External reviews are not included in the AWS star rating for the product.
We leverage the Splunk Cloud Platform to effectively manage the vast amounts of machine-generated data, thereby ensuring application management security compliance.
We implemented the Splunk Cloud Platform to enhance our customer experience and optimize the data storage costs. We can convert the log data into numerical data points when requested.
The Federated search helps retrieve data in a better way.
Splunk Cloud Platform simplifies monitoring across multiple cloud environments, providing real-time insights into operational flow. It also streamlines data conversion, reducing the data-driven process for the company.
Splunk Cloud Platform's machine learning and AI capabilities simplify data management and provide clear visibility into multiple environments.
The AI makes it easy to integrate with other systems and applications in our environment.
The Splunk Cloud Platform reporting provides good insight.
Splunk Cloud Platform significantly boosted our performance and cost-effectively optimized data sets, delivering immediate benefits.
Thanks to the Splunk Cloud Platform we can make decisions within the organization much faster.
Splunk Cloud Platform empowers our organization to access data efficiently, ensuring compliance with privacy and regulations through actionable insights.
Splunk Cloud Platform strengthens our security, particularly in handling complex processes.
The data management and instant search features are the most valuable ones for us, as they allow us to instantly retrieve information needed for reports and security compliance.
Splunk should increase the frequency of new feature releases, particularly those related to real-time operational flow monitoring and analytics reporting. It has been over a year since any significant updates were added to the Splunk Cloud Platform.
I have been using the Splunk Cloud Platform for one year.
Splunk Cloud Platform is stable.
Splunk Cloud Platform is scalable.
Splunk Cloud Platform's resilience is good.
The initial deployment was straightforward. The deployment took around four hours and required two people.
We evaluated Victoria Experience but it was not suitable for our environment.
I would rate Splunk Cloud Platform an eight out of ten.
We have around 150 users.
No maintenance is required from our end.
I recommend Splunk Cloud Platform. It helps monitor all the respective functions.
We use the solution for application status alerting, user activities, and active directories. We use the solution for visualization, alerting, and analyzing events or incidents.
The most valuable feature of Splunk Cloud Platform is the alerting feature.
Currently, Splunk Cloud Platform is very easy to use and read. The solution's visualization for the end users is also good. However, setting up the solution or an alert is not straightforward. There's a lot of incompatibility and areas that you have to consider while setting up the solution.
All those things make setting up the solution very complex for regular people who know the business operation. So, they have to hire a third party or a technical person who doesn't understand the business to set it up for them, which usually creates a gap.
When someone who cares about the business and understands its operation sets up the solution, they would set it right. There's always a gap when a technical person or third party sets it up. It may lead to many workarounds to fix issues like alert fatigue or false security. Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly.
I have been using Splunk Cloud Platform for four to five years.
Splunk Cloud Platform is pretty stable, and I don't have any issues.
Splunk Cloud Platform is a scalable solution.
I usually go to forums and discussions to get answers to my issues. You might need a Splunk account username to talk to technical support. When most users I have talked to face a problem, they Google it. I don't know if the technical support would provide you with support if you were stuck.
We evaluated other options before choosing the Splunk Cloud Platform. But when a company buys Splunk services, the end users have to use what they have as a resource.
Splunk Cloud Platform is a really good tool for getting alerts and better information about incident management and maintenance. Because of the solution's complex setup, most alerts are set by developers or people who create multiple unnecessary alerts, creating alert fatigue. Compared to other systems, like Dynatrace, Splunk Cloud Platform is not a smart system for analyzing alerts.
As a project manager, I oversee the process of contacting the concerned parties, knowing what needs to be monitored and why they need the alerting mechanism. I was not directly involved in the scripting and adding Splunk Cloud Platform in the back end.
As business requirements change, Splunk Cloud Platform needs maintenance in terms of setting up different parameters, which is not an easy task.
Everybody uses the Splunk Cloud Platform in a different way. I would advise users to share their experiences about technical difficulties in the forums and community. Sometimes, others might go through the same problem without much documentation, and sharing your technical problems might help others.
Overall, I rate Splunk Cloud Platform a seven out of ten.
The primary use cases of Splunk Cloud Platform are security log monitoring and compliance.
The most valuable feature of Splunk Cloud Platform is its flexibility and readiness because it's already prebuilt, and everything is click-to-go. Splunk has multiple features, but the cloud feature comes with that. It is built for a smaller organization, but that's how organizations grow. The solution is good for a new budding organizational group.
Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS.
