My experience with Splunk Cloud Platform was good, as I used it during my initial days for analyzing and monitoring large volumes of data. At that time, my role was to ingest logs, parse data, build use cases, create a dashboard, and configure alerts across different systems like endpoint applications and cloud services. One of the biggest advantages I have seen is that it allows us to bring all of our data into a single platform and generate meaningful insights from it.
Splunk Cloud [Private Offer Only]
Carahsoft Technology Corp.External reviews
32 reviews
from
External reviews are not included in the AWS star rating for the product.
Centralized monitoring has improved log analysis and accelerated incident investigations
What is our primary use case?
What is most valuable?
One of the best features in Splunk Cloud Platform is the ability to ingest any type of data and store it in one place, which gives complete visibility across the environment. The other feature is the SPL search engine, which is extremely powerful, allowing deep analysis and correlation of events. Once you understand SPL, it becomes one of the best tools for investigating data.
Then I would say dashboarding and visualization capabilities, especially with Dashboard Studio, which allows highly customizable and visually rich dashboards.
Regarding the effectiveness of the search capabilities, during my time, I was searching for firewall logs, and there are substantial volumes of firewall logs in GBs per day. When I search for these logs, if you start with the index and then your index name, it is pretty much faster, but I would say it is not faster than LogScale, as LogScale's search feature is better than Splunk Cloud Platform.
What needs improvement?
I see the areas of improvement for Splunk Cloud Platform in cost, as it can be relatively expensive, especially with high data volumes. Another area is the learning curve of SPL, which can challenge new users. Moreover, the AI-driven search query generation features I have come across recently are quite good.
In terms of missing features, if they can integrate more AI, like AI generation queries, then that could be helpful.
For how long have I used the solution?
The last time I worked with Splunk Cloud Platform was eight months ago.
How are customer service and support?
I have interacted with the technical support and customer service teams, particularly while building an add-on, where they helped me find the issue. They are quite good at what they do.
Which solution did I use previously and why did I switch?
Regarding switching from Splunk Cloud Platform to LogScale, it was not handled by me; it was on the managerial side. The main issue was the cost because, as data grows in Splunk Cloud Platform, it becomes very expensive. Comparatively, LogScale provides the same features and threat detection capabilities but allows for faster searches with an index-free architecture and at a lower cost.
How was the initial setup?
The initial setup of Splunk Cloud Platform was handled by the Splunk team, as it is hosted on public cloud AWS, and it was straightforward.
What was our ROI?
In terms of ROI with Splunk Cloud Platform, I see major benefits such as improved efficiency and reduced manual effort. For example, tasks that previously required multiple people can now be handled by fewer resources due to automation and centralized dashboards. We also see improvements in faster detection and response times, as alerts notify us proactively when issues occur.
Which other solutions did I evaluate?
In evaluating other options in the market, we looked at DataDog, which we saw for observability. However, DataDog is mainly for observability purposes, while Splunk Cloud Platform gives vast capabilities for different types of use cases, allowing us to create customizable add-ons.
The main differences, both pros and cons, of Splunk Cloud Platform in comparison to CrowdStrike technologies include the con that Splunk Cloud Platform's search engine does not have an index-free architecture like LogScale, which provides better speed when searching large amounts of data. A pro for Splunk Cloud Platform is that it has extensive documentation and a strong community for support, whereas LogScale has a less active community and lacks proper documentation.
What other advice do I have?
My advice for organizations considering Splunk Cloud Platform is to fully utilize it by ingesting as much relevant data as possible rather than limiting it to specific use cases. Also, invest time in learning SPL and best practices, and leverage the large Splunk community and pre-built integrations to maximize value. I would rate this product an 8 out of 10 overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Centralized log monitoring has unified diverse data and drives proactive incident response
What is our primary use case?
Splunk Cloud Platform is used for centralized log collection, data ingestion and parsing, building dashboards and alerts, depending upon the client's requirement. Logs are collected from different sources like AWS, EDR, firewalls, and Windows. All logs are brought into one place, analyzed, dashboards are created, and alerts are set up for monitoring and security use cases. It acts as a single platform for monitoring and analysis.
What is most valuable?
One of the best things about Splunk Cloud Platform is that any type of data can be brought into one platform and worked on. This flexibility is very useful in real-world scenarios. For example, logs are ingested from multiple sources, and then dashboards are built for visibility. Alerts can be created for incidents, and meaningful custom dashboards can be created depending on the client's requirements. Trends can be tracked easily, such as trends of servers. Insights can be shared with teams. Since it is cloud-based, infrastructure does not need to be managed as Splunk handles back-end operations. This saves time, effort, and cost. For Enterprise, a particular infrastructure responsibility would normally need to be handed over to a particular team or person, but that team could be negligible by using Splunk Cloud Platform.
Splunk indexes logs as they are ingested, and by using the SPL language, Splunk Processing Language, particular data can be searched from the indexed data. Indexed logs are stored bucket-wise, so there is never randomness of the data. When searching for a particular type of data, that same type of data is always obtained from the particular span being searched for.
