I have experience with Splunk Cloud Platform. We use it for log monitoring, debugging, and various other purposes.

Since I joined as a software developer, I have been working with Splunk Cloud Platform for around two years. It is the main tool we use during production issues. We monitor it not only in production issues, but also when we move code to UAT, QA, or XPT environments. We first monitor and check Splunk logs to ensure everything is functioning correctly and to identify what is going wrong.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

One unique feature with Splunk Cloud Platform is that it can be used not only for log creation but also for creating dashboards. I have created one dashboard myself for visually representing data. This dashboard checks various clients and services to see how many hits we have seen. I made it as a pie chart, and when we click on one of those sections, we are able to see how many hits that service has received. For that particular service, we can check how many users have contributed to that hit. When we send that visualization to higher management, they make decisions based on what service to focus more on. The decisions matter and vary according to management priorities.

The Search Processing Language of Splunk Cloud Platform has a steep learning curve. To extract the correct amount of logs needed, you must understand the exact mnemonics. Writing efficient SPL queries requires time to become accustomed to the language. Only after you have a good grasp of the basics of Splunk Cloud Platform and understand how to trace logs will you be able to use it perfectly.

Handling a large volume of logs requires proper filtering strategies. Logs keep coming in very large quantities, but you need to know how to properly filter them. Proper filtering strategies must be understood and implemented.

The setup and configuration for Splunk Cloud Platform is complex, especially from a developer perspective. Although it was relatively easy for me, the setup and configuration were handled by the platform team, which had to deal with the complexity in the initial phases.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

Splunk Cloud Platform does not require any maintenance on my end as a developer. We only use it for checking logs. Maintenance is handled by the platform team. Sometimes Splunk experiences downtime for a few minutes, which we are notified about via email, sometimes during weekends. I am not certain what happens during those phases, but as developers, we are unable to use it for that short period of time, sometimes around half an hour during midnight hours on weekends. Otherwise, it functions well.

I have been using this solution for two years.

Splunk Cloud Platform has fairly good stability. However, I have noticed that the Show Source feature, which displays detailed versions of logs, sometimes takes a little time. Whenever the system needs to show 100 lines or 1,000 lines, that takes some time usually. When a large number of logs sometimes enter the system, we sometimes see lag. Especially during the Show Source function, when checking the detailed logs of any particular log, I have seen this issue sometimes. Otherwise, everything is fine.

Splunk Cloud Platform is quite scalable. All services and event-based streaming, such as Kafka, have all logs flowing through Splunk Cloud Platform. We have seen that it handles this well and is great at scaling to meet our needs.

I have not contacted the technical support of Splunk Cloud Platform yet. Even when we are unable to get something resolved, we have our seniors and experts in our team and adjacent teams who help us understand where we are going wrong with the queries and other issues. I have not personally contacted the technical support yet.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

I have not used any alternatives to Splunk Cloud Platform since I joined my organization. We have been using Splunk only for observability and tracking and monitoring. So far there are no other alternatives that we have tried out in our organization.

From a developer perspective, I am involved in coding, checking logs, monitoring, observability, and other related tasks. The platform team takes care of the setup and configurations, which is complex initially. The pricing aspect is handled by management and not something I am directly involved in. I would rate this product a 9 out of 10.

I use Splunk Cloud Platform to check logs. As a product developer, whenever I try to make a transaction to see whether it has proceeded smoothly, we check the logs. In logs, we can see from the payload how the message gets generated, which is very useful for us.

I work as a product developer for Guidewire, an insurance tool, where we mostly face payment-related issues. It follows a check lifecycle where it starts from awaiting submission, requesting, requested, issued, cleared, pending stop, stopped, and everything. We have various check lifecycles. Suppose if a lifecycle is missed and the user is trying to proceed with a transaction starting from awaiting submission and moving directly to issued instead of requesting to issued, we face an illegal state change exception. Without Splunk Cloud Platform logs, we wouldn't know what type of exception we are facing. We help the user after checking the logs as well.

