Currently, I am working with Splunk Cloud Platform and other things for my clients.

I have been working with Splunk Cloud Platform for around 2 years now while integrating it.

What I appreciate about Splunk Cloud Platform is that it's an AI-driven SIEM platform, and for data fusion stock, we require Splunk Cloud Platform because none other than Splunk Cloud Platform can have this data-driven stock implemented; it allows you to get into the data repository.

The real-time search capability of this product enhances operational decision-making, and it's very convincing; this aspect is very convincing from Splunk Cloud Platform's side.

The disadvantage of Splunk Cloud Platform is that its integration process should be improved.

The challenges I have encountered while integrating Splunk Cloud Platform include that integration is a bit difficult due to the coding required for the integrations.

I have been working with Splunk Cloud Platform for around 2 years now while integrating it.

I would say that it was a bit difficult to deploy Splunk Cloud Platform; the user interface is easy, but deployment is difficult because it needs coding to integrate things.

I think it's a scalable solution; it's pretty much scalable.

I can rate the technical support of Splunk Cloud Platform as eight; they are quite helpful.

We are system integrators, but the client chose another vendor instead of NNTT.

The deployment took around 3 to 4 months.

Three people took part in deployment from my side.

It was indeed a huge deployment; it was one of the banks in Pakistan, so we required three resources to get it done.

Splunk Cloud Platform has impacted operational costs; it's a bit expensive, but it provides value for money.

If I were to rate the price for the product from 1 to 10, I would rate it nine.

I am currently working with the solution, but I need to know from which NNTT.

The interface is okay; its interface is good, and user interface is good.

I would recommend Splunk Cloud Platform to other users and organizations because it adds value to the organization; you can do different things with it because it's a pure analytical tool, not only a SIEM tool.

I am mostly focused on Splunk Cloud Platform because I chose this vendor due to the feature set that was offered by Splunk Cloud Platform; it was not being offered by any other vendor.

Splunk Cloud Platform is the vendor I am referring to, not NNTT.

Maintenance for Splunk Cloud Platform has been done manually, not automatically.

Usually, one person takes part in maintenance.

Regarding the number of users for Splunk Cloud Platform, it involves discussing the number of organizations or the number of people working in those organizations.

In general, I would rate Splunk Cloud Platform a nine.

I use the Splunk Cloud Platform for security monitoring. My company is a technology company with over 40,000 employees.

The Splunk Cloud Platform offers easy data ingestion and a user-friendly interface for product teams, particularly for straightforward log shipping.

Splunk Cloud Platform offers easy integration due to its robust and well-documented APIs. These allow seamless integration into existing pipelines and other products and the flexibility to create custom integrations as needed.

Splunk Cloud Platform helps access data for compliance and privacy regulations. While some manual work remains, it assists with meeting compliance and regulatory requirements, especially regarding logging, reporting, and monitoring, solidifying its position as the industry standard.

The most valuable feature of Splunk Cloud Platform is its robustness and ability to ingest logs.

Splunk Cloud Platform needs improvement in its security offerings, specifically in cybersecurity. It has not kept pace with competitors over recent years, and integration with the Cisco ecosystem after Cisco's acquisition of Splunk has also been slow. The product should incorporate more readily available features, especially in security monitoring.

The federated search feature is costly.

Extracting meaningful insights beyond essential log data proves challenging due to the product's reliance on manual processes. Users must manually configure detections, develop logic for insights, and manage dashboards. While the product boasts numerous out-of-the-box capabilities, these often require extensive modification to align with specific user needs, limiting their practical applicability.

Splunk Cloud Platform doesn't inherently provide visibility as a standalone product. It's a platform for building custom visibility solutions. We need to feed it data and then write logic to define what insights we want to extract. While pre-built solutions might be available in the marketplace, Splunk doesn't offer out-of-the-box visibility. If we know our requirements, we can utilize code and research to create custom dashboards, but it requires effort and expertise.

The pre-built reports in Splunk Cloud Platform are generic and require manual adjustments to extract specific, granular information, which requires the user to be knowledgeable.

I have been using the Splunk Cloud Platform for over ten years.

The customer service and support for Splunk Cloud Platform are mediocre and often hit or miss. Premium support is costly and may not always provide a satisfactory experience, as even the support engineers can sometimes be stumped.