For proactive solutions, if log ingestion drops suddenly or a data source stops sending logs, alerts are configured to trigger when data drops by 70 to 80 percent. Notifications are received via email or any other configured platform for alerting. ServiceNow tickets can also be created for a particular issue. This helps transition from reactive to proactive monitoring.
For ingestion in Splunk Cloud Platform, the main aspect is data inputs. Infrastructure does not need to be managed as it is already managed by the Splunk teams. Data input ingestion is very easy as it has vast ingestion apps. Custom universal forwarders can also be used. Splunk has a universal forwarder product that can be installed at a particular server or application, which brings data to Splunk Cloud Platform. This universal forwarder product is a great choice for data ingestion as it gives customizable ingestion to any kind of application or server. For visualization, customized dashboards can be built, and pre-built dashboards from apps can also be used. For example, the AWS app has pre-built dashboards that can be used for monitoring AWS servers. Many applications are available.
What needs improvement?
The licensing cost is the one issue with Splunk Cloud Platform. Licensing cost is high, so for small organizations it may not be affordable. If customizable licensing options were provided, it could be more adaptable.
For how long have I used the solution?
Splunk Cloud Platform has been used for nearly one year.
What do I think about the stability of the solution?
Splunk Cloud Platform is very stable and reliable for customers. Setting the pricing aside, it is a great platform for clients.
What do I think about the scalability of the solution?
Splunk Cloud Platform is more scalable. The back-end part is provided, so it is highly scalable. Everything can be managed with the back-end, and everything can be built or managed.
How are customer service and support?
ServiceNow ticketing tools are used for monitoring and alerting purposes. Microsoft Teams alerting has also been integrated. If anything goes wrong on Splunk Cloud Platform, alerts can be received via email or can be set up to appear on Microsoft Teams.
Which solution did I use previously and why did I switch?
Splunk Enterprise platform was previously used, and it is known that Splunk also provides the cloud version. The main difference between Enterprise and Cloud is that if a team for infrastructure management is available, Splunk Enterprise platform should be chosen. If a particular team for infrastructure management is not available, Splunk Cloud Platform would be easier for the client to manage.
How was the initial setup?
There is no initial setup required for the cloud. Splunk already provides the infrastructure according to the need. Nothing needs to be managed or installed. Splunk only asks which cloud provider should be used. For example, if AWS is selected, everything is installed according to the need and provided. There is no involvement required.
What about the implementation team?
For Enterprise, the implementation was great. For the cloud, it would be great as it is the same thing and just a different product.
What was our ROI?
ROI depends on the user needs or the client's need. Sometimes it occurs once in a while, and sometimes if an issue occurs, then it could occur simultaneously.
Which other solutions did I evaluate?
Different solutions have been used, including Splunk Enterprise platform and CrowdStrike LogScale. For the observability part, DataDog and Dynatrace are being used.
What other advice do I have?
For more proactive solutions, if log ingestion drops suddenly or a data source stops sending logs, alerts are configured to trigger when data drops by 70 to 80 percent. Notifications are received via email or any other configured platform for alerting. ServiceNow tickets can also be created for a particular issue. This helps transition from reactive to proactive monitoring. This review has been given a rating of 8.5.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Cloud analytics has improved security insights and simplifies proactive performance monitoring
What is our primary use case?
I use Splunk Cloud Platform as our overall tool to gain insight from our platform, for our security use cases, and to build a framework that shows what is happening in our organization or what is happening in our applications, the current status, or if we are facing any issues with our systems. I ingest various types of logs from different systems to Splunk Cloud from our forwarders and build dashboards and alerts on top of that. My primary use case is to understand our architecture or our overall environment, including what is happening and whether there are any vulnerabilities, or to conduct analysis on our applications. If there are any performance issues, I can learn about them from the dashboards that we have built and can optimize our architecture or overall application performance.
What is most valuable?
What I like about Splunk Cloud Platform is that it gives me flexibility and freedom in that I do not need to worry about the actual architecture of Splunk. I do not need to install it anywhere manually, and I only need to worry about what data I need to ingest and how I will create a dashboard on top of that. It provides support so I do not need to worry about the platform. It functions as Software as a Service, so I can directly use it and if I am facing any issue, Splunk support is available to help me anytime.
I do not have any limitations with Splunk Cloud Platform. I can access it from my own private network or anywhere, and I can access it from the public network as it is on a cloud. That is also a plus point for me.
In terms of assessing the effectiveness of Splunk Cloud Platform's search capabilities in uncovering operational insights, its storage capability is excellent. Previously, we were managing it at an enterprise level, but it was costly to us because of data redundancy and the availability zones. With Splunk Cloud Platform, we do not need to worry about data backup, which is a very good point.
The alerts have helped us in proactive issue resolution. If we are currently getting any error, we will get notified in the next 15 minutes or 30 minutes according to the schedule of the search.
Splunk Cloud Platform's ingest and visualization features have helped improve our data reporting, truly the best available in terms of customizability. We have two options, classic and Dashboard Studio for dashboard purposes. In classic, we get options to build custom dashboards using custom JavaScript. We can insert our own graphics to provide better visuals where insights to our management team will not be dependent on the numerical base. We have charts to showcase our current situation, which will be really great for management.
