Correlation searches and search indexing queries in Splunk Cloud Platform are very valuable and quite useful for my daily work.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.

I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.

Splunk Cloud Platform's integrations with third-party tools have had quite an easy impact on my daily operations. Initially, the outdated threat intelligence led to notable IP addresses going undetected. However, after integrating Talos and VirusTotal, we can quickly determine whether an investigation requires immediate attention or a deeper analysis, which has saved us considerable time. When we implement the SOAR solution in August, I expect we can provide even more details about integration with third-party intelligence platforms.

Splunk Cloud Platform's user interface is quite simple and needs to be updated; it feels as if I am using a platform from two thousand fifteen. However, I do appreciate the new feature for starting investigations, which allows us to save our work for later analysis.

I would like to see improvements in the UI, and while I recall that Cisco has acquired parts of Splunk, I would love to see more integration with threat intelligence platforms like VirusTotal, which are widely used. Currently, to implement VirusTotal, we have to purchase it, whereas we use Talos, but we mostly rely on AbuseIPDB and VirusTotal in the SOC.

I have been dealing with Splunk Cloud Platform for two and a half years.

I have no problems with technical support at all. We connect with them often, and when we have issues, we raise a ticket and schedule a call. Generally, we find a resolution during that same call, which is quite efficient.

I would rate their technical support as eight out of ten.

There is still some room for improvement regarding response time and first-level support quality. While responses are typically received the same day, the analysis process can take time.

Initially, the setup was tough for us, but now that we have become familiar with Splunk Cloud Platform, I find it quite simple. However, newcomers may still face difficulties.

Regarding Splunk Cloud Platform's machine learning tools, we are not currently exploring the XDR solution or SOAR solution part but are planning to move from SIM to SOAR this coming August. We have implemented Cisco Talos as a threat intelligence platform, and we also included VirusTotal.

I have created approximately one hundred reports for different users since we fetch data from various sources. Each team has different requirements, whether it is for Trend Micro, M365, Zscaler, or Okta, and I have organized these reports on a dedicated dashboard. It is quite useful for them, and they regularly come up with new requests that we incorporate into the dashboard.

When it comes to pricing, I would say it is a bit more than fair—more than competitive. Compared to Microsoft, which is cheaper, Splunk Cloud Platform is a bit expensive. However, relative to Trend Vision One or CrowdStrike, the pricing is comparatively lower.

We have a lot of documentation available, which I feel is adequate. Each solution, including CrowdStrike and Trend Micro, has its documentation, and it is about how well one handles it based on their experience.

My overall review rating for Splunk Cloud Platform is eight out of ten.

Splunk Cloud Platform is used to monitor everything, as we have multiple applications from which we get multiple data and multiple logs. We centralized our logging system, centralized our APIs, and everything into it. If any APIs fail, we created multiple alerts over there. We use it for that purpose.

The best features of Splunk Cloud Platform are the ecosystem that has been created. We do not have to worry about many small things or many big things because the cloud gives infrastructure that is handled on their end. That makes it very easy for us to get used to it. The main beneficial case for us is the dashboards, alerts, stability, cloud scalability, and everything.

The search capability is pretty good because we have been using it for the last one year and it works very smoothly. The search functionality works very smoothly with us. Recently, we faced one issue, and with this feature, we got to know from which end this problem occurred. We directly dived into it and solved that thing. It is useful.

The alerting mechanisms work very proactively because that is the main use case of Splunk Cloud Platform. One of our application APIs got shut down because of some random issue or error. Because of the alert message, during our peak time, we got to know something was wrong. We directly fixed it and the rest of the things worked easily.

The ingestion and visualization feature of Splunk Cloud Platform is very good. It helps us a lot to create multiple reports and multiple dashboards because visualization can help us create multiple things into it.

Splunk Cloud Platform is almost a nine out of ten, but the main improvement point is the user manual. Recently, we got stuck somewhere in an error, but because of the less documentation available in ChatGPT or in any LLM, we had to go through every documentation and then we got the result. If Splunk can provide some LLM or any AI tool for error solving, it would be better.

