The main use case with Splunk Observability Cloud is to capture the logs from the SD-WAN in order to check the health of the network and the flow of data from different sources to the central place.

The best feature of this product is the latency and processing of all the telemetry that is being received, which gives full visibility at the right time. 

One cannot protect and operate what they don't know. When there is this observability, it helps to see exactly what is present, the problems that may exist, and hence, it increases digital resilience by having proactive actions ahead, which increases the availability of the service.

The teams have utilized the ability to enrich data with custom metrics, as this enrichment is one of the key aspects used to have a clear understanding of which assets are being attacked, enabling necessary actions to be taken. The data has been enriched by adding customized information from customers' databases from different sources.

The pricing would be one area for improvement.

I have used the SIEM solution since 2019 and have had experience with Splunk Observability Cloud for the last year.

I would rate their customer service and technical support an eight out of ten.

Positive

I work for SI, and we deliver to different organizations based on their requirements. We are responsible for implementation, so we implement and they see the value out of it.

Splunk Observability Cloud has improved the operational performance of our clients.

It is expensive.

The AI component is one of their strengths; currently, most competitors are moving in the same direction. As SI professionals, we are seeing different improvements in the AI domain for different products, and they are at the leading edge with many vendors following them.

My overall rating for Splunk Observability Cloud would be a seven out of ten.

My primary use cases for Splunk Observability Cloud include creating dashboards for metrics, detecting incidents, and ensuring overall observability of applications, service connections, and integrations, along with reporting and Slack integrations.

By visualizing the integration of the service, I can understand the flow of the data, which is one of the features I appreciate most about Splunk Observability Cloud.

With the metrics collection, I can proactively find incidents and work on the major issues when they happen and predict these issues.

With alerting and the detectors, we can inform the engineers that are on call to take over the service responsibility.

With the metrics and the dashboards, we can have a clear view of how the system is performing. Splunk Observability Cloud has helped improve my operational performance by detecting, analyzing tracings, and detecting alerts.

50% of our metrics on Splunk Observability Cloud are custom metrics, so we heavily rely on that. The out-of-the-box customizable dashboards provided by Splunk Observability Cloud are excellent, especially with the Amazon ones, AWS, memory cache, and Kubernetes dashboards, which are complete for the Kubernetes needs.

The UI of Splunk Observability Cloud is one of the major issues; it's old and has been there for more than 10 years, acquired by other applications from other companies. It's time to reinvent how the UI is going to work with the AI modules and integrations, making it softer and cleaner.

Splunk Observability Cloud is comprehensive in terms of functionality and features, so educating users has to be more functional. Users need to know how to be educated about certain views or pages they're working on.

I have been using Splunk Observability Cloud for five years.

I assess the stability and reliability of Splunk Observability Cloud as built on top of reliability because of the Cisco networking and infrastructure. That's not a concern for me; I totally rely on it. I've experienced downtime, crashes, and performance issues with Splunk Observability Cloud, as with any other solution. Comparing it with other monitoring solutions, Splunk has been excellent with availability. When I experienced issues, they were communicated through maintenance windows, resulting in 100% satisfaction with how they conduct this.

Splunk Observability Cloud scales very well with the growing needs of my organization. We didn't have scaling issues as the application evolved. I expanded usage of Splunk Observability Cloud when the company opened new coverage areas in different countries. Adding those metrics or new indexes to Splunk wasn't much of an issue in scaling.

I evaluate customer service and technical support for Splunk Observability Cloud as having only great experiences working with people at Splunk.

Positive

Prior to adopting Splunk Observability Cloud, I was using Datadog, which would accomplish 70% of what Splunk does currently.

There have been so many challenges that I can't name one right now. There is always a challenge in deploying open source material, like the open telemetry modules, that don't have the reliance on Splunk. It's just an integration challenge that we have the most. Deploying Splunk itself wasn't that much of a big deal.

I see ROI with Splunk Observability Cloud. My company is heavily dedicated to analytics, so the Splunk deal is significant. I cannot imagine how the business would run without it currently.

I had low pricing and setup costs for Splunk Observability Cloud, and overall, my company has received a good deal on all the features that we have. We just have to understand how to explore it further.