I would like to see more integrations because integration is related to bringing in more data. More integrations would increase the visibility and customer's point of scope. Customers are initially tied to one platform and stick to it because of its feasibility. Integration becomes a major challenge when they want to bring in different solutions.
Once they have different integrations from Splunk, they need not worry about security, things to monitor, or what compliance they must meet. Everything will be physical, and integration will bring in a lot of things.
I have been working with Splunk Cloud Platform for one and a half years.
Splunk Cloud Platform is a stable solution.
Splunk Cloud Platform's technical support is good. The support's technical capabilities are always great because everyone who is capable joins in and contributes. However, at a high level, we understand there is always a gap in automation. We have process automation that can be resolved or detected by customers.
The flaws in our cloud can be fixed. We can send an integration update to the customer and tell them that you must fix this so everything works fine. For a download-compatible system, you can update an older heavy forwarder version to a newer version to grasp the maximum out of it.
I have worked with a lot of other products, but not as a cloud solution. I have designed cloud solutions for other products like what Splunk currently has. I have worked with IBM, which has its own cloud platform, cloud monitoring solutions, and security solutions. Similarly, we have other market solutions that will act as a security solution, but they are in different behaviors. We have designed one for other customers, which monitors other cloud and hybrid solutions.
Splunk is currently at the top rating because I haven't explored other ones. I started exploring Microsoft Sentinel, which is a good competition for the Splunk Cloud Platform, and it's a healthy competition. I would like to see a very light-flavored source solution integrated with the Splunk Cloud. Once people start tasting source solutions, they will surely explore them more because that's how hunger is created. Other solutions already have the source solution in them. For example, Sentinel has its own source solution, which they give as an integrated part.
Splunk Cloud Platform’s initial setup was quite easy.
The Splunk team was involved in the solution's deployment.
Splunk Cloud Platform's pricing is a little on the higher end. When smaller organizations start their journey of onboarding log sources or security solutions, they think Splunk is quite worth it. But when they start growing, they feel it's quite eating up their budget on security. So, it is fine for smaller organizations. It all depends on how the discounts are provided.
Splunk Cloud Platform is used in our customer's company. The solution is deployed on the Spunk Cloud in our organization.
Splunk Cloud Platform is a very good product in the market, and you can use it wisely. Compared to other products for the cloud solution, you can use Splunk Cloud Platform for a wide range of tools. Splunk Cloud Platform is the best product to onboard for a new startup or a working good industry with a very small number of people. You don't have to sit in an office and work. You can work it from anywhere and integrate the log sources. That's how easy it is.
The cloud is not for a bigger organization. The one which is sitting in the environment can be used. For example, if you have one terabyte of ingestion per day, that is not what we expect a bigger organization to ingest on a cloud. It would become quite expensive to store, manage, and process.
It is good for smaller organizations because they have around 25, 30, or 100 GB of ingestion per day. If you want to grow bigger and bigger, you can use a hybrid model. If that model is available, that would be great for bigger organizations. For example, the cloud is integrated into the cloud, and on-premise is integrated into data centers. That should work fine.
Splunk does the solution's maintenance. From our side, the local integration material has to be maintained as per the cloud instance. It all depends on the customer. If the customer is fully on the cloud, it should not be a problem. We still have to upgrade heavy forwarders, universal forwarders, and deployment servers. However, the rest is taken care of by Splunk itself.
Our customers monitor multiple cloud environments, which are distinguished in their environment. It is integrated in a different format and not directly integrated. Monitoring multiple cloud environments using the Splunk Cloud Platform’s dashboards is quite easy and reliable.
It's a standard thing. I don't know about other comparative tools, but the first time I used Splunk Cloud Platform, it was quite good enough and can be used for the current organization.
I rate Splunk Cloud Platform's integration with other systems and applications in our environment a seven to eight. This is an average rating where you can see that the growth still has to be achieved. Splunk Cloud Platform should work on its integration with third-party products.
Splunk Cloud Platform has different types of formats, and those are enough. The rest of the reporting, like the presentation, should be done by itself. No one gives those. The reporting that Splunk Cloud Platform currently provides is enough.
It depends on the industry, but for financial or banking industries, Splunk Cloud Platform plays a major role in decision-making. If I want to rate it, you have to consider ten out of ten as Splunk or any other tool before they make any decision. If they have Splunk already, they should consider Splunk as a major partner to integrate and bring in more services apart from bringing any other solutions. That will create a multiple-glass observation, which will not be an easy decision. If one of our customers has Splunk, they must consider it a priority before bringing in any other solution.
