I am using Splunk Observability Cloud as a log-based monitoring tool for my databases. We have ingested our database logs and OS system logs into Splunk Observability Cloud and are creating dashboards and alerting features over those alerts. One of my major use cases is that all kinds of databases I am currently working with have database logs that capture all information, warnings, and error messages. These database logs are moving to Splunk Observability Cloud. The first use case is that I no longer need to maintain a long list of flat files on my server for all those logs. Those can be directly ingested into Splunk Observability Cloud. The benefit I am seeing from here is that I can get pattern-based analysis of what kind of errors I am commonly getting and what the date patterns of those errors are. I can get dashboards over that and I can also create alerts. I can also incorporate those alerts with some back-end Git workflow for automatic remediation. This is one of the solutions.

Another use case for Splunk Observability Cloud that we are seeing is that there are multiple times when there is a requirement to publish some kind of data. So instead of publishing an alert if those data breaches occur or if some kind of dashboard needs to be created, instead of sending data directly to the users, if that data is not PII, we are also ingesting that into Splunk Observability Cloud in a JSON format and then again, dashboards and other alerting can be created. These two are the main major use cases for which I am using Splunk Observability Cloud.

With the help of the alerting and observability mechanism, resiliency, and automatic automation of issue remediation based on alerts and workflows, it actually reduces the cost and increases the uptime of my system and customer satisfaction. There are multiple indirect benefits I am getting when using Splunk Observability Cloud.

Currently, with the growth of the organization, I am seeing an increasing use of Splunk Observability Cloud in a more dynamic way. We are continuously creating new dashboards, ingesting logs in JSON, and trying to bring the best value out of it. I am seeing a dynamic and drastic increase in the use of Splunk logs and the Splunk data we are ingesting.

There are two aspects to expanding the usage. Organic growth of the environment actually puts new systems into Splunk Observability Cloud, and exploring new opportunities for what all can also be ingested into Splunk Observability Cloud. Previously, I can see that memory dumps are there. We are also looking at whether we can ingest memory dumps so that if the system is about to crash, those memory dumps can be captured into Splunk Observability Cloud so that it can create alerts over that and I can also perform analysis. I can also see if any other system is facing the same kind of memory dump issues. So that maybe it is one alert for one system for me, but for the complete farm, there may be different servers with different teams or business units facing the same issues. When I have Splunk Observability Cloud on all systems, I can actually create a consolidated report and see that this is the pattern which particular farms are having this kind of issues, and maybe something is broken. This is the way the plan is to increase the availability or the usage of Splunk Observability Cloud.

The performance and speed are valuable. Previously when Splunk offered the enterprise solution, I needed to install Splunk and maintain my local server. There was a limitation that only a certain number of servers could be supported in one instance and I would need to have multiple instances if I was in an enterprise system setup. When I am in the cloud, a single instance can support N number of systems. It is pretty fast, no matter how much data is there. Dashboards are pretty good with multiple functions available. The alignment or integration that can trigger automatic solutions with the workflow for automatic remediation of the alerts is the best thing. These three or four things are the best Splunk Observability Cloud features that I am seeing.

The point in time alerting, the point in time data capture, and automatic remediation with the integration of good workflows or Ansible workflows is definitely the key to any resiliency and increasing the uptime of any system.

After moving to Splunk Observability Cloud, it is almost zero downtime. We never face downtime because when I was in the enterprise setup, I needed to maintain my servers and maintain hygiene of vulnerabilities, patches, and all. Now when I am in the cloud, everything is automatic. Almost zero downtime plus the perfect alerting feature and log-based analysis are available. Metrics alerting is also there in Splunk Observability Cloud through queries. This is one of the features that keeps me updated with the current health of my system and helps me to keep my system up and running fine and available for my customers.

Splunk Observability Cloud incorporated a new AI agent feature that is really good. Sometimes I need to create queries and Splunk queries for filtering the data and some pattern-based analysis. This agent is really good in helping me and suggesting the queries. This means I do not need to have a Splunk expert or Splunk query expert. I can just ask that agent that I need pattern-based analysis or I need to create this kind of filters for this kind of data and it can suggest to me. Once it suggests a sample query to me, I can do the tweaking and I can have my data ready. It actually reduces my time to perform my analysis and to reach the conclusion about what exactly is causing issues in my system and what are the repetitive issues in my system. This AI feature really helps for newcomers to Splunk Observability Cloud to perform deep diving analysis with the data captured by it.

