Splunk Cloud Platform is used for our on-premise server. Our organization uses it as a cloud SaaS product. We have deployed our server on Splunk Cloud Platform. We have partnered with AWS and Splunk Cloud Platform because we already use Splunk Enterprise Security. Additionally, we get Splunk Cloud Platform in that form.

The best features in Splunk Cloud Platform are that it is very fast compared to any other cloud because we have integrated Splunk with Splunk Cloud Platform. We get the logs from the agent to Splunk, and we store those logs on the cloud. We are using it for real-time monitoring. The SPL, meaning search processing language, is also very easy. Any other SOC analyst can learn that language for searching. The searching query language is very powerful.

For monitoring, it is a very good cloud. We have integrated it with the Splunk SIEM tool only. Additionally, the platform's app ecosystem is very easy to use even in the initial starting phase, and it supports responsibilities including real-time alert monitoring and event correlation. It is very easy to learn the cloud because we have integrated it with the SIEM tool.

Compared to other clouds we were using before, the price of Splunk Cloud Platform is very nominal because our sales team is already a partner with the Splunk team. We get some benefits in pricing. We already purchased existing Splunk. They also offer a cloud service to our organization. Improvement-wise, I do not see anything, because compared to AWS—and we also partner with the AWS cloud—it is very cheap.

Our entire SOC is deployed on that cloud only. I would suggest going for Splunk Cloud Platform because AWS, Microsoft Azure, and Google Cloud are very expensive in comparison. Improvement-wise, I do not see anything. You can go for it.

I have been using Splunk Cloud Platform for six months.

Stability-wise, with Splunk Cloud Platform, I did not find any issue because it is a cloud. If it is down, then our whole server and client servers are all down. Stability-wise, it is very stable. There is no issue with using Splunk Cloud Platform. Any other cloud is very stable, which is why we are using the cloud service rather than having a hard disk in our organization. We do not require any hardware as a service. That is why we pay clients to have SaaS, a cloud as a service. Stability-wise, it is good. There are no issues. If an issue occurs in our organization, we usually raise a ticket to the team to handle it. If there is a storage issue or any integration issue that happens with our customer, we directly schedule a call with the customer and the tech team.

Regarding the ability to scale with Splunk Cloud Platform, you can. We have integrated Splunk with Splunk Cloud Platform, but as I told you, we also have Wazuh and Microsoft Sentinel. We deploy all the servers on Splunk Cloud Platform only. It is up to you how you scale because it integrates with any other SIEM tool. We just want API keys to integrate with it. We have to pay for the amount of data or cloud we are using. That much we have to pay to the Splunk Cloud team.

All our data is on Splunk Cloud Platform. We have multiple customers, so as per their requirement and their purchasing from the SIEM tool, we deploy all the servers in Splunk Cloud Platform only.

I would rate the technical support of Splunk Cloud Platform as nine, because Splunk Enterprise has good technical support. Splunk Cloud Platform provides good support as a cloud service.

Regarding the deployment on AWS Cloud, it is very easy compared to others. It is very easy because I also work with the Azure cloud because I am working with the Microsoft Sentinel SIEM tool. Deployment is very easy for the cloud. We just require an API key to integrate with it or with any other tool. For cloud, the deployment is very easy.

My impressions of the visibility into cloud, on-prem, and hybrid models while using Splunk Cloud Platform are that there are no challenges. It is more that you want to know about the language for searching on the cloud. I already told you about the SPL language, for Splunk and for the cloud. If you have the knowledge about how to manage and search in the cloud, it is very easy. I am in the learning phase. It is new to me right now, but I am still learning.

When I compare Splunk Cloud Platform with other solutions or other vendors, I compare it with Microsoft Azure Sentinel. They are both cloud platforms. Compared to Microsoft Sentinel, Splunk Cloud Platform has a good area. Microsoft also gives a very wide area, such as Defender XDR, connectors, and threat intelligence. It is also the same in Splunk, but I prefer the Splunk one compared to Microsoft Sentinel because it is very easy to use.