The deployment of Splunk Cloud Platform is easier. If we get a better user manual, it can be even easier, but it is quite easy.

We have been using Splunk Cloud Platform for almost one year.

Per our use case, Splunk Cloud Platform is very stable because we use multiple platforms. Even in high volume and high traffic, it works very stably.

Splunk Cloud Platform is more scalable and a very scalable thing. We used it in high volume during peak hours of our traffic, and it runs smoothly.

The technical support is pretty good. Whenever we get stuck, we have used it two or three times, and it is pretty good.

Splunk Cloud Platform is compared to other solutions because previously we were using DataDog for the same thing. The ecosystem provided by Splunk, the support they provide, better dashboards, better alerts, and everything is why we moved to Splunk Cloud Platform.

It took almost one hour to deploy Splunk Cloud Platform, or one or two hours.

In our organization, three people use Splunk Cloud Platform.

Using Splunk Cloud Platform saves us time because previously we took two to three hours troubleshooting any problem, but now we get to know which particular area of the API is throwing an error and everything. Almost one and a half hours, or almost two hours, are reduced by using Splunk Cloud Platform.

The pricing did not come under me, it is from the management department. We think it is more reliable to move with it, which is why we shifted from DataDog to Splunk Cloud Platform.

Splunk Cloud Platform rates as a nine out of ten, or 9.5.

We are a customer in our relationship with the vendor.

We have not used the machine learning tools yet.

The integration with third-party applications is pretty good. We have integrated our mail application into Splunk Cloud Platform. Whenever the alert comes, we get to know and we can work on it 24/7.

We highly recommend Splunk Cloud Platform. If you are working with any data or any APIs from any logging system, or any log you have to track, Splunk Cloud Platform is a very good platform to work with. The overall review rating is 9 out of 10.

We use both Splunk Cloud Platform and Splunk Enterprise Security. We operate as an MSP and are also a customer for the on-premise solution. We use Splunk Cloud Platform for monitoring purposes, and we use Enterprise Security for the incident monitoring tool, which is a premium solution for both Splunk on-premise and Splunk Cloud.

The best features of Splunk Cloud Platform are that you do not have to manage anything and do not have to worry about anything. It is scalable, easy to use, and reliable.

Regarding the machine learning tools in Splunk Cloud Platform, machine learning is great, but it requires specially trained people who understand it and have already worked with machine learning, making it challenging for those who do not have that expertise.

The price of Splunk Cloud Platform is very high, but you get all the advantages when you do not overpay for that. Some customers choose cheaper vendors, but for me, it is a perfect solution with many integrations, ready-to-go rules, and dashboards. It is feature-based.

Regarding the ingestion and visualization features in Splunk Cloud Platform, any device or system that can produce logs can be ingested into Splunk. There is no problem with many different possibilities to ingest the logs, making it a really great tool. Regarding the dashboards, there are also many possibilities to create them. If you know XML, you can write directly in XML and have your own custom dashboards, or you can do it via templates. These are great features.

One area that has room for improvement in Splunk Cloud Platform is support. The support knowledge base is the primary concern for me because we had several cases working with support teams, and they could not resolve our problem.

I have been using Splunk Cloud Platform for about three years.

I rate the stability of Splunk Cloud Platform as ten plus.

I also rate the scalability of Splunk Cloud Platform as ten.

I would rate support for Splunk Cloud Platform about six out of ten.

When assessing the effectiveness of the search capabilities in Splunk Cloud Platform, I notice that searches are slow, which is the main disadvantage of Splunk, but the rest is really great and the most mature. The alerting mechanisms in Splunk Cloud Platform are configured as well as possible, so you can get all the information that you need. They are really great.

As a certified Splunk Architect, I consider Splunk the best solution when comparing it with competitors including Elastic, Sumo Logic, Datadog, and Microsoft.