Not directly because of Splunk, but the visualization that I have with the main aspects of scaling made us create custom dashboards that proactively detect the changes in scale, and then we can get ready for those changes. We don't have to spend time testing the new capacity when it's already being defined and envisioned by Splunk.

My advice to other organizations considering Splunk Observability Cloud is to watch out for your budget. If I could assess the impact of not having Splunk Observability Cloud, there would be a monetary impact with other solutions. For the business, we would lose resiliency of the system. To imagine the impact, it would be catastrophic.

Splunk has to think about how to redesign Observability Cloud. It came from SignalFx and AppDynamics to Splunk Cloud. It's a merge of different platforms into one, and this merge is being done at a pace where I expected more velocity.

On a scale of one to ten, I rate Splunk Observability Cloud overall as a seven.

Our main use cases for Splunk Observability Cloud are to observe our application, our websites, and our infrastructure metrics.

What I appreciate the most about Splunk Observability Cloud is the APM part and the log analytics part. These features can help us with troubleshooting our problems between multiple systems. 

Distributed tracing is very useful to us, and the infrastructure part can help us identify problems with the infrastructure. Splunk Observability Cloud has helped improve our operational performance and our company's resilience on the path of adopting it, and I expect more improvements in the future.

The RUM part of Splunk Observability Cloud can be improved significantly. We are currently struggling to use it since our application is mixed mobile and non-mobile. Some AI features in the search functionality could be beneficial in the next release of Splunk Observability Cloud.

In GCP, Cloud Run is not natively supported by Splunk, and we are challenged with bringing data from Cloud Run to Splunk. Native support of it in the future would be great for us.

We started using Splunk Observability Cloud one year ago.

I would assess Splunk Observability Cloud as quite reliable. The only problem is the graphical interface, which sometimes is buggy. It crashes, doesn't display data, and requires reloading the browser. I have experienced downtime with Splunk Observability Cloud only once, which lasted one hour due to issues that prevented us from logging into the platform.

Splunk Observability Cloud scales with the growing needs of our organization quite efficiently. I have expanded the usage of Splunk Observability Cloud, and the process of expanding usage was smooth apart from one part.

Customer service and technical support respond very quickly. That said, sometimes the solutions take too long to implement.

Neutral

Before adopting Splunk Observability Cloud, we used DataDog, and before that, we had no solution. The factors that led me to consider the change were mainly because my company has different IT offices. My IT office used DataDog, another IT office used New Relic, and others used different tools. We needed to adopt Splunk across the group to have something standard in my company.

My experience with deploying Splunk Observability Cloud was quite good, mainly since we almost have everything on cloud and that makes deployment quite easy.

My advice to other organizations considering Splunk Observability Cloud is to adopt it if you don't have anything else as it's a very good tool, and having something for observability is very good. Not only for the observability part but for all the Splunk platform, that's great. 

On a scale of one to ten, I rate Splunk Observability Cloud a seven out of ten.

My main use cases for Splunk Observability Cloud include Application Performance Monitoring, synthetic monitoring, and dabbling in infrastructure and what comes along with it; however, we do already have a tool that does infrastructure. We're debating about just switching it all over to Observability.

The features of Splunk Observability Cloud that I prefer the most are its all-encompassing licensing model, which is comparatively better than others in the market. We're switching off AppDynamics, and the licensing model always constrained us, so that is our main reason for switching to observability, as the licensing is all-encompassing.

The benefits of these features for my organization are significant. The license is all in one, meaning infrastructure, APM, synthetics, RUM, and the logs are all under one license, allowing us to offer that to our application teams more so than we were ever able to do before. 

We're currently trying to implement RUM, Real User Monitoring, with two applications just to get a feel for it, which we were never able to do before, since it was a completely separate license that we needed to purchase. So we're able to offer more of a full suite, more of a one-stop shop sort of thing, versus what we were able to do before.

The user interface of Splunk Observability Cloud needs a lot of work. I have been known to describe it as slapping lipstick on a pig. The pretty colors draw in everybody, however, the actual functionality of it has a lot that you cannot do, and how the user interface is organized is very difficult to navigate. This is a driving factor for us not to use the product.