In terms of benefits, if we were needing two persons for SAP to analyze if we have any issues, now we just need one person doing multiple tasks. We have built an automation system, or a dashboard, which gives us insight so that we do not need to go and look up every service. Splunk Cloud Platform really impacted our workflow and increased our productivity.
What needs improvement?
In Splunk Cloud Platform particularly, there is nothing specific that I would like to see improved or enhanced, but the cost is currently very high. If that part could get a little bit cheaper, then that would be really great.
In terms of enhancement for Splunk Cloud Platform, I would say if we could create add-ons or if we get the capability to build add-ons directly through cloud, not talking about the add-on builder framework, but something editor-like where we will directly edit our conf files from any specific app or TA provided by Splunk Cloud Platform itself. If we get that feature, it will be really beneficial. Instead of doing configuration from the UI, we would prefer to get access to back-end conf files and do it manually because when we were using enterprise, we had pretty much hands-on experience with that.
For how long have I used the solution?
I have been using Splunk Cloud Platform for around two years.
How are customer service and support?
I would evaluate customer service and technical support of Splunk as really good. They provide on-call support and they reply to cases that we open, so the support is really good and collaborative.
Which solution did I use previously and why did I switch?
We have not previously used a different product. We have tried other tools, but they were very limited to the use cases that we are trying to capture. I chose to go with Splunk Cloud Platform because it has vast capabilities.
How was the initial setup?
The initial setup with Splunk Cloud Platform was really straightforward because, as it is a cloud platform, Splunk provided us the complete package where we do not need to worry about our infrastructure or configuration. If we need any help, they are always available, so it was very straightforward.
What about the implementation team?
The implementation was done by the Splunk team.
Which other solutions did I evaluate?
We evaluated products like Dynatrace or DataDog, which were very specific. They were providing us only observability-specific tasks. However, we have some VML logs or firewall logs for which we would not get that much analysis from those products. That is why we chose to go with Splunk Cloud Platform.
What other advice do I have?
We use Splunk default alert actions and we have installed third-party integrations, such as ServiceNow integration, where we are creating ServiceNow incidents or ServiceNow tickets from our alerts.
The impact of Splunk Cloud Platform's integrations with third-party tools on our daily operations is very helpful for our overall infrastructure monitoring. We have third-party integrations, such as SAP or Dell Boomi. To ensure that our SAP and site integration are running smoothly and none of its API is getting high or something unusual, we can easily detect that instead of going into SAP and analyzing.
We have our own machine learning logic where we are creating alerts based on our machine learning algorithm. If we are missing any data from the forwarders, then we have a built-in threshold mechanism where if the data from the last seven days is coming around 80 GB, then the next day it should be getting related to that. If we are not getting that, then we will get alerts. I have not particularly used Splunk ML Toolkit.
From the features perspective, I would say if we were getting calls from back two or three months, I was waiting for the Otel feature in Splunk Cloud Platform. Now we have support of Otel in the current latest Splunk version, so we are planning to upgrade Splunk Cloud Platform to the latest. The feature that I was looking for is now currently available, so I do not have anything specific at the moment.
In terms of pricing, the cost is high, but we are getting pretty much value out of what we are paying and what should be available to us in the market. In terms of that, it is really good with no question on that.
My advice to other organizations considering Splunk Cloud Platform is to make sure you use it as much as you can. There is a really big community of Splunk that you can explore to see what data you can ingest. There is a possibility you are already using other services from which you can get logs into Splunk and build analysis on top of that. Do not limit yourself to any specific use cases. I have seen some organizations only ingest specific logs, such as firewall logs or DNS logs. But they have different types of machines and applications running for their infrastructure. They can ingest logs from those as well and build analysis on top of that. There are pre-built add-ons that provide that functionality to them and they do not need to worry about development. So use it as extensively as possible. Overall, I would rate this product a nine out of ten.
Centralized monitoring has transformed our multi-tenant security operations and automated response
What is our primary use case?
My main use case for Splunk Cloud Platform is that in our organization, we use it as a centralized multi-tenant log ingestion across cloud and on-premises for all customer environments with index-level isolation. Splunk is used for ES for SOC operations enabling correlation searches, threat detection, and compliance reporting at scale.
A quick specific example of how I use Splunk Cloud Platform for SOC operations or threat detection in my daily work is privileged access anomaly detection. The correlation search flags abnormal login patterns using SPL plus UEBA baseline, and the automated response via SOAR or ITSM triggers alerts which create incidents and execute playbooks to disable accounts or isolate the hosts. We also use it for continuous monitoring with dashboards tracking MITRE attack and cases across all tenants with real-time alerting.
We use Splunk Cloud Platform for data onboarding and normalization to standardize logs across customers for consistent analytics and ES use cases. We also use role-based access control plus tenant isolation to ensure secure access control per customer within the shared Splunk Cloud Platform deployment.
What is most valuable?
The best features Splunk Cloud Platform offers are the multi-tenant data isolation plus role-based access control, secure index-level segregation for managing multiple global customers in a shared Splunk Cloud Platform environment. Additionally, features such as native integrations with SIEM, SOAR, and ITSM enable us to automate incident response, ticketing, and end-to-end security workflows across client environments. The high-scale injection plus SPL correlation process handles large volumes of infrastructure security logs with real-time analytics for managing SOC and cloud operations.