Regarding integration with third-party tools, Splunk provides federated searches, allowing you to search data even without integrating Splunk with other features such as AWS or data lakes. This is separate pricing, but it is still possible and works really well. However, the downside is that you need to buy additional SOAR if you want to automate certain things such as blocking an IP or user or removing a user or revoking their session.

Approximately thirty to forty people work with Splunk Cloud Platform.

Splunk Cloud Platform is hosted on Splunk Cloud, though this is a tricky question since we also have on-premise Splunk installed in the cloud of client infrastructure. I am discussing only Splunk Cloud Platform here.

My advice for Splunk is that it is the best SIEM solution for me. Based on your needs, you will need a POC. It is good enough for small, medium, or enterprise clients, but you will also need to invest in people who need to learn how to write searches and work with the solution because it is not easy. If you have appropriate people, it will be worth its cost. The learning curve for Splunk Cloud Platform depends on which level you want to achieve, but the downside is that most of their really good trainings are not free, so you will need to invest in learning. I give this review an overall rating of ten.

I am a product developer who develops certain products in the insurance domain. We mostly use Splunk Cloud Platform for checking the logs. Whenever a check goes missing or a status is not correct, we generally check the logs first. Splunk Cloud Platform helps us to identify where the error is. We can search with various factors, and giving a proper prompt is important as it saves us a lot of time.

Recently, one of our branch networks where all the checks get stored had an issue. They had done IP whitelisting, and some of the IP addresses were not included in that IP whitelisting. This caused a global outage and all the claims or checks that were getting processed failed. When we tried to check through the logs, we found out that this issue was the cause. We had to reach out to another team that manages the environment which caused this IP whitelisting, the middleware. When we contacted them, they reverted most of the changes and we generated new payloads. Splunk Cloud Platform helped us in finding out the errors. Without knowing which error was affecting us, searching through Splunk revealed that the IP whitelisting was done.

Generally, in our scrum calls which start on our daily call, we go through our incidents and ServiceNow, and if we find anything stuck or any mismatch that has happened, the first thing we do is check the logs directly in the call. This allows the team to have a proper understanding of what is happening. At the start, if you are a fresher, it is not beginner-friendly because it is difficult to understand. However, over time, this would be the best tool that we will ever use.

I believe Splunk Cloud Platform's ability to show right from a payload is one of its best features. When a payload is generated, each log indicates what the user has done, including certain actions. We will know what the user has done. In case the person has missed a certain logic or we find an exception, we are currently finding an illegal state change exception where if the user is not following the check lifecycle. Our check lifecycle is from awaiting submission, requesting, requested, issued, and then cleared. If the user does not follow this lifecycle, for example if the user is trying to move the check from awaiting submission directly to issued instead of going from requesting to requested and issued, it will throw this exception. We will know about it in the logs itself. Splunk Cloud Platform helps us to check the logs and identify any possible errors that the user might have done, or any possible bad job or job failure that has occurred. Initially, to find anything for any troubleshooting, we go through the logs itself. That is the feature that stands out for me.

We have a customized prompt where, initially when you go to Splunk prod, we can search with a particular primary key. In my case, it would be a public ID or a claim number or a check number, anything. When we search with it, we can go right from the payload where we can see the operations and more. We tend to create a customized dashboard as well, so that any alerts that pop up will get displayed right there, so that any of the team members can pick up and solve that issue. We occasionally do manual searches also, but in lower environments. Splunk Cloud Platform does support our INT environment and DEV environment. In case we are trying to recreate some kind of scenario in DEV or INT, we could check the logs and see where the issue is recreating.

Splunk Cloud Platform's ability to show right from a payload is one of its best features. When a payload is generated, each log indicates what the user has done, including certain actions. We will know what the user has done. In case the person has missed a certain logic or we find an exception, we are currently finding an illegal state change exception where if the user is not following the check lifecycle. Our check lifecycle is from awaiting submission, requesting, requested, issued, and then cleared. If the user does not follow this lifecycle, for example if the user is trying to move the check from awaiting submission directly to issued instead of going from requesting to requested and issued, it will throw this exception. We will know about it in the logs itself.