Splunk Cloud Platform helps our organization access data for compliance and privacy regulations. Right now, Splunk is so feasible that it can integrate with any tool, anytime, and in any data format. So, it should not be a problem. Anyone brings in data in any format, Splunk Cloud Platform will surely meet it. The only thing is they need a good engineer to design it properly so that it brings in data properly.
An organization that does not have a security posture review is considered a zero, not a negative. We don't know when it becomes negative. The day they bring Splunk into the environment, it will obviously increase their visibility. Every time the security posture increases, they get to know the flaws.
Their observation of 24/7 monitoring, compliance, log monitoring, and forensics will come into the picture. They can enable everything in a single solution or product.
Splunk Cloud Platform is a resilient model. SIEM tools can perform post-detection. SIEM is not an EDR tool because it doesn't automatically detect something. A SIEM tool is used for compliance and audit. It is helpful for future investigation because it can record logs and keep them aside.
However, a SIEM tool does not have an automatic detection module. Although it has a prediction model, it does not have an auto-detection or blocking model. It cannot be a resilient tool, but it can be a vigilant tool.
Overall, I rate Splunk Cloud Platform a nine out of ten.
We use Splunk Cloud Platform to monitor our environment.
Monitoring multiple cloud environments is made easy with the Splunk Cloud Platform due to its fast ingestion and data recovery times.
Splunk's visibility into multiple environments is excellent. I have found that a hybrid environment works the best, as the login portion remains on-premises while the rest is in the cloud. This reduces the maintenance required on-premises.
There are two types of integration. The first involves bringing something into Splunk, while the second entails moving something out of Splunk. Bringing data into Splunk is relatively straightforward, with multiple options such as RAS, SysLog, and Splunk's built-in functions. However, exporting data from Splunk is more challenging and not as straightforward as the process of bringing data into Splunk.
Splunk Cloud Platform has influenced our decision-making processes. Splunk is primarily employed for security purposes; thus, it excels particularly in SIM. It encompasses an asset and identity framework that effectively gathers information about an organization's assets and individual identities, encompassing all users. Therefore, when considering Unified Business and SIM, Splunk proves to be highly proficient.
The cloud performance is good.
Not having to perform any maintenance because it is handled by Splunk saves our administrators time which is valuable.
Splunk should offer various options for real-time monitoring. If we could enhance the speed of data ingestion or data retrieval, that would be an added advantage. Additionally, there is room for improvement in SaaS-to-SaaS integration. I believe that reintroducing HTML dashboards would be beneficial, as they provide dedicated web features. This, in turn, gives users the flexibility and freedom to create custom dashboards more easily.
I have been using Splunk Cloud Platform for five years.
I would rate the stability of the Splunk Cloud Platform as an eight out of ten. We still encounter some lagging and errors, but not as much as with the on-premises deployment.
I occasionally get in touch with Splunk technical support, usually regarding data onboarding. These include routine activities like installing or uninstalling applications, as well as making changes to existing ones. On average, we submit at least one ticket per week to them.
I have used many tools including Elastic, Grafana, Tableau, and Sumo Logic.
Splunk is indeed superior in many cases, but other tools are also making progress to catch up, with Elastic being one of them. They have begun developing their own SIM offering, complete with its own SIM features. Similar to Splunk Cloud, Elastic also has its Elastic Cloud Stack. Some of the features provided by Elastic seem to outperform Splunk. Therefore, there is room for Splunk to enhance these aspects. As for pricing, it could be more competitive, considering that other tools also provide the freedom to choose the Cloud Stack. Although Splunk offers this flexibility, the process often involves extensive discussions, making it less adaptable compared to other tools.
The initial setup is somewhat complex regarding the CI/CD pipeline, and Splunk manages the deployment. Splunk provides a feature called ACS, which enables us to manage the deployment ourselves if desired, but it's simpler to have Splunk handle the deployment on our behalf.
The deployment took around one month and required ten people from Splunk's DevOps team.
The implementation was completed by Splunk.
The pricing is high for small organizations. The cost makes more sense for organizations that have a large amount of data ranges.
I would rate Splunk Cloud Platform an eight out of ten.
There are numerous tools that offer real-time reporting and alerting capabilities. Splunk is indeed effective, but due to the prerequisite of registering logs beforehand, a delay is inevitably introduced. Therefore, while Splunk is suitable for real-time reporting alerts, it may not be as optimal as some alternative solutions.
Resilience has added value and contributed to the improvement of our organization. This is highly significant. In most cases, the SOC team relies on the tool for issue mitigation and ticket resolution. Therefore, it is crucial for Splunk to remain consistently up-to-date and respond as quickly as possible. This holds immense importance.