Recently we faced an issue where we use another software called One-Ink, where most of our process checks get updated to our database. From there, they were doing IP whitelisting where most of the payment-related features were done. IP whitelisting means giving out an IP address only for certain individuals where they can do payment-related changes. When they were doing that, they missed two or three of the IP addresses that were needed to be processed, and we had a global outage for check-related issues. We checked logs to know whether the issue was or how the issue got generated. We had to create a new payload and check it from Splunk Cloud Platform to see whether the payload got generated and the affected claims were resolved.

Generally, when we face a certain issue, if a check-related transaction will have a public ID generated, for that public ID, we don't have it in the UI. We have to query the database to get the public ID. Public IDs are primary keys and using those primary keys as a substitute, you have to search through our logs.

Logs can ask which type of log you need to give it, such as a claims pay logger or a state change logger or any other logger as a filter. Then you need to give that public ID and it would give you all the fields that were changed in that specific criteria that you were searching.

For me, with Splunk Cloud Platform, if you don't give the necessary filtration values, it has its own querying type. If you do not give a proper query or anything for the log to be generated on a primary key, it won't give you the values. It takes too much time and it checks a large number of values. Sometimes it goes more than a million, so that takes a lot of time. However, if you use proper filtration, it takes much less time. It saves our time and we could also pause the values, we could pause the search fields, we could resume the certain fields, we could skip a few fields, and we could check right from the payload whether which messages were generated and how the transaction was proceeded.

Splunk Cloud Platform holds only three months' worth of data. If you try to search for more than three months or prior to three months, it wouldn't store the values because the data stores a large number of data. I believe that's the limit for us. I believe having flexible memory would ease us because whenever we face an incident, if we want to look for this occurrence or root cause, if it is prior to three months, we wouldn't have proper logs to check.

I wish it would take a little less time and not search through unnecessary things. Of course, querying depends on the developer's knowledge, but storage is also an issue because I feel memory is not flexible enough. If we try to increase our memory, it will charge us a considerable amount of money.

I have been using Splunk Cloud Platform for around one year and three months.

We face occasional downtime issues where when we try to scale up, we face a considerable amount of challenges. If we consider one month, we would face around two to three days of downtime issues.

Scalability is a little issue for us because it's not currently adapting to our rightful needs. I believe they should upgrade on their side to match our tempo.

I never really reached the customer support, but they provide proper documentation, so all that was required. Mostly our support team takes care of any needs that were needed by us.

I did not use any solution prior to this because in this project, this was the tool that was working when I started.

We picked this tool because it was on top of a line in the market and it suited our specific criteria. We are developers, so it suited and matched our tempo.

I would say initially, to read Splunk Cloud Platform logs, it would prove very difficult because it is definitely not beginner-friendly. It will take around 15 days to one month to just adapt to what is a log and where you need to find the error because a payload and every logger is a complex form where line by line it will be written, but what that line is, they won't show that. It is definitely not a beginner-friendly tool, but it is definitely the best tool that is available in the market for insurance-related products.

Related to the pricing factor, I think it is slightly on the costlier side, but I wouldn't know much because I'm not on the management side. My organization divides developers and management, so we wouldn't know the price for it.

Generally, at our morning call, we go through our incident team-wise and assign incidents based on what we can do. Before we can do that, we check whether this is doable or not. We go through the logs and find if any check-related issues or claim-related issues that we face. We go through the logs and first check where the problem is because most of the problems that we faced were related to permission issues, where the user might not have permission and tries to make a few changes when that person doesn't have permission. They face a few errors or issues and cannot log in through certain sites or anything. Splunk Cloud Platform helps us reduce the time and effort through checking the logs. If we didn't have this, we would have checked the history loggers, where it checks and tracks even the person who viewed that particular claim. It would take a considerable amount of time.

