Splunk Cloud [Private Offer Only]

For monitoring, it is a very good cloud. We have integrated it with the Splunk SIEM  tool only. Additionally, the platform's app ecosystem is very easy to use even in the initial starting phase, and it supports responsibilities including real-time alert monitoring and event correlation. It is very easy to learn the cloud because we have integrated it with the SIEM  tool.

Our entire SOC is deployed on that cloud only. I would suggest going for Splunk Cloud Platform because AWS, Microsoft Azure , and Google Cloud  are very expensive in comparison. Improvement-wise, I do not see anything. You can go for it.

All our data is on Splunk Cloud Platform. We have multiple customers, so as per their requirement and their purchasing from the SIEM tool, we deploy all the servers in Splunk Cloud Platform only.

When I compare Splunk Cloud Platform with other solutions or other vendors, I compare it with Microsoft Azure Sentinel . They are both cloud platforms. Compared to Microsoft Sentinel, Splunk Cloud Platform has a good area. Microsoft also gives a very wide area, such as Defender XDR , connectors, and threat intelligence. It is also the same in Splunk, but I prefer the Splunk one compared to Microsoft Sentinel because it is very easy to use.

In Sentinel , there are many roles and responsibilities for reader, contributor, and responder. However, in Splunk Cloud Platform, we can additionally give admin tasks or role-based tasks to the SOC analyst role. It is very easy for a SOC analyst to handle.

For others looking to implement Splunk Cloud Platform, my advice would be to go for it. First, you have to do the pilot deployment. Second, you have to learn the SQL language for Splunk Cloud Platform because it is very important to learn. If you do not learn that query language, the SPL search processing language, you cannot find or do threat hunting and investigation for alert analysis. You can follow the investigation chart, such as a process tree, analyzing the IP, and verifying the IOC with the PF. Most effectively, learn the SPL language. If you learn it, you can easily handle Splunk Cloud Platform.

To be a ten out of ten, when I compare Splunk Cloud Platform with others, Splunk Cloud Platform is leading the market. Our sales team is also going to tell customers to go for Splunk Cloud Platform because we are pushing Splunk only. We get the SIEM tool and cloud in one platform. We did not have to find a different way to store the logs or storage on another AWS cloud. As our organization's option, we are also pushing clients to use Splunk Cloud Platform as a cloud and SIEM tool. It is beneficial for us and for them.

Splunk Cloud Platform's cloud is AI, so I can say ten out of ten. However, there is one issue: when our storage limit is crossed, they directly charge higher. From a charging point of view, it is about cost and AI. If there is an improvement, or if they give some discount to our organization, such as we are using two hundred GB per day, but if on any day we exceed that limit, they charge our organization a higher amount. They charge high.

I would rate this review nine out of ten overall.

I work with Splunk Cloud Platform  for visualization and alerting. Use cases include real-time threat detection, monitoring, firewall, VPN, EDR, Windows log, and detecting brute force attacks, suspicious login activity, and security alert investigations. Examples of alert names include detecting multiple failed logins. In these cases, I have to write query languages in Splunk. The query language is SPL, which is the Splunk Processing Language, and I have to write coding by indexing first, ensuring the index is equal to Windows, and then for event code, I type 4625, which represents failed login, to find failed logins.

Splunk Cloud Platform 's best features include powerful log management and real-time monitoring features, advanced threat detection features, easy scalability without managing servers, cloud-based fast data search, a great dashboard UI, automated alerts, and strong security analytics for our organization's SOC team.

The benefits I have seen from using Splunk Cloud  include centralized log management, real-time monitoring, strong security analytics, and easy scalability without needing to manage physical servers. It helps our organization quickly detect threats and investigate incidents, monitor cloud infrastructure, and with the help of SOAR , we can automate alerts. The platform also supports many third-party integrations, making our environment more efficient and reliable.

I think the dashboards could be better. I mentioned earlier that SPL and dashboard can be hard to understand for beginners, so I would suggest an easier learning curve for beginners and lower pricing for small organizations. Additionally, faster dashboard loading with large data sets, more user-friendly reporting and visualization options, and reduced false positive alerts in SIEM  detection would improve usability. Improving documentation and guided troubleshooting is key so we can troubleshoot easily. Overall, while Splunk Cloud Platform is powerful, usability and cost optimization could still improve for new users.