The extensibility is good, but there is room for improvement, especially in integrating certain logs. Enhancing the process of incorporating raised logs is possible. In most cases now there are limitations on log creation. Previously, a direct option existed to import logs. However, this process has been altered, requiring users to develop an add-on for log integration, leading to increased complexity. Furthermore, users are expected to have knowledge of Python. This can be problematic in cases where users lack such expertise. Therefore, this aspect could certainly be enhanced.
For those who want to evaluate Splunk, it comes down to the volume of data. If they are dealing with a substantial amount of data flowing into their SIM, Splunk would be the superior option. Splunk effectively manages extensive datasets in comparison to other technologies. It also offers numerous additional functionalities, such as an enterprise security suite, assets, and identity framework. Moreover, it has undergone industry testing and has been employed in the field for a considerable duration. In contrast to other organizations, they provide a wealth of features.
I was working as a DevOps engineer in India. I was working for the payments domain of a client. We were mostly using Splunk for monitoring the production, deployment of API, and traffic.
We had two cloud platforms. When I joined the team, we were deploying all our APIs in Pivotal Cloud Foundry (PCF). We then migrated to AWS Kubernetes. We were able to monitor both platforms in Splunk. When we migrated to Kubernetes, Splunk helped us. When we were having the transaction loss, we were able to find out which node was throwing the error. We were able to fetch the details according to the nodes in Splunk. We were using different keywords on these platforms for fetching the data.
We could create our own query, and we could create our own alerts for a particular API. We could also configure these alert notifications to be mailed to particular managers and owners. We could just go through the alert to check if the API was running well or needed to be fixed.
As compared to other tools, it is very easy. It is very easy to learn. It also integrates well.
The reporting features are very good. The dashboards are very nice. We could create our own dashboards to monitor any volume dips or transaction loss.
The search for bulk data needs to be improved. When we were looking for the flow, we had to search really hard. I wanted to request the Splunk team to add some features for better search because getting the flow of the bulk data was sometimes hard.
I have worked with this solution for almost three years.
It is stable, but we did experience two or three downtimes.
We had three or four monitoring tools other than Splunk. We had AppDynamics, Grafana, and others, but we were mostly concentrating on Splunk because we were able to fetch all the details from a particular transaction using Splunk. We were able to create our own dashboard so that we get alerts regarding errors or transaction loss for the customer. The most useful thing was that when we were fetching details from a payment ID or a grid, we were able to track the complete workflow for that API. We were also able to fetch the details about whether the issue was in our team or the external team. We were able to track that very accurately using Splunk.
It is not that complex. We just need the knowledge. We just need to know how to query the alert and set up dashboards. As compared to AppDynamics and Grafana, it is a lot easier.
Our dev team could set up a dashboard and deploy everything in two weeks.
It is not that expensive.
If the company is working on API-based deployment and API-based developments, then I would recommend Splunk. It is useful for tracking the flow and fetching the data.
Overall, I would rate it a seven out of ten.
I use the solution to create alerts for different servers. I also create dashboards in Splunk.
We have a lot of servers. It was hard to track which were down as we didn't have a monitoring platform. Splunk changes that. It receives data and if it doesn't get any data, it creates an alert so we are notified if something is down.
We also use it for making reports to help make management easier.
The monitoring of servers for high CPU utilization helps us out. If there are offline servers or high utilizations, we can see the incidents and optimize our processes.
The cloud is very fast. We have a lot of data in our Splunk instance and it isn't slow in any way.
The maintenance is good. We have good support if we have queries or issues. With on-premises Splunk, if we ran into issues, we'd have to figure things out ourselves. With the cloud version, it's easier to get support.
We can monitor multiple cloud environments, including Azure and AWS.
It can be difficult to monitor cloud platforms. We are integrating more cloud servers and patching data sources from those servers. It's very easy to use Splunk and have everything go to the dashboards.
We get good visibility into multiple environments. We can easily search from Splunk Cloud to our on-prem or AWS directly. We also do not ingest the data in order to see it.
We can easily integrate with other systems. It's very helpful. We can leverage Splunk to gather any specific reports we want with this integration capability.
The reporting is very good. Every month we have a call with Splunk personnel and they'll show us reports to show high usage for search, for example. From our side, we can change or update in order to optimize our systems.
The cloud has helped us with decision-making. It helps make maintenance decisions very easy.
It's very resilient.
Testing can handle a lot of logs, however, we are unsure if the speed will be affected.
When we are using OneDrive or SharePoint, as a developer, we'd like to have better integration between the two.