Splunk Cloud Platform helps us to check the logs and identify any possible errors that the user might have done, or any possible bad job or job failure that has occurred. Initially, to find anything for any troubleshooting, we go through the logs itself. That is the feature that stands out for me.

We have a customized prompt where, initially when you go to Splunk prod, we can search with a particular primary key. In my case, it would be a public ID or a claim number or a check number, anything. When we search with it, we can go right from the payload where we can see the operations and more. We tend to create a customized dashboard as well, so that any alerts that pop up will get displayed right there, so that any of the team members can pick up and solve that issue.

I wish Splunk Cloud Platform is a little more scalable. Whenever we are trying to scale up our storage, currently it stores the logs up to three months. If we want to search for prior logs after three months, we cannot find it because it stores the logs only up to three months. Suppose an incident has come up and changed to a PRB, and that PRB was created more than five or six months back, we will not be able to find the root cause because logs will be deleted automatically after three months. That is one thing I wish it to be scalable.

It is not beginner-friendly because all the information or the payload that it sends or shows is kind of concatenated, compressed, and everything. To get used to it will take some time, but you will get used to it with time. It is a best tool, and I would recommend it.

I wish Splunk Cloud Platform did not search all of the logs. If you were to search with the primary key of a claim number, it searches with hundreds or millions of similar entities, so it takes a lot of time to search that particular log which I am trying to search. The searching time is a little more. We occasionally face a little bit of server issues, but the customer support is helpful. We lose some time as well in that server downtime.

I have been using Splunk Cloud Platform for more than a year.

We occasionally face server downtime issues whenever we try to search a large number of logs or when we try to apply a large number of filters and it tries to search logs. The customer support is really good. Whenever we face an issue, we reach out to them and they fix it for us or they give us documentation and we follow that.

It is not really scalable because whenever we are trying to scale up our storage in terms of when the user increases and the count of user numbers increase and our log capacity increases, it was not adapting very well. Whenever we are trying to switch environments or create and develop a new branch, we occasionally face issues. It is not that scalable.

The customer support is really good, actually. We reached out to them a considerable amount of times. When we try to reach out to them, they provide us documentation where most of the errors that we faced would be fixed before reaching out to them. They are really good.

We used to use local logs, where it used to take a lot of time. It used to track even the data of people who are viewing that particular claim or exposure. So it was inefficient. We switched to Splunk Cloud Platform.

Since using Splunk Cloud Platform, we saved a considerable amount of time. We saved a lot of effort as well because if we do not use Splunk Cloud Platform, the only alternative we have is to check the local logs, where it tracks even unnecessary data. It is very inefficient when you are trying to check the local logs. It has impacted us positively because we saved a lot of time and effort. I think we reduced the number of employees as well because we could multitask. The tasks that used to take two or three hours would be done in twenty or thirty minutes to find that error and to do a root cause analysis or a code fix.

If I were to speak about return on investment, it is a great return on investment because it saves a lot of time and effort. It boosted our team's productivity, so dealing with tasks every day became a little bit more easier. We saved a lot of money because we did not recruit any new employees. Since the start, we are the same team, and we never really had any need to employ new web developers or anything. I would say we saved a lot of money in that domain or that scenario.

I chose eight point five out of ten because this is slightly on the costlier side. Similar products with alternatives from its competitors that are present in the market are a little cheaper compared to it. However, its features are a little better compared to that of its competitors. That is why we are still using this product. The licensing and setup cost is also slightly expensive. If the server downtime issues were fixed and if it is a little scalable, I would give it a perfect ten. I gave it an eight point five because it really helps with our day-to-day work. It saves us a lot of time and increased our team's efficiency.

