Splunk Cloud

I am a product developer who develops certain products in the insurance domain. We mostly use Splunk Cloud Platform  for checking the logs. Whenever a check goes missing or a status is not correct, we generally check the logs first. Splunk Cloud Platform  helps us to identify where the error is. We can search with various factors, and giving a proper prompt is important as it saves us a lot of time.

Recently, one of our branch networks where all the checks get stored had an issue. They had done IP whitelisting, and some of the IP addresses were not included in that IP whitelisting. This caused a global outage and all the claims or checks that were getting processed failed. When we tried to check through the logs, we found out that this issue was the cause. We had to reach out to another team that manages the environment which caused this IP whitelisting, the middleware. When we contacted them, they reverted most of the changes and we generated new payloads. Splunk Cloud Platform helped us in finding out the errors. Without knowing which error was affecting us, searching through Splunk revealed that the IP whitelisting was done.

Generally, in our scrum calls which start on our daily call, we go through our incidents and ServiceNow , and if we find anything stuck or any mismatch that has happened, the first thing we do is check the logs directly in the call. This allows the team to have a proper understanding of what is happening. At the start, if you are a fresher, it is not beginner-friendly because it is difficult to understand. However, over time, this would be the best tool that we will ever use.

I believe Splunk Cloud Platform's ability to show right from a payload is one of its best features. When a payload is generated, each log indicates what the user has done, including certain actions. We will know what the user has done. In case the person has missed a certain logic or we find an exception, we are currently finding an illegal state change exception where if the user is not following the check lifecycle. Our check lifecycle is from awaiting submission, requesting, requested, issued, and then cleared. If the user does not follow this lifecycle, for example if the user is trying to move the check from awaiting submission directly to issued instead of going from requesting to requested and issued, it will throw this exception. We will know about it in the logs itself. Splunk Cloud Platform helps us to check the logs and identify any possible errors that the user might have done, or any possible bad job or job failure that has occurred. Initially, to find anything for any troubleshooting, we go through the logs itself. That is the feature that stands out for me.

We have a customized prompt where, initially when you go to Splunk prod, we can search with a particular primary key. In my case, it would be a public ID or a claim number or a check number, anything. When we search with it, we can go right from the payload where we can see the operations and more. We tend to create a customized dashboard as well, so that any alerts that pop up will get displayed right there, so that any of the team members can pick up and solve that issue. We occasionally do manual searches also, but in lower environments. Splunk Cloud Platform does support our INT environment and DEV environment. In case we are trying to recreate some kind of scenario in DEV or INT, we could check the logs and see where the issue is recreating.

Splunk Cloud Platform's ability to show right from a payload is one of its best features. When a payload is generated, each log indicates what the user has done, including certain actions. We will know what the user has done. In case the person has missed a certain logic or we find an exception, we are currently finding an illegal state change exception where if the user is not following the check lifecycle. Our check lifecycle is from awaiting submission, requesting, requested, issued, and then cleared. If the user does not follow this lifecycle, for example if the user is trying to move the check from awaiting submission directly to issued instead of going from requesting to requested and issued, it will throw this exception. We will know about it in the logs itself.

Splunk Cloud Platform helps us to check the logs and identify any possible errors that the user might have done, or any possible bad job or job failure that has occurred. Initially, to find anything for any troubleshooting, we go through the logs itself. That is the feature that stands out for me.

We have a customized prompt where, initially when you go to Splunk prod, we can search with a particular primary key. In my case, it would be a public ID or a claim number or a check number, anything. When we search with it, we can go right from the payload where we can see the operations and more. We tend to create a customized dashboard as well, so that any alerts that pop up will get displayed right there, so that any of the team members can pick up and solve that issue.

I wish Splunk Cloud Platform is a little more scalable. Whenever we are trying to scale up our storage, currently it stores the logs up to three months. If we want to search for prior logs after three months, we cannot find it because it stores the logs only up to three months. Suppose an incident has come up and changed to a PRB, and that PRB was created more than five or six months back, we will not be able to find the root cause because logs will be deleted automatically after three months. That is one thing I wish it to be scalable.