There are some issues with Splunk blocking some shared mailboxes.
Support could be improved.
I have been using the solution for five years.
The Splunk cloud is very stable. I've never experienced crashing. If there are issues, they will notify us. It doesn't take long to resolve issues at all. Things tend to be resolved in an hour or so.
The solution is very scalable.
I haven't experienced the extensibility, or the ability to extend the system, however, my understanding is that it is very good. We have yet to upgrade it.
When we have high-priority tickets, it's hard getting help efficiently. We'd prefer to call. It takes time to get someone to help. We've had to submit tickets via the portal, and they asked us to call instead. It's hard to get above P1.
It would be ideal to get a specific phone number or email so that we do not have to wait hours to get help.
We do have different Splunk support services where we talk to them bi-weekly, and at that point, we can talk about any high-priority issues. They do try to help us with queries.
We previously used Splunk on-premises.
I do not have any experience with the initial setup. Since it is a cloud deployment, Splunk handles the maintenance mainly.
I'm not aware of the exact pricing. That said, my understanding is that it is very reasonable. However, every application has a price. We need separate licenses for everything. They don't have any bundles.
For the first few years, I used the solution on-premises, and then I moved over to the cloud.
I use the classic dashboard; I don't yet use the studio.
It has not yet affected our security posture.
We have not yet explored federated search.
I'd rate the solution ten out of ten.
If a user is planning to use the Cloud Platform is to consider the pricing. It's fast to access and there is no downtime. It's very good from a user perspective. I'm happy with it. It's helpful.
Users should work to maximize the power of Splunk to get the most out of it. Leverage the applications, including security.
We utilize the Splunk Cloud Platform for log ingestion related to security and troubleshooting purposes.
Splunk Cloud Platform helps us with our security incident response. The cloud security logs are integrated with all the cloud providers.
The federated search feature enables us to search between Europe and the US, from one Splunk instance to another, all from a single location. This federated search simplifies how we handle data, making it easy to swiftly search for and manage information.
We monitor several cloud environments and find it easy to utilize the Splunk Cloud Platform for this purpose. Each cloud provider offers its own prebuilt dashboard, or customers can create their own.
The Splunk Cloud Platform offers excellent visibility into multiple environments. In the past, we utilized hybrid integrations, and they seamlessly worked right out of the box.
The reporting functionality provided by the Splunk Cloud Platform resembles that of the on-premise platform. It is readily available without requiring integration or the installation of reporting visualizations.
From a security standpoint, the Splunk Cloud Platform provides us with comprehensive visibility into all security logs. This enables us to implement security incident responses with great efficiency. Additionally, we have discovered that internal employees, such as product teams, are utilizing the platform as intended for various other use cases. For instance, it has proven valuable in troubleshooting performance issues and monitoring within Kubernetes. As such, we are leveraging a wide array of use cases within the company.
Splunk is a highly mature software that has been in the market for many years, which greatly influenced our decision-making process. Another factor was the user-friendly nature of the latest version, making it easy to initiate. We don't require a large workforce for installing components; it's as simple as out-of-the-box. Consequently, minimal time investment is needed for training.
The Splunk Cloud Platform assists us in accessing data to meet critical compliance and privacy regulations. For instance, this is particularly important for regulations such as GDPR and HIPAA. We are utilizing Splunk Cloud with a specific focus on HIPAA compliance, allocating extra attention to this aspect. In the case of GDPR, Splunk offers a range of built-in capabilities. For instance, it allows for log masking. Moreover, there are novel features available in Splunk Cloud, such as ingest actions. This feature is exceptionally useful as it enables us to mask the data before it's ingested into Splunk. Consequently, this approach ensures our adherence to compliance regulations, exemplified by GDPR.
The Splunk Cloud Platform has had a significant impact on our organization's security posture. It serves as our primary visibility tool and is the main source of trust for all login activities. Without Splunk, we would lose essential visibility and access to security updates. Currently, Splunk stands as one of the primary tools we utilize due to its utmost importance.
The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based.
The on-premises version of Splunk includes all the integrations, while the Cloud platform lacks certain integrations and is limited in terms of the number of supported apps.
The Splunk Cloud Platform is not a very mature solution; it has only been on the market for four or five years. While they have made significant improvements, there are still limitations, such as the absence of CLI access. Therefore, there are several limitations that still exist with the CLI.
The standard support has room for improvement.
I have been using Splunk Cloud Platform for four years.
The Splunk Cloud Platform offers 99.9 percent availability, ensuring that we never experience downtime.