Custom metrics are valuable. In Splunk Observability Cloud, some infra-level metrics are not available, but through custom metrics, I can achieve it. This is an add-on feature that Splunk Observability Cloud is providing and without any additional monitoring tool. If that feature was not there, then I would need to plan some other monitoring tool for metrics-based alerting, but this custom one helps me to achieve it in the same monitoring tool. The consolidation and integration of metrics-based alerting and log-based alerting in a single tool is actually the lovable feature. I do not need to worry about or look for multiple tools. I can have my own data and own health available in a single tool, in a single view.

The dashboards are good, but the only limitation I see currently is that they need particular formats only to create a dashboard. They need to have a particular JSON format or time series format. This sometimes creates additional work for me so that when I am ingesting logs in Splunk Observability Cloud, it should be in a specific format. Either Splunk Observability Cloud should have multiple formats available or multiple dashboards available for different kinds of formats. At least Splunk Observability Cloud has everything available at a Splunk level. They can do some kind of analysis and see what are the major top ten or top twenty types of logs they are getting and they can have dashboards according to those logs. Instead of forcing customers to design their logs in the way of Splunk Observability Cloud, Splunk Observability Cloud can create dashboards based on the customer requirement. This will actually ease things up for the end users.

The current dashboards are good. The feedback is that Splunk Observability Cloud is forcing me to modify my logs that I am ingesting in Splunk Observability Cloud in a specific format. If Splunk Observability Cloud can leverage it and make it open for any format, that would be great. If that is not feasible, at least the top ten or top twenty logs that Splunk Observability Cloud is getting should be readable by Splunk Observability Cloud without any changes. That actually is one of the major feedback items I can provide which can actually ease the life of the end users or any layman. As a newcomer to Splunk Observability Cloud, I may not know JSON. I now need to hire someone or I need to look for someone who knows JSON and who can convert my logs into JSON format and then I will ingest them into the logs if I want to create a dashboard. If I do not want to create a dashboard, that is okay. On the other hand, Splunk Observability Cloud is giving me a usability and easy to go interface, but for a dashboard, I need to have an understanding of JSON so that I can ingest the log in JSON format. That is a dilemma that they have and they should work on.

Currently, Splunk Observability Cloud is not the only solution which any organization is using. There is also Grafana and PagerDuty. If Splunk Observability Cloud can plan some kind of integration with PagerDuty and Grafana, then those things can be controlled from a single position and if something else is happening at one location, it can update things at all levels. That can also bring great value to the users. Currently, I have to maintain three systems separately, but if some kind of integrations can be developed with these three vendors, then that can be a great thing because all these three have now become the industry pillars or industry standards for observability and resiliency.

I have been working with it for the last two years. Before that, it was an enterprise solution. Now it is cloud-based.

I cannot relate any stability issues to my experience with Splunk Observability Cloud.

Scalability is pretty smooth. I just need to deploy the Splunk forwarder and the config file that specifies which servers it should connect to and it will get connected. My data will start populating. It is pretty straightforward. I do not see any challenges there, even when it was in enterprise and now when it is in the cloud. The deployment and onboarding of new servers and ingesting the logs is pretty straightforward. Anybody can learn it within a day without having any prior knowledge.

We have raised multiple questions when we face any issues. Our support is prompt and usually within a day, I will get my answers.

Previously I was on Splunk Enterprise. I have been using Splunk for seven to eight years before we moved to the cloud in the last eighteen months.

The initial setup is pretty smooth. I just need to deploy the Splunk forwarder and the config file that specifies which servers it should connect to and it will get connected. My data will start populating. It is pretty straightforward. I do not see any challenges there, even when it was in enterprise and now when it is in the cloud. The deployment and onboarding of new servers and ingesting the logs is pretty straightforward. Anybody can learn it within a day without having any prior knowledge.

I appreciate that your organization collects reviews about the product so that it can be shared with the vendor or the product owner as appreciation or as feedback for improvement. Everything has been smooth in my experience. I would rate this product a ten out of ten.

Splunk Infrastructure Monitoring reduces our mean time to resolve. We are more proactive than reactive. I would be very confident to say that there is about a 25% reduction in time. We get things way quicker than when we were just doing it reactively.

It has the ability to identify and solve problems in real time. It saves time.

There is no one feature that stands out more than others. We use a little bit of everything. When we started using it, we did not exactly know it. It was new and fresh, so we just started gathering everything. We did not end up doing anything different. All of the features that we are using have had an effect on the monitoring that we are doing. Everything is very effective.

We never had any issues when it comes to the type of use cases we are using it for. We did not need more advancement on it, but I know that, in general, everything can be updated. There are tiny little tweaks that can be made regardless of whether it looks better or has a different flow to it than it does right now, but it works pretty well for what we use it for.

