Agent Mode
English

Splunk Cloud

Splunk

Reviews from AWS customer

31 AWS reviews

External reviews

41 reviews
from

External reviews are not included in the AWS star rating for the product.

    reviewer2805510

Unified log analytics has transformed security monitoring and cuts breach detection to minutes

  • May 08, 2026
  • Review from a verified AWS customer

What is our primary use case?

Splunk Cloud Platform is my main use case, which we sell to our channel partners within the channel community that then sell it to their customers, primarily as a cloud-based platform that collects data, analytics, and monitoring. It is mainly used for log management, security monitoring, known as SIEM, IT operations monitoring, and customers can use it for infrastructure troubleshooting and compliance reporting, but primarily for getting real-time analytics. It is a useful SaaS cloud-hosted tool that manages infrastructure, upgrades, scaling, and maintenance for customers.

A specific example of how a customer uses Splunk Cloud Platform in their day-to-day operations is how it collects logs from Linux, Windows servers, Azure, and AWS. Teams can run powerful searches using SPL, search processing language, to find failed logins, investigate outages, and trace application errors. It also automatically alerts the team for system failures, CPU spikes, security threats when they occur, and API slowdowns, showcasing just a couple of examples of what our customers use Splunk Cloud Platform for.

Splunk Cloud Platform provides a complete picture regarding how customers use it. It includes capabilities around machine learning and dashboards that allow them to monitor KPIs, have a real-time operational view, and executive reporting from all the logs.

What is most valuable?

Splunk Cloud Platform's best features include its scalability, as it can handle terabytes of data and is probably one of the market leaders within SIEM capability, which is very strong. In this day and age, cybersecurity products need great integration, and it has a huge ecosystem that can integrate with over 1,200 integrations and applications. Another major positive is that it is cloud-managed, which means less infrastructure management. Finally, the main feature that many people value, and our customers provide feedback on, is real-time analytics with fast detection and troubleshooting.

Splunk Cloud Platform has positively impacted my organization by reducing the need for infrastructure management due to being a SaaS cloud platform. The main use case is detecting cyber attacks faster. For example, a large financial institution, a bank, used Splunk Cloud Platform and identified failed logins, impossible travel events, VPN anomalies, and endpoint alerts when attackers attempted credential stuffing. Without Splunk Cloud Platform, those alerts existed in multiple systems, and detection could take days, but with it, events were correlated correctly and raised a single notable event, triggering alarms immediately. This significantly improves mean time to detect and respond, reducing investigation time from hours to just 10 to 30 minutes for common incidents by providing a single pane of glass visibility for SOC teams.

What needs improvement?

Splunk Cloud Platform has areas for improvement, including the fact that it is obviously an enterprise tool and can be expensive, which is the biggest complaint I have noted. Costs can rise due to high data ingestion and long retention periods, along with a complex licensing structure that makes pricing difficult to predict as usage grows, especially since more systems send logs. There are also performance concerns at scale where users have reported slower searches and expensive long-term storage needs, particularly in multi-terabyte environments. Additionally, operational complexity exists as enterprises still need to do data onboarding, create dashboards, handle retention policies, access control, and performance tuning.

These are the three key areas of improvement I have identified.

For how long have I used the solution?

I have been using Splunk Cloud Platform for approximately three to four years at various different places of work.

What do I think about the stability of the solution?

Splunk Cloud Platform is undeniably stable, which is one of its key advantages. While it may come with a high price tag and face scalability issues, its stability is commendable, enabling easy visibility into logs, effective data ingestion, and successful operations with diverse integrations and third-party platforms.

What do I think about the scalability of the solution?

My customers typically leverage scalability and integration features across the main cloud providers, primarily AWS, integrating with CloudWatch, CloudTrail, S3, and Lambda for cloud security monitoring and audit logging. They also integrate with the entire Microsoft stack, including Defender for Cloud, Sentinel, Azure ID, and Azure Monitoring, as well as Google Cloud, where GCP integrates with Cloud Logging and Pub/Sub security command center. We also have integrations with major SIEMs including Sophos, CrowdStrike, and firewalls from Palo, Fortinet, Cisco, and Juniper, and identity management tools including Okta, Ping, and Duo. For threat intelligence, we get much of our integration from Recorded Future as our main integration, but they are just some of the top ones we integrate with effectively.

Splunk Cloud Platform's scalability works well, especially for smaller businesses, but can present issues for larger enterprises facing stricter regulations and greater integration requirements.

How are customer service and support?

Customer support with Splunk Cloud Platform is really good. The CSMs and account managers in the channel team are great, providing assistance not just with selling the product but also for implementation, deployment, and aftercare. I would rate customer support a nine on a scale of one to ten. There have been a couple of instances where issues arose, which is why it does not earn a full ten, but overall, it stands out as a really good platform and contributes to why they remain number one in the business.