I would give Splunk Cloud Platforms' scalability an eight out of ten.
Technical support needs more knowledgeable people.
Neutral
We used Sumo Logic in the past, but it wasn't an enterprise-grade solution, so it couldn't support the scale we required. Additionally, Sumo Logic lacked support for many integrations. The Splunk Cloud Platform fulfills our scaling requirements and integration needs. Moreover, our team possesses skills that align well with Splunk, making it a better fit for us.
The Initial deployment was very straightforward because we had the skills. But I would not say that this is straightforward without the skills. We need to learn at least the basics.
The deployment took six months to create this multi-tenant environment because it's a highly specialized setting. It's distinct from a typical Splunk deployment that might only take a day or two. However, the process of configuring, migrating all the data from Sumo Logic to the new Splunk Cloud, and setting up the multi-tenant system along with product dashboards, required approximately six months of effort on our part.
We utilize Splunk in a multi-tenant manner, wherein we allocate costs back to the product teams in each department based on their usage. We are a healthcare company engaged in the development of healthcare applications tailored for doctors and hospitals. Splunk plays a pivotal role in assisting us with this endeavor. I would estimate that we have experienced a return on investment of approximately 30 to 40 percent.
The cost of the Splunk Cloud Platform is high, and in addition to the standard licensing fee, we also have a premium support fee.
Now, we are paying less because, instead of being charged based on ingestion, we are paying for SVCs, which stands for Splunk Virtual Compute. This implies that our costs have decreased. Despite ingesting a larger volume of logs, our expenses are lower than they were before. However, it's important to note that if our usage of the tool increases, our expenses will also increase. Therefore, this represents a distinct licensing model from Splunk's.
I would give Splunk Cloud Platform an eight out of ten. Splunk Cloud has shown significant improvement over the past four years, and I highly recommend it.
We operate two distinct Splunk Cloud platforms: one in Europe and another in the US. These platforms are linked through a federated search. This setup ensures that specific data, such as European data stored in the AWS cloud, is directed to the European Splunk platform, while data from the US Cloud is directed to the US Splunk platform. However, it's worth noting that all users primarily log into the Splunk US Cloud. From this point, they have the capability to transmit data to the Splunk Europe platform.
We have around 400 users.
The maintenance is primarily conducted by Splunk on the backend, and any on-premises maintenance we perform has been reduced by 80 percent.
The value that Resilience provides for SIEM solutions is significant for us. Therefore, if we inquire with various customers, they might provide different perspectives. However, concerning security, this holds substantial value. I would assert that it's the primary tool in our arsenal; indeed, we do possess other security tools, but the most frequently utilized one, which also delivers the utmost value, is undoubtedly Splunk.
The method to expand a SIEM system is achieved by extending the licenses. This expansion enables greater capabilities, increased log retention, and the ability to process more logs. In our specific scenario, we were previously restricted by the capacity of the ingest license. Our log ingestion was limited to, for instance, one terabyte per day. However, with the introduction of this new licensing model that's based on CPU usage, we now have the flexibility to ingest any amount of data while paying according to our actual tool usage. Consequently, if we intend to expand for additional servers, we simply need to contact Splunk and communicate our requirement for increased server capacity to enhance system performance. This process is streamlined because we aren't required to take any additional actions ourselves.
I would highly recommend Splunk Cloud because we don't require personnel for maintenance or server installation and management, as all these backend tasks are taken care of. Additionally, for those who are currently using a competitor of Splunk for SIEM purposes, I would also recommend transitioning to Splunk if they have the budget for it.
Splunk Cloud Platform was very useful for us. With the on-prem setup, we had to maintain all the servers and take care of the upgrades, whereas with Splunk Cloud Platform, we did not have to bother about that. Everything was handled by the Splunk support team.
It was sufficient for us to monitor multiple cloud environments. The visibility that it provided into multiple environments was good.
We used Splunk Cloud Platform for business processes and security. It helped us a lot. On the business side, as a banking organization, it was helpful for reports and alerts. On the security side as well, Splunk was helpful. We could see any security breach. It was also helpful for smooth operations. If any issue happened or any server was down, it automatically alerted us.
Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side.
We integrated it with other applications in our environment. It integrates well. We did not face any issues on the integration side.
The reporting offered by Splunk Cloud Platform is also good.
I faced a few minor issues with Splunk Cloud Platform. In the case of knowledge objects, even a Splunk admin does not have access to delete them. If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects.
Everything else was good. It already had all the features. We did not require any new features.
I used this solution for almost ten months in my previous organization. Currently, I am not using it. I last used it about five months ago.