In Sentinel, there are many roles and responsibilities for reader, contributor, and responder. However, in Splunk Cloud Platform, we can additionally give admin tasks or role-based tasks to the SOC analyst role. It is very easy for a SOC analyst to handle.

For others looking to implement Splunk Cloud Platform, my advice would be to go for it. First, you have to do the pilot deployment. Second, you have to learn the SQL language for Splunk Cloud Platform because it is very important to learn. If you do not learn that query language, the SPL search processing language, you cannot find or do threat hunting and investigation for alert analysis. You can follow the investigation chart, such as a process tree, analyzing the IP, and verifying the IOC with the PF. Most effectively, learn the SPL language. If you learn it, you can easily handle Splunk Cloud Platform.

To be a ten out of ten, when I compare Splunk Cloud Platform with others, Splunk Cloud Platform is leading the market. Our sales team is also going to tell customers to go for Splunk Cloud Platform because we are pushing Splunk only. We get the SIEM tool and cloud in one platform. We did not have to find a different way to store the logs or storage on another AWS cloud. As our organization's option, we are also pushing clients to use Splunk Cloud Platform as a cloud and SIEM tool. It is beneficial for us and for them.

Splunk Cloud Platform's cloud is AI, so I can say ten out of ten. However, there is one issue: when our storage limit is crossed, they directly charge higher. From a charging point of view, it is about cost and AI. If there is an improvement, or if they give some discount to our organization, such as we are using two hundred GB per day, but if on any day we exceed that limit, they charge our organization a higher amount. They charge high.

I would rate this review nine out of ten overall.

I work with Splunk Cloud Platform for visualization and alerting. Use cases include real-time threat detection, monitoring, firewall, VPN, EDR, Windows log, and detecting brute force attacks, suspicious login activity, and security alert investigations. Examples of alert names include detecting multiple failed logins. In these cases, I have to write query languages in Splunk. The query language is SPL, which is the Splunk Processing Language, and I have to write coding by indexing first, ensuring the index is equal to Windows, and then for event code, I type 4625, which represents failed login, to find failed logins.

Splunk Cloud Platform's best features include powerful log management and real-time monitoring features, advanced threat detection features, easy scalability without managing servers, cloud-based fast data search, a great dashboard UI, automated alerts, and strong security analytics for our organization's SOC team.

The benefits I have seen from using Splunk Cloud include centralized log management, real-time monitoring, strong security analytics, and easy scalability without needing to manage physical servers. It helps our organization quickly detect threats and investigate incidents, monitor cloud infrastructure, and with the help of SOAR, we can automate alerts. The platform also supports many third-party integrations, making our environment more efficient and reliable.

I think the dashboards could be better. I mentioned earlier that SPL and dashboard can be hard to understand for beginners, so I would suggest an easier learning curve for beginners and lower pricing for small organizations. Additionally, faster dashboard loading with large data sets, more user-friendly reporting and visualization options, and reduced false positive alerts in SIEM detection would improve usability. Improving documentation and guided troubleshooting is key so we can troubleshoot easily. Overall, while Splunk Cloud Platform is powerful, usability and cost optimization could still improve for new users.

I have been working with Splunk Cloud Platform for the last six months.

I rate it eight because it offers strong stability, powerful log analysis, advanced security threat monitoring, and excellent cloud integration, improving visibility and SOC efficiency. However, the pricing can be high, and some configurations or advanced features may require technical expertise, which takes time. There is room for improvement.

Scalability in Splunk Cloud Platform aligns well with our organization's demand fluctuations, allowing us to handle increasing amounts of logs and security data without major infrastructure changes. The cloud manages this, reducing the workload on our internal IT team by handling server maintenance, updates, and scaling automatically. This helps our organization save time, improve performance, and reduce infrastructure management efforts.

I would rate the customer service and technical support teams an eight out of ten.

Previously, we used Wazuh in our environment before going with Splunk Cloud Platform.