I have been working with Splunk Cloud Platform for the last six months.

I rate it eight because it offers strong stability, powerful log analysis, advanced security threat monitoring, and excellent cloud integration, improving visibility and SOC efficiency. However, the pricing can be high, and some configurations or advanced features may require technical expertise, which takes time. There is room for improvement.

Scalability in Splunk Cloud Platform aligns well with our organization's demand fluctuations, allowing us to handle increasing amounts of logs and security data without major infrastructure changes. The cloud manages this, reducing the workload on our internal IT team by handling server maintenance, updates, and scaling automatically. This helps our organization save time, improve performance, and reduce infrastructure management efforts.

I would rate the customer service and technical support teams an eight out of ten.

Previously, we used Wazuh  in our environment before going with Splunk Cloud Platform.

The differences between Wazuh  and Splunk Cloud Platform lie in cost, scalability, features, and management. Splunk Cloud Platform is a commercial SIEM  type, while Wazuh is open source. The security provided by Wazuh is less robust, whereas Splunk Cloud Platform's technical team and pricing reflect its more comprehensive capabilities. Splunk Cloud Platform provides a better dashboard, faster large-scale log searching, strong support, advanced threat detection, and better third-party integrations.

I find the initial setup process very easy, simple, and straightforward.

The setup process is generally easier compared to on-premises Splunk because infrastructure and updates are managed by Splunk Cloud Platform. However, configuration, integration, and log onboarding might still require technical knowledge, especially for Level 2 personnel.

The deployment setup was mainly a third-party managed deployment for Splunk Cloud Platform.

HDFC Bank is the partner that helped us deploy Splunk Cloud Platform. We work directly with Splunk for deploying Splunk Cloud Platform, especially for cloud subscription support onboarding and enterprise deployment. In our case, we used both the partner for integration and customization.

I have seen a strong ROI with Splunk Cloud  by improving security visibility, reducing incident response times, and lowering infrastructure management efforts. It centralizes log monitoring and automation, offering real-time analytics that help our organization detect issues faster, reduce downtime, and improve operational efficiency. Although the platform can be costly at times, many companies find value through enhanced security operations and reduced manual workload.

The subscription model impacts our financial planning for data platform investments by being subscription-based, meaning our organization pays based on data ingestion volume and workload usage. This model includes cloud hosting, maintenance, updates, and security support from Splunk. It helps companies scale resources as their logging and monitoring needs grow without the burden of managing physical infrastructure.

We evaluated other options before choosing Splunk Cloud Platform, and compared to some alternatives, Splunk Cloud Platform offers greater scalability, faster log searching, and was one of the options we evaluated alongside other SIEM and monitoring solutions such as IBM QRadar .

We chose Splunk Cloud Platform because it provides better scalability, faster log analysis, strong cloud and third-party integrations, and advanced security threat monitoring compared to other solutions. It offers centralized visibility, real-time alerts, and a user-friendly dashboard that makes it easy to understand and create dashboards, improving our organization's overall monitoring efficiency.

My experience with Splunk Cloud Platform's app ecosystem shows that it is not very difficult to use, and once you understand the basics, it becomes straightforward. The SQL queries are easy to understand and write. For first-time users, it might seem confusing at first when searching logs or creating dashboards, but after some practice, it becomes much easier. The setup of Splunk Cloud Platform is simpler because Splunk manages updates and infrastructure, allowing users to focus more on monitoring alerts and investigations instead of server maintenance.

My perception of using native models over third-party integrations in Splunk Cloud Platform's environment is that integrating third-party tools or platforms with Splunk Cloud Platform provides a mostly smooth experience. It supports many integrations such as AWS , Microsoft, CrowdStrike, and other security tools through APIs, and we also use add-ons. The initial setup can take some time, especially for permissions and log configuration, but once we connect, data collection and monitoring become much easier and more efficient.