I have been using Splunk Infrastructure Monitoring for two to three years.

It is stable.

It is scalable. As we continue to grow and expand, the stability and the scalability are there.

They have been very helpful whenever we have had any issues. Only one or two times they did not know. That does happen. We are all humans, but that is the best that you can get.

I got onto the team when we started using it, so I am not sure what we were using before.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

We have a lot of applications that we monitor. We have a lot of hardware that runs on VMware. We monitor all of that as well.

Dashboards have been helpful because people can go and look for themselves how their systems are running. The requests for us to go look at something have gone down because people can go and do it themselves.

It is important for us that Splunk Infrastructure Monitoring has end-to-end visibility. Developers and those types of teams can look at and troubleshoot any kind of issues quickly.

Splunk Infrastructure Monitoring has helped reduce our mean time to resolve, but I do not know how much. We just help as needed, but for the most part, it is just the teams going in there and looking at things themselves.

Splunk Infrastructure Monitoring has helped improve our organization’s business resilience.

Different teams can see a lot of different aspects of what is going on. They can see network traffic. They can see applications, and they can see hardware peaks and performances. They can see everything they need.

We could see the value of Splunk Infrastructure Monitoring within a couple of weeks of implementing it.

Dashboards help the application support teams to have a quick look at how their systems are running. It helps other teams as well.

They can get more integration with a few more products.

They can also update some of the dashboards that are in there now.

It is pretty good in terms of the ability to predict, identify, and solve problems in real-time, but there is always room for improvement.

I am in a new role. I have been there for two months. That is as long as I have been using it.

It is very stable. It is good.

Its scalability is great.

It is very good. I would rate them a nine out of ten. They are usually pretty helpful and knowledgeable.

We have it on-prem, and we also have a cloud instance. Our cloud provider is AWS. We do not monitor multiple cloud environments.

Deploying it was pretty straightforward. We just had to make sure that we were getting the logs right and setting the apps right. That was pretty much it.

We have seen an ROI in terms of manhours and less work for everyone.

I have always used Splunk.

I would rate Splunk Infrastructure Monitoring a ten out of ten. It is great. It is much better than a lot of other products, so it is definitely up there.

We are monitoring our servers and their health. We are monitoring their functionality and supporting the Kubernetes platform.

Our team supports multiple different projects. They all have their own clusters and ways of operating, but we just use one Splunk Infrastructure Monitoring system.

Splunk Infrastructure Monitoring has helped improve our organization’s business resilience.

I have primarily used it to go back into the past and understand why something happened. It provides enough information to do research and figure things out.

One thing I recently ran into was that the logs on the server most often get Gzipped after they have been rotated. We found that we were not monitoring some of the things, so we had to go back and pull them in. Right now, it pulls one at a time, untars it, or unzips it, so I cannot look at the entire history. There can be an improvement in that area.

I have been using Splunk Infrastructure Monitoring for four years.

It is stable.

About a year ago, we added another 600 servers and scaled up. We are getting more in the next year or later this year. It works smoothly.

They are good. I have a ticket open now. I told them to go ahead and close it because we thought it was a hardware issue, but they said that they would keep the case open till the hardware replacement to see if the issue goes away. That was pretty nice.

All of our hardware is HPE-based. We rely mostly on OneView, but it does not give us the service aggregation and other things that Splunk Infrastructure Monitoring is giving us.

One of the gentlemen on other teams came to ours. He is very knowledgeable about Splunk, so he helped with the implementation.

All of our servers are RHEL-based.

A different organization group within our organization had Splunk, and they liked it, so we just went with Splunk.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

I have the logs of my applications, and they're usually a bit volatile. The log switch doesn't stay there on the application for a long time, so Splunk can require that. It can take 15 days for the logs to be available to do some kind of research. I'm using Splunk to ingest application logs, create dashboards, and set up alerts.

The biggest benefit of Splunk is that we can retain logs and correlate the data. Telemetry data has a huge impact because it's much easier to see everything.

Splunk has significantly reduced our mean resolution time. The workflow at my company involves application microservices applications running on the cloud. These logs are highly volatile, so they're only retained for three to five minutes, and we had to reproduce an issue to trace why it failed. That meant we had to do everything again to capture the log at the moment. Now, we have the data to analyze one or two hours.

Splunk's dashboards are great. The solution provides end-to-end visibility across my environment. Visualizing large amounts of data is easier because we can correlate the data from any target source.

The licensing model is expensive. We need to monitor the amount of data ingested because the cost is based on the data collected.

I have used Splunk APM for three years now.

We have instances for production and development. I've never seen the production instance go down. Our development instance has gone down, but that's expected.