Initially, we were a team of 300 people where our project started with three different teams. Before having this, prior to Splunk Cloud Platform logs, we used to depend mostly on the history loggers where it tracks our history or movement. Any small changes would be tracked down there, but we wouldn't have any sort of search criteria where we cannot search. We would have to manually go through step by step, one column after another, to see who has done what changes. That would prove an issue. After Splunk Cloud Platform was introduced to us, we saved a considerable amount of time. Time is a major factor for us developers.

Our team started off with 300, and now we are 30 people. We saved a considerable amount of money and resources that are required to hire more people. We started off with a team of more than 300 people and require less than 30 people right now. I think it's over a five year duration where we came to this number, but I think fewer employees are needed because of this, and we spend little effort because logs track everything. It helps us in our day-to-day task.

Storage is the major issue that we face occasionally because whenever we are trying to solve a root cause issue that is a PRB, we would require a lot of history loggers which would not be available for us. The second issue would be that it is not that scalable. I don't think increasing our storage would cost us a less amount, but it would cost us more. I would rate this product an 8 out of 10.

We have an internal solution and we are working for our own enterprise solution. I'm working in Principal Financial Group where we have our in-house security operations center, so we do not have any clients; we are conducting our security monitoring for our own infrastructure.

Our major focus is on User Behavior Analytics, UBA. We are focusing on integration of all security controls that we have, meaning the log collection from all the security controls and all the servers. The use cases we are focusing on are MITRE framework, phishing, and User Behavior Analytics, UBA.

UBA is a great application within Splunk Cloud Platform.

That feature gives us behavioral analytics within the logs, so we do not need to write complex queries. By using UBA, we achieve threat detection without needing complex correlation rules; UBA gives us a perfect output from it.

The log ingestion is very good, and the visualization part is also very good. I can create multiple dashboards from the logs we are receiving; it is similar to other SIEM solutions.

Splunk Cloud Platform is good, but sometimes it lags. When I run a very simple query with a perfectly created query in the search bar, it gives a good result, but if I create a very simple query without index and source types, it takes too much time to draw the visuals.

It is somewhat complex because Splunk Cloud Platform has multiple components like heavy forwarders and indexers. There are multiple integration approaches that we use, for example, syslog and for Windows, it is WMI. For most of the applications, we are using API integration, which is very good, but for syslog and other WMI kind of configurations, first, I need to integrate them so they start sending logs to the heavy forwarders. On heavy forwarders, I have to configure syslog-ng, and there are multiple configuration files that I have to configure for each data source.

The improvement part is that I have worked on multiple SIEM solutions, starting with RSA NetWitness, QRadar, ArcSight, and Splunk Cloud Platform. All SIEM solutions have the same issues; at the time of POC, the vendors tell us that they have many features, but at the time of implementation, we find minor issues everywhere, from integration to querying logs and deploying configuration files. There are minor issues that need fixing for more operational efficiency.

I have been working with Splunk Cloud Platform for around one and a half years.

Splunk Cloud Platform is stable and reliable with no issues, though sometimes minor issues happen; it is not as though the system goes down or anything.

The more I scale, the more I have to pay for Splunk Cloud Platform. I have to properly fine-tune the logs, filtering them for what I want to take into Splunk Cloud Platform for security monitoring. Only the logs required for security monitoring should be taken into Splunk Cloud Platform; if we have compliance requirements to just store logs, then Splunk Cloud Platform is not the right platform.

I am not that happy, but they provide timely responses. They are available at the time of need; however, there are a few things like issues with log parsing that they will not cover in normal support calls. I needed to create an ODS, On-Demand Service, for those kinds of issues.

Pricing is too high for Splunk Cloud Platform. Nowadays, people are using Cribl solution that we host just before Splunk Cloud Platform. From a heavy forwarder, logs go to Cribl, and there is a filter mechanism available in Cribl, so we can only send the events of interest to Splunk Cloud Platform, which reduces our pricing heavily. Otherwise, when collecting logs from devices such as Linux, Windows, and firewalls, we get debug logs as well, and Splunk Cloud Platform charges based on the ingestion—how much data we ingested into Splunk Cloud Platform.

