Splunk Cloud

Splunk Cloud Platform  serves as our main platform to bring all our log and machine data into one place so that we can easily monitor, troubleshoot, and investigate issues. On a daily basis, we collect data from different sources including applications, servers, security tools, and cloud services. Whenever an issue occurs, instead of checking multiple systems manually, we use Splunk Cloud Platform  to search events, compare timelines, and understand exactly what happened. For example, if an application error or suspicious activity occurs, we can quickly check related logs, identify the affected systems or users, and take action faster. Beyond troubleshooting, we also use it for dashboards, alerts, security monitoring, and operational insights so that our team can detect problems earlier rather than reacting after users are affected.

The most valuable features I found in Splunk Cloud Platform are mainly the search capabilities, dashboards, and alerting system. The biggest advantage for me is the SPL search capability. When investigating issues, I can quickly filter millions of events, connect different logs together, and find the root cause without manually going through multiple systems. Another feature I really value is custom dashboards. We create dashboards for system health, security events, and application monitoring which give the team a quick overview of what is happening. Real-time alerting is also very useful because we do not have to continuously watch logs, and Splunk Cloud Platform automatically notifies us when unusual activity or failure happens. Since it is a cloud platform, we do not spend much time managing servers or upgrades, which allows us to focus more on analysis and solving issues.

The biggest benefit we have seen from Splunk Cloud Platform is that it has made troubleshooting and monitoring much faster. Previously, when issues happened, we had to check multiple systems separately to collect logs and understand the problem. Now with Splunk Cloud Platform, everything is available in one place so we can quickly search across different data sources and find the root cause. Another benefit is better proactive monitoring. With dashboards and alerts, we can identify unusual behavior or failure earlier instead of waiting for users to report problems. It has also reduced operational workload because Splunk Cloud Platform manages the cloud infrastructure, updates, and maintenance, allowing our team to spend more time improving security and reliability rather than managing the platform itself.

The overall experience is positive, but there are a few areas where I think Splunk Cloud Platform can improve. One area is the learning experience for new users. Splunk Cloud Platform is very powerful, but understanding SPL queries, data models, and advanced features takes time. More guided recommendations or AI-assisted query building would make onboarding easier. Another area involves cost visibility and optimization. Since the environment generates a lot of data, having simpler ways to understand usage patterns and optimize ingestion would help teams manage expenses better. I also feel that some advanced configuration and troubleshooting options could be made more self-service in the cloud environment so that teams can make changes faster without depending on support. These are not major issues, but improving them would make Splunk Cloud Platform even easier to adopt and manage.

I would not say that there are any missing functionality features, as Splunk Cloud Platform already covers most of our monitoring and analytics requirements. However, there are some areas that would improve the experience. One thing I would suggest is more built-in intelligence for query creation and troubleshooting. SPL is very powerful, but having more AI-based suggestions for building searches and optimizing queries would help users work faster. Another area is automated data optimization recommendations, such as suggestions on which logs are less valuable, which searches are expensive, or where we can improve performance. Additionally, more ready-made dashboards and use case templates for common scenarios would help teams get value faster without building everything manually. Overall, the core functionality is strong, but more automation and guidance will make Splunk Cloud Platform even better.

I have been working with Splunk Cloud Platform for around 1.5 to 2 years.

Overall, we have not faced any major performance issues with Splunk Cloud Platform. The platform has been stable and handles large amounts of data quite well. Search performance, dashboards, and alerts generally work smoothly even when working with high volumes of logs from different data sources. The only times performance can be affected is when searches are not optimized. Running very broad queries across a large time range can take longer, for example. However, this is usually improved by following best practices such as optimizing SPL queries, using the proper index, and managing data correctly. From my experience, performance depends not only on the platform but also on how well the data and searches are designed. Overall, it has been reliable for our cases.

From my experience, Splunk Cloud Platform scales very well as the organization grows. As we add more applications, users, or data sources, we can continue bringing that data into Splunk Cloud Platform without worrying about managing additional infrastructure. The platform allows us to expand gradually. We can start with important logs and later add more sources based on business needs. The biggest improvement we noticed is that even with increasing data volume, the team still has one central place to search, monitor, and analyze information, which helps maintain visibility as the environment becomes more complex. Because Splunk Cloud Platform manages the cloud-side capabilities and updates, scaling becomes much easier compared to maintaining everything ourselves.