I used tools like Elasticsearch, which is similar to Splunk. I've also used other observability tools like Grafana and Dynatrace, but they have different features.

I rate Splunk APM 10 out of 10.

We use Splunk Infrastructure Monitoring because it is a durable solution for our environment.

Splunk Infrastructure Monitoring is easy to use.

The dashboards are good.

Splunk Infrastructure Monitoring has helped improve our operational performance and efficiency.

Splunk Infrastructure Monitoring has helped reduce our MTTD by 90 percent.

Our MTTR is good thanks to Splunk Infrastructure Monitoring.

The most valuable feature is log reporting.

The price has room for improvement.

I have been using Splunk Infrastructure Monitoring for five years.

I would rate the stability of Splunk Infrastructure Monitoring ten out of ten.

Splunk Infrastructure Monitoring is scalable.

I have used the technical support a few times and they were good.

I would rate the price of Splunk Infrastructure Monitoring as an eight out of ten, with ten being the most expensive.

I rate Splunk Infrastructure Monitoring ten out of ten.

Splunk Infrastructure Monitoring is a good service that provides visibility into our environment.

I recommend Splunk Infrastructure Monitoring to organizations for the logs that will help identify errors in their devices and assist them in resolving the issues.

One person is required to maintain Splunk Infrastructure Monitoring.

We mainly use it for different divisions and departments within our company to keep track of our systems' health. We also ingest log files to get data and alerts for different groups.

We used to use a number of different tools before we were introduced to Splunk. We used to have a very hard time getting this data in and being able to effectively use it because we had such a massive amount of data. We also could not find a way to organize it effectively. Splunk helped us to effectively use all the data that we collect in a valuable way for different customers and groups that we have in our company.

It has definitely helped reduce our meantime to resolve (MTTR). A lot of our customers have difficulty getting to root cause analysis of different problems and situations. They also do not have the data to perform analytical responses for different problems that there could be within our industry. They are now able to use this data effectively, not just for alerting, but also for preventative maintenance.

It has definitely improved our organization’s business resiliency by a lot. I do not have the actual data to share at this time, but there has been a marked improvement in the organization. We are now able to keep track of all the raw data that we pull in and then use it effectively. This helps our organization run more efficiently.

It has improved our organization's ability to predict, identify, and solve problems in real time. We are able to use data and search for it effectively. We have different analytical forms and data that we can use to improve in different ways.

The most valuable thing that we have seen within our group is the ability to ingest all this raw data and have it organized in a certain way so that different groups can get effective alerting from this massive amount of raw data that is out there.

A lot of customers had a hard time effectively searching within the data in Splunk. There is a learning curve from searches to indexes and using all the macros that we have created. It is a little difficult for somebody who has not used it quite a bit and does not have a lot of practice with it, but the AI features that we have been hearing about through Splunk will make it a lot easier for us to use human language to search this data. That is big. That is pretty powerful, and that will help a lot with our customers. At the Splunk conference, some of the talks have been about the AI platform and more effective and easier ways to search within Splunk through indexes and other things. These features will help correct some of the things with which we are having a hard time with some of our customers.

We have been using this solution for about four years.

We are not on the cloud. We are all on-prem. We have had certain issues with space on the servers and things like that, and while moving things up to what we need, we have not had any issues on the Splunk side.

It is great. We have not had any major issues with getting support from Splunk. With our monthly license, there are a certain amount of hours that we have with Splunk support. We are able to use it when we are getting close to the end of the month. In our meetings, we make a list of different topics that we would like to explore and discuss with Splunk. We create meetings for that, and they are always very helpful. We never had any issues in getting support from Splunk. I would rate their support a ten out of ten.

We used to use Tivoli. We also use AppDynamics in addition to Splunk for different parts, but we are starting to learn that Splunk does have a lot of similar toolsets. Splunk does the same as what AppDynamics does, and in some cases, there are more powerful tool sets that would help us. We are thinking of petering down our different tools to get into one tool, possibly Splunk. We already got rid of Tivoli, and we are using Splunk fully in place of Tivoli. We have seen a positive response to it.

We have seen cost efficiencies by switching to this solution. Because of the wider range of tools that Splunk offers, we were able to get rid of Tivoli and get rid of that licensing obligation on an annual basis. We are able to save a good amount of money on that and move that budget over to our Splunk budget to keep everything under one umbrella.

I was not involved in its deployment. I came on the year after.

We are currently on-prem, but we are working on developing and moving everything over to a Google Cloud platform. The announcement that Splunk is partnering with Google Cloud, in addition to AWS, is pretty good for us because we are working on moving over to the cloud in the next couple of years.

