Splunk Cloud Platform is my main use case, which we sell to our channel partners within the channel community that then sell it to their customers, primarily as a cloud-based platform that collects data, analytics, and monitoring. It is mainly used for log management, security monitoring, known as SIEM, IT operations monitoring, and customers can use it for infrastructure troubleshooting and compliance reporting, but primarily for getting real-time analytics. It is a useful SaaS cloud-hosted tool that manages infrastructure, upgrades, scaling, and maintenance for customers.

A specific example of how a customer uses Splunk Cloud Platform in their day-to-day operations is how it collects logs from Linux, Windows servers, Azure, and AWS. Teams can run powerful searches using SPL, search processing language, to find failed logins, investigate outages, and trace application errors. It also automatically alerts the team for system failures, CPU spikes, security threats when they occur, and API slowdowns, showcasing just a couple of examples of what our customers use Splunk Cloud Platform for.

Splunk Cloud Platform provides a complete picture regarding how customers use it. It includes capabilities around machine learning and dashboards that allow them to monitor KPIs, have a real-time operational view, and executive reporting from all the logs.

Splunk Cloud Platform's best features include its scalability, as it can handle terabytes of data and is probably one of the market leaders within SIEM capability, which is very strong. In this day and age, cybersecurity products need great integration, and it has a huge ecosystem that can integrate with over 1,200 integrations and applications. Another major positive is that it is cloud-managed, which means less infrastructure management. Finally, the main feature that many people value, and our customers provide feedback on, is real-time analytics with fast detection and troubleshooting.

Splunk Cloud Platform has positively impacted my organization by reducing the need for infrastructure management due to being a SaaS cloud platform. The main use case is detecting cyber attacks faster. For example, a large financial institution, a bank, used Splunk Cloud Platform and identified failed logins, impossible travel events, VPN anomalies, and endpoint alerts when attackers attempted credential stuffing. Without Splunk Cloud Platform, those alerts existed in multiple systems, and detection could take days, but with it, events were correlated correctly and raised a single notable event, triggering alarms immediately. This significantly improves mean time to detect and respond, reducing investigation time from hours to just 10 to 30 minutes for common incidents by providing a single pane of glass visibility for SOC teams.

Splunk Cloud Platform has areas for improvement, including the fact that it is obviously an enterprise tool and can be expensive, which is the biggest complaint I have noted. Costs can rise due to high data ingestion and long retention periods, along with a complex licensing structure that makes pricing difficult to predict as usage grows, especially since more systems send logs. There are also performance concerns at scale where users have reported slower searches and expensive long-term storage needs, particularly in multi-terabyte environments. Additionally, operational complexity exists as enterprises still need to do data onboarding, create dashboards, handle retention policies, access control, and performance tuning.

These are the three key areas of improvement I have identified.

I have been using Splunk Cloud Platform for approximately three to four years at various different places of work.

Splunk Cloud Platform is undeniably stable, which is one of its key advantages. While it may come with a high price tag and face scalability issues, its stability is commendable, enabling easy visibility into logs, effective data ingestion, and successful operations with diverse integrations and third-party platforms.

My customers typically leverage scalability and integration features across the main cloud providers, primarily AWS, integrating with CloudWatch, CloudTrail, S3, and Lambda for cloud security monitoring and audit logging. They also integrate with the entire Microsoft stack, including Defender for Cloud, Sentinel, Azure ID, and Azure Monitoring, as well as Google Cloud, where GCP integrates with Cloud Logging and Pub/Sub security command center. We also have integrations with major SIEMs including Sophos, CrowdStrike, and firewalls from Palo, Fortinet, Cisco, and Juniper, and identity management tools including Okta, Ping, and Duo. For threat intelligence, we get much of our integration from Recorded Future as our main integration, but they are just some of the top ones we integrate with effectively.

Splunk Cloud Platform's scalability works well, especially for smaller businesses, but can present issues for larger enterprises facing stricter regulations and greater integration requirements.

Customer support with Splunk Cloud Platform is really good. The CSMs and account managers in the channel team are great, providing assistance not just with selling the product but also for implementation, deployment, and aftercare. I would rate customer support a nine on a scale of one to ten. There have been a couple of instances where issues arose, which is why it does not earn a full ten, but overall, it stands out as a really good platform and contributes to why they remain number one in the business.