It was stable. We did not see many issues. Any issues were on the physical servers, not on the Splunk Cloud side.
It is scalable. We had more than 2,000 users in our organization. It was being used by more than 150 departments.
Onboarding end-users was easy. I was a Splunk admin, and I was also an end-user. I could provide access to other end-users directly.
Their technical support was good. I would rate them a five out of ten because we worked in the Australian time zone, and the tech support team that we usually got did not have much knowledge. They took time to resolve issues.
In our organization, we used multiple products. We had Dynatrace and other products, but we mostly preferred Splunk. It was more user-friendly than others, and we could search everything easily. We could create dashboards. Other products were more difficult.
It took us a long time to switch from on-prem to the cloud. It took almost four to five months.
We took the help of the Splunk team for migration, but after that, we did not take their help. We took care of onboarding and other things. It was easy. If any issue came up, we contacted the Splunk support team.
I do not have much idea about the price. We previously used 1 GB at the cost of $600. Both on-prem and cloud licenses have the same price. There is no difference.
It did not impact the cost because the costs of the on-prem license and the cloud license are the same. We did not have any issues with that. Overall, its price is reasonable.
I would recommend moving to the cloud because you do not have to maintain physical servers and infrastructure. Everything is handled by the cloud provider.
Overall, I would rate Splunk Cloud Platform a nine out of ten.
Splunk Cloud helps us to combine all our environments. For example, multiple business units can be combined into one even if they are in different geographic locations.
It helps us with hosting from different geographical locations.
The speed of the cloud environment is great.
We only buy the services we need. We don't have to pay for other things we don't. It makes the pricing very economical.
We use the solution's federated search feature. It's easy for us to use. It helps us search logs, analyze, and manage data.
We are able to monitor multiple cloud environments using our Splunk Cloud dashboards. It makes the process very simple. We just have to maintain different teams for different environments.
The solution is great within hybrid environments. It gives us good visibility across everything.
It works well for sizable environments.
The product integrates well with other systems and applications in our environment. We haven't had any issues with integration at all. However, if we ran into issues, we could call Splunk support. Having an issue would be a very rare event.
Reporting is very good. It's the same for all Splunk solutions. Having multi-cloud instances in one place is great.
We have multiple business units and easily integrate them into the cloud, as well as different infrastructures from different areas. We can deploy a Splunk agent on any cloud - AWS, Google, etc.
The company can access data easily for compliance and privacy regulations. The privacy aspect has been very good.
Having resilience has been very helpful in our organization.
Training should be free of cost. They need to provide more training options.
There are no missing features at this time.
I've been using the solution for two and a half years.
The solution is stable.
We have 30 people using the solution in our organization. The product is scalable.
Technical support has been good.
Positive
We did also use LogRhythm. It has a very good UI in comparison to Splunk, yet it doesn't have as many capabilities and does have a few more restrictions. That said, it's a good product for creating use cases and automation, which is easier than Splunk. We moved to Splunk as LogRhythm did have some restrictions.
I have previously done deployments of Splunk. The setup is pretty straightforward.
Were a system integrator of Splunk. We help clients set up the solution.
We've had six or seven people setting up the solution.
The maintenance is pretty manageable. I'd rate maintenance needs seven out of ten.
I'm not sure if we have noted any ROI while using Splunk.
The pricing is reasonable. They provide good options for licensing.
I did not evaluate any other options.
We are integrators and also users of Splunk.
We have multiple solutions we use for security, of which Splunk is one of them. So far, it's been very good from a security perspective, although we don't solely rely on it.
I'd recommend users work with Splunk in the cloud environment. I'd recommend the product in general to others.
I would rate the solution nine out of ten.
I use Splunk on my phone, on-premises, and for the automation tasks that we carry out.
We use it to work on dedicated forms and infrastructure and have a lot of virtual machines and instances that are being run for every single application. Our infrastructure is purely based on Azure by Microsoft.
Keeping CMDBs of all the virtual machines is a heavy task. When you use it for your portal use, it might be two or three virtual machines. When a virtual machine is created, we use post-provisioning inside the virtual machine. While post-provisioning, we install Splunk agents so that any activity that is happening inside the VM is virtually monitored by Splunk.
We create a dashboard. We are able to monitor everything from that dashboard.
Splunk also offers enhancements and automation. Splunk plays a major role when it comes to automation. We extract the data from Splunk, and then we use it to automate using a jump server so that we can put in actions on any number of virtual machines.
The automation is the main advantage. When we need to search for data, as engineers, it's very easy.