We are currently working with Splunk Cloud Platform only. We are exploring machine learning tools, but they are not deployed yet, so there is currently a POC going on.

Splunk Cloud Platform does what it has to do but nothing extraordinary; it is a simple dashboard application like other SIEM solutions.

There are multiple support cases because we have a very large architecture of Splunk Cloud Platform. We have eight heavy forwarders and thousands of log sources integrated with Splunk Cloud Platform, so from time to time, I observe issues related to integration, applications, and the internal workings of Splunk Cloud Platform. Thus, we need to raise support cases to troubleshoot those.

Overall, I would rate this review a 7 out of 10.

I use Splunk Cloud Platform as our overall tool to gain insight from our platform, for our security use cases, and to build a framework that shows what is happening in our organization or what is happening in our applications, the current status, or if we are facing any issues with our systems. I ingest various types of logs from different systems to Splunk Cloud from our forwarders and build dashboards and alerts on top of that. My primary use case is to understand our architecture or our overall environment, including what is happening and whether there are any vulnerabilities, or to conduct analysis on our applications. If there are any performance issues, I can learn about them from the dashboards that we have built and can optimize our architecture or overall application performance.

What I like about Splunk Cloud Platform is that it gives me flexibility and freedom in that I do not need to worry about the actual architecture of Splunk. I do not need to install it anywhere manually, and I only need to worry about what data I need to ingest and how I will create a dashboard on top of that. It provides support so I do not need to worry about the platform. It functions as Software as a Service, so I can directly use it and if I am facing any issue, Splunk support is available to help me anytime.

I do not have any limitations with Splunk Cloud Platform. I can access it from my own private network or anywhere, and I can access it from the public network as it is on a cloud. That is also a plus point for me.

In terms of assessing the effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights, its storage capability is excellent. Previously, we were managing it at an enterprise level, but it was costly to us because of data redundancy and the availability zones. With Splunk Cloud Platform, we do not need to worry about data backup, which is a very good point.

The alerts have helped us in proactive issue resolution. If we are currently getting any error, we will get notified in the next 15 minutes or 30 minutes according to the schedule of the search.

Splunk Cloud Platform's ingest and visualization features have helped improve our data reporting, truly the best available in terms of customizability. We have two options, classic and Dashboard Studio for dashboard purposes. In classic, we get options to build custom dashboards using custom JavaScript. We can insert our own graphics to provide better visuals where insights to our management team will not be dependent on the numerical base. We have charts to showcase our current situation, which will be really great for management.

In terms of benefits, if we were needing two persons for SAP to analyze if we have any issues, now we just need one person doing multiple tasks. We have built an automation system, or a dashboard, which gives us insight so that we do not need to go and look up every service. Splunk Cloud Platform really impacted our workflow and increased our productivity.

In Splunk Cloud Platform particularly, there is nothing specific that I would like to see improved or enhanced, but the cost is currently very high. If that part could get a little bit cheaper, then that would be really great.

In terms of enhancement for Splunk Cloud Platform, I would say if we could create add-ons or if we get the capability to build add-ons directly through cloud, not talking about the add-on builder framework, but something editor-like where we will directly edit our conf files from any specific app or TA provided by Splunk Cloud Platform itself. If we get that feature, it will be really beneficial. Instead of doing configuration from the UI, we would prefer to get access to back-end conf files and do it manually because when we were using enterprise, we had pretty much hands-on experience with that.

I have been using Splunk Cloud Platform for around two years.

I would evaluate customer service and technical support of Splunk as really good. They provide on-call support and they reply to cases that we open, so the support is really good and collaborative.

We have not previously used a different product. We have tried other tools, but they were very limited to the use cases that we are trying to capture. I chose to go with Splunk Cloud Platform because it has vast capabilities.

The initial setup with Splunk Cloud Platform was really straightforward because, as it is a cloud platform, Splunk provided us the complete package where we do not need to worry about our infrastructure or configuration. If we need any help, they are always available, so it was very straightforward.

