What is our primary use case?
This solution is very useful for our Infosec team that manages our enterprise-level security. It collects logs from all of our on-premises devices and servers for search and analysis. All of the logs are collected on-premises and then sent to Splunk Cloud for analysis.
What is most valuable?
The reporting and dashboards are very good.
In terms of reporting, everything is customizable. You can write a query to have the reports and dashboards created for you, and it will be based on that data.
The documentation is pretty good.
Integration with products and devices works well. We haven't had any limitations or problems connecting to our network devices.
What needs improvement?
The training models can only be accessed for 30 days, even if it is paid training. This is a limitation that I feel should be lifted because if we are paying for it then we want to be able to continue to use it.
For how long have I used the solution?
I have been working with Splunk Cloud for a year and a half.
What do I think about the stability of the solution?
This solution is pretty stable. It is used on a daily basis and in the past year and a half, I haven't faced any issues.
What do I think about the scalability of the solution?
We have a team of 20 for our SOC operations who will be monitoring the results of Splunk Cloud.
How are customer service and technical support?
The support is pretty good. We are a premium customer so when we raise a ticket, they deal with it right away. Also, if it needs to be escalated then the account manager will get involved.
Which solution did I use previously and why did I switch?
We did not use another log management solution prior to this one.
How was the initial setup?
Splunk Cloud is pretty straightforward and easy to set up. It is a SaaS solution, so we don't have to do anything on our end.
What about the implementation team?
We are a team of six people who maintain our security solution.
What's my experience with pricing, setup cost, and licensing?
Compared to other products, Splunk Cloud is expensive.
The licensing is based on the amount of data that we send to the cloud on a daily basis. It is expensive, although it has more features than other SIEM tools.
What other advice do I have?
Overall, I find that Splunk is pretty good. It is a very mature product and I can see that compared to when I used to five years ago as an end-user, they have been improving in every way. The interface is something that has become more user-friendly over time. When there is something missing, it is handled by another product from the vendor. For example, if you need to add predictive analysis then you use Splunk Phantom.
There are many other SIEM tools on the market, such as IBM QRadar and ArcSight Logger. Splunk is comparatively more expensive but it has many features and good functionality. I definitely recommend it.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?