Splunk Cloud Platform has positively impacted our organization as we have achieved faster incident detection and response, lower MTTR with real-time SPL alerts and automated workflows. It has also improved our multi-tenant visibility and centralized monitoring, reducing tool sprawl. We also saw better compliance and audit readiness with consistent log retention and reporting.
What needs improvement?
Splunk Cloud Platform can be improved by having better multi-cloud integration for AWS, Azure, and GCP metrics and events out of the box. It should offer more cost-efficient storage retention options for high-volume multi-tenant log data and have simpler dashboard and alert management to reduce setup and maintenance effort across global customers. Additionally, the advanced anomaly detection tuning can be improved.
For how long have I used the solution?
I have been using Splunk Cloud Platform for two years.
What do I think about the stability of the solution?
Splunk Cloud Platform is stable.
What do I think about the scalability of the solution?
Splunk Cloud Platform is scalable for multi-tenant environments, handling terabytes of logs daily across global customers without performance impact. The auto-scaling injection and indexing ensure consistent performance as log volume grows, and it supports centralized dashboards and correlation searches across all tenants at enterprise scale.
How are customer service and support?
The customer support for Splunk Cloud Platform is responsive and knowledgeable. Support teams understand cloud and SOC issues and provide actionable guidelines quickly. They are also aligned to enterprise-level SLAs with timely escalation processes for critical incidents.
Which solution did I use previously and why did I switch?
We previously used an on-premises ELK stack plus custom scripts for log aggregation and monitoring. We switched to Splunk Cloud Platform for centralized multi-tenant visibility, real-time alerting, and automated SOC operations and workflows. The key reason for shifting is scalability, reliability, and built-in compliance and reporting across local customers.
How was the initial setup?
My experience with pricing, setup cost, and licensing is that the pricing is on the premium side because it scales with data injection and retention across multiple customers, which means that the price can grow quickly. The setup cost is moderate, and initial tenant onboarding, index setup, and dashboard configuration require effort. The licensing is flexible based on features such as Core, ES, and SOAR, but it needs careful planning for multi-tenant uses.
What was our ROI?
We have seen a return on investment as we observed a 50 to 60 percent reduction in manual SOC work, which allows freeing staff for higher-value tasks. We also saw incident response time drop by 40 to 50 percent, improving SLA compliance across customers. Furthermore, the overall cost saving from tool consolidation and automation delivered measurable return on investment within the first year.
Which other solutions did I evaluate?
Before choosing Splunk Cloud Platform, I evaluated other options including DataDog and Sumo Logic for log aggregation and monitoring. We also considered on-premises SIEM solutions but they lacked multi-tenant scalability and automation, so we chose Splunk Cloud Platform for real-time correlation, SOC automation, and enterprise-grade compliance features.
What other advice do I have?
The advice I would give to others looking into using Splunk Cloud Platform is to plan multi-tenant indexing and role-based access control earlier to ensure secure data separation. I would also tell my peers to leverage SOAR and ITSM integration from the start to automate incident response and reduce manual effort. I would rate my overall experience with Splunk Cloud Platform as an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Improved security monitoring has provided wide observability and streamlined incident investigations
What is our primary use case?
I am also an end user of Splunk Cloud Platform. My usual use cases for Splunk Cloud Platform are to search logs and search data as I need for my security incidents. Searching logs and data for security incidents is my main use case.
What is most valuable?
The most valuable features or capabilities of Splunk Cloud Platform that I have found so far are mainly the search and the indexing engine, and I also find the data management of Splunk better. I have used both Splunk Enterprise and Splunk Cloud Platform, and I feel that the data management on Splunk Cloud Platform is handled by the Splunk team with much better expertise than its Enterprise Platform, where we had to manage storage and everything ourselves.
The effectiveness of Splunk Cloud's search capabilities in uncovering operational insights is pretty good. Once you know Splunk Query Language, or SPL, it is way better than any other data management tool, especially when analyzing and monitoring security logs, as it makes searching and minimizing threats much easier for me.
I use Splunk Cloud's alerting mechanisms to send alerts to my email, whether something happens in real-time or through scheduled Splunk query alerts for operational tasks like security incidents or operational warnings, such as when my storage is 90% full.
Splunk Cloud Platform's ingest and visualization features have helped me improve my data reporting significantly, as data ingestion and visualization are great, especially for creating dashboards from various sources like endpoints, firewalls, and web applications.
Operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.
What needs improvement?
In my opinion, there isn't much to improve in Splunk Cloud Platform, but one suggestion would be to integrate AI or provide a more graphical query builder to reduce the learning curve for new users wanting to learn SPL.
For how long have I used the solution?
I have been working with Splunk Cloud Platform for around eight months.
What do I think about the stability of the solution?
I rate Splunk Cloud Platform a ten out of ten for stability and reliability, as I have found it truly reliable while using it on AWS and as a SaaS platform, given the capability for high availability and multiple indexers ensuring data continuity.
What do I think about the scalability of the solution?