The next release of Splunk Observability Cloud should include a feature that makes it so that when looking at charts and dashboards, and also looking at one environment regardless of the product feature that you're in, APM, infrastructure, RUM, the environment that is chosen in the first location when you sign into Splunk Observability Cloud needs to stay persistent all the way through. There's no reason that a user should have to keep having to restart all of their filters and select their environment anytime that they switch to a different area of the tool.

I have been using Splunk Observability Cloud for one year exactly.

I have not experienced downtime, crashes, or performance issues with Splunk Observability Cloud yet.

Splunk Observability Cloud scales with the growing needs of my organization, however, we very quickly always run into hitting the limit for custom metrics. This is something we've discovered that we have to manually manage, which is not fun, especially for large applications such as our huge tracking system, since we're a logistics company, as well as the two main revenue-generating applications. We are probably going to hold off putting them into Splunk Observability as we're constantly bumping the limit already.

I would evaluate customer service and technical support as hit or miss as I get the impression that the support folks assigned to our account might be spread a little too thin. They are good people and do good work; however, I get the impression they're spread a little too thin. If we put in a ticket, we do get a response in a decent amount of time, so that's not a problem.

Positive

Prior to adopting Splunk Observability Cloud, I used several solutions. The solutions we used include Zabbix, Splunk Core, Grafana, Prometheus, and AppDynamics, so a whole suite of things.

The deployment has been fine for cloud applications. It is very tumultuous for on-prem. That is supposed to be getting fixed over the next year. Right now, it's not there. So I always tell my management we're a year and a half too early for this tool.

I have seen ROI for our cloud applications, as we've been able to fully integrate with one application, which is a big revenue producer for the post office, and it's something that they were not able to do before, so we have been able to see that. In terms of ROI, I would say 100%.

We don't currently use the out-of-the-box customizable dashboards provided by Splunk Observability Cloud to showcase IT performance to business leaders. 

I will say we have not expanded usage to other applications since we're still stuck where we are. 

My advice to other organizations considering Splunk Observability Cloud is to wait until next year. 

On a scale of one to ten, I would rate this solution five or six.

My use case is the APM model, as we have the APM and since I mentioned I have all the flavors of Splunk, from Splunk Cloud, Splunk ITSI for specific event management, Splunk Observability Cloud is specific to the APM model. When I say APM model, it is infrastructure monitoring, synthetic transaction monitoring, and real user monitoring.

With the help of Splunk Observability Cloud, I can monitor all the real-time transactions happening in the entire application. With the help of OpenTelemetry, I installed everything and got the logs, traces, and metrics. I created the dashboard since I have the data within the Splunk Observability Cloud. As I have the observability data within Splunk Observability Cloud, this observability cloud will not go with event management.

If I want to go with event management, we will be sending the data to Splunk ITSI. Combining these, Splunk Cloud, Splunk ITSI, and Splunk Observability Cloud, we achieve the Splunk full-stack observability. This means I can monitor the overall application availability, including the REM, synthetics, all the APM, and the network observability coming from the arm. We can achieve full-stack observability with the help of all these Splunk stacks.

Splunk Observability Cloud has enhanced our operational performance and our company's resilience, ultimately contributing to improved customer satisfaction. Regardless of the business, customer satisfaction shouldn't compromise or degrade performance; it should remain optimal. Since I have these features available and inbuilt within Splunk Observability Cloud, building all these functionalities only takes seconds. I might encounter a little distraction; I can't say it is 100% perfect, however, it is about 95 to 96% resilient to whatever business we have.

The best features of Splunk Observability Cloud include the Splunk Assistant and the Splunk AI Assistant, which help in triaging issues and identifying them immediately, allowing me to create dashboards in a matter of some minutes or seconds. We can monitor all the Kubernetes, Docker, and whatever platform we have, including AWS, Azure, and GCP.

We can monitor all the AWS CloudWatch logs, GCP stacks, and storage. Everything can be monitored because we have the out-of-the-box dashboard add-ons. You don't need to do anything, but you might have to work a little bit; however, everything might be inbuilt, allowing me to fetch everything and monitor from all platforms, whether private cloud, public cloud, or data centers like Equinix.