Which solution did I use previously and why did I switch?

I have not personally switched from a different solution to Splunk Cloud Platform, but we utilize various different solutions for SIEM, including QRadar and Exabeam, alongside newer tools including DataDog and Elastic.

How was the initial setup?

My experience with pricing, setup costs, and licensing is that while the setup costs are straightforward and not overly burdensome, licensing for small to mid-sized enterprises is favorable. Highly regulated businesses, including financial services and banks, tend to use Splunk Cloud Platform regularly, and while it is a high-quality product, the costs can elevate significantly as scalability needs grow within larger enterprises.

What about the implementation team?

My partners deploy Splunk Cloud Platform in several different ways. My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly.

What was our ROI?

I have observed a robust return on investment with Splunk Cloud Platform, particularly in how quickly it enables the detection of breaches. We see logs between 10 to 30 minutes in contrast to six hours with other platforms, marking a substantial ROI for organizations needing to prevent breaches that can cost from tens of thousands to the average ransomware cost in the UK of 3.2 million last year. Being able to resolve issues quickly not only saves money but also minimizes the need for additional security personnel, thanks to the effectiveness of its log prioritization and integration capabilities.

Which other solutions did I evaluate?

Before choosing Splunk Cloud Platform, the primary alternative evaluated was DataDog, although that was not my decision directly.

What other advice do I have?

The aforementioned examples are the best ones to highlight regarding positive outcomes about how Splunk Cloud Platform has helped my organization or my customers.

My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly. My impressions of Splunk Cloud Platform's visibility into multiple environments, including cloud, on-premises, and hybrid are very positive. It excels at monitoring across these environments and provides high capabilities, especially strong in centralizing visibility. This is facilitated by effective cloud monitoring alongside mature on-premises monitoring, all visible in a unified dashboard for SIEM use, supporting massive scales and deep forensic investigation across all these monitoring types.

My impression of Splunk Cloud Platform's zero setup feature for AI models is mixed, as there have been a couple of problems. Data is never standardized among organizations, leading to different log formats and inconsistent field naming. Therefore, AI cannot understand the data without mapping it first. Moreover, there is a need for context rather than just raw data, and integration remains unavoidable. Splunk Cloud Platform's zero setup AI concept feels more like a marketing idea than reality, as it requires careful scrutiny in enterprise environments. The main blockers noted remain related to data integration and standardization.

My experience with Splunk Cloud Platform's application ecosystem is that it is easy to manage for small and simple environments, as management involves just installing the application and configuring the data. However, for enterprise environments, management becomes really complex when dealing with multiple applications and teams, especially in larger organizations or heavily regulated industries including financial services and banking, where governance is stringent.

Splunk Cloud Platform scales extremely well at enterprise and hyperscale levels with some cost and architecture considerations. It can ingest almost limitless data and scale impressively, but higher data volumes present challenges, including costs, poor data hygiene, slower searches, and operational complexities that arise even in cloud environments. Despite these challenges, Splunk Cloud Platform scales extremely well technically; however, in real-life enterprise contexts, the main scaling limitation is not infrastructure but rather cost, data volume discipline, and query efficiency.

In comparing native models to third-party integrations within Splunk Cloud Platform's environment, I find that native Splunk scores high in integration quality and stability. However, it lacks the customization and innovation speed found with third-party options. Native models require very low maintenance effort, which contrasts with the medium to high maintenance needed for third-party applications. Each model has its advantages: the native model excels in core SIEM engines and performance-critical workloads, while third-party models handle data ingestion for external systems and industry-specific applications effectively. Therefore, a hybrid approach, leveraging the reliability of native capabilities with the flexibility of third-party applications, is ideal.

Splunk Cloud Platform's subscription model significantly impacts financial planning for data platform investments by being quite complex and opaque. The licensing and subscription model are tough to decipher initially, largely due to the relationship between ingestion levels, data scaling, and the associated costs that increase with usage. Customers usually find that as they scale, their expenditure rises, with no clear set cost available when they first begin using it.

Splunk Cloud Platform is a market leader known for its strengths in enterprise-scale log analysis, advanced security monitoring, complex event correlation, and deep search capabilities. It is also highly customizable, making it an excellent choice for organizations unperturbed by cost and seeking a cloud-native design, especially if they have a SOC environment and a large IT estate. I would rate this product a nine out of ten overall.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    reviewer2816211

Cloud analytics has improved reporting and security visibility across hybrid environments

  • May 06, 2026
  • Review provided by PeerSpot

What is our primary use case?

