Splunk Cloud, good for cloud-first companies.
Colin Jackson, CISSP, MMIS, GMON | TrustRadius Reviewer
July 13, 2018

Splunk Cloud, good for cloud-first companies.

Score 7 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Splunk Cloud

We recently implemented it in our organization, mainly for security monitoring and to provide visibility into our cloud infrastructure and various providers. We are bringing in data to better identify anomalies, events of interest, and indicators of compromise.
  • Integration with Okta for IAM-related security events and monitoring.
  • Integration with AWS for CloudTrail and CloudWatch logs
  • Integration with Mimecast for email monitoring and integration
  • Deploying apps require a support ticket and can have a long turnaround time.
  • Making changes to conf files requires a ticket and if it's not through an approved process, then Puppet will reset it to what it was previously
  • Custom apps have to be very well written to make it through the approval process.
  • We're already seeing benefits of better visibility. We're creating alerts and integrating with Slack for better DevSecOps
Depends on company org and structure, but it's a good solution.
If you have a smaller team that can't have a dedicated Splunk admin to manage the indexers, clusters, search heads, etc, Splunk Cloud is good because you have them manage it.

Splunk Cloud Feature Ratings

Centralized event and log data collection
Event and log normalization
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and views
Host and network-based intrusion detection