The initial setup of the Splunk Cloud Platform is straightforward. Professional services are available to assist in deployment, including setting up Splunk forwarders and building data models. With adequate support, full deployment can be efficiently achieved.

Full deployment is a lengthy process, but achieving 50 percent deployment can be achieved within one to two quarters.

Deploying Splunk Cloud may require different resources depending on the size of the data ingested daily. Two to three people may be sufficient for smaller terabyte ingestion, whereas a team of four to five might be needed for larger ingestion.

The return on investment with Splunk Cloud Platform has been poor. There is a significant possibility we will be replacing it in the next quarter or two.

Splunk Cloud is considered too expensive, with its two product offerings both being costly. I would rate the cost an eight out of ten, with ten being the most costly.

Splunk Cloud Platform is not impacting a lot of decisions. But if we write very good reports and dashboards, then we can derive insights from them for leadership to make concrete decisions on. So we have to do the legwork to get that output.

While Splunk Cloud Platform may not be a significant factor in decision-making, generating high-quality reports and dashboards can provide valuable insights for leadership to take concrete action. However, we must dedicate ourselves to the necessary work to produce those impactful outputs.

I would rate Splunk Cloud Platform a five out of ten due to its gradual decline over the last few years. While I would have rated it an eight out of ten four years ago, its performance and features have deteriorated, leading to my current lower rating.

My primary use case is for monitoring security logs and system logs. Apart from that, we create monitoring alerts and dashboards.

We also use it for Splunk application configuration, troubleshooting, and server patching. We have many other operations.

Integration with other systems and applications in the environment is easy. For example, we have Fortinet analyzer. We have to pull the logs from network devices into Splunk. We use Cribl pipeline.

For Cribl pipeline, we get that data to the Splunk syslog servers. From Splunk syslog servers, we're getting it into the indexes.

According to the license, suppose we have to onboard thousands of servers. Suppose a scenario, for thousands of servers, the user or client requires only specific events. So for that, we use props and cons and regex for specific events. And only specific events will be calculated in the license. That will consume the license also.

The incident response time depends on the query and alert configuration, and also on the environment and how the logs are streamed. By analyzing these factors, it takes a maximum of one to two days for one incident.

Alert scheduling, dashboard creation, and log monitoring are the most valuable features.

Federated search depends on the data we pull. We have three types of searches. We use federated search for long-running queries.

We have, like, 20% of MacBook Cloud environment. It is easy to monitor multiple cloud environments, but there are some onboarding challenges. We are onboarding from the back end and also using Hacktoken. Apart from that, we get data to Splunk using Cripple pipelines from Syslog servers.

Reporting is like this: if critical data is used by the client, we send it to the data user according to the schedule.

For log monitoring, we can definitely suggest Splunk is a good tool. And it helps with decision making processes.

For monitoring security logs, it's the best tool.

I use Splunk Cloud. Previously, I used Splunk Enterprise, but after that, we migrated to Splunk Cloud.

I have been using Splunk Cloud for more than three years.

It is a stable product. Right now, we are migrating from Datadog to Splunk, so I guess that's why Splunk is better than other tools.

It's deployed across multiple locations.

It does require maintenance. It depends on what Splunk vendor is being used.

The pricing depends on the logs and how many logs we monitor. On a daily basis, it depends on the events. Those licenses will be calculated in Splunk Cloud.

Overall, I would rate the solution a seven out of ten, with ten being best.

All the features for log monitoring, security, alerting, indexing of the data, parsing of the data are good. That feature makes sense and is helpful to everyone.

I would recommend it to others.

One client wanted their data in a readable format. He was in the UK, but his data center was in the US, so he tried to forward his data to the indexer. Because of the time zones, he faced some time stamping issues. They reached out to us to open a case that got assigned to me.

I learned which US time zone the data center was in and set the time stamps in the future. We changed the preferences to convert it into GMT so that whenever the data is onboarded to the indexes via universal or heavy forwarder, we can fetch the data in real-time.

We primarily use virtualization and deploy in Docker containers. We seldom use any physical servers. It's mostly deployed in a cloud environment or a virtual machine. It's typically Docker but sometimes Azure.

Splunk Cloud saved us a lot of money because we're working with databases like MongoDB and Oracle and using Splunk as a sync tool. It has its own indexes that cut costs by 15 to 20 percent.