I have been working in my current field for two years.

My use cases for Splunk Cloud Platform involve various applications that enhance data management and security.

I use it to streamline operations and improve analytics.

What is most valuable?

What I appreciate most about Splunk Cloud Platform is its intuitive user interface, which makes navigation and data analysis efficient.

It has a favorite feature in its reporting capabilities, allowing me to generate insightful reports easily.

What needs improvement?

What I find challenging about Splunk Cloud Platform is that it occasionally has a steep learning curve for new users.

The platform could improve by offering more comprehensive onboarding resources and tutorials.

For how long have I used the solution?

I have been working with Splunk Cloud Platform for six to eight months.

What do I think about the stability of the solution?

Regarding stability, Splunk Cloud Platform performs well with minimal lagging or crashing issues.

What do I think about the scalability of the solution?

Regarding scalability, I find that Splunk Cloud Platform is highly scalable, accommodating growing data needs without major issues.

How are customer service and support?

I have had to contact technical support for Splunk Cloud Platform before, and my experience was quite positive.

If I were to put the technical support on a scale from one to ten, I would rate it an eight for the support.

How was the initial setup?

The initial deployment of Splunk Cloud Platform was somewhat challenging but manageable.

It had complexities that required careful configuration.

Which other solutions did I evaluate?

As for alternatives, I have used other data analytics tools before, but none quite match the capabilities of Splunk Cloud Platform.

I definitely prefer Splunk Cloud Platform more due to its superior features and support.

What other advice do I have?

I think the app ecosystem for Splunk Cloud Platform is robust, and managing updates within this app ecosystem is relatively easy.

Splunk Cloud Platform's visibility into multiple environments offers excellent monitoring capabilities, whether I am using it in the cloud, on-premises, or in hybrid environments.

I leverage it primarily for cloud infrastructure.

Regarding Splunk Cloud Platform's zero-setup feature for AI models, my impression is that it is truly innovative and simplifies the integration of AI into my workflow, although I have not used it extensively.

Regarding the pricing, I think Splunk Cloud Platform is on the higher end, but the value it provides justifies the cost.

I would rate this product an eight overall.

    R Nandasana

Cloud analytics has supported long-term healthcare use cases and simplifies operational management

  • May 05, 2026
  • Review from a verified AWS customer

What is our primary use case?

I used Splunk Cloud Platform for seven years. We built use cases for one of our pharma customers, Regeneron Pharmaceutical from the US. We created numerous use cases for their operations, including keeping medical records with details about medicine inventory, doctor information, and many other elements that we stored and presented.

What is most valuable?

I appreciate the expansion capability of Splunk Cloud Platform. We can forward any kind of data to the cloud endpoint that they provide. This allows us to forward any kind of traffic to that endpoint. There is no need for maintenance. If an error occurs or Splunk health is not good, we can raise a support case and they will handle everything. There is no need to maintain infrastructure either, as they keep the infrastructure very stable, which is a good thing.

What needs improvement?

If you want to make Splunk Cloud Platform more reliable, there will be some issues. For example, if you want to allow some IP or renew some certificates, you need to raise a case and it will not be immediate. It will go through the process and take three to four days. Sometimes, the technical support case persons are not sufficiently technical. I have experienced this where they are not technical enough or not understanding the issues.

The app ecosystem is good, but if you want to upgrade any kind of apps or receive support related to the app, you mostly need to raise a support case and the Splunk team will handle it. However, if there is a problem with your custom apps that you need to deploy on an indexer, that becomes an issue. You can upload it from the search head, but sometimes there are DMC issues. DMC mostly fails sometimes, so we cannot deploy from the search head cluster or indexer. For custom apps, you need to go through all of these processes, which involves a lot of process.

For how long have I used the solution?

I used Splunk Cloud Platform for seven years.

What do I think about the stability of the solution?

Stability with Splunk Cloud Platform is very stable. Sometimes we face an issue with latency. For example, when we are ingesting 10 TB of data and there is a sudden increase, we need to increase the storage at the cloud end. Sometimes this will take time because it is not on our end but on the cloud end. That is the only issue. Everything else is good.

What do I think about the scalability of the solution?

Splunk Cloud Platform is very flexible in terms of scalability. If you purchase something initially and later have increased requirements, they can scale up and scale down your environment. That is one good feature. We just need to raise a simple support case, and based on that support case, they will scale up and down our environment. That is good.

How are customer service and support?

I reached out to technical support many times regarding operations. If you want to perform any kind of operations, you need to reach out to the technical support. They are very good and their responsiveness is fine. Everything is good. However, as I mentioned, sometimes they might not have proper knowledge or sometimes they are not sufficiently technical. They are not understanding sometimes.