It is not beginner-friendly because all the information or the payload that it sends or shows is kind of concatenated, compressed, and everything. To get used to it will take some time, but you will get used to it with time. It is a best tool, and I would recommend it.

I wish Splunk Cloud Platform did not search all of the logs. If you were to search with the primary key of a claim number, it searches with hundreds or millions of similar entities, so it takes a lot of time to search that particular log which I am trying to search. The searching time is a little more. We occasionally face a little bit of server issues, but the customer support is helpful. We lose some time as well in that server downtime.

I have been using Splunk Cloud Platform for more than a year.

We occasionally face server downtime issues whenever we try to search a large number of logs or when we try to apply a large number of filters and it tries to search logs. The customer support is really good. Whenever we face an issue, we reach out to them and they fix it for us or they give us documentation and we follow that.

It is not really scalable because whenever we are trying to scale up our storage in terms of when the user increases and the count of user numbers increase and our log capacity increases, it was not adapting very well. Whenever we are trying to switch environments or create and develop a new branch, we occasionally face issues. It is not that scalable.

The customer support is really good, actually. We reached out to them a considerable amount of times. When we try to reach out to them, they provide us documentation where most of the errors that we faced would be fixed before reaching out to them. They are really good.

We used to use local logs, where it used to take a lot of time. It used to track even the data of people who are viewing that particular claim or exposure. So it was inefficient. We switched to Splunk Cloud Platform.

Since using Splunk Cloud Platform, we saved a considerable amount of time. We saved a lot of effort as well because if we do not use Splunk Cloud Platform, the only alternative we have is to check the local logs, where it tracks even unnecessary data. It is very inefficient when you are trying to check the local logs. It has impacted us positively because we saved a lot of time and effort. I think we reduced the number of employees as well because we could multitask. The tasks that used to take two or three hours would be done in twenty or thirty minutes to find that error and to do a root cause analysis or a code fix.

If I were to speak about return on investment, it is a great return on investment because it saves a lot of time and effort. It boosted our team's productivity, so dealing with tasks every day became a little bit more easier. We saved a lot of money because we did not recruit any new employees. Since the start, we are the same team, and we never really had any need to employ new web developers or anything. I would say we saved a lot of money in that domain or that scenario.

I chose eight point five out of ten because this is slightly on the costlier side. Similar products with alternatives from its competitors that are present in the market are a little cheaper compared to it. However, its features are a little better compared to that of its competitors. That is why we are still using this product. The licensing and setup cost is also slightly expensive. If the server downtime issues were fixed and if it is a little scalable, I would give it a perfect ten. I gave it an eight point five because it really helps with our day-to-day work. It saves us a lot of time and increased our team's efficiency.

It is slightly on the costlier side. Apart from that, the setup and everything did not take a lot of time for us. It is really smooth. Our managing team deals with this kind of setup and licensing things, but they never really faced an issue. It was done very quickly with no issues.

We did not evaluate any other options because we did not want to waste time and effort. We just went through proper reviews and all of the documentation. We just moved ahead with this after carefully reviewing it.

If you are a beginner, joining a corporate MNC or trying to develop a product and want to check certain logs, I would say that Splunk Cloud Platform is the best tool and product that is there in the market. It is not beginner-friendly because all the information or the payload that it sends or shows is kind of concatenated, compressed, and everything. To get used to it will take some time, but you will get used to it with time. It is a best tool, and I would recommend it.

Splunk Cloud Platform is slightly on the costlier side, but if they improve their scalability and fix their server downtime, I would say it is a good product. I gave this review a rating of eight point five out of ten.

Splunk Cloud Platform  is primarily used for data visualization, as it allows us to gain insightful perspectives on our data.

The best features of Splunk Cloud Platform  include its powerful analytics and intuitive user interface. I particularly appreciate how it simplifies complex data operations.

The ingestion and visualization features of Splunk Cloud Platform are integral to our data reporting, as they help transform raw data into meaningful visual formats effortlessly.

I believe there are a few areas of Splunk Cloud Platform that have room for improvement, particularly in user customization and documentation clarity.