The differences between Wazuh and Splunk Cloud Platform lie in cost, scalability, features, and management. Splunk Cloud Platform is a commercial SIEM type, while Wazuh is open source. The security provided by Wazuh is less robust, whereas Splunk Cloud Platform's technical team and pricing reflect its more comprehensive capabilities. Splunk Cloud Platform provides a better dashboard, faster large-scale log searching, strong support, advanced threat detection, and better third-party integrations.

I find the initial setup process very easy, simple, and straightforward.

The setup process is generally easier compared to on-premises Splunk because infrastructure and updates are managed by Splunk Cloud Platform. However, configuration, integration, and log onboarding might still require technical knowledge, especially for Level 2 personnel.

The deployment setup was mainly a third-party managed deployment for Splunk Cloud Platform.

HDFC Bank is the partner that helped us deploy Splunk Cloud Platform. We work directly with Splunk for deploying Splunk Cloud Platform, especially for cloud subscription support onboarding and enterprise deployment. In our case, we used both the partner for integration and customization.

I have seen a strong ROI with Splunk Cloud by improving security visibility, reducing incident response times, and lowering infrastructure management efforts. It centralizes log monitoring and automation, offering real-time analytics that help our organization detect issues faster, reduce downtime, and improve operational efficiency. Although the platform can be costly at times, many companies find value through enhanced security operations and reduced manual workload.

The subscription model impacts our financial planning for data platform investments by being subscription-based, meaning our organization pays based on data ingestion volume and workload usage. This model includes cloud hosting, maintenance, updates, and security support from Splunk. It helps companies scale resources as their logging and monitoring needs grow without the burden of managing physical infrastructure.

We evaluated other options before choosing Splunk Cloud Platform, and compared to some alternatives, Splunk Cloud Platform offers greater scalability, faster log searching, and was one of the options we evaluated alongside other SIEM and monitoring solutions such as IBM QRadar.

We chose Splunk Cloud Platform because it provides better scalability, faster log analysis, strong cloud and third-party integrations, and advanced security threat monitoring compared to other solutions. It offers centralized visibility, real-time alerts, and a user-friendly dashboard that makes it easy to understand and create dashboards, improving our organization's overall monitoring efficiency.

My experience with Splunk Cloud Platform's app ecosystem shows that it is not very difficult to use, and once you understand the basics, it becomes straightforward. The SQL queries are easy to understand and write. For first-time users, it might seem confusing at first when searching logs or creating dashboards, but after some practice, it becomes much easier. The setup of Splunk Cloud Platform is simpler because Splunk manages updates and infrastructure, allowing users to focus more on monitoring alerts and investigations instead of server maintenance.

My perception of using native models over third-party integrations in Splunk Cloud Platform's environment is that integrating third-party tools or platforms with Splunk Cloud Platform provides a mostly smooth experience. It supports many integrations such as AWS, Microsoft, CrowdStrike, and other security tools through APIs, and we also use add-ons. The initial setup can take some time, especially for permissions and log configuration, but once we connect, data collection and monitoring become much easier and more efficient.

We have integrated with many third-party solutions, such as AWS, Microsoft Azure, CrowdStrike, Google Cloud, Microsoft Defender, Palo Alto firewalls, FortiGate firewalls, Cisco firewalls, and other security or monitoring tools. These integrations are usually done through APIs, add-ons, or log forwarding, with various types of forwarders available, such as heavy forwarders and universal forwarders. They help teams collect data, monitor activities, automate alerts, and improve security visibility from a single platform.

My impression of the solution's visibility into multiple environments, including cloud, on-premises, or hybrid environments, is that Splunk Cloud Platform offers very good visibility across all these environments. It helps monitor logs, security events, applications, and network activity from different platforms in one centralized dashboard, making threat detection faster and more efficient in our environment.