It is slightly on the costlier side. Apart from that, the setup and everything did not take a lot of time for us. It is really smooth. Our managing team deals with this kind of setup and licensing things, but they never really faced an issue. It was done very quickly with no issues.

We did not evaluate any other options because we did not want to waste time and effort. We just went through proper reviews and all of the documentation. We just moved ahead with this after carefully reviewing it.

If you are a beginner, joining a corporate MNC or trying to develop a product and want to check certain logs, I would say that Splunk Cloud Platform is the best tool and product that is there in the market. It is not beginner-friendly because all the information or the payload that it sends or shows is kind of concatenated, compressed, and everything. To get used to it will take some time, but you will get used to it with time. It is a best tool, and I would recommend it.

Splunk Cloud Platform is slightly on the costlier side, but if they improve their scalability and fix their server downtime, I would say it is a good product. I gave this review a rating of eight point five out of ten.

Splunk Cloud Platform is primarily used for data visualization, as it allows us to gain insightful perspectives on our data.

The best features of Splunk Cloud Platform include its powerful analytics and intuitive user interface. I particularly appreciate how it simplifies complex data operations.

The ingestion and visualization features of Splunk Cloud Platform are integral to our data reporting, as they help transform raw data into meaningful visual formats effortlessly.

I believe there are a few areas of Splunk Cloud Platform that have room for improvement, particularly in user customization and documentation clarity.

I have been using Splunk Cloud Platform for quite some time.

The stability of Splunk Cloud Platform is commendable, and I would rate it a nine from one to ten.

Regarding scalability, I find Splunk Cloud Platform to be highly scalable; I would rate it an eight from one to ten, as it meets our growing needs efficiently.

From one to ten, with ten being the best, I would rate the technical support of Splunk Cloud Platform as a solid eight.

The deployment of Splunk Cloud Platform itself is straightforward; I would categorize it as easy, with minimal challenges along the way.

We have approximately one hundred users using Splunk Cloud Platform across various teams in our organization.

Overall, I would rate Splunk Cloud Platform a solid eight from one to ten, as it meets a wide range of our business requirements effectively.

When it comes to the cost of Splunk Cloud Platform, I would rate it a five from one to ten, with one being cheap and ten being expensive.

In comparison to other solutions such as DataDog, Microsoft, and Sumo, I find Splunk Cloud Platform to be quite competitive, offering unique capabilities that are valuable to our operations.

My advice for others looking into Splunk Cloud Platform would be to take full advantage of its versatile features and ensure proper training for your team.

I have Splunk Cloud Platform deployed in the cloud, and I utilize AWS as my cloud provider.

Regarding machine learning tools, I find them to be quite impressive in their ability to enhance data analysis and predictive insights.

My thoughts on the alerting mechanisms in Splunk Cloud Platform are positive; they work effectively to notify us of important changes or issues in our data.

I assess the effectiveness of the search capabilities in uncovering operational insights as quite robust, as they provide detailed results swiftly and efficiently.

My thoughts on the integration with third-party providers is that it generally is seamless, allowing us to synchronize various tools with Splunk Cloud Platform easily.

Overall, I would rate this review an eight from one to ten.

I have experience with Splunk Cloud Platform. We use it for log monitoring, debugging, and various other purposes.

Since I joined as a software developer, I have been working with Splunk Cloud Platform for around two years. It is the main tool we use during production issues. We monitor it not only in production issues, but also when we move code to UAT, QA, or XAT environments. We first monitor and check Splunk logs to ensure everything is functioning correctly and to identify what is going wrong.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

One unique feature with Splunk Cloud Platform is that it can be used not only for log creation but also for creating dashboards. I have created one dashboard myself for visually representing data. This dashboard checks various clients and services to see how many hits we have seen. I made it as a pie chart, and when we click on one of those sections, we are able to see how many hits that service has received. For that particular service, we can check how many users have contributed to that hit. When we send that visualization to higher management, they make decisions based on what service to focus more on. The decisions matter and vary according to management priorities.