I would rate Splunk Cloud Platform a nine out of ten for scalability. I think it's scalable due to the ease of integrating and deploying multiple indexers for data processing, although it does require some technical knowledge to configure properly for smooth operation.
How are customer service and support?
I do not often communicate with the technical support of Splunk Cloud Platform. I often visit Splunk's documentation portal for troubleshooting and assistance with my queries, and I find it quite good. They offer videos to help users learn how to use Splunk and Splunk Query Language.
I feel that Splunk's documentation is highly maintained, regular updates seem to happen, and I don't have any suggestions for improvement as it is currently at its best.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a different solution for the same use cases prior to Splunk Cloud Platform. I only used Wazuh for security data logging but would not compare it to Splunk due to its broader capabilities.
How was the initial setup?
I did participate in the initial setup and deployment of Splunk Cloud Platform, but I wasn't part of the decision-making aspect. The initial setup process for deploying Splunk Cloud Platform was quite easy as we only needed to identify our data sources and determine the appropriate ingestion method, followed by some technical configuration, assuming we knew how our data was structured.
What was our ROI?
I might not be the right person to comment on the return on investment in terms of cost, but operationally, Splunk Cloud Platform has provided wide observability where we had almost none before, significantly improving our security posture and our ability to defend the organization.
Which other solutions did I evaluate?
I did not evaluate other options or vendors before choosing Splunk Cloud Platform. I did not participate in the decision-making process for choosing Splunk Cloud Platform, as I have worked operationally with it but was not involved in procurement.
What other advice do I have?
I have not used Splunk Cloud's machine learning tools. I do not personally integrate Splunk Cloud Platform with third-party tools; however, I know that my separate team has integrated quite a few tools, leveraging Splunk's vast library known as Splunk Enterprise Applications.
I have been working with Splunk Enterprise Platform, which is the on-premises version of Splunk Cloud Platform, and it is almost the same except for the maintenance efforts required and the deeper learning curve. I wouldn't say there's room for improvement in Splunk Enterprise Platform purely regarding the search engine, as it largely depends on the resources allocated to the indexer for its performance. I have been working with Splunk Enterprise Platform for approximately three to four months.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Advanced alerts and clear visuals have improved fraud detection and data-driven decisions
What is our primary use case?
I used Splunk Cloud Platform for fraud detection. The first thing is fraud detection, and the second thing is understanding data better because of the data visualization that it has. The display that it has compared to a simple type of visualization is much clearer compared to any kind of thing you might notice on a super dense Wireshark.
What is most valuable?
Data Visualization and IT Alerting and Incident Management are the main valuable features, primarily to get a better idea of what's going on.
When you do data reporting using Splunk Cloud Platform, because you have everything in front of you and it's so detailed and easy to read once you have the data. Another thing that makes it clear is because of the amount of evidence you have in front of you, the data is a lot more valuable. It's less of a human claim and more of evidence presented in front of you when you're trying to make any kind of claim on a certain thing going on.
I really do like about Splunk Cloud Platform the real-time alert where you can search for anything and the data is still stored there because at the end of the day, we are finally in a generation of cloud where everything is stored on a cloud platform to the point that you can search anything, as long as you do it in the appropriate way, you will find the results. It's in a good visual status with good visibility. I appreciate this feature.
What needs improvement?
To be honest, I don't think it's beginner-friendly. It takes time and multiple meetings to actually understand how to create different types of alerts or how to search for them. It's quite similar to how you might search on SQL, but that's asking another set of skills to have. I know there are tutorials on the website, but I feel if they rolled out more free courses on such things that provide a link to a free course for beginner training, I feel people would be interested in it.
For how long have I used the solution?
I ended up getting access around three to four months back. I was part of a team that was using it, so we got on a call together while I was observing them and using it while giving my input for a project.
What do I think about the stability of the solution?
I haven't really faced much of it, but my usage was pretty less intensive, so I can't really talk about it for everyone. From my perspective, because of my light amount of research and light usage of it, I would say it's been pretty good. I haven't experienced any stability issues.
What do I think about the scalability of the solution?
Splunk Cloud Platform is a good tool, but it's not the easiest to transfer between different teams because there's a lot of training involved in it. While I do the tool and I do feel it's really useful, if you ever notice in this current industry, people are wanting employees to learn Splunk Cloud Platform, or at least they want applicants who apply for a certain role to have known Splunk Cloud Platform because of not only how new it is or how recent it is after the cloud integration, but also just that it takes time to learn and takes time to be efficient at it.
How are customer service and support?
When you work in a corporation, you have people dedicated just for that.
Which solution did I use previously and why did I switch?
I've used Splunk Cloud Platform very briefly, not too much. I use ServiceNow, Confluence for documentation, and Keyfactor for generating certificates.
How was the initial setup?
It's kind of hard for me to say because I came from a corporation where Splunk Cloud Platform was already a part of the user group where I got access to it, so I didn't have to do any of that.
Which other solutions did I evaluate?
Any IT person would rather use the command prompt. Using a simple command prompt and trying to see based on the elevated access they have, you can always check what's going on. Wireshark itself is a really good tool and a really good alternative to have any kind of packet capture and read through the data to understand what's going on.