Regarding Splunk Cloud Platform's zero-setup feature for AI models, it uses AI and machine learning features for security analytics, including anomaly detection and automation. Splunk User Behavior Analytics uses machine learning to detect abnormal user and entity behavior, and the Splunk machine learning toolkit helps create machine learning models for forecasting, anomaly detection, and data analysis. These AI features help our organization and IT team automate investigations, detect threats faster, and reduce false positive alerts while improving monitoring.

The zero-setup feature for AI models affects my ability to deploy AI solutions by providing a flexible setup for deploying AI and machine learning solutions. It supports integration with other third-party AI tools and cloud services, making it easier to develop and deploy AI-driven security and monitoring use cases. Future features including the Splunk Machine Learning Toolkit and AI assistant help create predictive analytics and anomaly detection with less manual effort.

My advice for teams considering Splunk Cloud Platform is to plan data ingestion and use cases properly to avoid unnecessary costs. Start with important log sources and build dashboards and alerts gradually. Understanding SPL queries through integration with cloud and security tools will help get the best value from the platform. Proper tuning and monitoring are also crucial to reduce false positives and improve SOC efficiency. I would rate my overall experience with Splunk Cloud Platform a 9 out of 10.

Currently, we are using Splunk Cloud Platform for our basic security. We have our own firewall, and we are getting that firewall data. We have installed Splunk agent on all of the laptops for our 200 to 300 plus employees. We are collecting data from a lot of servers and all internal sources everywhere and putting that into Splunk Cloud Platform. We are performing analysis on what users are doing, and some security use cases are based on the firewall logs. We also have Zscaler logs that we are using for all purposes.

For AI models, there is one good feature in Splunk Cloud Platform. We are using the latest version 10.2, so there will be SPL to SPL3 conversion. There are AI features as well that can help write some Splunk queries. AI will help in this area. Other than this, we are not using AI in Splunk Cloud Platform.

For Splunk Cloud Platform, the best feature is that we don't need to manage the infrastructure. That is one of the best things. We don't face any downtime issues. If we are facing anything, we just need to create a support case and the Splunk team will resolve everything. There are maintenance windows, and they will take care of everything. That is a good thing that I appreciate. We just need to manage only search and no background things. Everything will be taken care of by the cloud teams.

With Splunk Cloud Platform, we are managing the apps ecosystem. Inside the manager, we will see all of the apps. For this, we do have a deployment server and a cluster master. With that, if we need to upgrade the app, we just need to create a support case, and the Splunk team will upgrade all of the apps on behalf of us. We can also do manual things as well. Sometimes in the UI, there is an upgrade apps option available. We are upgrading that manually as well. For our forwarders and our clients, we are pushing apps from our deployment server. For this, we can download apps from Splunkbase, put it in the deployment server, and just deploy there. It will go everywhere and it will restart Splunk and it will come up. This is a straightforward process. It's easy. We just need to take care of one thing, which is to read the Splunk release notes.

For improvement in Splunk Cloud Platform, the Splunk docs are available, which is helpful. However, for cloud, they need to give some more visibility. They need to give cluster master access to us and some more visibility into what they are doing and what they are performing. We would like to see what the settings and backend access are. We are not modifying anything, but they must need to give some read access so that we can see what the configuration is being deployed behind our search UI and all the things. That is one thing that they can improve.

For improvement, they can integrate a lot of default apps. There are a lot of default apps already, but let's say we are using Palo Alto firewall, we are getting Windows event logs, Linux logs, and these types of logs. Every customer is getting this kind of logs. They need to give some default dashboards or we just need to change the index, and that will help to populate all of the data. Everyone wants to know who is logging in and who is logging out. These are some basic security use cases that are there. Splunk Cloud Platform needs to publish one app as a default app and inside this app, you will have all of these things.

We are using this product since two years. Last year we think about Cribl.

This is a very stable product. It will act immediately and will give alerts. Everything is on time, so it's very good. I rate stability from 1 to 10 as nine.

The scalability of Splunk Cloud Platform is 10. It's a fully scalable product.

