Splunk Cloud -- A tool that helps monitor and solve problems.
March 22, 2018

Splunk Cloud -- A tool that helps monitor and solve problems.

Jeff Kitchens | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk Cloud

Here at CCMSI, we use Splunk Cloud to monitor Active Directory Events. It is primarily used by the IT Systems Team. It has proven to be invaluable to find misconfiguration, excessive usage, improper procedures, and security events. The tool allows me to give Management the information they ask for in a graphical way that shows trends, spikes, and overall usage.
  • Splunk Cloud allows me to search the volumes of information help in Windows Server Logs quickly and accurately.
  • Splunk Cloud allows me to create Dashboards for everyday monitoring of multiple parameters.
  • Splunk Cloud allows me to create and schedule reports for Management on network usage and statistics.
  • The SPL programming language that the queries are built in is not very intuitive.
  • There should be a better repository of pre-built queries for what I would think of as common Active Directory usage monitoring.
  • I would like to see more free training/familiarization information made available.
  • Splunk Cloud has had a positive ROI in helping more efficiently track the cause of Help Desk Tickets.
  • The billing model which is based on the amount of data from logs uploaded doesn't alert if a threshold is approaching. This can have a negative ROI.
  • The training that I have taken while in-depth and focused is pretty expensive.
I have used several Solar Winds tools in the past to monitor and track similar things. Both tools are comparable in their performance. Each one has it's own set of challenges when getting set up for the first time as well as a learning curve to get comfortable with usage.
I find that Splunk Cloud is well suited for tracking user logins, Server Reboots, failed login attempts, account lockouts, and sorting these items by host or user. We often trace failed user logins to someone having cached credentials on an endpoint which can result in locked accounts that drive the Help Desk ticket volume up unnecessarily.

Splunk Cloud Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Host and network-based intrusion detection