Splunk Cloud Platform is different because it offers real-time alert. Wireshark is something that you have to let things be and then later catch and see, while Splunk Cloud Platform updates on its own. It has a lot better visuals overall.
What other advice do I have?
Regarding whether Splunk Cloud Platform's ingest and visualization features have helped improve data reporting and the overall alerting mechanisms, I haven't had the chance to use it for myself, but from the time when I was researching them for the project that I was working on, it seemed to be really effective in at least the fraud department of the team to understand any type of price alerts when something is going on.
Regarding how easy or difficult it was for me to learn how to use it, I would say on a scale of easy with one being the easiest and ten being the hardest, I would say it was around a four or five. I've used other tools before, and I've used other things such as Wireshark and some others a lot before, so I had a much better grasp than a lot of beginners might have. Recently in a meeting where we were trying to teach a beginner about this, the main person who uses it had to go through multiple rounds of meetings to show them how to use it. While watching that, I realized the gap in knowledge between someone who's in IT for years versus someone who's trying to be more hands-on but is unfamiliar with the tool.
Cloud security service has transformed onboarding, reduced maintenance, and unified orchestration
What is our primary use case?
We use Splunk Cloud Platform for security and want to implement it as a SIEM solution. We also want to replace our old legacy SIEM solution because we are adopting a cloud solution instead of an on-premises solution. Another use case is that we want to use this tool in our managed service offering. We do not use the solution to resell licenses to our customers, but rather to provide services to them. We appreciate the powerful integration that Splunk Cloud Platform offers, making it easy to integrate with any sources and any data. It is able to handle data that resides in an S3 bucket or elsewhere, not just ingested directly into the SIEM itself. We are also looking at Splunk Cloud Platform's strategy, which is very interesting because of the integration they will have regarding Agentic AI and automation. A unique solution for orchestration and automation, called SOAR in cybersecurity, combined with SIEM in a unique platform is a very interesting strategy from our point of view.
It is Enterprise Security in the cloud. This is a cloud solution.
What is most valuable?
Splunk Cloud Platform is a very mature solution and an enterprise-grade solution that brings the work we have to do with customers to an enterprise-grade level. It is something that we can manage from a single pane, and it is quite easy to deploy. I see a benefit that is not strictly related to the features that Splunk Cloud Platform offers, but it depends on the company belonging to Cisco now because we are a Cisco partner and Splunk Cloud Platform is a pillar, a vertical technology in the security area of the partnership. The benefit of partnering with Splunk Cloud Platform falls into the Cisco partnership and the benefits we can have in this important partnership we have as a company.
Compared to my previous situation, the first benefit of this solution is the speed and the effort reduction in terms of onboarding new customers and maintaining the entire platform. I will not have any more effort for system upgrades and infrastructure maintenance. This is one of the biggest benefits I can have from the solution. I save a lot of money because I do not have to spend resources anymore to maintain and operate the infrastructure and the systems.
What needs improvement?
I think it is really effective, and we are still at the beginning. The capability to search for insights is very powerful and also supported by AI and machine learning. The capabilities are increasing day by day, and new features are being released and will be released soon.
I am not able to answer right now, but I am confident they will be able to predict a trend because they promise they are able to do this using machine learning algorithms and Agentic AI features. They say they will be able to predict the behavior of your network or your infrastructure. I am really confident about this, and I hope it will be true because I need this.
There is something that they say will be improved, and I am still waiting for it. This is the Agentic AI elements inside the platform that I mentioned before. There is something present today, but the full feature is not released yet. From my point of view, it is a bit late. It is okay for me because we are adopting it and we can work on this, and it is acceptable for my timing. However, from a market perspective, they are a bit late. Competitors in some cases are earlier adopters. But I am sure they will release a very powerful tool, as per the Cisco approach. They want to win when they start doing something, and I am confident they will release a very powerful tool.
For how long have I used the solution?
I have been working with it for one month.
What do I think about the stability of the solution?
It is still a bit early to answer. We have just seen it on paper, and we have to check it.
Which solution did I use previously and why did I switch?
In my previous experience, I had enterprise security, but on-premises a few years ago, three years ago. It was integrated with another SOAR from another vendor.
How was the initial setup?
It is something that we can manage from a single pane. It is quite easy to deploy.
What's my experience with pricing, setup cost, and licensing?
Compared to my situation, it does not have any meaning because I have something legacy now. However, it is a good price on the market. It depends because if you look at the list price, it is a bit expensive from my point of view. But once you are in the partnership with Splunk Cloud Platform and with Cisco, you can have good discounts, you can make the deal and discuss, and they are willing to help you as a partner in finding the solution and finding your target. So it is good from my point of view. But if you look at the list price, it is expensive.
Which other solutions did I evaluate?
We evaluated QRadar, FortiSIEM, and Palo Alto SIEM. We chose Splunk Cloud Platform because of a combination of different aspects, not just for price or features. It is the whole combination of the features, the benefits, the cost, the partnership, and there is no one aspect leading the choice. It is a mix and a combination.
What other advice do I have?
Today, we are working with the SIEM solution, which is quite a legacy term. Saying SIEM is not really effective. It is the Enterprise Security solution, and we are now in the process to implement it. We are adopting the solution and are at the beginning. We have studied a lot, we are training people, and we are changing and modifying our process as per what the technology allows us to do. We are also evaluating the observability solution. We are working on two different paths, and one is at a more mature stage, while the other one is at an evaluation stage.