The benefits I can see from using Splunk Observability Cloud include faster and quick resolution, allowing me to identify the root cause analysis, or RCA, for whatever issue is currently going on. This is the first analysis and first RCA. That is one of the most significant advantages or features we can achieve with the help of observability, offering simple and fast resolution.

Splunk Observability Cloud has indeed helped reduce downtime, as it has inbuilt operations that send triggers in real time, even for false alerts or positives, within seconds. It can identify anomalies and future forecasting. If an anomaly continuously occurs, it indicates something has gone wrong. It may not be a real issue, but something is about to happen. In such cases, we raise an incident or utilize the ITSM tool integration to immediately inform the next dealer group, ensuring quick action is taken.

Regarding blind spots, I haven't seen significant issues in this aspect with Splunk Observability Cloud. However, if one wants to eliminate blind spots, it may require writing some technical mix, which I haven't explored in depth.

In terms of AI-powered analytics and guidance provided by Splunk, we have two AI features: the Splunk AI Assistant and the Splunk Commander AI. The Commander AI embodies a generative AI functionality, connecting with LLMs. According to LLM standards, various algorithms are written to perform specific functions. As soon as the request comes from Splunk, it connects with the respective LLM, which will select the algorithms you need. This is an inbuilt AI module within Splunk, and the only requirement is a specific add-on called the Splunk MLTK, which stands for Machine Learning Toolkit. Having this MLTK add-on, tightly coupled with AIOps capabilities and ML, yields good results in AIOps operations.

Regarding the effectiveness of the out-of-the-box customizable dashboards provided by Splunk Observability Cloud, they showcase IT performance very well. It includes multiple add-ons and intelligent integrations, but it is crucial to ensure that data comes to Splunk Observability Cloud via the OTel Collector and universal forwarder. Once data is received, I can create dashboards for GCP utilization or AWS CloudWatch details. Although there may be numerous metrics to monitor from AWS and GCP, not all are critical, so the dashboards have been constructed to focus on the critical parameters we want to monitor.

In my organization, we have built observability for many applications. Although I cannot disclose specific account information, I use it for development purposes with a minimum number of users. User numbers can extend based on infrastructure, environment size, and data ingestion rates. The maintenance of Splunk Observability Cloud is very easy; it's manageable.

For potential areas of improvement, I find that while Synthetics, APM, and infrastructure management models are fine, an enhancement could be seamless integration with some third-party tools. It should better support interactions within Splunk tools.

If a customer utilizes third-party tools and wants to forward data from Splunk Observability Cloud, seamless integration would be beneficial. This is crucial for passing data to tools such as Dynatrace or Grafana, as integrating some third-party add-ons can be challenging, involving many implementation and configuration steps.

I have been using Splunk Observability Cloud for around two years.

Stability within Splunk Observability Cloud is reliable; I rate it a seven out of ten. I haven't experienced any significant stability issues, though it does depend on the environment's size, and multiple factors come into play when assessing stability.

From a scale of one to ten, I rate the technical support an eight, based on my experiences raising tickets for Splunk Cloud and Splunk ITSI, where I receive proper support. I haven't raised a ticket specifically for Splunk Observability Cloud, but I hope that the support levels are consistent across the board.

Positive

The deployment is easy.

The costs of Splunk Observability Cloud are a bit higher compared to AppDynamics and Dynatrace. I'm not saying it's prohibitively expensive for Splunk Observability Cloud, however, it is on the pricier side.

It's noteworthy, however, that both AppDynamics and Splunk are Cisco products, and there is discussion about possibly consolidating these licenses into a single offering soon, though I'm not certain on that.

When comparing Splunk Observability Cloud with other products or solutions on the market, it tends to stand out. It has improved significantly over time. Initially, when it was acquired from SignalFx, it lacked many functionalities and was not very useful, even if the features existed. Now, after a couple of years, it has become much faster and improved in functionality.

Splunk Observability Cloud is a solid choice if you're considering APM solutions, especially as it is likely to combine with AppDynamics soon due to their shared Cisco ownership, which should enhance its market position.

