Splunk Cloud [Private Offer Only]

My experience with Splunk Cloud Platform  was good, as I used it during my initial days for analyzing and monitoring large volumes of data. At that time, my role was to ingest logs, parse data, build use cases, create a dashboard, and configure alerts across different systems like endpoint applications and cloud services. One of the biggest advantages I have seen is that it allows us to bring all of our data into a single platform and generate meaningful insights from it.

One of the best features in Splunk Cloud Platform  is the ability to ingest any type of data and store it in one place, which gives complete visibility across the environment. The other feature is the SPL search engine, which is extremely powerful, allowing deep analysis and correlation of events. Once you understand SPL, it becomes one of the best tools for investigating data.

Then I would say dashboarding and visualization capabilities, especially with Dashboard Studio, which allows highly customizable and visually rich dashboards.

Regarding the effectiveness of the search capabilities, during my time, I was searching for firewall logs, and there are substantial volumes of firewall logs in GBs per day. When I search for these logs, if you start with the index and then your index name, it is pretty much faster, but I would say it is not faster than LogScale, as LogScale's search feature is better than Splunk Cloud Platform.

I see the areas of improvement for Splunk Cloud Platform in cost, as it can be relatively expensive, especially with high data volumes. Another area is the learning curve of SPL, which can challenge new users. Moreover, the AI-driven search query generation features I have come across recently are quite good.

In terms of missing features, if they can integrate more AI, like AI generation queries, then that could be helpful.

The last time I worked with Splunk Cloud Platform was eight months ago.

I have interacted with the technical support and customer service teams, particularly while building an add-on, where they helped me find the issue. They are quite good at what they do.

Regarding switching from Splunk Cloud Platform to LogScale, it was not handled by me; it was on the managerial side. The main issue was the cost because, as data grows in Splunk Cloud Platform, it becomes very expensive. Comparatively, LogScale provides the same features and threat detection capabilities but allows for faster searches with an index-free architecture and at a lower cost.

The initial setup of Splunk Cloud Platform was handled by the Splunk team, as it is hosted on public cloud AWS , and it was straightforward.

In terms of ROI with Splunk Cloud Platform, I see major benefits such as improved efficiency and reduced manual effort. For example, tasks that previously required multiple people can now be handled by fewer resources due to automation and centralized dashboards. We also see improvements in faster detection and response times, as alerts notify us proactively when issues occur.

In evaluating other options in the market, we looked at DataDog, which we saw for observability. However, DataDog is mainly for observability purposes, while Splunk Cloud Platform gives vast capabilities for different types of use cases, allowing us to create customizable add-ons.

The main differences, both pros and cons, of Splunk Cloud Platform in comparison to CrowdStrike technologies include the con that Splunk Cloud Platform's search engine does not have an index-free architecture like LogScale, which provides better speed when searching large amounts of data. A pro for Splunk Cloud Platform is that it has extensive documentation and a strong community for support, whereas LogScale has a less active community and lacks proper documentation.

My advice for organizations considering Splunk Cloud Platform is to fully utilize it by ingesting as much relevant data as possible rather than limiting it to specific use cases. Also, invest time in learning SPL and best practices, and leverage the large Splunk community and pre-built integrations to maximize value. I would rate this product an 8 out of 10 overall.

Splunk Cloud Platform  is used for centralized log collection, data ingestion and parsing, building dashboards and alerts, depending upon the client's requirement. Logs are collected from different sources like AWS , EDR, firewalls, and Windows. All logs are brought into one place, analyzed, dashboards are created, and alerts are set up for monitoring and security use cases. It acts as a single platform for monitoring and analysis.

One of the best things about Splunk Cloud Platform  is that any type of data can be brought into one platform and worked on. This flexibility is very useful in real-world scenarios. For example, logs are ingested from multiple sources, and then dashboards are built for visibility. Alerts can be created for incidents, and meaningful custom dashboards can be created depending on the client's requirements. Trends can be tracked easily, such as trends of servers. Insights can be shared with teams. Since it is cloud-based, infrastructure does not need to be managed as Splunk handles back-end operations. This saves time, effort, and cost. For Enterprise, a particular infrastructure responsibility would normally need to be handed over to a particular team or person, but that team could be negligible by using Splunk Cloud Platform.

Splunk indexes logs as they are ingested, and by using the SPL language, Splunk Processing Language, particular data can be searched from the indexed data. Indexed logs are stored bucket-wise, so there is never randomness of the data. When searching for a particular type of data, that same type of data is always obtained from the particular span being searched for.

For proactive solutions, if log ingestion drops suddenly or a data source stops sending logs, alerts are configured to trigger when data drops by 70 to 80 percent. Notifications are received via email or any other configured platform for alerting. ServiceNow  tickets can also be created for a particular issue. This helps transition from reactive to proactive monitoring.