I have not personally switched from a different solution to Splunk Cloud Platform, but we utilize various different solutions for SIEM, including QRadar and Exabeam, alongside newer tools including DataDog and Elastic.

My experience with pricing, setup costs, and licensing is that while the setup costs are straightforward and not overly burdensome, licensing for small to mid-sized enterprises is favorable. Highly regulated businesses, including financial services and banks, tend to use Splunk Cloud Platform regularly, and while it is a high-quality product, the costs can elevate significantly as scalability needs grow within larger enterprises.

My partners deploy Splunk Cloud Platform in several different ways. My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly.

I have observed a robust return on investment with Splunk Cloud Platform, particularly in how quickly it enables the detection of breaches. We see logs between 10 to 30 minutes in contrast to six hours with other platforms, marking a substantial ROI for organizations needing to prevent breaches that can cost from tens of thousands to the average ransomware cost in the UK of 3.2 million last year. Being able to resolve issues quickly not only saves money but also minimizes the need for additional security personnel, thanks to the effectiveness of its log prioritization and integration capabilities.

Before choosing Splunk Cloud Platform, the primary alternative evaluated was DataDog, although that was not my decision directly.

The aforementioned examples are the best ones to highlight regarding positive outcomes about how Splunk Cloud Platform has helped my organization or my customers.

My partners typically purchase Splunk Cloud Platform through distribution and channel partners, rather than directly. My impressions of Splunk Cloud Platform's visibility into multiple environments, including cloud, on-premises, and hybrid are very positive. It excels at monitoring across these environments and provides high capabilities, especially strong in centralizing visibility. This is facilitated by effective cloud monitoring alongside mature on-premises monitoring, all visible in a unified dashboard for SIEM use, supporting massive scales and deep forensic investigation across all these monitoring types.

My impression of Splunk Cloud Platform's zero setup feature for AI models is mixed, as there have been a couple of problems. Data is never standardized among organizations, leading to different log formats and inconsistent field naming. Therefore, AI cannot understand the data without mapping it first. Moreover, there is a need for context rather than just raw data, and integration remains unavoidable. Splunk Cloud Platform's zero setup AI concept feels more like a marketing idea than reality, as it requires careful scrutiny in enterprise environments. The main blockers noted remain related to data integration and standardization.

My experience with Splunk Cloud Platform's application ecosystem is that it is easy to manage for small and simple environments, as management involves just installing the application and configuring the data. However, for enterprise environments, management becomes really complex when dealing with multiple applications and teams, especially in larger organizations or heavily regulated industries including financial services and banking, where governance is stringent.

Splunk Cloud Platform scales extremely well at enterprise and hyperscale levels with some cost and architecture considerations. It can ingest almost limitless data and scale impressively, but higher data volumes present challenges, including costs, poor data hygiene, slower searches, and operational complexities that arise even in cloud environments. Despite these challenges, Splunk Cloud Platform scales extremely well technically; however, in real-life enterprise contexts, the main scaling limitation is not infrastructure but rather cost, data volume discipline, and query efficiency.

In comparing native models to third-party integrations within Splunk Cloud Platform's environment, I find that native Splunk scores high in integration quality and stability. However, it lacks the customization and innovation speed found with third-party options. Native models require very low maintenance effort, which contrasts with the medium to high maintenance needed for third-party applications. Each model has its advantages: the native model excels in core SIEM engines and performance-critical workloads, while third-party models handle data ingestion for external systems and industry-specific applications effectively. Therefore, a hybrid approach, leveraging the reliability of native capabilities with the flexibility of third-party applications, is ideal.

Splunk Cloud Platform's subscription model significantly impacts financial planning for data platform investments by being quite complex and opaque. The licensing and subscription model are tough to decipher initially, largely due to the relationship between ingestion levels, data scaling, and the associated costs that increase with usage. Customers usually find that as they scale, their expenditure rises, with no clear set cost available when they first begin using it.

Splunk Cloud Platform is a market leader known for its strengths in enterprise-scale log analysis, advanced security monitoring, complex event correlation, and deep search capabilities. It is also highly customizable, making it an excellent choice for organizations unperturbed by cost and seeking a cloud-native design, especially if they have a SOC environment and a large IT estate. I would rate this product a nine out of ten overall.