I have been using Splunk Cloud Platform for quite some time.

The stability of Splunk Cloud Platform is commendable, and I would rate it a nine from one to ten.

Regarding scalability, I find Splunk Cloud Platform to be highly scalable; I would rate it an eight from one to ten, as it meets our growing needs efficiently.

From one to ten, with ten being the best, I would rate the technical support of Splunk Cloud Platform as a solid eight.

The deployment of Splunk Cloud Platform itself is straightforward; I would categorize it as easy, with minimal challenges along the way.

We have approximately one hundred users using Splunk Cloud Platform across various teams in our organization.

Overall, I would rate Splunk Cloud Platform a solid eight from one to ten, as it meets a wide range of our business requirements effectively.

When it comes to the cost of Splunk Cloud Platform, I would rate it a five from one to ten, with one being cheap and ten being expensive.

In comparison to other solutions such as DataDog, Microsoft, and Sumo, I find Splunk Cloud Platform to be quite competitive, offering unique capabilities that are valuable to our operations.

My advice for others looking into Splunk Cloud Platform would be to take full advantage of its versatile features and ensure proper training for your team.

I have Splunk Cloud Platform deployed in the cloud, and I utilize AWS  as my cloud provider.

Regarding machine learning tools, I find them to be quite impressive in their ability to enhance data analysis and predictive insights.

My thoughts on the alerting mechanisms in Splunk Cloud Platform are positive; they work effectively to notify us of important changes or issues in our data.

I assess the effectiveness of the search capabilities in uncovering operational insights as quite robust, as they provide detailed results swiftly and efficiently.

My thoughts on the integration with third-party providers is that it generally is seamless, allowing us to synchronize various tools with Splunk Cloud Platform easily.

Overall, I would rate this review an eight from one to ten.

I have experience with Splunk Cloud Platform . We use it for log monitoring, debugging, and various other purposes.

Since I joined as a software developer, I have been working with Splunk Cloud Platform  for around two years. It is the main tool we use during production issues. We monitor it not only in production issues, but also when we move code to UAT, QA, or XAT environments. We first monitor and check Splunk logs to ensure everything is functioning correctly and to identify what is going wrong.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

Splunk Cloud Platform helps in analyzing logs from different services, not just one service, and identifying errors. Especially during production issues, it is our primary platform for understanding where everything goes wrong and determining the root cause. The main feature I appreciate is the Search and Processing Language, which we call SPL. It allows us to query and filter logs efficiently. We can filter by time, whether for a few minutes or hours, and we can filter by various other parameters, such as which user has made the most requests, user-wise breakdowns, specific error patterns, exceptions, or failures. We can use time-based filtering and keyword searches to narrow down on the relevant logs we wish to see at any particular point in time.

I use the alerting mechanisms present in Splunk Cloud Platform. Without Splunk, we would have to manually go to production logs and search for various things manually, which could be very time-consuming. When we use Splunk, these mechanisms are automated. We only need to change the query sometimes because we search for different mnemonics and different teams. If we adjust the region or the team and then provide the particular keyword we are searching for, this helps us change the logs and see what we really need.

One unique feature with Splunk Cloud Platform is that it can be used not only for log creation but also for creating dashboards. I have created one dashboard myself for visually representing data. This dashboard checks various clients and services to see how many hits we have seen. I made it as a pie chart, and when we click on one of those sections, we are able to see how many hits that service has received. For that particular service, we can check how many users have contributed to that hit. When we send that visualization to higher management, they make decisions based on what service to focus more on. The decisions matter and vary according to management priorities.

The Search Processing Language of Splunk Cloud Platform has a steep learning curve. To extract the correct amount of logs needed, you must understand the exact mnemonics. Writing efficient SPL queries requires time to become accustomed to the language. Only after you have a good grasp of the basics of Splunk Cloud Platform and understand how to trace logs will you be able to use it perfectly.

Handling a large volume of logs requires proper filtering strategies. Logs keep coming in very large quantities, but you need to know how to properly filter them. Proper filtering strategies must be understood and implemented.