I like that it's an independent cloud platform. It can work with AWS or Azure.
Its monitoring is completely automated. We do not have to put in other engineers just to maintain Splunk. It maintains itself, and it's very user-friendly. For the dashboards to be created or any sort of code that we want to do with Splunk, we can do it by ourselves. We do not need to have separate resources so it is very cost efficient. We do not require many people; it's resource-efficient as well.
We do use the federated search feature and find it helpful. Earlier, it was hard to withdraw data. We'd have to maintain it. Now, Splunk does it for us. It's a very time-efficient service. It's made a huge impact on automation. We can grab data in real-time any time we need to.
The solution integrates well with other applications and systems in our environment.
It could have a more efficient UI. If they could integrate more AI and make search more efficient so that other people can access and use it, not just engineers, that would be ideal.
It needs to mature; it's just getting established in the industry on a wider scale.
The API still needs some enhancements from a post-performance point of view.
From a monitoring point of view, Splunk is doing very well. However, if they could provide a post-provisioning aspect. Right now, we have to install a monitoring tool while we are post-provisioning every virtual machine. If they could be a provider that precluded having a virtual machine being created or provisioned, that would be ideal.
Alerting could be faster. Sometimes the actions that happen take some time to reflect on the Splunk dashboard. There is still latency. Especially when you work in a multi-cloud environment, you deal with a lot of regions. They still need to focus on availability across regions.
They need to have some security enhancements. Most users are using it with other single sign-on features like Okta. If they had their own SSOs that would be ideal. we'd be able to work independently. Right now, we have to log onto the virtual machines then move to Okta, then go to Splunk.
I've been using the solution for somewhere around a year or one year and a half.
The stability is okay. Sometimes it goes down. I have not witnessed that as I do not use it continuously after the deployment. The resiliency is good. I'd recommend it four out of five.
Everyone in the company uses Splunk.
The scalability is very good. It's extendible.
I don't directly deal with technical support. We have a dedicated team that would work with Splunk.
Generally, my understanding is that if we have a query, we raise a ticket. There may be a separate portal or mailbox we can access as well to get assistance.
We previously used Qualys. We switched mainly due to the costs involved. We also didn't want to migrate our resources to it. We simply wanted a monitoring tool, which is why we chose Splunk. Splunk in comparison is really cost-efficient.
I was involved in the deployment of the solution.
Whenever a new resource or a new agent comes into the picture, in an organization, it's always complex. I don't blame Splunk for it, or my firm. It's like two pieces of a jigsaw puzzle and it's the developers who need to cut the pieces. It works really well as of now.
The deployment took somewhere between six to eight months.
We did need a lot of resources or staff members for the deployment. We have a vast infrastructure. We have a dedicated team inside as well who manage incidents and tickets using platforms like ServiceNow, and we still have a lot of resources dedicated to maintaining Splunk. The number of resources that are required to maintain it is more than the number of resources we use for development, actually.
How many people you need depends on the region. I work for Asia and North America. So for us, it was not much personnel. We needed four to five people in the development. There were somewhere around ten to fifteen people working on different parts.
About 90% of the deployment was handled in-house.
I'm only aware of general pricing terms, however, they have enterprise agreements as well. I can't speak to the exact cost. It's reasonable, from my understanding. I'd rate the affordability seven or eight out of ten.
Evaluating other options would be a task reserved for the highest management personnel at our firm. I was not involved with that process.
We aren't using the solution across all cloud platforms. We use Azure. However, we would have the flexibility to gather insights from others. We just don't use that particular capability.
Right now, the solution does not affect our decision-making. It's still a very new platform. We're not relying on it completely. It's a work in progress. We need some time with it, to build up trust with it. Splunk is great so far, however, we still need more time and it needs more of a presence in the market.
Right now, in terms of compliance and privacy policy regulations, we limit the features that are not compliant with us. However, they are very flexible. We just use the features we can and block the ones that are unnecessary.
It hasn't had an impact on our security posture. We have very detailed security layers and several processes and teams. We haven't had any real use cases for Splunk. It hasn't actively blocked anything. We already have what we need in place.
I'd advise new users to check if this solution is reliable from a security point of view. Talk to Splunk about the cost as well. Splunk is really convenient for that. And whenever you deploy it in your infrastructure, make sure that the cloud providers or the on-prem solution that you are using are compatible with Splunk. We had issues in that some features that we were using in the cloud were not compatible with Splunk. So we had to make a lot of changes. That is something anyone who is trying to deploy Splunk needs to check - compatibility.
I'd rate the solution seven out of ten.