We used Sumo Logic in the past, but it wasn't an enterprise-grade solution, so it couldn't support the scale we required. Additionally, Sumo Logic lacked support for many integrations. The Splunk Cloud Platform fulfills our scaling requirements and integration needs. Moreover, our team possesses skills that align well with Splunk, making it a better fit for us.

In our organization, we used multiple products. We had Dynatrace and other products, but we mostly preferred Splunk. It was more user-friendly than others, and we could search everything easily. We could create dashboards. Other products were more difficult.

We had IBM QRadar, and we moved from IBM QRadar to Splunk Cloud. Cost-wise, Splunk is a premium solution. We pay more, but we get a better experience with Splunk Cloud Platform. It is easy to manage. There is a better user experience. When it comes to identifying issues, it is pretty easy with Splunk. Cost-wise, we have not saved much, but in terms of resiliency and digital experience, we get a lot from Splunk.

We get a lot of capabilities with Splunk Cloud and Splunk Enterprise Security. We also do application monitoring, and we wanted to embed both solutions into one. That is the whole reason we got Splunk.

We have a bunch of tools, not just Splunk, in our ecosystem. Splunk is one of our tools for monitoring purposes. We have other tools for alert management, global alert repository, etc. In our ecosystem, Splunk serves the main purpose of detecting and bringing the issues to our analysts to resolve them. Splunk plays a vital role.

We previously used Qualys. We switched mainly due to the costs involved. We also didn't want to migrate our resources to it. We simply wanted a monitoring tool, which is why we chose Splunk. Splunk in comparison is really cost-efficient. 

Before Splunk, we used distributed instances of Elasticsearch, Logstash, Grafana, and Graphite. This was ten years ago. Splunk was in its early days. Everybody had heard of it, but it had not become apparent why people need something like Splunk, so people had been building their own little instances. A lot of that still exists today in the organization because of the Splunk pricing model, the performance issues that we have on Splunk Cloud, and the stability. People want access to their data, but they also want to own their data. They do not want it to go into the black hole that is Splunk Cloud, so they keep it on-premises. They keep it in their own systems, such as Elasticsearch or Logstash, mostly because they can maintain sovereignty over data.

I have worked with a lot of other products, but not as a cloud solution. I have designed cloud solutions for other products like what Splunk currently has. I have worked with IBM, which has its own cloud platform, cloud monitoring solutions, and security solutions. Similarly, we have other market solutions that will act as a security solution, but they are in different behaviors. We have designed one for other customers, which monitors other cloud and hybrid solutions.

Splunk is currently at the top rating because I haven't explored other ones. I started exploring Microsoft Sentinel, which is a good competition for the Splunk Cloud Platform, and it's a healthy competition. I would like to see a very light-flavored source solution integrated with the Splunk Cloud. Once people start tasting source solutions, they will surely explore them more because that's how hunger is created. Other solutions already have the source solution in them. For example, Sentinel has its own source solution, which they give as an integrated part.

We previously used Splunk on-premises. 

We have not used another solution previously.

Over the past 25 years, I have used several different solutions. In the past, I preferred using a terminal interface rather than a web interface. Splunk has an API and a mobile app, but ultimately, Splunk users are confined to their browsers. This is one thing I would like to change, as I would prefer to be able to use Splunk outside of a browser. However, this is also one of Splunk's biggest advantages, as it is a universal platform.

We used Splunk Enterprise before migrating to Splunk Cloud Platform.

I have previously used different solutions like DataStage, Datadog, Grafana, and ClickView.

We were using ArcSight. The decision to switch to Splunk did not come from me. It was the decision of the company itself. It was a requirement. We could not track the up/down status with the other SIEM. Splunk can do that better. That was one thing. 

Another thing was the way Splunk can put things like MITRE ATT&CK into their platform. The way it handles rules and things like that makes it a lot better with the processing power. Splunk is search-based, whereas ArcSight is real-time. It fires the minute an event comes up, whereas Splunk has a separate way of doing it. They run a search every hour or so. It is not resource intensive. A lot of times, I can only turn on a minimum amount of rules, especially correlation rules, in ArcSight. I used to have about 300 or so in ArcSight. I probably have about 400 or 500 in Splunk, so the hardware processing power is a lot better.

My company previously used a custom, on-premises solution. Splunk was already implemented when I started at my company. 

We're asking ourselves now why we use Splunk. Our next step is to go out and evaluate other products in the market that may be not as costly and offer the same feature set.

We were not using any similar solution previously.

My company has been with Splunk for quite some time now. We are well integrated at this point, and we are in the process of migrating over to Splunk Cloud specifically. We used Splunk on-prem for a while. We are currently in a hybrid situation, and we are making our way toward being completely on the cloud.

I have used many tools including Elastic, Grafana, Tableau, and Sumo Logic.

Splunk is indeed superior in many cases, but other tools are also making progress to catch up, with Elastic being one of them. They have begun developing their own SIM offering, complete with its own SIM features. Similar to Splunk Cloud, Elastic also has its Elastic Cloud Stack. Some of the features provided by Elastic seem to outperform Splunk. Therefore, there is room for Splunk to enhance these aspects. As for pricing, it could be more competitive, considering that other tools also provide the freedom to choose the Cloud Stack. Although Splunk offers this flexibility, the process often involves extensive discussions, making it less adaptable compared to other tools.

We previously used Splunk Enterprise. We switched to Cloud Platform because we wanted to consolidate a couple of instances to one place and we're moving our security team to the cloud. 

We migrated from an on-premise solution that we had for about three years. We saw cost efficiency when we went from on-premise to the cloud, but I do not manage the budget.

We are using Dynatrace in parallel. We used Splunk as a cybersecurity tool, and we embraced Dynatrace a few years ago. So far, Dynatrace does a great job. Splunk is closing the gap. With today's announcement at the Splunk Conference, they are catching up. We are also using Microsoft SCOM, so it is a trio. It helps us do a better job.

We did not use another log management solution prior to this one.

We did not use any similar solution.

I have only been working with Splunk for these past three years. I am not too much of an expert. I left my role as an officer in an organization in 2014, so from 2014 to 2017 I was not in touch with the advancements of products in the industry. But I was using other solutions prior to Splunk.  

We had three or four monitoring tools other than Splunk. We had AppDynamics, Grafana, and others, but we were mostly concentrating on Splunk because we were able to fetch all the details from a particular transaction using Splunk. We were able to create our own dashboard so that we get alerts regarding errors or transaction loss for the customer. The most useful thing was that when we were fetching details from a payment ID or a grid, we were able to track the complete workflow for that API. We were also able to fetch the details about whether the issue was in our team or the external team. We were able to track that very accurately using Splunk.

We did also use LogRhythm. It has a very good UI in comparison to Splunk, yet it doesn't have as many capabilities and does have a few more restrictions. That said, it's a good product for creating use cases and automation, which is easier than Splunk. We moved to Splunk as LogRhythm did have some restrictions.