I would recommend Splunk Observability Cloud to others because it allows for faster resolution and root cause analysis. In any business, flaws are common, but Splunk Observability Cloud is a tool that provides quick results. For industries such as retail, where every second counts with high traffic, Splunk is particularly beneficial, enabling effective tracing and metrics collection.

I'd rate the solution seven out of ten.

We utilize Splunk APM for security purposes, monitoring all transactions within the organization to prevent potential attacks. Additionally, we leverage Splunk APM to analyze application logs, gaining insights into application behaviour and facilitating a reduction in Mean Time To Resolution should any issues arise in the production environment.

OpenTelemetry provides more accurate information about an application by combining views from the customer perspective, infrastructure metrics, and application-specific data. This holistic view enables full telemetry observability, allowing us to analyze and strategize effectively for our company or clients.

Once configured correctly, the analysis reporting the Splunk APM provides is better than that of the other APM tools. Once the correct fields are defined, we can create different report dashboards.

Splunk isn't an ideal tool for application performance management due to the extensive setup required. It necessitates various configurations to gather diverse information from applications, networks, or other sources. Creating the right tables and defining the appropriate fields to extract comprehensive data involves a significant amount of setup within the tool. Managing this process can be quite challenging. However, once configured, the collected information is invaluable, although not easily manageable.

Splunk falls short compared to other APM tools such as AppDynamics or Datadog. It does not collect online information in real time and relies heavily on log files. Unlike Datadog, which collects real-time application behaviour data like CPU, memory, load, and response time, Splunk requires additional configuration to obtain similar information. This makes using Splunk for APM purposes significantly more difficult compared to the automatic data collection capabilities of AppDynamics or Datadog.

I have been using Splunk APM for more than a decade.

Splunk APM lacks scalability, requiring the administrator to constantly monitor or create specific alerts to ensure sufficient disk space, CPU, and memory for data collection and transaction processing. This results in a tool that is challenging to manage and costly to maintain.

Splunk support is responsive and provides quick resolutions when tickets are opened. Their service has left a positive impression on me.

Positive

The initial deployment is complex, requiring the definition of the switch, storage, correct host, and working with certification. This necessitates at least one expensive specialist, costing approximately $5,000 per month to hire and work with our team.

Splunk APM is expensive. Even before we begin, we need substantial infrastructure investment to collect comprehensive logs. For example, to gather log data, we must create specific tables in Splunk, starting at 50 gigabytes. In a cloud environment, this storage requirement becomes very costly.

I would rate Splunk APM six out of ten.

Cisco recently acquired Splunk, and its roadmap for the coming year includes incorporating aspects of Splunk into AppDynamics. Cisco's intention behind combining these two tools is to showcase its commitment to open telemetry and comprehensive observability to the market and its customers.

Splunk Infrastructure Monitoring helps identify bottlenecks within the network domain, including issues related to server databases, application response times, and code. These problems can be resolved by our customers promptly.

It is easy to use. It offers a unique dashboard reporting tool called Ollie. Ollie is essentially an observability tool, and it's also referred to simply as "Ollie" for brevity. It's important to note that this product is agent-based only.

Splunk Infrastructure Monitoring helps improve the efficiency and performance of applications by up to 70 percent.

It has helped reduce our mean time to detect. It has helped to reduce our mean time to resolve by around 50 percent.

Splunk helps us focus on business-critical initiatives.

It integrates well with multiple sets of products.

The vibrant dashboards are valuable.

The main drawback of Splunk for network monitoring is its limited agent deployment. Splunk excels at collecting data from servers and databases where agents can be installed. However, it cannot directly monitor network devices, unlike Broadcom.

Broadcom offers Spectrum and Performance Management tools that primarily work on SNMP to collect data from network devices. Splunk doesn't have a directly comparable functionality for network devices.

While Splunk offers a wider range of data collection, including metrics, logs, and more, it can be more expensive. Splunk's licensing model is based on data volume (terabytes) rather than the number of devices. This can be costlier compared to Broadcom or similar tools, which often use device-based licensing.