We have definitely seen an ROI. Our team is able to spend more time learning one tool as opposed to having to learn multiple different toolsets. Therefore, we are able to get more work done in a more efficient manner.

We have seen time to value using this solution. Our company has a very heavy push toward work-life management. Since we have been able to, especially in our group, switch to this tool, we could cut down on our on-call time and have our groups run on different patterns where people who are off are actually off. They do not have to be called in because essentially, everybody is able to access the tool and use it effectively because it is the one tool that we use as opposed to having different tool sets. Everybody knows how to use it, so it definitely has helped us in that way.

I know there was a panel and a team that was going through different tools. I was not a part of that process, but I know there were quite a bit of tools that they were looking at. Splunk must have worked out better than everything else.

I would rate Splunk Infrastructure Monitoring a ten out of ten.

We have our application development and we monitor our websites. I create alerts and dashboards to help us notify if we have any infrastructure issues.

We get our data in and then I create some SQL queries to find out where our averages are and do some predictive analysis. When we deviate from the normal, that is where I like to set up alerts and dashboards. I have alerts that trigger and link to dashboards to see the trend over time or what happened last hour. There is also alerting to the phones.

I believe Splunk Infrastructure Monitoring has improved our organization because, over time, it has always been pinpointing the source of the problem. We have pretty quick responses knowing that we have a problem, and we can drill in pretty quickly to find out where the problem might be occurring. Is it a specific server or is it happening to multiple systems across the board? It is easy to visualize that.

Monitoring multiple cloud environments is pretty easy because it just aggregates from different places, and when we have an outage, we can say, "Oh! Amazon West is having a problem."

Splunk Infrastructure Monitoring provides end-to-end visibility into our cloud-native environment. I am not directly involved with the cloud portion of it, but for our developers, end-to-end observability is important because we have multiple platforms and systems.

Splunk Infrastructure Monitoring has reduced our mean time to resolve. I cannot put a number on that, but compared to years ago, we now do a pretty good job of infrastructure monitoring. We can better monitor a bunch of different aspects of our business.

Splunk Infrastructure Monitoring has improved our organization's business resilience. We do not want to be down, and we do not want people to be not able to pay their bills online.

It is a great resource for us because we have so many different data sources and to be able to aggregate that and put it through a concise dashboard or an alert really helps.

We have both on-prem and cloud, and the challenge is getting all our log data aggregated or streams aggregated so that it is real-time. We do a pretty good job of that, but our organization is not using it as a security platform when it can do a great job of that. We have other tools that we use, but we should leverage this more in our organization because we have already got the tools and the software.

I have been using Splunk Infrastructure Monitoring since 2019.

It is very stable. Especially since we went to the cloud, it just makes it easier for us.

We have not had any issues there.

Their technical support has been very good. I have not had to use it a whole lot because we have pretty good and experienced staff. We use consultants, and in general, we have been lucky. We work with our representative, and we have hired a couple of contractors.

We have used different solutions in the past. I used CA Wily. New Relic was another tool we had used for a time.

We had several different tools that we were using for APM monitoring and website monitoring. Over time, we migrated more to the Splunk platform because it helps to aggregate the data. Having to configure all the agents was painful, and Splunk made that a lot easier.

It was pretty easy. We had to set up all of our collectors. Getting our feeds was critical.

We have an on-prem setup, so we have a lot of forwarders. We are also on the cloud. We have a data center locally, and we have one in Texas. We also have a third one that I like to call the cloud, so we have three different environments that we move between, and it is nice that when we have a problem, we can tell exactly where it is.

John Ansett's company helped us with our initial deployment. They did an excellent job.

We have seen an ROI. It is hard to put a price on downtime, but our primary business is travel, insurance, as well as automotive. We are a diverse organization, but our bread and butter is insurance. If there is downtime, people cannot pay their insurance bills online, or they cannot look up the policy and that type of information. Being down is not good for our customers.

We have seen a time to value. I use a lot of dashboards for monitoring, and I have trained other teams in our organization on how to use the tool. It is starting to have a lot of legs now, and we got a lot of different diverse departments using the tool. We are getting a lot of experienced staff to use the tool and make their own desktops.

It is difficult to put a price on how fast you can find a problem and resolve the problem. We have got web services and servers, and sometimes, pinpointing where the problem is took the longest time. Having ITSI observability and Splunk dashboarding together has helped a lot with that.

I am not in that circle, but we are currently licensing based on our queries. That is working out for us. Previously, it was by volume of data, and now, we can store as much data as we want.

I would rate Splunk Infrastructure Monitoring a ten out of ten because that is primarily what I use every day. I love the product.