The implementation was done by the Splunk team.

We evaluated products like Dynatrace or DataDog, which were very specific. They were providing us only observability-specific tasks. However, we have some VML logs or firewall logs for which we would not get that much analysis from those products. That is why we chose to go with Splunk Cloud Platform.

We use Splunk default alert actions and we have installed third-party integrations, such as ServiceNow integration, where we are creating ServiceNow incidents or ServiceNow tickets from our alerts.

The impact of Splunk Cloud Platform's integrations with third-party tools on our daily operations is very helpful for our overall infrastructure monitoring. We have third-party integrations, such as SAP or Dell Boomi. To ensure that our SAP and site integration are running smoothly and none of its API is getting high or something unusual, we can easily detect that instead of going into SAP and analyzing.

We have our own machine learning logic where we are creating alerts based on our machine learning algorithm. If we are missing any data from the forwarders, then we have a built-in threshold mechanism where if the data from the last seven days is coming around 80 GB, then the next day it should be getting related to that. If we are not getting that, then we will get alerts. I have not particularly used Splunk ML Toolkit.

From the features perspective, I would say if we were getting calls from back two or three months, I was waiting for the Otel feature in Splunk Cloud Platform. Now we have support of Otel in the current latest Splunk version, so we are planning to upgrade Splunk Cloud Platform to the latest. The feature that I was looking for is now currently available, so I do not have anything specific at the moment.

In terms of pricing, the cost is high, but we are getting pretty much value out of what we are paying and what should be available to us in the market. In terms of that, it is really good with no question on that.

My advice to other organizations considering Splunk Cloud Platform is to make sure you use it as much as you can. There is a really big community of Splunk that you can explore to see what data you can ingest. There is a possibility you are already using other services from which you can get logs into Splunk and build analysis on top of that. Do not limit yourself to any specific use cases. I have seen some organizations only ingest specific logs, such as firewall logs or DNS logs. But they have different types of machines and applications running for their infrastructure. They can ingest logs from those as well and build analysis on top of that. There are pre-built add-ons that provide that functionality to them and they do not need to worry about development. So use it as extensively as possible. Overall, I would rate this product a nine out of ten.

I used Splunk Cloud Platform for fraud detection. The first thing is fraud detection, and the second thing is understanding data better because of the data visualization that it has. The display that it has compared to a simple type of visualization is much clearer compared to any kind of thing you might notice on a super dense Wireshark.

Data Visualization and IT Alerting and Incident Management are the main valuable features, primarily to get a better idea of what's going on.

When you do data reporting using Splunk Cloud Platform, because you have everything in front of you and it's so detailed and easy to read once you have the data. Another thing that makes it clear is because of the amount of evidence you have in front of you, the data is a lot more valuable. It's less of a human claim and more of evidence presented in front of you when you're trying to make any kind of claim on a certain thing going on.

I really do like about Splunk Cloud Platform the real-time alert where you can search for anything and the data is still stored there because at the end of the day, we are finally in a generation of cloud where everything is stored on a cloud platform to the point that you can search anything, as long as you do it in the appropriate way, you will find the results. It's in a good visual status with good visibility. I appreciate this feature.

To be honest, I don't think it's beginner-friendly. It takes time and multiple meetings to actually understand how to create different types of alerts or how to search for them. It's quite similar to how you might search on SQL, but that's asking another set of skills to have. I know there are tutorials on the website, but I feel if they rolled out more free courses on such things that provide a link to a free course for beginner training, I feel people would be interested in it.

I ended up getting access around three to four months back. I was part of a team that was using it, so we got on a call together while I was observing them and using it while giving my input for a project.

I haven't really faced much of it, but my usage was pretty less intensive, so I can't really talk about it for everyone. From my perspective, because of my light amount of research and light usage of it, I would say it's been pretty good. I haven't experienced any stability issues.