The setup and configuration for Splunk Cloud Platform is complex, especially from a developer perspective. Although it was relatively easy for me, the setup and configuration were handled by the platform team, which had to deal with the complexity in the initial phases.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

Splunk Cloud Platform does not require any maintenance on my end as a developer. We only use it for checking logs. Maintenance is handled by the platform team. Sometimes Splunk experiences downtime for a few minutes, which we are notified about via email, sometimes during weekends. I am not certain what happens during those phases, but as developers, we are unable to use it for that short period of time, sometimes around half an hour during midnight hours on weekends. Otherwise, it functions well.

I have been using this solution for two years.

Splunk Cloud Platform has fairly good stability. However, I have noticed that the Show Source feature, which displays detailed versions of logs, sometimes takes a little time. Whenever the system needs to show 100 lines or 1,000 lines, that takes some time usually. When a large number of logs sometimes enter the system, we sometimes see lag. Especially during the Show Source function, when checking the detailed logs of any particular log, I have seen this issue sometimes. Otherwise, everything is fine.

Splunk Cloud Platform is quite scalable. All services and event-based streaming, such as Kafka, have all logs flowing through Splunk Cloud Platform. We have seen that it handles this well and is great at scaling to meet our needs.

I have not contacted the technical support of Splunk Cloud Platform yet. Even when we are unable to get something resolved, we have our seniors and experts in our team and adjacent teams who help us understand where we are going wrong with the queries and other issues. I have not personally contacted the technical support yet.

The initial onboarding process when I first started using Splunk Cloud Platform was not very complex. When Splunk was initially onboarded to the company, I understand that was a complex process. Since I joined, the process has been fairly simple. We just had to submit an access request for a particular mnemonic or for a particular team and we are able to check the logs for that mnemonic once we get access. The approval process is a bit tedious in our organization. We have an approval process for every tool, not only Splunk Cloud Platform. Once you receive approval, you should be good. However, we can only check for that particular team or mnemonic. If we wish to check for other services, we have to submit a request form again, and that goes through several layers of approvals before we are able to see the logs.

I have not used any alternatives to Splunk Cloud Platform since I joined my organization. We have been using Splunk only for observability and tracking and monitoring. So far there are no other alternatives that we have tried out in our organization.

From a developer perspective, I am involved in coding, checking logs, monitoring, observability, and other related tasks. The platform team takes care of the setup and configurations, which is complex initially. The pricing aspect is handled by management and not something I am directly involved in. I would rate this product a 9 out of 10.

I use Splunk Cloud Platform  to check logs. As a product developer, whenever I try to make a transaction to see whether it has proceeded smoothly, we check the logs. In logs, we can see from the payload how the message gets generated, which is very useful for us.

I work as a product developer for Guidewire, an insurance tool, where we mostly face payment-related issues. It follows a check lifecycle where it starts from awaiting submission, requesting, requested, issued, cleared, pending stop, stopped, and everything. We have various check lifecycles. Suppose if a lifecycle is missed and the user is trying to proceed with a transaction starting from awaiting submission and moving directly to issued instead of requesting to issued, we face an illegal state change exception. Without Splunk Cloud Platform  logs, we wouldn't know what type of exception we are facing. We help the user after checking the logs as well.

Recently we faced an issue where we use another software called One-Ink, where most of our process checks get updated to our database. From there, they were doing IP whitelisting where most of the payment-related features were done. IP whitelisting means giving out an IP address only for certain individuals where they can do payment-related changes. When they were doing that, they missed two or three of the IP addresses that were needed to be processed, and we had a global outage for check-related issues. We checked logs to know whether the issue was or how the issue got generated. We had to create a new payload and check it from Splunk Cloud Platform to see whether the payload got generated and the affected claims were resolved.

Generally, when we face a certain issue, if a check-related transaction will have a public ID generated, for that public ID, we don't have it in the UI. We have to query the database to get the public ID. Public IDs are primary keys and using those primary keys as a substitute, you have to search through our logs.