The Search Processing Language of Splunk Cloud Platform has a steep learning curve. To extract the correct amount of logs needed, you must understand the exact mnemonics. Writing efficient SPL queries requires time to become accustomed to the language. Only after you have a good grasp of the basics of Splunk Cloud Platform and understand how to trace logs will you be able to use it perfectly.

Handling a large volume of logs requires proper filtering strategies. Logs keep coming in very large quantities, but you need to know how to properly filter them. Proper filtering strategies must be understood and implemented.

The setup and configuration for Splunk Cloud Platform is complex, especially from a developer perspective. Although it was relatively easy for me, the setup and configuration were handled by the platform team, which had to deal with the complexity in the initial phases.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

Splunk Cloud Platform does not require any maintenance on my end as a developer. We only use it for checking logs. Maintenance is handled by the platform team. Sometimes Splunk experiences downtime for a few minutes, which we are notified about via email, sometimes during weekends. I am not certain what happens during those phases, but as developers, we are unable to use it for that short period of time, sometimes around half an hour during midnight hours on weekends. Otherwise, it functions well.

I have been using this solution for two years.

Splunk Cloud Platform has fairly good stability. However, I have noticed that the Show Source feature, which displays detailed versions of logs, sometimes takes a little time. Whenever the system needs to show 100 lines or 1,000 lines, that takes some time usually. When a large number of logs sometimes enter the system, we sometimes see lag. Especially during the Show Source function, when checking the detailed logs of any particular log, I have seen this issue sometimes. Otherwise, everything is fine.

Splunk Cloud Platform is quite scalable. All services and event-based streaming, such as Kafka, have all logs flowing through Splunk Cloud Platform. We have seen that it handles this well and is great at scaling to meet our needs.

I have not contacted the technical support of Splunk Cloud Platform yet. Even when we are unable to get something resolved, we have our seniors and experts in our team and adjacent teams who help us understand where we are going wrong with the queries and other issues. I have not personally contacted the technical support yet.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

I have not used any alternatives to Splunk Cloud Platform since I joined my organization. We have been using Splunk only for observability and tracking and monitoring. So far there are no other alternatives that we have tried out in our organization.

From a developer perspective, I am involved in coding, checking logs, monitoring, observability, and other related tasks. The platform team takes care of the setup and configurations, which is complex initially. The pricing aspect is handled by management and not something I am directly involved in. I would rate this product a 9 out of 10.

I use Splunk Cloud Platform to check logs. As a product developer, whenever I try to make a transaction to see whether it has proceeded smoothly, we check the logs. In logs, we can see from the payload how the message gets generated, which is very useful for us.

I work as a product developer for Guidewire, an insurance tool, where we mostly face payment-related issues. It follows a check lifecycle where it starts from awaiting submission, requesting, requested, issued, cleared, pending stop, stopped, and everything. We have various check lifecycles. Suppose if a lifecycle is missed and the user is trying to proceed with a transaction starting from awaiting submission and moving directly to issued instead of requesting to issued, we face an illegal state change exception. Without Splunk Cloud Platform logs, we wouldn't know what type of exception we are facing. We help the user after checking the logs as well.

Recently we faced an issue where we use another software called One-Ink, where most of our process checks get updated to our database. From there, they were doing IP whitelisting where most of the payment-related features were done. IP whitelisting means giving out an IP address only for certain individuals where they can do payment-related changes. When they were doing that, they missed two or three of the IP addresses that were needed to be processed, and we had a global outage for check-related issues. We checked logs to know whether the issue was or how the issue got generated. We had to create a new payload and check it from Splunk Cloud Platform to see whether the payload got generated and the affected claims were resolved.

Generally, when we face a certain issue, if a check-related transaction will have a public ID generated, for that public ID, we don't have it in the UI. We have to query the database to get the public ID. Public IDs are primary keys and using those primary keys as a substitute, you have to search through our logs.