Splunk Cloud Platform is a good tool, but it's not the easiest to transfer between different teams because there's a lot of training involved in it. While I do the tool and I do feel it's really useful, if you ever notice in this current industry, people are wanting employees to learn Splunk Cloud Platform, or at least they want applicants who apply for a certain role to have known Splunk Cloud Platform because of not only how new it is or how recent it is after the cloud integration, but also just that it takes time to learn and takes time to be efficient at it.

When you work in a corporation, you have people dedicated just for that.

I've used Splunk Cloud Platform very briefly, not too much. I use ServiceNow, Confluence for documentation, and Keyfactor for generating certificates.

It's kind of hard for me to say because I came from a corporation where Splunk Cloud Platform was already a part of the user group where I got access to it, so I didn't have to do any of that.

Any IT person would rather use the command prompt. Using a simple command prompt and trying to see based on the elevated access they have, you can always check what's going on. Wireshark itself is a really good tool and a really good alternative to have any kind of packet capture and read through the data to understand what's going on.

Splunk Cloud Platform is different because it offers real-time alert. Wireshark is something that you have to let things be and then later catch and see, while Splunk Cloud Platform updates on its own. It has a lot better visuals overall.

Regarding whether Splunk Cloud Platform's ingest and visualization features have helped improve data reporting and the overall alerting mechanisms, I haven't had the chance to use it for myself, but from the time when I was researching them for the project that I was working on, it seemed to be really effective in at least the fraud department of the team to understand any type of price alerts when something is going on.

Regarding how easy or difficult it was for me to learn how to use it, I would say on a scale of easy with one being the easiest and ten being the hardest, I would say it was around a four or five. I've used other tools before, and I've used other things such as Wireshark and some others a lot before, so I had a much better grasp than a lot of beginners might have. Recently in a meeting where we were trying to teach a beginner about this, the main person who uses it had to go through multiple rounds of meetings to show them how to use it. While watching that, I realized the gap in knowledge between someone who's in IT for years versus someone who's trying to be more hands-on but is unfamiliar with the tool.

We use Splunk Cloud Platform for security and want to implement it as a SIEM solution. We also want to replace our old legacy SIEM solution because we are adopting a cloud solution instead of an on-premises solution. Another use case is that we want to use this tool in our managed service offering. We do not use the solution to resell licenses to our customers, but rather to provide services to them. We appreciate the powerful integration that Splunk Cloud Platform offers, making it easy to integrate with any sources and any data. It is able to handle data that resides in an S3 bucket or elsewhere, not just ingested directly into the SIEM itself. We are also looking at Splunk Cloud Platform's strategy, which is very interesting because of the integration they will have regarding Agentic AI and automation. A unique solution for orchestration and automation, called SOAR in cybersecurity, combined with SIEM in a unique platform is a very interesting strategy from our point of view.

It is Enterprise Security in the cloud. This is a cloud solution.

Splunk Cloud Platform is a very mature solution and an enterprise-grade solution that brings the work we have to do with customers to an enterprise-grade level. It is something that we can manage from a single pane, and it is quite easy to deploy. I see a benefit that is not strictly related to the features that Splunk Cloud Platform offers, but it depends on the company belonging to Cisco now because we are a Cisco partner and Splunk Cloud Platform is a pillar, a vertical technology in the security area of the partnership. The benefit of partnering with Splunk Cloud Platform falls into the Cisco partnership and the benefits we can have in this important partnership we have as a company.

Compared to my previous situation, the first benefit of this solution is the speed and the effort reduction in terms of onboarding new customers and maintaining the entire platform. I will not have any more effort for system upgrades and infrastructure maintenance. This is one of the biggest benefits I can have from the solution. I save a lot of money because I do not have to spend resources anymore to maintain and operate the infrastructure and the systems.

I think it is really effective, and we are still at the beginning. The capability to search for insights is very powerful and also supported by AI and machine learning. The capabilities are increasing day by day, and new features are being released and will be released soon.

I am not able to answer right now, but I am confident they will be able to predict a trend because they promise they are able to do this using machine learning algorithms and Agentic AI features. They say they will be able to predict the behavior of your network or your infrastructure. I am really confident about this, and I hope it will be true because I need this.