We are setting up alerts as expected.
We are integrating Splunk Cloud Platform SIEM solution with our SOAR solution, which is today from another vendor and not Splunk Cloud Platform. Then we will see tomorrow what we want to do if we want to use the unique platform, the unique Splunk Cloud Platform with SOAR, Agentic AI, SOC automation, and everything, or if we want to keep using our actual SOAR. We are integrating Splunk Cloud Platform with this SOAR.
My recommendation is to look at the future and look at the strategy. Do not look at the features today but look at the features tomorrow and not just at the technical features but at the whole strategy to integrate in one single platform all the capabilities that a SIEM solution or a log gathering solution might have. Putting together orchestration, observability, security, this kind of strategy is what an integrator should evaluate in my opinion.
I would rate this product an 8 out of 10.
Unified data monitoring has enabled proactive alerts and predictive analysis for daily operations
What is our primary use case?
The main use cases for Splunk Cloud Platform include data collection, parsing activities, use case building, data ingestion, and creating dashboards and reports. My clients use it for similar purposes.
What is most valuable?
The best thing about Splunk Cloud Platform is that you can bring any data and store it in one place. You can build meaningful insights from it, have the same data ingested, create beautiful insights, have alerting done on it, and have dashboards and reports built on top of it.
Splunk Cloud Platform's ingest and visualization features do not bind you with a limitation in the volume you want to ingest. Since we are using the compute-based licensing feature of Splunk Cloud Platform, there is no limitation to the volume of data we ingest on the platform. All Splunk Cloud Platform instances are also Smart Store supported, so that eases storage utilization concerns.
One of the best advantages of using Splunk Cloud Platform is that there are lots of proactive alert notifications from Splunk support if anything goes down on the infrastructure end or if there is anything wrong with your environment. Splunk support is on top of things, notifying you beforehand if something is going wrong and that their team is already aware and working on a fix.
What needs improvement?
I don't see any new requirements in terms of improvements for Splunk Cloud Platform at this time. Splunk's dashboarding, reporting, and visualizations are evolving at a larger scale with the new Splunk Dashboard Studio in place. There were some limitations with the classic dashboard where you had to be aware of different HTML, CSS, and custom JavaScript for better visualizations. That's being migrated towards Splunk Dashboard Studio, which is evolving at a great pace, providing similar functionalities. I have not faced any current challenges regarding Splunk Cloud Platform's limitations. I still think, however, that better configuration and customization options for workload management could be enhanced, but that applies to Splunk Enterprise as well. It's just my understanding and what I foresee, but I'm not sure if it will be a priority right now, as even without workload management, a lot can be done, and the product team might have a different roadmap.
For how long have I used the solution?
I have been working with Splunk Cloud Platform for almost six years.
How are customer service and support?
My feedback remains that you have your designated account manager who helps navigate all the cases. Sometimes, the support team may not be fully knowledgeable about the challenge you face, but through their internal escalation structure, they manage to find viable solutions sooner or later or provide updates on when issues will be fixed. I think their support is pretty good on that part.
How was the initial setup?
The best thing about the initial setup process of Splunk Cloud Platform is that you don't have to deploy your own Splunk Cloud Platform deployment; Splunk handles it for you. For the on-premises setup, you do need the initial configuration for end devices to send logs to Splunk Cloud Platform, but it's straightforward. It's just one package that you install on your end device, and after restarting, everything is sorted. There is no hassle in configuring Splunk Cloud Platform or getting on-premises devices to send data to it.
What other advice do I have?
We do use Splunk Cloud Platform's alerting mechanism. We have set up hundreds and thousands of alerts for different use cases. For example, if any of the data sources stop the ingestion or the volume has been relatively quite down, we have set up alerting for that. It creates a ServiceNow incident that falls under our team's responsibility and sends an email as a notification that this alert has been triggered, such as when XYZ feed has gone down or the data from XYZ feed has decreased up to 80% or 70%, whatever the threshold set. We definitely use all the different alerting mechanisms and alert actions provided by Splunk Cloud Platform.
Whenever we see a situation where we don't want to be reactive, we attempt to do a predictive analysis of the data ingested in our Splunk Cloud Platform. This analysis depends on an alert-to-alert basis. For instance, when talking about a data source going down, if the situation arises, we should be triggered at a threshold of around 80% decrease. In that situation, we keep a buffer of 10% and alert ourselves to notify at a 70% decrease in the feed so that we can take preemptive measures to ensure that the feed comes back online before the situation escalates.
In terms of machine learning, we are using the Splunk-supported machine learning toolkit that also has new features for artificial intelligence. We do use them for outlier detection and predictive analysis in terms of different alerting we have enabled in our environment.
To predict trends in our data, the example I shared previously involves understanding if the volume is going down or not. We do this using the machine learning toolkit itself. We have our data ingested into Splunk Cloud Platform, and each index and source type has some dedicated volume getting ingested daily. We create an average of the total volume ingested over the past 60 days, 45 days, and 90 days, and then we identify the volume ingested yesterday. We compare it with the average of the last 45 days and try to detect any deviation. All of this is part of the machine learning toolkit application itself. That's how predictive analysis and outlier detection work, and we're using that in our daily operations as well.