It also improves our decision-making process. In one scenario, we compared the client's data from last year to this April and saw the year-on-year profit and loss. We could see which projects were successful. Compared to another SIEM or monitoring tool, it saved us time because the data is presented in a clean, customizable dashboard.

In an enterprise, you need a universal or heavy forwarder. If you don't have that, you need an HSE token or API request call and all the different components. In Splunk Cloud, you just have one instance to search all the data in your index. You don't need to manage it because Splunk handles that.

If you are using Splunk Enterprise, you need to understand, from A to Z, how the indexes and searches work and where the data is coming from. Splunk Cloud has a beautiful, user-friendly UI that lets you navigate all the settings.

It doesn't matter where the data comes from for integration. The dashboard gives you a brief overview.

When we're onboarding all that data using heavy forwarders, Splunk gives us better buffering performance and lower latency if we use the right components. If I use a light or universal forwarder, it often doesn't parse on the other end. Our projects use heavy forwarders and put those data into the index services while defining which indexes they should index. We are also micromanaging where that data should be.

The reporting is good so far. Sometimes, I help my clients improve their user experience. As an engineer, I would suggest that if a solution has back-end compatibility, clients should get out of their comfort zone and customize another app to create a dashboard or something else.

First-time users may struggle with the user interface. When I first used Splunk, I entered my username and password. After that, we get a dashboard on the left side with apps. At the top, you can click the gear icon to view the settings. Within those settings, there's a distributed console option with several settings. It's a bit overwhelming for a beginner. The user knows what they want and can search for it in the search bar. If I see several apps, my first instinct is to scroll down to find the app, or perhaps you will find that search and report. That bugged me when I was learning.

Application support is another problem. We created a custom Palo Alto app that isn't fully supported by the latest version of Splunk. We had to downgrade to older versions to use the custom app properly. That was one problem we faced daily with one client.

I have been using the Splunk Cloud Platform for two years.

I rate Splunk Cloud seven out of 10 for stability.

I rate Splunk Cloud eight out of 10 for scalability.

I rate Splunk support six out of 10. They're knowledgeable, but their response times are sometimes slow.

We have Prometheus, but that only monitors Grafana and shows you a dashboard. Splunk is not just monitoring or grabbing data you search for. I've worked with cloud and enterprise. When we started using Splunk Cloud, we used it more like a dashboard to search data. Based on my understanding, I could create applications.

After moving into the enterprise side, I understood Splunk even more, including its components, bucket lifecycles, and how the indexes and configurations work. It's not simply transferring data from one to another. I can grab data from any system that consists of raw data. Splunk can also identify those data in the timestamp index form. We don't have any other vendors to compare it to.

Deploying Splunk Cloud Platform is straightforward unless you use an automation tool like Ansible, Puppet, or Chef. It takes four to five hours. Installation can take a day in some cases, but it typically can be completed in less than five hours unless you're dealing with more complex data.

Splunk Cloud is affordable, depending on your license. I don't know how much it costs exactly, but my colleague said it depends on your licensing and which features you use.

I rate Splunk Cloud Platform eight out of 10. I would recommend this product.

We use it a lot for IT operations. We monitor various services that we manage.

We do not monitor a multi-cloud environment. We have a single stack.

It is very stable. Many things get managed at the backend. The infrastructure is managed by Splunk. We just have to focus on the use cases and the value we can drive from Splunk. Being able to focus only on the outcome of the product is valuable for any organization.

There has not been a significant difference when it comes to the meantime to resolution because it all depends on the use case and how much time it takes to run. However, as an admin, just focusing on giving valuable insights and not having to manage the infrastructure has been the most beneficial. Otherwise, the quality of the use cases is still the same. There is no difference as such.

Not having to maintain any infrastructure is valuable. That frees up a lot of time as well.

We are on the classic Cloud that is hosted on GCP. There are a lot of functionalities that are missing for Splunk Cloud hosted on GCP but they are available on AWS. Adding more IPs to allow lists and many other functionalities are not supported on Splunk Cloud hosted on GCP. One good example is the ingest action which is not there in Splunk Cloud hosted on GCP. I wish they would add these missing features to the GCP platform.

I have been using Splunk Cloud Platform for a year.

It is very stable.

We definitely have room to scale. In the future, we might scale our environment. The amount of ingestion is going to increase.

I would rate them a seven out of ten based on my experience. There were many instances where we did not receive proper help, so we had to escalate the issue through our account team and our customer success manager.