For Splunk Cloud Platform, there will be some issues I faced for downscale while coordinating with Splunk support. However, for upscale, they can easily do it. If we want to add more data, they can add more indexers and can add more size as well. Let's say we are storing right now 100 TB, but if we want to increase from 100 to 150 TB, we just need to say that to the support sales team, and they can increase it in one to two days. So for upscale, it is very good, but for downscale, sometimes we face issues.

The technical support for Splunk Cloud Platform is very good. I will give a 10 because they immediately help and support. I rated it 10 out of 10, the support.

I never used other SIEM, but I can compare Splunk Cloud Platform as one of the stable SIEM products. Other than this, there are log connectors, and one more thing is DataDog. However, they are not very feasible compared to Splunk Cloud Platform. With Splunk Cloud Platform, you can modify whatever you want. Let's say you want to run Python, you want to run any script, you want to monitor any port, you want to monitor data from syslog, whatever you think, you can do it in Splunk Cloud Platform. But you cannot do the same thing in some other solutions. In that case, Splunk Cloud Platform is one of the best things.

Deployment of Splunk Cloud Platform was easy, but you need to learn Splunk. For example, if you have some understanding and you are at least a Splunk certified admin minimum, then you can able to do all of the things. Deployment doesn't face any issues. You just need to download the .tar.gz file, extract this and start this. That's all. However, there are a lot of components, such as search head, indexer, forwarder, heavy forwarder, and universal forwarder. To connect all of these things, you must know how Splunk works and how to configure all the things. You must go through training.

We have 200 plus users working with Splunk Cloud Platform, around 250 or 200.

Maintenance for Splunk Cloud Platform is not required because Splunk version upgrades and some security fixes will be taken care of automatically by the Splunk Cloud team. However, for our heavy forwarder and from our side, there is a half infrastructure on our side as well. For that, we need to manage it, but one person is enough for that.

Regarding pricing for Splunk Cloud Platform, it is not cheap. It's cost-efficient if you are using it properly. If you really need the SIEM solution, then it is very cost-effective for your company. However, if you are not using it properly, then it is very costly for you. If you are just using this for storing data and just to see the things, then this will be a costly product.

I will give advice to others looking to implement this product that if you have more than one TB of data, then this product is helpful. Other than this, this is mainly a SIEM solution. It will help for security use cases. It is mostly designed with a lot of AI features and threat intelligence available. This is very helpful for the people who are looking for security solutions because there are a lot of intelligent dashboards available in enterprise security and it will give you a full map of your company where the data is flowing. You can collect the data and put it in Splunk Cloud Platform and you can see visually. This will give you raw things to visualization. So it's good.

For Splunk Cloud Platform, we are using cloud, so visibility is less. I can say that because I don't know where my indexer is or where my data is getting stored. It's in the cloud, it's secure, and it's managed by Splunk and Cisco. It's a trusted thing, but we don't know where they are storing or what the things are. We just have one URL, which is a search URL and we are using that. Visibility is less, very less in the cloud.

For the integration capabilities of Splunk Cloud Platform, we don't need to go anywhere. Splunkbase is there. Whatever, let's say tomorrow I'm purchasing a new product, Fortinet or any product. I just need to search 'FortiGate add-on Splunk' or 'FortiGate app for Splunk'. I can browse that on Google Chrome and I can easily find one of the apps that is built already. For Okta, there are default apps. Whatever product you think, there is a default app available on Splunkbase. We just need to simply download and install in Splunk Cloud Platform. That's it. It will work. We can integrate other solutions with this with the help of this app in Splunk Cloud Platform and we can get the data and we can visually see these things. I give this product an overall rating of 9 out of 10.

I have been working in cyber security for a significant period. I have completed projects in cyber security as well as IT program management. I have hands-on experience with Splunk Cloud Platform based on my education and practical application.