Which solution did I use previously and why did I switch?

I used New Relic for log collection. However, New Relic is not a part of Splunk. It is a very limited scope product, not widely used like Splunk. There is no competitor to Splunk in the current market right now.

How was the initial setup?

I do not think we need to do anything for initial setup. We just need to request the cloud team, and they will prepare an instance and everything for us, and they will give us a URL to access the cloud. After that, you need to allow firewall access based on what is in your company. That is all. Then you can access the environment. It is very simple and we do not need to configure anything.

What about the implementation team?

Maintenance is not required at all in the cloud. A team of four or five people is more than enough to handle the full cloud infrastructure. I managed the cloud around 10 TB ingestion per day with only four or five people. That is more than enough because we do not need to take care of hardware and other components. However, if you have on-premises, then you need more than 30 people to maintain all of the parts.

What was our ROI?

Splunk Cloud Platform pricing is very costly. If we did it on-premises, it would be cheaper because we would just need to purchase a license. However, Splunk Cloud Platform is very costly. But if you use it properly, then you can get value from it. Maintaining an infrastructure on-premises would be expensive as well.

What's my experience with pricing, setup cost, and licensing?

Splunk Cloud Platform pricing is very costly. If we did it on-premises, it would be cheaper because we would just need to purchase a license. However, Splunk Cloud Platform is very costly. But if you use it properly, then you can get value from it. Maintaining an infrastructure on-premises would be expensive as well.

What other advice do I have?

Visibility with Splunk Cloud Platform is very good. We do not use only cloud because we have a heavy forwarder at our end that will forward the data. This is a hybrid deployment on our end. If you have on-premises only, then everything is on you. With on-premises, we have full visibility of the environment, including what is indexer and what is search head. However, in the cloud, we do not know where this is deploying. They are saying that they are deploying only on AWS. If something goes wrong with AWS, then our full Splunk Cloud Platform goes down. For enterprise on-premises, we have full visibility and can see what is affected and other details. Visibility is less in cloud and more in on-premises. I have not tried that feature. My overall rating for this product is 9.

    Andrzej Nienaltowski

Training lab has improved threat hunting and now speeds up investigations with built-in visuals

  • April 29, 2026
  • Review provided by PeerSpot

What is our primary use case?

I use Splunk Cloud Platform for both IT alerting and incident management in my training.

I use it to find threats and strange behavior of applications or networking. I mostly use it for networking, strange processes, and behaviors. I use the alerting mechanism.

What is most valuable?

I appreciate the syntax that Splunk Cloud Platform uses because it is not KQL.

The whole product is really good, and I did not have much difficulty using it. The alerting mechanism is good to have, but in my personal training, I did not use it much because I did not need it that much.

The visualization feature in Splunk Cloud Platform is a pretty good feature because I did not need to go to any other vendors, for example, any.run or VirusTotal. This speeds the whole investigation up.

What needs improvement?

It is worth reconsidering the syntax language and changing it to KQL. The company would benefit from using the KQL language in queries. Pricing would be better.

For how long have I used the solution?

My experience with Splunk Cloud Platform is three months.

What do I think about the stability of the solution?

I have not heard a lot of problems or disconnections, so I think nine is correct. That is also nine.

How are customer service and support?

From what I heard, the technical support is pretty decent, so eight is okay.

Which solution did I use previously and why did I switch?

I have tried Elastic, Sentinel, and I think that is all.

How was the initial setup?

I cannot tell if the deployment is easy or complex. I cannot tell how long it took to deploy because I did not deploy it. I just started the session, and everything was already prepared for me.

I had some tasks to find, such as some strange processes. That was one big task to perform on Splunk Cloud Platform system. There were several of these tasks, but that was an example.

What other advice do I have?

I have not tried the machine learning tools yet. I did not integrate Splunk Cloud Platform with any tools. In my case, it is just me using the solution, but I know the whole platform because I am using Cyber Defender platform for learning. The whole platform has a lot of people, but in my case, it is only me.

I cannot tell if it requires any maintenance, but I do not think it is really rough to do it.

My overall review rating for Splunk Cloud Platform is eight.

    reviewer2830626

Managed log analytics has provided real‑time monitoring and improves proactive issue resolution

  • April 27, 2026
  • Review provided by PeerSpot

What is our primary use case?

In the data and analytics domain, I work with Splunk Cloud Platform where we handle system logs and large scale data. I use Splunk Cloud Platform to monitor applications. I analyze logs and then build dashboards that provide real time insight for our technical team.

What is most valuable?

Splunk Cloud Platform is fully managed, so we do not need to handle infrastructure. The next thing I appreciate is its powerful search using SPL. It is easy to build dashboards in Splunk Cloud Platform and its visualization is also solid.