Logs can ask which type of log you need to give it, such as a claims pay logger or a state change logger or any other logger as a filter. Then you need to give that public ID and it would give you all the fields that were changed in that specific criteria that you were searching.

For me, with Splunk Cloud Platform, if you don't give the necessary filtration values, it has its own querying type. If you do not give a proper query or anything for the log to be generated on a primary key, it won't give you the values. It takes too much time and it checks a large number of values. Sometimes it goes more than a million, so that takes a lot of time. However, if you use proper filtration, it takes much less time. It saves our time and we could also pause the values, we could pause the search fields, we could resume the certain fields, we could skip a few fields, and we could check right from the payload whether which messages were generated and how the transaction was proceeded.

Splunk Cloud Platform holds only three months' worth of data. If you try to search for more than three months or prior to three months, it wouldn't store the values because the data stores a large number of data. I believe that's the limit for us. I believe having flexible memory would ease us because whenever we face an incident, if we want to look for this occurrence or root cause, if it is prior to three months, we wouldn't have proper logs to check.

I wish it would take a little less time and not search through unnecessary things. Of course, querying depends on the developer's knowledge, but storage is also an issue because I feel memory is not flexible enough. If we try to increase our memory, it will charge us a considerable amount of money.

I have been using Splunk Cloud Platform for around one year and three months.

We face occasional downtime issues where when we try to scale up, we face a considerable amount of challenges. If we consider one month, we would face around two to three days of downtime issues.

Scalability is a little issue for us because it's not currently adapting to our rightful needs. I believe they should upgrade on their side to match our tempo.

I never really reached the customer support, but they provide proper documentation, so all that was required. Mostly our support team takes care of any needs that were needed by us.

I did not use any solution prior to this because in this project, this was the tool that was working when I started.

We picked this tool because it was on top of a line in the market and it suited our specific criteria. We are developers, so it suited and matched our tempo.

I would say initially, to read Splunk Cloud Platform logs, it would prove very difficult because it is definitely not beginner-friendly. It will take around 15 days to one month to just adapt to what is a log and where you need to find the error because a payload and every logger is a complex form where line by line it will be written, but what that line is, they won't show that. It is definitely not a beginner-friendly tool, but it is definitely the best tool that is available in the market for insurance-related products.

Related to the pricing factor, I think it is slightly on the costlier side, but I wouldn't know much because I'm not on the management side. My organization divides developers and management, so we wouldn't know the price for it.

Generally, at our morning call, we go through our incident team-wise and assign incidents based on what we can do. Before we can do that, we check whether this is doable or not. We go through the logs and find if any check-related issues or claim-related issues that we face. We go through the logs and first check where the problem is because most of the problems that we faced were related to permission issues, where the user might not have permission and tries to make a few changes when that person doesn't have permission. They face a few errors or issues and cannot log in through certain sites or anything. Splunk Cloud Platform helps us reduce the time and effort through checking the logs. If we didn't have this, we would have checked the history loggers, where it checks and tracks even the person who viewed that particular claim. It would take a considerable amount of time.

Initially, we were a team of 300 people where our project started with three different teams. Before having this, prior to Splunk Cloud Platform logs, we used to depend mostly on the history loggers where it tracks our history or movement. Any small changes would be tracked down there, but we wouldn't have any sort of search criteria where we cannot search. We would have to manually go through step by step, one column after another, to see who has done what changes. That would prove an issue. After Splunk Cloud Platform was introduced to us, we saved a considerable amount of time. Time is a major factor for us developers.

Our team started off with 300, and now we are 30 people. We saved a considerable amount of money and resources that are required to hire more people. We started off with a team of more than 300 people and require less than 30 people right now. I think it's over a five year duration where we came to this number, but I think fewer employees are needed because of this, and we spend little effort because logs track everything. It helps us in our day-to-day task.

Storage is the major issue that we face occasionally because whenever we are trying to solve a root cause issue that is a PRB, we would require a lot of history loggers which would not be available for us. The second issue would be that it is not that scalable. I don't think increasing our storage would cost us a less amount, but it would cost us more. I would rate this product an 8 out of 10.