I am also an end user of Splunk Cloud Platform. My usual use cases for Splunk Cloud Platform are to search logs and search data as I need for my security incidents. Searching logs and data for security incidents is my main use case.

The most valuable features or capabilities of Splunk Cloud Platform that I have found so far are mainly the search and the indexing engine, and I also find the data management of Splunk better. I have used both Splunk Enterprise and Splunk Cloud Platform, and I feel that the data management on Splunk Cloud Platform is handled by the Splunk team with much better expertise than its Enterprise Platform, where we had to manage storage and everything ourselves.

The effectiveness of Splunk Cloud's search capabilities in uncovering operational insights is pretty good. Once you know Splunk Query Language, or SPL, it is way better than any other data management tool, especially when analyzing and monitoring security logs, as it makes searching and minimizing threats much easier for me.

I use Splunk Cloud's alerting mechanisms to send alerts to my email, whether something happens in real-time or through scheduled Splunk query alerts for operational tasks like security incidents or operational warnings, such as when my storage is 90% full.

Splunk Cloud Platform's ingest and visualization features have helped me improve my data reporting significantly, as data ingestion and visualization are great, especially for creating dashboards from various sources like endpoints, firewalls, and web applications.

Operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

In my opinion, there isn't much to improve in Splunk Cloud Platform, but one suggestion would be to integrate AI or provide a more graphical query builder to reduce the learning curve for new users wanting to learn SPL.

I have been working with Splunk Cloud Platform for around eight months.

I rate Splunk Cloud Platform a ten out of ten for stability and reliability, as I have found it truly reliable while using it on AWS and as a SaaS platform, given the capability for high availability and multiple indexers ensuring data continuity.

I would rate Splunk Cloud Platform a nine out of ten for scalability. I think it's scalable due to the ease of integrating and deploying multiple indexers for data processing, although it does require some technical knowledge to configure properly for smooth operation.

I do not often communicate with the technical support of Splunk Cloud Platform. I often visit Splunk's documentation portal for troubleshooting and assistance with my queries, and I find it quite good. They offer videos to help users learn how to use Splunk and Splunk Query Language.

I feel that Splunk's documentation is highly maintained, regular updates seem to happen, and I don't have any suggestions for improvement as it is currently at its best.

Positive

I did not use a different solution for the same use cases prior to Splunk Cloud Platform. I only used Wazuh for security data logging but would not compare it to Splunk due to its broader capabilities.

I did participate in the initial setup and deployment of Splunk Cloud Platform, but I wasn't part of the decision-making aspect. The initial setup process for deploying Splunk Cloud Platform was quite easy as we only needed to identify our data sources and determine the appropriate ingestion method, followed by some technical configuration, assuming we knew how our data was structured.

I might not be the right person to comment on the return on investment in terms of cost, but operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.

I did not evaluate other options or vendors before choosing Splunk Cloud Platform. I did not participate in the decision-making process for choosing Splunk Cloud Platform, as I have worked operationally with it but was not involved in procurement.

I have not used Splunk Cloud's machine learning tools. I do not personally integrate Splunk Cloud Platform with third-party tools; however, I know that my separate team has integrated quite a few tools, leveraging Splunk's vast library known as Splunk Enterprise Applications.

I have been working with Splunk Enterprise Platform, which is the on-premises version of Splunk Cloud Platform, and it is almost the same except for the maintenance efforts required and the deeper learning curve. I wouldn't say there's room for improvement in Splunk Enterprise Platform purely regarding the search engine, as it largely depends on the resources allocated to the indexer for its performance. I have been working with Splunk Enterprise Platform for approximately three to four months.

I use Splunk Cloud Platform to analyze our company's logs and the applications that we run.

Previously when in our company, we had logs everywhere on multiple systems, it was a really big pain for me trying to find what I wanted. Now that it is all aggregated and centralized in one place with one interface, it is just a lot easier to get the information that I need.

The most valuable feature of the solution stems from the fact that I just like having one single point where all of our logs are aggregated and then having one interface that I can query and find the information that I want out of it.

My organization monitors multiple cloud environments and even the on-premises part. I would say that so far, it has been fine and easy to use to monitor multiple cloud environments using Splunk Cloud Platform. The tool works effectively, and it gets stuff from our on-premises servers into the cloud. It gets stuff from AWS into the cloud. I am able to, you know, use the single interface to access all the information I need.