The alerting mechanisms of Splunk Cloud Platform have definitely helped in proactive issue resolution. Alerting is one of the most prominent features of Splunk Cloud Platform because we have set numerous alerts for daily ingestions. Health monitoring of Splunk dashboards is another valuable feature. We have alerts for thresholds, alerts for users, and alerts for failed logons. For example, if someone is trying to log in more than five times and failing, we have alerts for that as well. This is very useful for us.

Machine learning tools of Splunk Cloud Platform have helped to predict trends in our data. Using machine learning libraries, it is easy for us to analyze data and predict our upcoming data. This makes it pretty straightforward for us in daily operations using the machine learning toolkit.

What needs improvement?

One aspect I dislike about Splunk Cloud Platform is that cost can become high as data ingestion increases. The initial learning curve for SPL and cloud setup is also difficult for some new beginners.

For how long have I used the solution?

I have been using Splunk Cloud Platform for the past one year.

What do I think about the stability of the solution?

Regarding stability, Splunk Cloud Platform does not lag or crash. It is highly scalable and stable for us.

What do I think about the scalability of the solution?

Splunk Cloud Platform is very scalable for us because we conduct day-to-day operations in Splunk Cloud Platform itself. We are increasing our team both horizontally and vertically.

How are customer service and support?

The technical support regarding Splunk Cloud Platform is good because they are always helpful. Whenever there is an upgrade, we notify them and they upgrade it for us. Everything is straightforward and simple with them. So far, we have had no issues with them.

What other advice do I have?

Since Splunk Cloud Platform is a fully managed service, there is no need to handle servers, upgrades, or maintenance. Everything is managed by Splunk, which makes it pretty straightforward for us to use and complete every everyday task. There is no infrastructure management required and it enables faster development. It is highly scalable for us.

For new users, my advice is that if you are looking for a SIEM tool and you can afford it, then Splunk Cloud Platform is the best SIEM tool you can use because it is highly scalable and solves our day-to-day operations and use case. Everything is available within a single platform. I would rate this solution a nine out of ten.

    Dhruv Vyas

Centralized monitoring has improved real-time insights and alerting for daily operations

  • April 26, 2026
  • Review from a verified AWS customer

What is our primary use case?

We have used Splunk Cloud Platform for the past one year. We use Splunk Cloud Platform for system monitoring and alerts, and we have personal dashboards to monitor our activities. We ingest logs and monitor all of our operations. We also use AWS along with Splunk Cloud Platform.

What is most valuable?

The powerful search capabilities using SPL are what I appreciate about Splunk Cloud Platform. The second feature we value is its real-time monitoring and alerting.

The best feature is that Splunk Cloud Platform is handled by the Splunk team itself, including installation and all related tasks. We do not have to touch anything; we simply use it for our case.

SPL search capability is one of the primary tools we use every day. We have different search queries configured for alerts, dashboards, and all related functions. It is one of the major tools we use in our daily operations.

Overall, Splunk Cloud Platform is cost-efficient for us because we are Splunk partners, and it offers better performance. It has improved our faster query execution and includes an inbuilt dashboard with better dashboard performance. We gain more meaningful insights using Splunk Cloud Platform compared to other SIEM tools.

What needs improvement?

The initial learning curve should be more personalized for new users who just started using Splunk Cloud Platform. Additionally, the documentation should be more beginner-friendly.

For how long have I used the solution?

I have been using Splunk Cloud Platform  for the past one year.

What do I think about the stability of the solution?

Splunk Cloud Platform is working fine for us; it is superb.

What do I think about the scalability of the solution?

It is super scalable for us, whether you consider horizontal or vertical scaling. We are expanding in both directions, so it is highly scalable for us.

How are customer service and support?

We have escalated questions regarding Splunk Cloud to Splunk. During the upgrade, we experienced some issues with our forwarders not coming up and some issues with our search head. All of the issues were resolved. We raised support cases and our issues were solved by the Splunk team itself. It has been good for us so far.

Which solution did I use previously and why did I switch?

We directly use Splunk Cloud Platform.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

It is super smooth; Splunk Cloud Platform integrates with ServiceNow smoothly. We have experienced no problems so far in that regard.

What was our ROI?

We have seen a return on investment with Splunk Cloud Platform at 30 to 40 percent.

What's my experience with pricing, setup cost, and licensing?

We are Splunk partners, so in Splunk Cloud Platform, pricing is not an issue. It is balanced, and from a pricing perspective, it is good for us.

What other advice do I have?

If you are looking for a SIEM tool that has all the capabilities, you should definitely opt for Splunk Cloud Platform. I would rate this solution a 9 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Sydney D'Souza

Advanced searches and tuned alerts have improved investigations and support daily security work

  • April 22, 2026
  • Review provided by PeerSpot

What is our primary use case?