There is something that they say will be improved, and I am still waiting for it. This is the Agentic AI elements inside the platform that I mentioned before. There is something present today, but the full feature is not released yet. From my point of view, it is a bit late. It is okay for me because we are adopting it and we can work on this, and it is acceptable for my timing. However, from a market perspective, they are a bit late. Competitors in some cases are earlier adopters. But I am sure they will release a very powerful tool, as per the Cisco approach. They want to win when they start doing something, and I am confident they will release a very powerful tool.

I have been working with it for one month.

It is still a bit early to answer. We have just seen it on paper, and we have to check it.

In my previous experience, I had enterprise security, but on-premises a few years ago, three years ago. It was integrated with another SOAR from another vendor.

It is something that we can manage from a single pane. It is quite easy to deploy.

Compared to my situation, it does not have any meaning because I have something legacy now. However, it is a good price on the market. It depends because if you look at the list price, it is a bit expensive from my point of view. But once you are in the partnership with Splunk Cloud Platform and with Cisco, you can have good discounts, you can make the deal and discuss, and they are willing to help you as a partner in finding the solution and finding your target. So it is good from my point of view. But if you look at the list price, it is expensive.

We evaluated QRadar, FortiSIEM, and Palo Alto SIEM. We chose Splunk Cloud Platform because of a combination of different aspects, not just for price or features. It is the whole combination of the features, the benefits, the cost, the partnership, and there is no one aspect leading the choice. It is a mix and a combination.

Today, we are working with the SIEM solution, which is quite a legacy term. Saying SIEM is not really effective. It is the Enterprise Security solution, and we are now in the process to implement it. We are adopting the solution and are at the beginning. We have studied a lot, we are training people, and we are changing and modifying our process as per what the technology allows us to do. We are also evaluating the observability solution. We are working on two different paths, and one is at a more mature stage, while the other one is at an evaluation stage.

We are setting up alerts as expected.

We are integrating Splunk Cloud Platform SIEM solution with our SOAR solution, which is today from another vendor and not Splunk Cloud Platform. Then we will see tomorrow what we want to do if we want to use the unique platform, the unique Splunk Cloud Platform with SOAR, Agentic AI, SOC automation, and everything, or if we want to keep using our actual SOAR. We are integrating Splunk Cloud Platform with this SOAR.

My recommendation is to look at the future and look at the strategy. Do not look at the features today but look at the features tomorrow and not just at the technical features but at the whole strategy to integrate in one single platform all the capabilities that a SIEM solution or a log gathering solution might have. Putting together orchestration, observability, security, this kind of strategy is what an integrator should evaluate in my opinion.

I would rate this product an 8 out of 10.

The main use cases for Splunk Cloud Platform include data collection, parsing activities, use case building, data ingestion, and creating dashboards and reports. My clients use it for similar purposes.

The best thing about Splunk Cloud Platform is that you can bring any data and store it in one place. You can build meaningful insights from it, have the same data ingested, create beautiful insights, have alerting done on it, and have dashboards and reports built on top of it.

Splunk Cloud Platform's ingest and visualization features do not bind you with a limitation in the volume you want to ingest. Since we are using the compute-based licensing feature of Splunk Cloud Platform, there is no limitation to the volume of data we ingest on the platform. All Splunk Cloud Platform instances are also Smart Store supported, so that eases storage utilization concerns.

One of the best advantages of using Splunk Cloud Platform is that there are lots of proactive alert notifications from Splunk support if anything goes down on the infrastructure end or if there is anything wrong with your environment. Splunk support is on top of things, notifying you beforehand if something is going wrong and that their team is already aware and working on a fix.