It is very important for our organization that Splunk Cloud Platform has end-to-end visibility into your cloud-native environment. It is important since it helps to be able to see all the aspects of what our services are doing and how they are operating.

It helps with the mean time to resolve since it makes it easier to find the errors as they have occurred, so it has been a helpful tool.

I don't know how much the product has helped my organization improve business resilience.

I wouldn't know if my company has experienced any cost-efficiency by splitting to Splunk Cloud Platform.

I know that Splunk's unified platform helps consolidate networking, security, and IT observability tools for our company. Our company has an InfoSec team using it for their SCIM stuff, and then we have IT using it for some of the things they need to gather. Multiple teams in my company have benefited from using the tool. The consolidation of tools does impact our organization since I think it is probably easier for everyone to get access to stuff because everything is in one place, and it is one of the biggest impacts of the product I can think of right now. Instead of having things spread out across multiple vendors and multiple tools, it is all kind of in one thing that we can get at, and so it is probably easier for us to train people, and we know, like, how to access the solution since it is just one thing we have to learn.

I am relatively new to the platform. So far, I have been able to use it to do what I need. I know that there are a lot more features and functionality that I don't even know yet, so I am still on the learning side. I don't really have any recommendations related to things that need to be improved in the tool.

So far, it meets my needs, so I don't need to see any additional features in the tool.

I have been using Splunk Cloud Platform for six months. My company is just a customer of the solution.

I have not had a problem with the tool's stability. It has been available every time I needed it, and it has captured every information we have sent to it. It has been not just a good but a great solution.

I think the tool's scalability is fine. I have not run into any issues with the tool's scalability, so I guess it's good.

I have not had the chance to interact with Splunk's customer service or support, so I can't really evaluate them.

I don't know if there was some other solution used previously in my company. My company is just a customer of the tool.

The product was deployed before I joined the organization.

The solution is deployed on a hybrid cloud model, and my company has opted for AWS.

I believe that my company approached an integrator to help with the deployment of the product, but I am not sure about it.

I don't know about the ROI part.

I don't know about the pricing, setup cost, and licensing part.

I rate the solution a ten out of ten.

Our security team uses the Splunk Cloud Platform heavily. We index that data that is relevant to security for over a year. Most of our indexes, we only keep for 30 to 45 days. But for security, we keep it for a year here. It is an essential tool for our security team in investigating incidents and looking at the potential compromises, and exploits, of all those types of things. That's one example.

I'm one of two Splunk Engineers in the organization and almost every department uses Splunk. We create dashboards for different organizations. For example, We have temples all over the world. We produce statistics for the temples about how many people have visited each day, and how many sessions were done in different languages. That type of thing is all done through Splunk dashboards. Our missionary department has over 80,000 missionaries all over the world, statistics about what they are doing and the applications they are using are all done through Splunk.

Splunk Cloud Platform helped remove a lot of that administrative work, but also, it's much easier on the cloud for us to ramp up our SVC units if we see more demand and to be able to add more storage to our indexers. That's one thing for us as administrators that helps to be able to ramp it up quickly. When we were using Splunk Enterprise, that was a much more involved process, but now with Splunk Cloud, it's much easier to ramp that up. My partner and I are good at making sure that all of our users are using Splunk efficiently. We give them training regularly to make sure that their queries are well written, that they're not using indexes they shouldn't be, and that they're using the proper commands to be able to get the information they want. We do have to do this periodically because more and more of our users are using Splunk frequently, and we'll have to talk to a Splunk rep to increase our SVCs. For us, as administrators, that's very helpful.

We monitor multiple cloud environments using Splunk Cloud. It's been quite easy for us. We have an in-house Cloud Foundry and we use AWS and Azure quite a bit. We haven't had problems integrating or monitoring with any of those platforms. It's been great for us.

The end-to-end visibility that Splunk Cloud Platform has in our cloud-native environments is important. We do a lot of correlation across the entire enterprise. We need to have good visibility into all of our logs across all of our cloud Platforms, and in-house on-premise stuff, which we're getting with Splunk.