Logs can ask which type of log you need to give it, such as a claims pay logger or a state change logger or any other logger as a filter. Then you need to give that public ID and it would give you all the fields that were changed in that specific criteria that you were searching.

For me, with Splunk Cloud Platform, if you don't give the necessary filtration values, it has its own querying type. If you do not give a proper query or anything for the log to be generated on a primary key, it won't give you the values. It takes too much time and it checks a large number of values. Sometimes it goes more than a million, so that takes a lot of time. However, if you use proper filtration, it takes much less time. It saves our time and we could also pause the values, we could pause the search fields, we could resume the certain fields, we could skip a few fields, and we could check right from the payload whether which messages were generated and how the transaction was proceeded.

Splunk Cloud Platform holds only three months' worth of data. If you try to search for more than three months or prior to three months, it wouldn't store the values because the data stores a large number of data. I believe that's the limit for us. I believe having flexible memory would ease us because whenever we face an incident, if we want to look for this occurrence or root cause, if it is prior to three months, we wouldn't have proper logs to check.

I wish it would take a little less time and not search through unnecessary things. Of course, querying depends on the developer's knowledge, but storage is also an issue because I feel memory is not flexible enough. If we try to increase our memory, it will charge us a considerable amount of money.

I have been using Splunk Cloud Platform for around one year and three months.

We face occasional downtime issues where when we try to scale up, we face a considerable amount of challenges. If we consider one month, we would face around two to three days of downtime issues.

Scalability is a little issue for us because it's not currently adapting to our rightful needs. I believe they should upgrade on their side to match our tempo.

I never really reached the customer support, but they provide proper documentation, so all that was required. Mostly our support team takes care of any needs that were needed by us.

I did not use any solution prior to this because in this project, this was the tool that was working when I started.

We picked this tool because it was on top of a line in the market and it suited our specific criteria. We are developers, so it suited and matched our tempo.

I would say initially, to read Splunk Cloud Platform logs, it would prove very difficult because it is definitely not beginner-friendly. It will take around 15 days to one month to just adapt to what is a log and where you need to find the error because a payload and every logger is a complex form where line by line it will be written, but what that line is, they won't show that. It is definitely not a beginner-friendly tool, but it is definitely the best tool that is available in the market for insurance-related products.

Related to the pricing factor, I think it is slightly on the costlier side, but I wouldn't know much because I'm not on the management side. My organization divides developers and management, so we wouldn't know the price for it.

Generally, at our morning call, we go through our incident team-wise and assign incidents based on what we can do. Before we can do that, we check whether this is doable or not. We go through the logs and find if any check-related issues or claim-related issues that we face. We go through the logs and first check where the problem is because most of the problems that we faced were related to permission issues, where the user might not have permission and tries to make a few changes when that person doesn't have permission. They face a few errors or issues and cannot log in through certain sites or anything. Splunk Cloud Platform helps us reduce the time and effort through checking the logs. If we didn't have this, we would have checked the history loggers, where it checks and tracks even the person who viewed that particular claim. It would take a considerable amount of time.

Initially, we were a team of 300 people where our project started with three different teams. Before having this, prior to Splunk Cloud Platform logs, we used to depend mostly on the history loggers where it tracks our history or movement. Any small changes would be tracked down there, but we wouldn't have any sort of search criteria where we cannot search. We would have to manually go through step by step, one column after another, to see who has done what changes. That would prove an issue. After Splunk Cloud Platform was introduced to us, we saved a considerable amount of time. Time is a major factor for us developers.

Our team started off with 300, and now we are 30 people. We saved a considerable amount of money and resources that are required to hire more people. We started off with a team of more than 300 people and require less than 30 people right now. I think it's over a five year duration where we came to this number, but I think fewer employees are needed because of this, and we spend little effort because logs track everything. It helps us in our day-to-day task.