My main use cases for Splunk Cloud Platform include log analysis, security monitoring, dashboard creation, and alert management during cybersecurity labs and SIEM related projects. I used it to investigate failed login attempts, monitor suspicious activities, and review security events in SOC style exercises. I also used Splunk Cloud Platform to improve understanding of incident response workflows, centralized logging, and threat detection in cloud and security environments. My experience comes from hands-on cybersecurity training, projects, and practical lab activities over the last two years

Splunk Cloud Platform helped improve visibility into security events and system activity during cybersecurity labs and SIEM training projects. It made log analysis and monitoring more efficient by centralizing data from different sources in one place. The dashboards, alerts, and search functionality helped identify suspicious activities more quickly and made investigations easier to manage. It also improved understanding of SOC workflows, incident response, and threat monitoring in cloud and security environments.

In my opinion, the best features Splunk Cloud Platform offers are its strong search functionality, dashboards, alerting system, investigation capabilities, and system integration features. Over the last year, I worked on several cybersecurity labs and SIEM related projects utilizing the platform.Splunk Cloud Platform helped with log analysis, security monitoring, dashboard creation, and investigation of suspicious activities. The features I found most valuable include investigation capabilities, dashboard and visual report generation, alert monitoring, centralized log management, and integration with different systems and cloud environments.Splunk Cloud Platform also had a positive impact during incident response exercises where teams worked together in blue team and red team style security scenarios to investigate and respond to simulated cyber threats.

I believe Splunk Cloud Platform can be improved as this project has helped me understand how the system works. I think Splunk Cloud Platform could be improved by making it easier for beginners to learn and use. More simple tutorials, guided examples, and beginner friendly dashboards would help new users understand the platform faster. It would also help to have easier SPL query suggestions, clearer error messages, and more built in templates for alerts and reports. Overall, Splunk Cloud Platform is very powerful for security monitoring and log analysis, but simplifying some features would make the learning experience better for new users.

My main use case with Splunk Cloud Platform has been over two years.

Yes. From my experience in cybersecurity labs and SIEM projects, Splunk Cloud Platform was stable and reliable for log monitoring, dashboards, alerts, and security investigations.

From my experience, Splunk Cloud Platform scales well and can handle logs from multiple systems and environments in one centralized platform. It supports cloud, hybrid, and on-premises environments, making it flexible for growing security and SOC operations.

I did not directly use Splunk Cloud Platform customer service or technical support because my experience was mainly through cybersecurity training labs and educational projects.

As part of my cybersecurity training and labs, I also had some exposure to other security and monitoring tools such as Microsoft Sentinel, Wireshark, and basic log monitoring tools. I did not fully switch from another enterprise SIEM solution, but I used Splunk Cloud Platform because it provided strong centralized logging, dashboard visualization, search functionality, and security monitoring features that were very useful for SOC style exercises and cybersecurity projects.

From my experience in training and lab environments, the initial setup was fairly straightforward. Since it is cloud based, access and basic configuration were easier to manage compared to more complex on-premises setups.

No however .Like to work In my case, Splunk Cloud Platform was used mainly in cybersecurity training labs and educational projects, so I did not work directly with an integrator, reseller, or consultant for deployment.

As an entry level user, I was not directly involved in ROI measurements, but Splunk Cloud Platform helped improve centralized monitoring and faster security investigations during cybersecurity labs and SOC exercises.

As an entry level user working mainly in cybersecurity labs and training environments, I did not directly manage pricing or licensing decisions. My experience was mainly focused on using the platform for learning, security monitoring, and SIEM related projects. From my experience, the setup and cloud access were straightforward in the training environment, and the platform provided strong features for log analysis, dashboards, and security investigations.

Before using Splunk Cloud Platform, I also had some exposure to Microsoft Sentinel during cybersecurity labs and training. From my entry level experience, Splunk stood out because of its strong search features, dashboards, and centralized log analysis. Microsoft Sentinel worked well with Azure, while Splunk felt more flexible for security monitoring and investigations. Learning SPL queries took some time at first, but it became easier with practice.