Correlation searches and search indexing queries in Splunk Cloud Platform are very valuable and quite useful for my daily work.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

What is most valuable?

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's integrations with third-party tools have had quite an easy impact on my daily operations. Initially, the outdated threat intelligence led to notable IP addresses going undetected. However, after integrating Talos and VirusTotal, we can quickly determine whether an investigation requires immediate attention or a deeper analysis, which has saved us considerable time. When we implement the SOAR solution in August, I expect we can provide even more details about integration with third-party intelligence platforms.

What needs improvement?

Splunk Cloud Platform's user interface is quite simple and needs to be updated; it feels as if I am using a platform from two thousand fifteen. However, I do appreciate the new feature for starting investigations, which allows us to save our work for later analysis.

I would like to see improvements in the UI, and while I recall that Cisco has acquired parts of Splunk, I would love to see more integration with threat intelligence platforms like VirusTotal, which are widely used. Currently, to implement VirusTotal, we have to purchase it, whereas we use Talos, but we mostly rely on AbuseIPDB and VirusTotal in the SOC.

For how long have I used the solution?

I have been dealing with Splunk Cloud Platform for two and a half years.

How are customer service and support?

I have no problems with technical support at all. We connect with them often, and when we have issues, we raise a ticket and schedule a call. Generally, we find a resolution during that same call, which is quite efficient.

I would rate their technical support as eight out of ten.

There is still some room for improvement regarding response time and first-level support quality. While responses are typically received the same day, the analysis process can take time.

How was the initial setup?

Initially, the setup was tough for us, but now that we have become familiar with Splunk Cloud Platform, I find it quite simple. However, newcomers may still face difficulties.

What other advice do I have?

Regarding Splunk Cloud Platform's machine learning tools, we are not currently exploring the XDR solution or SOAR solution part but are planning to move from SIM to SOAR this coming August. We have implemented Cisco Talos as a threat intelligence platform, and we also included VirusTotal.

I have created approximately one hundred reports for different users since we fetch data from various sources. Each team has different requirements, whether it is for Trend Micro, M365, Zscaler, or Okta, and I have organized these reports on a dedicated dashboard. It is quite useful for them, and they regularly come up with new requests that we incorporate into the dashboard.

When it comes to pricing, I would say it is a bit more than fair—more than competitive. Compared to Microsoft, which is cheaper, Splunk Cloud Platform is a bit expensive. However, relative to Trend Vision One or CrowdStrike, the pricing is comparatively lower.

We have a lot of documentation available, which I feel is adequate. Each solution, including CrowdStrike and Trend Micro, has its documentation, and it is about how well one handles it based on their experience.

My overall review rating for Splunk Cloud Platform is eight out of ten.

    Dhaval Bhalgamadiya

Centralized log insights have improved incident response and operational visibility

  • April 17, 2026
  • Review from a verified AWS customer

What is our primary use case?

In our organization, we use Splunk Cloud Platform for log management, operational visibility, security monitoring, and for ingesting logs and fast data. We focus on creating dashboards and configuring alerts for the overall visibility of our systems and for the monitoring and observability aspect.

What is most valuable?

I appreciate that Splunk Cloud Platform accepts all of my data. All of my data from different firewalls and applications gets to the one platform. Another valuable feature is the SPL query. After my data is centralized, I can use SPL queries for better analyzing and searching my data so I can detect anomalies or threats or for incident response. If any of my deployments fail, I can quickly respond to the incident.

Operational insights are crucial because my application logs are there, my firewall logs are generating there, and any new deployment from the CI/CD is there. This generates logs there. If any deployment has failed or if any application is failing, it increases my overall operational efficiency and helps my team with incidents.

The search capabilities of Splunk Cloud Platform are very powerful and can give me deep analysis of the events. The dashboards and the visual capabilities of Splunk Cloud Platform are also excellent. Dashboard Studio allows me to highly customize and create visually rich dashboards. The infrastructure features such as Smart Store and proactive monitoring help me in my day-to-day operations of the company.

We use Splunk Cloud Platform's alerting mechanism. We have integrated an API with ServiceNow, which works well for us.

The third-party tool integration with Splunk Cloud Platform is beneficial for us. We were using third-party tools before Splunk Cloud Platform. When we introduced Splunk Cloud Platform to our organization, it was very helpful that it could be integrated with third-party tools, so we did not need to change our tools. Splunk Enterprise tools for security and other functions can also be integrated with this platform. That is also a good feature for us.

What needs improvement?