For ingestion in Splunk Cloud Platform, the main aspect is data inputs. Infrastructure does not need to be managed as it is already managed by the Splunk teams. Data input ingestion is very easy as it has vast ingestion apps. Custom universal forwarders can also be used. Splunk has a universal forwarder product that can be installed at a particular server or application, which brings data to Splunk Cloud Platform. This universal forwarder product is a great choice for data ingestion as it gives customizable ingestion to any kind of application or server. For visualization, customized dashboards can be built, and pre-built dashboards from apps can also be used. For example, the AWS  app has pre-built dashboards that can be used for monitoring AWS servers. Many applications are available.

The licensing cost is the one issue with Splunk Cloud Platform. Licensing cost is high, so for small organizations it may not be affordable. If customizable licensing options were provided, it could be more adaptable.

Splunk Cloud Platform has been used for nearly one year.

Splunk Cloud Platform is very stable and reliable for customers. Setting the pricing aside, it is a great platform for clients.

Splunk Cloud Platform is more scalable. The back-end part is provided, so it is highly scalable. Everything can be managed with the back-end, and everything can be built or managed.

ServiceNow  ticketing tools are used for monitoring and alerting purposes. Microsoft Teams  alerting has also been integrated. If anything goes wrong on Splunk Cloud Platform, alerts can be received via email or can be set up to appear on Microsoft Teams .

Splunk Enterprise platform was previously used, and it is known that Splunk also provides the cloud version. The main difference between Enterprise and Cloud is that if a team for infrastructure management is available, Splunk Enterprise platform should be chosen. If a particular team for infrastructure management is not available, Splunk Cloud Platform would be easier for the client to manage.

There is no initial setup required for the cloud. Splunk already provides the infrastructure according to the need. Nothing needs to be managed or installed. Splunk only asks which cloud provider should be used. For example, if AWS is selected, everything is installed according to the need and provided. There is no involvement required.

For Enterprise, the implementation was great. For the cloud, it would be great as it is the same thing and just a different product.

ROI depends on the user needs or the client's need. Sometimes it occurs once in a while, and sometimes if an issue occurs, then it could occur simultaneously.

Different solutions have been used, including Splunk Enterprise platform and CrowdStrike LogScale. For the observability part, DataDog and Dynatrace  are being used.

For more proactive solutions, if log ingestion drops suddenly or a data source stops sending logs, alerts are configured to trigger when data drops by 70 to 80 percent. Notifications are received via email or any other configured platform for alerting. ServiceNow tickets can also be created for a particular issue. This helps transition from reactive to proactive monitoring. This review has been given a rating of 8.5.

My main use case for Splunk Cloud Platform  is that in our organization, we use it as a centralized multi-tenant log ingestion across cloud and on-premises for all customer environments with index-level isolation. Splunk is used for ES for SOC operations enabling correlation searches, threat detection, and compliance reporting at scale.

A quick specific example of how I use Splunk Cloud Platform  for SOC operations or threat detection in my daily work is privileged access anomaly detection. The correlation search flags abnormal login patterns using SPL plus UEBA  baseline, and the automated response via SOAR  or ITSM  triggers alerts which create incidents and execute playbooks to disable accounts or isolate the hosts. We also use it for continuous monitoring with dashboards tracking MITRE attack and cases across all tenants with real-time alerting.

We use Splunk Cloud Platform for data onboarding and normalization to standardize logs across customers for consistent analytics and ES use cases. We also use role-based access control plus tenant isolation to ensure secure access control per customer within the shared Splunk Cloud Platform deployment.

The best features Splunk Cloud Platform offers are the multi-tenant data isolation plus role-based access control, secure index-level segregation for managing multiple global customers in a shared Splunk Cloud Platform environment. Additionally, features such as native integrations with SIEM , SOAR , and ITSM  enable us to automate incident response, ticketing, and end-to-end security workflows across client environments. The high-scale injection plus SPL correlation process handles large volumes of infrastructure security logs with real-time analytics for managing SOC and cloud operations.

Splunk Cloud Platform has positively impacted our organization as we have achieved faster incident detection and response, lower MTTR with real-time SPL alerts and automated workflows. It has also improved our multi-tenant visibility and centralized monitoring, reducing tool sprawl. We also saw better compliance and audit readiness with consistent log retention and reporting.

Splunk Cloud Platform can be improved by having better multi-cloud integration for AWS , Azure , and GCP metrics and events out of the box. It should offer more cost-efficient storage retention options for high-volume multi-tenant log data and have simpler dashboard and alert management to reduce setup and maintenance effort across global customers. Additionally, the advanced anomaly detection tuning can be improved.

I have been using Splunk Cloud Platform for two years.

Splunk Cloud Platform is stable.

Splunk Cloud Platform is scalable for multi-tenant environments, handling terabytes of logs daily across global customers without performance impact. The auto-scaling injection and indexing ensure consistent performance as log volume grows, and it supports centralized dashboards and correlation searches across all tenants at enterprise scale.

The customer support for Splunk Cloud Platform is responsive and knowledgeable. Support teams understand cloud and SOC issues and provide actionable guidelines quickly. They are also aligned to enterprise-level SLAs with timely escalation processes for critical incidents.