I would rate Splunk Cloud Platform an 8 out of 10 based on my hands-on experience in cybersecurity labs and SIEM projects. I found it very useful for log analysis, dashboards, alert monitoring, and security investigations across cloud and on-premises environments. My advice for organizations is to invest in user training, especially for SPL queries and dashboards, because once learned, Splunk becomes a very powerful tool for SOC and security operations.

I have been working in my current field for two years.

My use cases for Splunk Cloud Platform involve various applications that enhance data management and security.

I use it to streamline operations and improve analytics.

What I appreciate most about Splunk Cloud Platform is its intuitive user interface, which makes navigation and data analysis efficient.

It has a favorite feature in its reporting capabilities, allowing me to generate insightful reports easily.

What I find challenging about Splunk Cloud Platform is that it occasionally has a steep learning curve for new users.

The platform could improve by offering more comprehensive onboarding resources and tutorials.

I have been working with Splunk Cloud Platform for six to eight months.

Regarding stability, Splunk Cloud Platform performs well with minimal lagging or crashing issues.

Regarding scalability, I find that Splunk Cloud Platform is highly scalable, accommodating growing data needs without major issues.

I have had to contact technical support for Splunk Cloud Platform before, and my experience was quite positive.

If I were to put the technical support on a scale from one to ten, I would rate it an eight for the support.

The initial deployment of Splunk Cloud Platform was somewhat challenging but manageable.

It had complexities that required careful configuration.

As for alternatives, I have used other data analytics tools before, but none quite match the capabilities of Splunk Cloud Platform.

I definitely prefer Splunk Cloud Platform more due to its superior features and support.

I think the app ecosystem for Splunk Cloud Platform is robust, and managing updates within this app ecosystem is relatively easy.

Splunk Cloud Platform's visibility into multiple environments offers excellent monitoring capabilities, whether I am using it in the cloud, on-premises, or in hybrid environments.

I leverage it primarily for cloud infrastructure.

Regarding Splunk Cloud Platform's zero-setup feature for AI models, my impression is that it is truly innovative and simplifies the integration of AI into my workflow, although I have not used it extensively.

Regarding the pricing, I think Splunk Cloud Platform is on the higher end, but the value it provides justifies the cost.

I would rate this product an eight overall.

I used Splunk Cloud Platform for seven years. We built use cases for one of our pharma customers, Regeneron Pharmaceutical from the US. We created numerous use cases for their operations, including keeping medical records with details about medicine inventory, doctor information, and many other elements that we stored and presented.

I appreciate the expansion capability of Splunk Cloud Platform. We can forward any kind of data to the cloud endpoint that they provide. This allows us to forward any kind of traffic to that endpoint. There is no need for maintenance. If an error occurs or Splunk health is not good, we can raise a support case and they will handle everything. There is no need to maintain infrastructure either, as they keep the infrastructure very stable, which is a good thing.

If you want to make Splunk Cloud Platform more reliable, there will be some issues. For example, if you want to allow some IP or renew some certificates, you need to raise a case and it will not be immediate. It will go through the process and take three to four days. Sometimes, the technical support case persons are not sufficiently technical. I have experienced this where they are not technical enough or not understanding the issues.

The app ecosystem is good, but if you want to upgrade any kind of apps or receive support related to the app, you mostly need to raise a support case and the Splunk team will handle it. However, if there is a problem with your custom apps that you need to deploy on an indexer, that becomes an issue. You can upload it from the search head, but sometimes there are DMC issues. DMC mostly fails sometimes, so we cannot deploy from the search head cluster or indexer. For custom apps, you need to go through all of these processes, which involves a lot of process.

I used Splunk Cloud Platform for seven years.

Stability with Splunk Cloud Platform is very stable. Sometimes we face an issue with latency. For example, when we are ingesting 10 TB of data and there is a sudden increase, we need to increase the storage at the cloud end. Sometimes this will take time because it is not on our end but on the cloud end. That is the only issue. Everything else is good.