One improvement I would suggest is in the cost part. Splunk Cloud Platform cost is generally generated on high data volume. It can be relatively expensive for a smaller company. Our company is in the mid-term range, but the cost could be improved. Additionally, the learning curve for SPL is a little bit hard for beginners, otherwise it is fine.

For how long have I used the solution?

I have been personally using Splunk Cloud Platform for the last one year, but my company has been using it for the last two to three years. However, I recently joined three months ago.

How are customer service and support?

Technical support for Splunk Cloud Platform is good and proactive. In some cases, the initial responses may not fully address the issue. However, through escalation, the support team usually provides effective solutions and is very helpful.

Which solution did I use previously and why did I switch?

We first used Grafana and Prometheus for the monitoring and observability. We had used open source tools as well. For the security and better visibility, my organization switched to Splunk Cloud Platform.

How was the initial setup?

Splunk Cloud Platform is a public cloud SaaS deployment. The initial setup was very fast and we do not need to maintain any infrastructure or backend infrastructure. This is a huge benefit for us.

Splunk Cloud Platform handles the platform deployment. From the user side, the main task was only to install forwarders and configure data ingestion, which was also quite a simpler task.

What was our ROI?

The ROI with Splunk Cloud Platform is on the higher part. It has improved the efficiency of our overall organization. The incident response time to any failure has increased more than 50 percent. The overall visibility of the system, architecture, and infrastructure has increased. All of our data is going on the one platform. These are all the ROIs which we get from Splunk Cloud Platform.

What other advice do I have?

We have not used Splunk Cloud Platform's machine learning tools yet, but we are planning to use them for threat detection and anomalies, so it can detect that threat by itself through automation. We are planning to use it in the future.

Splunk Cloud Platform has improved the efficiency and reduced the manual effort for us. It has improved faster detection and the response time has decreased significantly. The data pipeline optimization feature reduces the ingestion volume for us. These metrics are very helpful for us, and it also reduces the cost through data pipeline optimization.

My advice would be to fully utilize Splunk Cloud Platform by ingesting as much data as possible and to invest time in learning SPL and best practices for leveraging the Splunk community. My overall rating for this product is 9 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    Aman Dhanesha

Centralized logging has reduced troubleshooting time and delivers proactive alerts for APIs

  • April 16, 2026
  • Review provided by PeerSpot

What is our primary use case?

Splunk Cloud Platform is used to monitor everything, as we have multiple applications from which we get multiple data and multiple logs. We centralized our logging system, centralized our APIs, and everything into it. If any APIs fail, we created multiple alerts over there. We use it for that purpose.

What is most valuable?

The best features of Splunk Cloud Platform are the ecosystem that has been created. We do not have to worry about many small things or many big things because the cloud gives infrastructure that is handled on their end. That makes it very easy for us to get used to it. The main beneficial case for us is the dashboards, alerts, stability, cloud scalability, and everything.

The search capability is pretty good because we have been using it for the last one year and it works very smoothly. The search functionality works very smoothly with us. Recently, we faced one issue, and with this feature, we got to know from which end this problem occurred. We directly dived into it and solved that thing. It is useful.

The alerting mechanisms work very proactively because that is the main use case of Splunk Cloud Platform. One of our application APIs got shut down because of some random issue or error. Because of the alert message, during our peak time, we got to know something was wrong. We directly fixed it and the rest of the things worked easily.

The ingestion and visualization feature of Splunk Cloud Platform is very good. It helps us a lot to create multiple reports and multiple dashboards because visualization can help us create multiple things into it.

What needs improvement?

Splunk Cloud Platform is almost a nine out of ten, but the main improvement point is the user manual. Recently, we got stuck somewhere in an error, but because of the less documentation available in ChatGPT or in any LLM, we had to go through every documentation and then we got the result. If Splunk can provide some LLM or any AI tool for error solving, it would be better.

The deployment of Splunk Cloud Platform is easier. If we get a better user manual, it can be even easier, but it is quite easy.

For how long have I used the solution?

We have been using Splunk Cloud Platform for almost one year.

What do I think about the stability of the solution?

Per our use case, Splunk Cloud Platform is very stable because we use multiple platforms. Even in high volume and high traffic, it works very stably.

What do I think about the scalability of the solution?

Splunk Cloud Platform is more scalable and a very scalable thing. We used it in high volume during peak hours of our traffic, and it runs smoothly.

How are customer service and support?

The technical support is pretty good. Whenever we get stuck, we have used it two or three times, and it is pretty good.

Which solution did I use previously and why did I switch?

Splunk Cloud Platform is compared to other solutions because previously we were using DataDog for the same thing. The ecosystem provided by Splunk, the support they provide, better dashboards, better alerts, and everything is why we moved to Splunk Cloud Platform.

