunk Cloud Platform is the Ingest Processor and Edge Processor, which help optimize data before feeding into Splunk Cloud Platform. We've seen a reduction of around 40% to 60% in the total volume ingested using efficient data pipelines. We provide services for optimizing data pipelines and feeds, and those tools can be quite helpful. But if you're looking to configure Splunk Cloud Platform for on-premises servers, downloading the universal forwarder package from the Splunk Cloud Platform search head is all you need.

I would rate this product a 9 out of 10.

Splunk Cloud Platform  is used as a way for companies to enhance their cybersecurity and ensure security. In cybersecurity, it is important to protect against all malwares, and the platform is effective in searching vulnerabilities or searching threats.

Splunk Cloud Platform 's ingest and visualization features help with data reporting. The platform's alerting mechanism is valuable, as there is software that makes alarms in case of attacks. Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity as a question of security to ensure the security.

I think that Splunk Cloud Platform is good, and I rate it seven or eight.

We have worked with Splunk Cloud Platform for approximately three years. We have also been working with Splunk Observability Cloud  for approximately three years.

Splunk Cloud Platform is a good platform for us.

The technical support of Splunk is good as well, and they are helpful.

Implementation has some benefit for the company.

We think that the price of the product is quite reasonable.

We have clients that use Splunk, but we do not use Splunk ourselves. As a person with deployment experience, I find it difficult to answer the question about implementation because we are obliged to have a platform. There are many platforms, and the implementation is not simple, but we have no special difficulties with Splunk. We think that integration of Splunk Cloud Platform with third-party tools is easy to implement.

My major use case for Splunk Cloud Platform  is for SOC, SIEM  mostly.

What I like about Splunk Cloud Platform  is the easy reading of the dashboards and finding the data, which brought me the biggest benefits.

The alerting mechanism in Splunk Cloud Platform is customizable, so we could adapt it to our needs and assign the right priorities and based on this, define the action.

Visualization features and ingesting in Splunk Cloud Platform helped to improve my data reporting, but that was also a different team that was providing the log ingestion.

Other features that were really great in Splunk Cloud Platform include real-life monitoring, so we could have logs right away, and parsing was fine, so when it was correctly ingested and Splunk Cloud Platform parsed it correctly, then we had no issues with receiving the correct alerts.

Splunk Cloud Platform could improve in how quickly it reacts to users reporting issues.

Splunk Cloud Platform can be complex depending on the log source in terms of deployment.

I used Splunk Cloud Platform for seven years.

Splunk Cloud Platform was stable, and I did not see any performance issues or downtime, although it happened; the issue was that we had to really fine-tune the log quality so that it would not be ingested too much and handled for nothing.

Regarding the scalability of Splunk Cloud Platform, I would say it is scalable, but maybe the pricing may affect the scalability because it may not be that beneficial to onboard too many log sources if they generate too many false positives and then you reach over the limit of the license.

I would rate the technical support for Splunk Cloud Platform probably a three, because there was some support, but I remember that we were using our proxy company to submit it for us because they were bigger and maybe more convincing to Splunk.

The biggest issue during deployment of Splunk Cloud Platform was correct log parsing.

I can describe the impact of integration with third-party solutions in Splunk Cloud Platform as limited experience since I was the only one on the receiving end of it, and I was not integrating it with any solutions or with any other vendors; we also had the company who was supporting us in the configuration part, so we didn't even have to do it fully by ourselves.

I don't see ROI with Splunk Cloud Platform, such as time saving or money saving because I'm security operations, so I don't think in management terms.

I have about the same amount of experience in this domain with SOC solutions, as I haven't worked with SOC SIEM  solutions such as Splunk Cloud Platform before, so it's the same. My overall review rating for Splunk Cloud Platform is 8.