We previously used an on-premises ELK stack plus custom scripts for log aggregation and monitoring. We switched to Splunk Cloud Platform for centralized multi-tenant visibility, real-time alerting, and automated SOC operations and workflows. The key reason for shifting is scalability, reliability, and built-in compliance and reporting across local customers.

My experience with pricing, setup cost, and licensing is that the pricing is on the premium side because it scales with data injection and retention across multiple customers, which means that the price can grow quickly. The setup cost is moderate, and initial tenant onboarding, index setup, and dashboard configuration require effort. The licensing is flexible based on features such as Core, ES, and SOAR, but it needs careful planning for multi-tenant uses.

We have seen a return on investment as we observed a 50 to 60 percent reduction in manual SOC work, which allows freeing staff for higher-value tasks. We also saw incident response time drop by 40 to 50 percent, improving SLA compliance across customers. Furthermore, the overall cost saving from tool consolidation and automation delivered measurable return on investment within the first year.

Before choosing Splunk Cloud Platform, I evaluated other options including DataDog and Sumo Logic for log aggregation and monitoring. We also considered on-premises SIEM  solutions but they lacked multi-tenant scalability and automation, so we chose Splunk Cloud Platform for real-time correlation, SOC automation, and enterprise-grade compliance features.

The advice I would give to others looking into using Splunk Cloud Platform is to plan multi-tenant indexing and role-based access control earlier to ensure secure data separation. I would also tell my peers to leverage SOAR and ITSM integration from the start to automate incident response and reduce manual effort. I would rate my overall experience with Splunk Cloud Platform as an eight out of ten.

I am also an end user of Splunk Cloud Platform . My usual use cases for Splunk Cloud Platform  are to search logs and search data as I need for my security incidents. Searching logs and data for security incidents is my main use case.

The most valuable features or capabilities of Splunk Cloud Platform that I have found so far are mainly the search and the indexing engine, and I also find the data management of Splunk better. I have used both Splunk Enterprise and Splunk Cloud Platform, and I feel that the data management on Splunk Cloud Platform is handled by the Splunk team with much better expertise than its Enterprise Platform, where we had to manage storage and everything ourselves.

The effectiveness of Splunk Cloud's search capabilities in uncovering operational insights is pretty good. Once you know Splunk Query Language, or SPL, it is way better than any other data management tool, especially when analyzing and monitoring security logs, as it makes searching and minimizing threats much easier for me.

I use Splunk Cloud's alerting mechanisms to send alerts to my email, whether something happens in real-time or through scheduled Splunk query alerts for operational tasks like security incidents or operational warnings, such as when my storage is 90% full.

Splunk Cloud Platform's ingest and visualization features have helped me improve my data reporting significantly, as data ingestion and visualization are great, especially for creating dashboards from various sources like endpoints, firewalls, and web applications.

Operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

In my opinion, there isn't much to improve in Splunk Cloud Platform, but one suggestion would be to integrate AI or provide a more graphical query builder to reduce the learning curve for new users wanting to learn SPL.

I have been working with Splunk Cloud Platform for around eight months.

I rate Splunk Cloud Platform a ten out of ten for stability and reliability, as I have found it truly reliable while using it on AWS  and as a SaaS platform, given the capability for high availability and multiple indexers ensuring data continuity.

I would rate Splunk Cloud Platform a nine out of ten for scalability. I think it's scalable due to the ease of integrating and deploying multiple indexers for data processing, although it does require some technical knowledge to configure properly for smooth operation.

I do not often communicate with the technical support of Splunk Cloud Platform. I often visit Splunk's documentation portal for troubleshooting and assistance with my queries, and I find it quite good. They offer videos to help users learn how to use Splunk and Splunk Query Language.

I feel that Splunk's documentation is highly maintained, regular updates seem to happen, and I don't have any suggestions for improvement as it is currently at its best.

Positive

I did not use a different solution for the same use cases prior to Splunk Cloud Platform. I only used Wazuh  for security data logging but would not compare it to Splunk due to its broader capabilities.

I did participate in the initial setup and deployment of Splunk Cloud Platform, but I wasn't part of the decision-making aspect. The initial setup process for deploying Splunk Cloud Platform was quite easy as we only needed to identify our data sources and determine the appropriate ingestion method, followed by some technical configuration, assuming we knew how our data was structured.

I might not be the right person to comment on the return on investment in terms of cost, but operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

I did not evaluate other options or vendors before choosing Splunk Cloud Platform. I did not participate in the decision-making process for choosing Splunk Cloud Platform, as I have worked operationally with it but was not involved in procurement.

I have not used Splunk Cloud's machine learning tools. I do not personally integrate Splunk Cloud Platform with third-party tools; however, I know that my separate team has integrated quite a few tools, leveraging Splunk's vast library known as Splunk Enterprise Applications.

I have been working with Splunk Enterprise Platform , which is the on-premises version of Splunk Cloud Platform, and it is almost the same except for the maintenance efforts required and the deeper learning curve. I wouldn't say there's room for improvement in Splunk Enterprise Platform  purely regarding the search engine, as it largely depends on the resources allocated to the indexer for its performance. I have been working with Splunk Enterprise Platform for approximately three to four months.