After the migration, whenever there was any maintenance, there would be an email saying that it was just maintenance. There were not many details about it. Once we started talking about it and giving feedback, they started adding more information. There are still some gaps in the support or the quality of service. From that perspective, I would rate them a seven out of ten.

We migrated to Splunk Cloud Platform from on-prem Splunk Enterprise a year ago. The main reason was to have no infrastructure management on our side. That was the main reason we shifted from Splunk Enterprise to Splunk Cloud Platform.

It was completely a smooth transition. There was a lot of data that we moved from on-premise to cloud. The transition was definitely smooth. The licensing and pricing were handled by the higher management. I have no idea about it, but the entire process of moving the data over was very smooth.

We are using Splunk Cloud hosted on GCP.

We utilized the professional services from Splunk for the migration, but after the migration, we have been taking care of everything.

We did not look into any other solution. We are totally into Splunk. We wanted a no-infrastructure-management environment and a better solution, so we moved to Splunk Cloud Platform.

Splunk's unified platform has not helped consolidate networking, security, and IT observability tools. The only product we use is Splunk Cloud. We are not using any of the other products like ITES, enterprise security, etc. No consolidation is required for us.

I would rate Splunk Cloud Platform an eight out of ten.

My role is in observability.

Some of our internal systems send data into Splunk Cloud. We had dashboards for our team's KPIs. We can check to see how fast the team reacts to events. Those reaction times a recordreed and sent to Splunk. From there, we can draw some dashboards. We can check to see who is doing well and who needs to improve. The power Splunk admins started moving into the Cloud.

The primary use cases are for team KPIs, log analytics, and error search. We would look for the relation of different events and draw dashboards to see how bad things were veering off from the timeline that we wanted to see.

Splunk helped us shape the picture of our team and enabled management to see who should be rewarded and who should be coached. It helped outline where KPIs were not being met. We could sit down and discuss what happened, and why it did not go as planned, and then we could make improvements in the processes. It helped us draw a broader picture of the entire team's capabilities.

With Splunk, everything is centralized, everything is in one place. We don't have to scramble and approach Splunk admins where to look.

In terms of networking, we managed to build good dashboards. We have a lot of firewalls and rules. If a new service comes up, if they don't have a firewall and nothing works, we can look at the Splunk dashboard and see the particular network flow and see if firewalls are blocking traffic. This is a Splunk function that people are happy and excited about. It shows us valuable information in an easy-to-understand way.

It's very important for us that Cloud Platform offers end-to-end visibility into our cloud-native environment. More and more functions are moving to the cloud, so it's not only for observability to see the system, but it's also for management and senior management to see that all of their applications are running as intended. If we try to spread out applications through multiple vendors, multiple regions, access groups, and whatnot, it becomes pretty important. It may become a challenge because of that spread. It brings resilience, but it also makes it more difficult to look after everything.

We want to achieve having everything in a single view. Senior management wants to make sure that everything is running well. The application team's developers want to have a granular review.

Splunk reduced our mean time to resolve by 30%. If an application starts misbehaving, we send logs to Splunk and check to see what's going on and see what's happening.

The dashboards are the most valuable feature. It's all of the information in one place. We can build it ourselves, so we can make it the way we like.

Since I work on data collection from external sources and send them into Splunk, I miss its ability to collect that data through REST API applications. I would like the ability to configure an endpoint, set it on Splunk, and set a schedule for it to pull information every ten minutes, and pull this endpoint information. I could search through it, look for keywords, restructure the data that's brought back to me, and then store it in the Splunk index. This is not available and if it is available, it is bare bones. I would like Splunk to have this function by default.

We started using Splunk seven years ago. We started with Splunk on-prem and then moved to Splunk Cloud.

I never had any stability issues.

I use support rarely but so far, it's been fine.

I would rate it an eight out of ten. My cases weren't that critical so it took a little longer to solve.

We have not achieved cost efficiencies by switching to Splunk. There will be some cost discussions in cost optimization.

We log a lot of data which may have impacted our licensing cost.

We also looked at Datadog but it wasn't cost-efficient to log with two tools.

We monitor multiple cloud environments. I heard that it's more straightforward to monitor multiple cloud environments with AWS. Azure doesn't work as intended, there were some issues collecting data from it.

I would rate Splunk Cloud Platform seven out of ten. I really miss REST API abilities.