I don't see any new requirements in terms of improvements for Splunk Cloud Platform at this time. Splunk's dashboarding, reporting, and visualizations are evolving at a larger scale with the new Splunk Dashboard Studio in place. There were some limitations with the classic dashboard where you had to be aware of different HTML, CSS, and custom JavaScript for better visualizations. That's being migrated towards Splunk Dashboard Studio, which is evolving at a great pace, providing similar functionalities. I have not faced any current challenges regarding Splunk Cloud Platform's limitations. I still think, however, that better configuration and customization options for workload management could be enhanced, but that applies to Splunk Enterprise as well. It's just my understanding and what I foresee, but I'm not sure if it will be a priority right now, as even without workload management, a lot can be done, and the product team might have a different roadmap.

I have been working with Splunk Cloud Platform for almost six years.

My feedback remains that you have your designated account manager who helps navigate all the cases. Sometimes, the support team may not be fully knowledgeable about the challenge you face, but through their internal escalation structure, they manage to find viable solutions sooner or later or provide updates on when issues will be fixed. I think their support is pretty good on that part.

The best thing about the initial setup process of Splunk Cloud Platform is that you don't have to deploy your own Splunk Cloud Platform deployment; Splunk handles it for you. For the on-premises setup, you do need the initial configuration for end devices to send logs to Splunk Cloud Platform, but it's straightforward. It's just one package that you install on your end device, and after restarting, everything is sorted. There is no hassle in configuring Splunk Cloud Platform or getting on-premises devices to send data to it.

We do use Splunk Cloud Platform's alerting mechanism. We have set up hundreds and thousands of alerts for different use cases. For example, if any of the data sources stop the ingestion or the volume has been relatively quite down, we have set up alerting for that. It creates a ServiceNow incident that falls under our team's responsibility and sends an email as a notification that this alert has been triggered, such as when XYZ feed has gone down or the data from XYZ feed has decreased up to 80% or 70%, whatever the threshold set. We definitely use all the different alerting mechanisms and alert actions provided by Splunk Cloud Platform.

Whenever we see a situation where we don't want to be reactive, we attempt to do a predictive analysis of the data ingested in our Splunk Cloud Platform. This analysis depends on an alert-to-alert basis. For instance, when talking about a data source going down, if the situation arises, we should be triggered at a threshold of around 80% decrease. In that situation, we keep a buffer of 10% and alert ourselves to notify at a 70% decrease in the feed so that we can take preemptive measures to ensure that the feed comes back online before the situation escalates.

In terms of machine learning, we are using the Splunk-supported machine learning toolkit that also has new features for artificial intelligence. We do use them for outlier detection and predictive analysis in terms of different alerting we have enabled in our environment.

To predict trends in our data, the example I shared previously involves understanding if the volume is going down or not. We do this using the machine learning toolkit itself. We have our data ingested into Splunk Cloud Platform, and each index and source type has some dedicated volume getting ingested daily. We create an average of the total volume ingested over the past 60 days, 45 days, and 90 days, and then we identify the volume ingested yesterday. We compare it with the average of the last 45 days and try to detect any deviation. All of this is part of the machine learning toolkit application itself. That's how predictive analysis and outlier detection work, and we're using that in our daily operations as well.

With different vendors, there is no problem having Splunk Cloud Platform integrated with them. For example, we already have our alerting enabled so that whenever any alert gets triggered, an incident is created in ServiceNow. I have also worked on integrating Jira and other different Atlassian products with Splunk Cloud Platform. It's user-friendly and straightforward to integrate Splunk Cloud Platform with different vendors without much issue.

For any organizations looking to configure Splunk Cloud Platform, I believe it's a simple process. It's just important to stick to the fundamentals and understand how Splunk Cloud Platform operates. The documentation is quite clear. One notable advantage of Splunk Cloud Platform is the Ingest Processor and Edge Processor, which help optimize data before feeding into Splunk Cloud Platform. We've seen a reduction of around 40% to 60% in the total volume ingested using efficient data pipelines. We provide services for optimizing data pipelines and feeds, and those tools can be quite helpful. But if you're looking to configure Splunk Cloud Platform for on-premises servers, downloading the universal forwarder package from the Splunk Cloud Platform search head is all you need.

I would rate this product a 9 out of 10.