The end-to-end visibility is lacking because Splunk cannot directly monitor network devices.

Broadcom provides a topology-based root cause analysis that is not available with Splunk.

I have been using Splunk Infrastructure Monitoring for 10 years. 

Splunk Infrastructure Monitoring is stable. 

Splunk deployment is simplified because it is cloud-based. The deployment takes no more than 15 days to complete.

Splunk's infrastructure monitoring costs can be high because our billing is based on data volume measured in terabytes, rather than the number of devices being monitored.

Replacing legacy systems with Splunk could cost up to $200,000.

I would rate Splunk Infrastructure Monitoring 7 out of 10.

The decision to move from another infrastructure monitoring solution to Splunk should be based on a customer's specific needs. While Splunk offers visually appealing dashboards and access to a wider range of data compared to Broadcom products, pricing can be a significant factor, especially in the Indian market.

Deploying Splunk for a customer can involve higher upfront infrastructure costs. This is because implementing Splunk effectively often requires writing custom queries to filter data and optimize license usage. While this approach minimizes licensing costs, it can be labor-intensive.

Right now it improves the gap between our on-prem data centers and our cloud environment. We've been using Splunk on-prem for eight or nine years now and it's been useful seeing existing tools that we've used like Splunk integrate into cloud environments and bridge that gap. We use the integration the most.

It has reduced our mean time to resolve. It's been easy to aggregate logs and infrastructure data in one place, making it easier to find a single point as opposed to jumping around tools. It's ten to fifteen percent better. It makes aggregating data and logs faster for our cloud purposes.

There's a feature that allows you to connect to AWS infrastructure that we've been using. Its integration with the cloud is what we're looking forward to the most.

It is very easy to monitor multiple cloud environments. It's like a single pane of glass for us. We can use it to monitor our on-prem and both of our cloud environments as opposed to having different tools for each environment. It makes it all come together in one tool.

It's fairly important that it has end-to-end visibility into our native environment. We host a lot of other programs in our program. We host an infrastructure platform. It's good to have the integration that we can pass on to our customers to show them that there are tools they can use to better their program while we're using them to better ours. So it's been pretty beneficial.

Splunk's ability to predict, identify, and solve problems in real-time is good. I was very happy with the keynote. A lot of the use of machine learning is cool. We're excited to get our hands on that once it makes its way to Enterprise.

We still use Splunk Enterprise licensing. A lot of the newer features go into Splunk Cloud before Enterprise. We're not looking to switch our licensing over, so we're falling behind on the newer features. I know Splunk has plans to move their cloud features into Enterprise at some point. The only improvement we would like is to have more features put into Enterprise that focus on the cloud. Some people come from an on-prem environment and slowly move to cloud and would have to make a full jump into the Splunk Cloud licensing to get any of the cool Cloud features.

The program that I'm on has been using Splunk Infrastructure Monitoring for around three years now. We started off mainly on-prem for data centers and we've slowly migrated into AWS and Azure for cloud footprint.

The company has been using Splunk since we were a lot smaller. We were using Splunk for data logs, aggregation, and things like that.

It's very stable. We've never had issues with that. Anytime we do have stability issues, it's something that we can work on to fix. It's not an inherent flaw with the product.

Scalability is excellent. That's what Splunk is designed for, big data aggregation. It's been very easy and seamless to scale up over the years.

I've only had a couple of Splunk support cases, and they've been very, very prompt in responding, especially compared to some of the other big enterprise tools we use.

Positive

We have seen ROI. It's made onboarding better and it's easier for engineers in our project because there's a single pane to view all of these different environments.

We have seen time to value. It makes it a lot easier to train new people and get them spun up. We had our cloud environment for a couple of years before we started integrating with Splunk. It was a pretty quick improvement within a couple of months, noticing how beneficial it was to have a single pane of glass in all of our different environments.

I understand Splunk wants people to move towards Cloud licensing for a lot of the newer features, especially for multi-cloud. It would be nice to see those in Enterprise. I understand why they do it but that is my main concern. 

I would rate Splunk Infrastructure Monitoring a seven out of ten. There's more we can do with it. We just haven't explored it.