How was the initial setup?

It took almost one hour to deploy Splunk Cloud Platform, or one or two hours.

What about the implementation team?

In our organization, three people use Splunk Cloud Platform.

What was our ROI?

Using Splunk Cloud Platform saves us time because previously we took two to three hours troubleshooting any problem, but now we get to know which particular area of the API is throwing an error and everything. Almost one and a half hours, or almost two hours, are reduced by using Splunk Cloud Platform.

What's my experience with pricing, setup cost, and licensing?

The pricing did not come under me, it is from the management department. We think it is more reliable to move with it, which is why we shifted from DataDog to Splunk Cloud Platform.

Which other solutions did I evaluate?

Splunk Cloud Platform rates as a nine out of ten, or 9.5.

What other advice do I have?

We are a customer in our relationship with the vendor.

We have not used the machine learning tools yet.

The integration with third-party applications is pretty good. We have integrated our mail application into Splunk Cloud Platform. Whenever the alert comes, we get to know and we can work on it 24/7.

We highly recommend Splunk Cloud Platform. If you are working with any data or any APIs from any logging system, or any log you have to track, Splunk Cloud Platform is a very good platform to work with. The overall review rating is 9 out of 10.

    Yevheniy Moyko

Centralized monitoring has strengthened incident detection and automated alerting for our clients

  • April 14, 2026
  • Review provided by PeerSpot

What is our primary use case?

We use both Splunk Cloud Platform and Splunk Enterprise Security. We operate as an MSP and are also a customer for the on-premise solution. We use Splunk Cloud Platform for monitoring purposes, and we use Enterprise Security for the incident monitoring tool, which is a premium solution for both Splunk on-premise and Splunk Cloud.

What is most valuable?

The best features of Splunk Cloud Platform are that you do not have to manage anything and do not have to worry about anything. It is scalable, easy to use, and reliable.

Regarding the machine learning tools in Splunk Cloud Platform, machine learning is great, but it requires specially trained people who understand it and have already worked with machine learning, making it challenging for those who do not have that expertise.

The price of Splunk Cloud Platform is very high, but you get all the advantages when you do not overpay for that. Some customers choose cheaper vendors, but for me, it is a perfect solution with many integrations, ready-to-go rules, and dashboards. It is feature-based.

Regarding the ingestion and visualization features in Splunk Cloud Platform, any device or system that can produce logs can be ingested into Splunk. There is no problem with many different possibilities to ingest the logs, making it a really great tool. Regarding the dashboards, there are also many possibilities to create them. If you know XML, you can write directly in XML and have your own custom dashboards, or you can do it via templates. These are great features.

What needs improvement?

One area that has room for improvement in Splunk Cloud Platform is support. The support knowledge base is the primary concern for me because we had several cases working with support teams, and they could not resolve our problem.

For how long have I used the solution?

I have been using Splunk Cloud Platform for about three years.

What do I think about the stability of the solution?

I rate the stability of Splunk Cloud Platform as ten plus.

What do I think about the scalability of the solution?

I also rate the scalability of Splunk Cloud Platform as ten.

How are customer service and support?

I would rate support for Splunk Cloud Platform about six out of ten.

What other advice do I have?

When assessing the effectiveness of the search capabilities in Splunk Cloud Platform, I notice that searches are slow, which is the main disadvantage of Splunk, but the rest is really great and the most mature. The alerting mechanisms in Splunk Cloud Platform are configured as well as possible, so you can get all the information that you need. They are really great.

As a certified Splunk Architect, I consider Splunk the best solution when comparing it with competitors including Elastic, Sumo Logic, Datadog, and Microsoft.

Regarding integration with third-party tools, Splunk provides federated searches, allowing you to search data even without integrating Splunk with other features such as AWS or data lakes. This is separate pricing, but it is still possible and works really well. However, the downside is that you need to buy additional SOAR if you want to automate certain things such as blocking an IP or user or removing a user or revoking their session.

Approximately thirty to forty people work with Splunk Cloud Platform.

Splunk Cloud Platform is hosted on Splunk Cloud, though this is a tricky question since we also have on-premise Splunk installed in the cloud of client infrastructure. I am discussing only Splunk Cloud Platform here.

My advice for Splunk is that it is the best SIEM solution for me. Based on your needs, you will need a POC. It is good enough for small, medium, or enterprise clients, but you will also need to invest in people who need to learn how to write searches and work with the solution because it is not easy. If you have appropriate people, it will be worth its cost. The learning curve for Splunk Cloud Platform depends on which level you want to achieve, but the downside is that most of their really good trainings are not free, so you will need to invest in learning. I give this review an overall rating of ten.

showing 1 - 10