We have integrated with many third-party solutions, such as AWS , Microsoft Azure , CrowdStrike, Google Cloud , Microsoft Defender, Palo Alto firewalls, FortiGate firewalls, Cisco firewalls, and other security or monitoring tools. These integrations are usually done through APIs, add-ons, or log forwarding, with various types of forwarders available, such as heavy forwarders and universal forwarders. They help teams collect data, monitor activities, automate alerts, and improve security visibility from a single platform.

My impression of the solution's visibility into multiple environments, including cloud, on-premises, or hybrid environments, is that Splunk Cloud Platform offers very good visibility across all these environments. It helps monitor logs, security events, applications, and network activity from different platforms in one centralized dashboard, making threat detection faster and more efficient in our environment.

Regarding Splunk Cloud Platform's zero-setup feature for AI models, it uses AI and machine learning features for security analytics, including anomaly detection and automation. Splunk User Behavior Analytics  uses machine learning to detect abnormal user and entity behavior, and the Splunk machine learning toolkit helps create machine learning models for forecasting, anomaly detection, and data analysis. These AI features help our organization and IT team automate investigations, detect threats faster, and reduce false positive alerts while improving monitoring.

The zero-setup feature for AI models affects my ability to deploy AI solutions by providing a flexible setup for deploying AI and machine learning solutions. It supports integration with other third-party AI tools and cloud services, making it easier to develop and deploy AI-driven security and monitoring use cases. Future features including the Splunk Machine Learning Toolkit and AI assistant help create predictive analytics and anomaly detection with less manual effort.

My advice for teams considering Splunk Cloud Platform is to plan data ingestion and use cases properly to avoid unnecessary costs. Start with important log sources and build dashboards and alerts gradually. Understanding SPL queries through integration with cloud and security tools will help get the best value from the platform. Proper tuning and monitoring are also crucial to reduce false positives and improve SOC efficiency. I would rate my overall experience with Splunk Cloud Platform a 9 out of 10.

Currently, we are using Splunk Cloud Platform  for our basic security. We have our own firewall, and we are getting that firewall data. We have installed Splunk agent on all of the laptops for our 200 to 300 plus employees. We are collecting data from a lot of servers and all internal sources everywhere and putting that into Splunk Cloud Platform . We are performing analysis on what users are doing, and some security use cases are based on the firewall logs. We also have Zscaler logs that we are using for all purposes.

For AI models, there is one good feature in Splunk Cloud Platform. We are using the latest version 10.2, so there will be SPL to SPL3 conversion. There are AI features as well that can help write some Splunk queries. AI will help in this area. Other than this, we are not using AI in Splunk Cloud Platform.

For Splunk Cloud Platform, the best feature is that we don't need to manage the infrastructure. That is one of the best things. We don't face any downtime issues. If we are facing anything, we just need to create a support case and the Splunk team will resolve everything. There are maintenance windows, and they will take care of everything. That is a good thing that I appreciate. We just need to manage only search and no background things. Everything will be taken care of by the cloud teams.

With Splunk Cloud Platform, we are managing the apps ecosystem. Inside the manager, we will see all of the apps. For this, we do have a deployment server and a cluster master. With that, if we need to upgrade the app, we just need to create a support case, and the Splunk team will upgrade all of the apps on behalf of us. We can also do manual things as well. Sometimes in the UI, there is an upgrade apps option available. We are upgrading that manually as well. For our forwarders and our clients, we are pushing apps from our deployment server. For this, we can download apps from Splunkbase, put it in the deployment server, and just deploy there. It will go everywhere and it will restart Splunk and it will come up. This is a straightforward process. It's easy. We just need to take care of one thing, which is to read the Splunk release notes.

For improvement in Splunk Cloud Platform, the Splunk docs are available, which is helpful. However, for cloud, they need to give some more visibility. They need to give cluster master access to us and some more visibility into what they are doing and what they are performing. We would like to see what the settings and backend access are. We are not modifying anything, but they must need to give some read access so that we can see what the configuration is being deployed behind our search UI and all the things. That is one thing that they can improve.

For improvement, they can integrate a lot of default apps. There are a lot of default apps already, but let's say we are using Palo Alto firewall, we are getting Windows event logs, Linux logs, and these types of logs. Every customer is getting this kind of logs. They need to give some default dashboards or we just need to change the index, and that will help to populate all of the data. Everyone wants to know who is logging in and who is logging out. These are some basic security use cases that are there. Splunk Cloud Platform needs to publish one app as a default app and inside this app, you will have all of these things.