Splunk Cloud Platform is very flexible in terms of scalability. If you purchase something initially and later have increased requirements, they can scale up and scale down your environment. That is one good feature. We just need to raise a simple support case, and based on that support case, they will scale up and down our environment. That is good.

I reached out to technical support many times regarding operations. If you want to perform any kind of operations, you need to reach out to the technical support. They are very good and their responsiveness is fine. Everything is good. However, as I mentioned, sometimes they might not have proper knowledge or sometimes they are not sufficiently technical. They are not understanding sometimes.

I used New Relic for log collection. However, New Relic is not a part of Splunk. It is a very limited scope product, not widely used like Splunk. There is no competitor to Splunk in the current market right now.

I do not think we need to do anything for initial setup. We just need to request the cloud team, and they will prepare an instance and everything for us, and they will give us a URL to access the cloud. After that, you need to allow firewall access based on what is in your company. That is all. Then you can access the environment. It is very simple and we do not need to configure anything.

Maintenance is not required at all in the cloud. A team of four or five people is more than enough to handle the full cloud infrastructure. I managed the cloud around 10 TB ingestion per day with only four or five people. That is more than enough because we do not need to take care of hardware and other components. However, if you have on-premises, then you need more than 30 people to maintain all of the parts.

Splunk Cloud Platform pricing is very costly. If we did it on-premises, it would be cheaper because we would just need to purchase a license. However, Splunk Cloud Platform is very costly. But if you use it properly, then you can get value from it. Maintaining an infrastructure on-premises would be expensive as well.

Splunk Cloud Platform pricing is very costly. If we did it on-premises, it would be cheaper because we would just need to purchase a license. However, Splunk Cloud Platform is very costly. But if you use it properly, then you can get value from it. Maintaining an infrastructure on-premises would be expensive as well.

Visibility with Splunk Cloud Platform is very good. We do not use only cloud because we have a heavy forwarder at our end that will forward the data. This is a hybrid deployment on our end. If you have on-premises only, then everything is on you. With on-premises, we have full visibility of the environment, including what is indexer and what is search head. However, in the cloud, we do not know where this is deploying. They are saying that they are deploying only on AWS. If something goes wrong with AWS, then our full Splunk Cloud Platform goes down. For enterprise on-premises, we have full visibility and can see what is affected and other details. Visibility is less in cloud and more in on-premises. I have not tried that feature. My overall rating for this product is 9.

I use Splunk Cloud Platform for both IT alerting and incident management in my training.

I use it to find threats and strange behavior of applications or networking. I mostly use it for networking, strange processes, and behaviors. I use the alerting mechanism.

I appreciate the syntax that Splunk Cloud Platform uses because it is not KQL.

The whole product is really good, and I did not have much difficulty using it. The alerting mechanism is good to have, but in my personal training, I did not use it much because I did not need it that much.

The visualization feature in Splunk Cloud Platform is a pretty good feature because I did not need to go to any other vendors, for example, any.run or VirusTotal. This speeds the whole investigation up.

It is worth reconsidering the syntax language and changing it to KQL. The company would benefit from using the KQL language in queries. Pricing would be better.

My experience with Splunk Cloud Platform is three months.

I have not heard a lot of problems or disconnections, so I think nine is correct. That is also nine.

From what I heard, the technical support is pretty decent, so eight is okay.

I have tried Elastic, Sentinel, and I think that is all.

I cannot tell if the deployment is easy or complex. I cannot tell how long it took to deploy because I did not deploy it. I just started the session, and everything was already prepared for me.

I had some tasks to find, such as some strange processes. That was one big task to perform on Splunk Cloud Platform system. There were several of these tasks, but that was an example.

I have not tried the machine learning tools yet. I did not integrate Splunk Cloud Platform with any tools. In my case, it is just me using the solution, but I know the whole platform because I am using Cyber Defender platform for learning. The whole platform has a lot of people, but in my case, it is only me.

I cannot tell if it requires any maintenance, but I do not think it is really rough to do it.

My overall review rating for Splunk Cloud Platform is eight.