Storage is the major issue that we face occasionally because whenever we are trying to solve a root cause issue that is a PRB, we would require a lot of history loggers which would not be available for us. The second issue would be that it is not that scalable. I don't think increasing our storage would cost us a less amount, but it would cost us more. I would rate this product an 8 out of 10.

We have an internal solution and we are working for our own enterprise solution. I'm working in Principal Financial Group where we have our in-house security operations center, so we do not have any clients; we are conducting our security monitoring for our own infrastructure.

Our major focus is on User Behavior Analytics, UBA. We are focusing on integration of all security controls that we have, meaning the log collection from all the security controls and all the servers. The use cases we are focusing on are MITRE framework, phishing, and User Behavior Analytics, UBA.

UBA is a great application within Splunk Cloud Platform.

That feature gives us behavioral analytics within the logs, so we do not need to write complex queries. By using UBA, we achieve threat detection without needing complex correlation rules; UBA gives us a perfect output from it.

The log ingestion is very good, and the visualization part is also very good. I can create multiple dashboards from the logs we are receiving; it is similar to other SIEM solutions.

Splunk Cloud Platform is good, but sometimes it lags. When I run a very simple query with a perfectly created query in the search bar, it gives a good result, but if I create a very simple query without index and source types, it takes too much time to draw the visuals.

It is somewhat complex because Splunk Cloud Platform has multiple components like heavy forwarders and indexers. There are multiple integration approaches that we use, for example, syslog and for Windows, it is WMI. For most of the applications, we are using API integration, which is very good, but for syslog and other WMI kind of configurations, first, I need to integrate them so they start sending logs to the heavy forwarders. On heavy forwarders, I have to configure syslog-ng, and there are multiple configuration files that I have to configure for each data source.

The improvement part is that I have worked on multiple SIEM solutions, starting with RSA NetWitness, QRadar, ArcSight, and Splunk Cloud Platform. All SIEM solutions have the same issues; at the time of POC, the vendors tell us that they have many features, but at the time of implementation, we find minor issues everywhere, from integration to querying logs and deploying configuration files. There are minor issues that need fixing for more operational efficiency.

I have been working with Splunk Cloud Platform for around one and a half years.

Splunk Cloud Platform is stable and reliable with no issues, though sometimes minor issues happen; it is not as though the system goes down or anything.

The more I scale, the more I have to pay for Splunk Cloud Platform. I have to properly fine-tune the logs, filtering them for what I want to take into Splunk Cloud Platform for security monitoring. Only the logs required for security monitoring should be taken into Splunk Cloud Platform; if we have compliance requirements to just store logs, then Splunk Cloud Platform is not the right platform.

I am not that happy, but they provide timely responses. They are available at the time of need; however, there are a few things like issues with log parsing that they will not cover in normal support calls. I needed to create an ODS, On-Demand Service, for those kinds of issues.

Pricing is too high for Splunk Cloud Platform. Nowadays, people are using Cribl solution that we host just before Splunk Cloud Platform. From a heavy forwarder, logs go to Cribl, and there is a filter mechanism available in Cribl, so we can only send the events of interest to Splunk Cloud Platform, which reduces our pricing heavily. Otherwise, when collecting logs from devices such as Linux, Windows, and firewalls, we get debug logs as well, and Splunk Cloud Platform charges based on the ingestion—how much data we ingested into Splunk Cloud Platform.

We are currently working with Splunk Cloud Platform only. We are exploring machine learning tools, but they are not deployed yet, so there is currently a POC going on.

Splunk Cloud Platform does what it has to do but nothing extraordinary; it is a simple dashboard application like other SIEM solutions.

There are multiple support cases because we have a very large architecture of Splunk Cloud Platform. We have eight heavy forwarders and thousands of log sources integrated with Splunk Cloud Platform, so from time to time, I observe issues related to integration, applications, and the internal workings of Splunk Cloud Platform. Thus, we need to raise support cases to troubleshoot those.

Overall, I would rate this review a 7 out of 10.