We are using this product since two years. Last year we think about Cribl .

This is a very stable product. It will act immediately and will give alerts. Everything is on time, so it's very good. I rate stability from 1 to 10 as nine.

The scalability of Splunk Cloud Platform is 10. It's a fully scalable product.

For Splunk Cloud Platform, there will be some issues I faced for downscale while coordinating with Splunk support. However, for upscale, they can easily do it. If we want to add more data, they can add more indexers and can add more size as well. Let's say we are storing right now 100 TB, but if we want to increase from 100 to 150 TB, we just need to say that to the support sales team, and they can increase it in one to two days. So for upscale, it is very good, but for downscale, sometimes we face issues.

The technical support for Splunk Cloud Platform is very good. I will give a 10 because they immediately help and support. I rated it 10 out of 10, the support.

I never used other SIEM , but I can compare Splunk Cloud Platform as one of the stable SIEM  products. Other than this, there are log connectors, and one more thing is DataDog. However, they are not very feasible compared to Splunk Cloud Platform. With Splunk Cloud Platform, you can modify whatever you want. Let's say you want to run Python, you want to run any script, you want to monitor any port, you want to monitor data from syslog, whatever you think, you can do it in Splunk Cloud Platform. But you cannot do the same thing in some other solutions. In that case, Splunk Cloud Platform is one of the best things.

Deployment of Splunk Cloud Platform was easy, but you need to learn Splunk. For example, if you have some understanding and you are at least a Splunk certified admin minimum, then you can able to do all of the things. Deployment doesn't face any issues. You just need to download the .tar.gz file, extract this and start this. That's all. However, there are a lot of components, such as search head, indexer, forwarder, heavy forwarder, and universal forwarder. To connect all of these things, you must know how Splunk works and how to configure all the things. You must go through training.

We have 200 plus users working with Splunk Cloud Platform, around 250 or 200.

Maintenance for Splunk Cloud Platform is not required because Splunk version upgrades and some security fixes will be taken care of automatically by the Splunk Cloud  team. However, for our heavy forwarder and from our side, there is a half infrastructure on our side as well. For that, we need to manage it, but one person is enough for that.

Regarding pricing for Splunk Cloud Platform, it is not cheap. It's cost-efficient if you are using it properly. If you really need the SIEM solution, then it is very cost-effective for your company. However, if you are not using it properly, then it is very costly for you. If you are just using this for storing data and just to see the things, then this will be a costly product.

I will give advice to others looking to implement this product that if you have more than one TB of data, then this product is helpful. Other than this, this is mainly a SIEM solution. It will help for security use cases. It is mostly designed with a lot of AI features and threat intelligence available. This is very helpful for the people who are looking for security solutions because there are a lot of intelligent dashboards available in enterprise security and it will give you a full map of your company where the data is flowing. You can collect the data and put it in Splunk Cloud Platform and you can see visually. This will give you raw things to visualization. So it's good.

For Splunk Cloud Platform, we are using cloud, so visibility is less. I can say that because I don't know where my indexer is or where my data is getting stored. It's in the cloud, it's secure, and it's managed by Splunk and Cisco. It's a trusted thing, but we don't know where they are storing or what the things are. We just have one URL, which is a search URL and we are using that. Visibility is less, very less in the cloud.

For the integration capabilities of Splunk Cloud Platform, we don't need to go anywhere. Splunkbase is there. Whatever, let's say tomorrow I'm purchasing a new product, Fortinet or any product. I just need to search 'FortiGate add-on Splunk' or 'FortiGate app for Splunk'. I can browse that on Google Chrome  and I can easily find one of the apps that is built already. For Okta, there are default apps. Whatever product you think, there is a default app available on Splunkbase. We just need to simply download and install in Splunk Cloud Platform. That's it. It will work. We can integrate other solutions with this with the help of this app in Splunk Cloud Platform and we can get the data and we can visually see these things. I give this product an overall rating of 9 out of 10.