With different vendors, there is no problem having Splunk Cloud Platform integrated with them. For example, we already have our alerting enabled so that whenever any alert gets triggered, an incident is created in ServiceNow. I have also worked on integrating Jira and other different Atlassian products with Splunk Cloud Platform. It's user-friendly and straightforward to integrate Splunk Cloud Platform with different vendors without much issue.
For any organizations looking to configure Splunk Cloud Platform, I believe it's a simple process. It's just important to stick to the fundamentals and understand how Splunk Cloud Platform operates. The documentation is quite clear. One notable advantage of Splunk Cloud Platform is the Ingest Processor and Edge Processor, which help optimize data before feeding into Splunk Cloud Platform. We've seen a reduction of around 40% to 60% in the total volume ingested using efficient data pipelines. We provide services for optimizing data pipelines and feeds, and those tools can be quite helpful. But if you're looking to configure Splunk Cloud Platform for on-premises servers, downloading the universal forwarder package from the Splunk Cloud Platform search head is all you need.
I would rate this product a 9 out of 10.
Security monitoring has improved and provides timely alerts for cyber threats
What is our primary use case?
Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity and ensure security. In cybersecurity, it is important to protect against all malwares, and the platform is effective in searching vulnerabilities or searching threats.
What is most valuable?
Splunk Cloud Platform's ingest and visualization features help with data reporting. The platform's alerting mechanism is valuable, as there is software that makes alarms in case of attacks. Splunk Cloud Platform is used as a way for companies to enhance their cybersecurity as a question of security to ensure the security.
What needs improvement?
I think that Splunk Cloud Platform is good, and I rate it seven or eight.
For how long have I used the solution?
We have worked with Splunk Cloud Platform for approximately three years. We have also been working with Splunk Observability Cloud for approximately three years.
What do I think about the stability of the solution?
Splunk Cloud Platform is a good platform for us.
How are customer service and support?
The technical support of Splunk is good as well, and they are helpful.
What was our ROI?
Implementation has some benefit for the company.
What's my experience with pricing, setup cost, and licensing?
We think that the price of the product is quite reasonable.
What other advice do I have?
We have clients that use Splunk, but we do not use Splunk ourselves. As a person with deployment experience, I find it difficult to answer the question about implementation because we are obliged to have a platform. There are many platforms, and the implementation is not simple, but we have no special difficulties with Splunk. We think that integration of Splunk Cloud Platform with third-party tools is easy to implement.
Security monitoring has become proactive with customizable alerts and clear dashboards
What is our primary use case?
My major use case for Splunk Cloud Platform is for SOC, SIEM mostly.
What is most valuable?
What I like about Splunk Cloud Platform is the easy reading of the dashboards and finding the data, which brought me the biggest benefits.
The alerting mechanism in Splunk Cloud Platform is customizable, so we could adapt it to our needs and assign the right priorities and based on this, define the action.
Visualization features and ingesting in Splunk Cloud Platform helped to improve my data reporting, but that was also a different team that was providing the log ingestion.
Other features that were really great in Splunk Cloud Platform include real-life monitoring, so we could have logs right away, and parsing was fine, so when it was correctly ingested and Splunk Cloud Platform parsed it correctly, then we had no issues with receiving the correct alerts.
What needs improvement?
Splunk Cloud Platform could improve in how quickly it reacts to users reporting issues.
Splunk Cloud Platform can be complex depending on the log source in terms of deployment.
For how long have I used the solution?
I used Splunk Cloud Platform for seven years.
What do I think about the stability of the solution?
Splunk Cloud Platform was stable, and I did not see any performance issues or downtime, although it happened; the issue was that we had to really fine-tune the log quality so that it would not be ingested too much and handled for nothing.
What do I think about the scalability of the solution?
Regarding the scalability of Splunk Cloud Platform, I would say it is scalable, but maybe the pricing may affect the scalability because it may not be that beneficial to onboard too many log sources if they generate too many false positives and then you reach over the limit of the license.
How are customer service and support?
I would rate the technical support for Splunk Cloud Platform probably a three, because there was some support, but I remember that we were using our proxy company to submit it for us because they were bigger and maybe more convincing to Splunk.
How was the initial setup?
The biggest issue during deployment of Splunk Cloud Platform was correct log parsing.
What about the implementation team?
I can describe the impact of integration with third-party solutions in Splunk Cloud Platform as limited experience since I was the only one on the receiving end of it, and I was not integrating it with any solutions or with any other vendors; we also had the company who was supporting us in the configuration part, so we didn't even have to do it fully by ourselves.
What was our ROI?
I don't see ROI with Splunk Cloud Platform, such as time saving or money saving because I'm security operations, so I don't think in management terms.
What other advice do I have?
I have about the same amount of experience in this domain with SOC solutions, as I haven't worked with SOC SIEM solutions such as Splunk Cloud Platform before, so it's the same. My overall review rating for Splunk Cloud Platform is 8.
showing 1 - 10