We use a lot of different monitoring tools, not just Splunk. We use Nagios, ThousandEyes, AppDynamics, and Dynatrace. Splunk is an important part of that. It is a mission-critical application for us. The alerts we set up in Splunk are ones we can't do with the other tools. Every one of those tools is a key piece of what we do as a monitoring team, but what we love about Splunk is that we can create alerts that we can't do with the other tools. That has helped us reduce our mean time to resolution.

The Splunk Cloud Platform has helped improve our organization's business resilience. Splunk helps predict, identify, and solve problems in real-time. What we love about Splunk is its flexibility to pull out data that we can't see in other applications or that the commercial office software has not produced itself. But through the logs and being able to adjust it to Splunk and being able to write the queries that we need to, we can pull that data out, and it helps us to be much more efficient in predicting potential problems because we know our applications well and know the red flags to watch for. We can create the alerts needed to predict when something can potentially go down or have problems.

We have seen cost efficiency by switching to the Splunk Cloud Platform. The biggest part for my partner and me is that Splunk Admins saves us time. I used to be the guy who would patch all of our enterprise indexers, servers, and distribution servers. That would take me quite a bit of time. Even though we had automated scripts that would do a lot of that, it still took a fair chunk of time to go out and do the maintenance and patching required. That freed up a lot of our time, made us a lot more efficient, and allowed us to work on other projects we couldn't do before. I do front-end development for some other products, but I didn't have the time before, and switching to Splunk Cloud has freed us up. Being able to ramp up our SVCs and storage is much easier than it was before. We had to spin up virtual servers, provision them, and ensure licensing. With Splunk Cloud, it's much faster and easier. The total cost of ownership has improved.

Before we started using Splunk Cloud, we were using Splunk Enterprise. My partner and I were spending quite a bit of our time keeping the servers patched, up to date, and running the way that we wanted them to. Now that's all gone with Splunk Cloud. That has freed up a lot of our time so that I can spend most of our time helping people, learning SPL, and helping them with their dashboards, alerts, and reports. Splunk Cloud has helped us to be able to focus on getting more information out of our data. Whereas before, we were doing mostly administrative stuff. Now we don't have to do that anymore.

We're interested in learning more about the new AI features, especially the natural language to SPL conversion. While we jokingly worry these features might replace us, our main focus is helping users understand Splunk and build dashboards. We're curious how these AI features will integrate into our work, how many people will use them, and if there will still be a need for our Splunk expertise. Overall, we're excited to see how AI will impact our work.

I have been using Splunk Cloud Platform for three years.

Splunk Cloud Platform has been extremely stable. In some of the major upgrades, like, when we switched over to version nine there were a few hiccups that caused performance slowdown, but as far as stability, it's been great. In the last year, it's been extremely stable and very performant. It's just in the months after some of the changes over to version nine, we had a few problems, but nothing since then.

We have no concerns about scalability. We frequently upgrade the number of SVC units we require. We're using Splunk Cloud enterprise-wide. We're getting more and more departments using Splunk or asking to use it. Everything is on Splunk on a basic level. Security is a big deal. All our virtual servers, cloud environments, and everything that ties into security are already being adjusted to Splunk. As far as the application level, people want to get more information out of their application or data. We don't have problems, questions, or concerns about scalability. We know it's there.

We have a big instance in the cloud, and we have occasionally had a few issues here and there that took some time to resolve. For the most part, the customer service and resolution of issues have been very responsive from Splunk. We just had a handful of issues here and there but for the most part, the support has been good.

Positive

We have been using Splunk for many years. Before Splunk Cloud, we were using Splunk Enterprise.

The deployment was straightforward because we migrated from Splunk Enterprise on-premises to the Splunk Cloud Platform.

We used an in-house Splunk consultant who worked with us for six to nine months to transition from Enterprise. He was efficient but it was a big process. It took at least six months to fully transition over because of our big footprint.

We saw a return on investment when we switched to the cloud platform from Enterprise. We were able to consolidate everything with the cloud.

We were involved in the renewal process, and our organization does reviews of all our partnerships that we have every two to three years to ensure they are meeting our needs, there isn't a better solution out there, and we won't save money by going somewhere else. It's usually a four to six-week process when reviewing software and partnerships, and every time we go through Splunk, the review only lasts one day. We love Splunk and we're not switching.

I would rate Splunk Cloud Platform ten out of ten.