My experience with customer service and technical support has been positive overall. The support team is knowledgeable, especially when it comes to troubleshooting platform issues, configuration questions, or best practices. The documentation and community resources are also very helpful because many common problems already have detailed solutions available. For normal issues, responses are usually quick and we are able to resolve things without much delay. For more complex technical problems involving custom configuration or deeper investigation, it can take a little longer and requires escalation to a specialized team. Overall, I would say the support experience is reliable, and the combination of official support, documentation, and community makes it easier to manage Splunk Cloud Platform.

I have also worked with and evaluated tools such as CrowdStrike Falcon  LogScale and Elastic Stack  for similar log management and analytics use cases. Falcon LogScale  is very strong when it comes to fast searching and threat hunting, especially for security-focused work. It provides very quick performance and is lightweight for analyzing large amounts of data. Elastic Stack  is also flexible and provides good search and visualization capabilities for teams looking for more customization. Where Splunk Cloud Platform stands out is its overall maturity, ecosystem, and ability to support multiple teams and use cases from a single platform. It is not only for security; we can use it for operations, application monitoring, troubleshooting, and business insights. The strong integration, dashboard, SPL capabilities, and managed cloud experience were the main reasons Splunk Cloud Platform was a better fit for our environment.

The initial setup of Splunk Cloud Platform was quite straightforward compared to traditional on-premises deployment. Since Splunk Cloud Platform manages the cloud infrastructure, we did not have to spend time setting up servers, storage, or handling backend maintenance. Most of our efforts focused on connecting data sources, configuring inputs, creating indexes, and setting up dashboards and alerts. The basic deployment was smooth, but the important part was planning the data onboarding properly, deciding what logs to collect, how to structure them, and setting permissions for different teams. There was a small learning curve in the beginning, especially around SPL queries and optimization. Once the foundation was ready, managing and expanding Splunk Cloud Platform became much easier. Overall, the setup experience was smooth and manageable.

We mainly handle Splunk Cloud Platform setup in-house with our internal team because it is a managed cloud platform. The infrastructure side is already handled by Splunk. Our team focused on the actual implementation work, including connecting data sources, setting up indexes, configuring dashboards, and creating alerts and managing user access. For some best practices and documentation, we referred to Splunk resources, but day-to-day configuration and customization we managed internally. Overall, having an in-house setup worked well because the cloud model reduced a lot of infrastructure complexity.

We looked at a few alternatives such as Elastic Stack, Datadog , and CrowdStrike Falcon  LogScale before going with Splunk Cloud Platform. Each tool had its own strengths. Datadog  was good for cloud monitoring, Elastic provided flexibility, and Falcon LogScale  performed very well in high-speed log searches. The reason we preferred Splunk Cloud Platform was that it gave us a more complete solution. We needed something that could handle security monitoring, operational troubleshooting, dashboards, and analytics together instead of using different tools for different teams. Another important factor was Splunk's maturity and ecosystem. The availability of integrations, apps, documentation, and community support made this option more attractive. For our use case, Splunk Cloud Platform provided the right balance of scalability, reliability, and flexibility.

My advice would be to plan your data strategy before starting with Splunk Cloud Platform. Splunk Cloud Platform is very powerful, but the value you get depends on how well you organize your data sources, indexes, and use cases. Do not try to bring every log into Splunk Cloud Platform from day one. Start with the most important systems, create useful dashboards and alerts, and then expand gradually. I would also recommend investing some time in learning SPL and best practices because that is where you can really unlock the power of Splunk Cloud Platform. Overall, Splunk Cloud Platform is a great solution, especially for organizations that need strong visibility and analytics without spending time managing infrastructure. I rate this product a 9 out of 10.

Splunk Cloud Platform  is used for our on-premise server. Our organization uses it as a cloud SaaS product. We have deployed our server on Splunk Cloud Platform . We have partnered with AWS  and Splunk Cloud Platform because we already use Splunk Enterprise Security . Additionally, we get Splunk Cloud Platform in that form.

The best features in Splunk Cloud Platform are that it is very fast compared to any other cloud because we have integrated Splunk with Splunk Cloud Platform. We get the logs from the agent to Splunk, and we store those logs on the cloud. We are using it for real-time monitoring. The SPL, meaning search processing language, is also very easy. Any other SOC analyst can learn that language for searching. The searching query language is very powerful.

For monitoring, it is a very good cloud. We have integrated it with the Splunk SIEM  tool only. Additionally, the platform's app ecosystem is very easy to use even in the initial starting phase, and it supports responsibilities including real-time alert monitoring and event correlation. It is very easy to learn the cloud because we have integrated it with the SIEM  tool.

Compared to other clouds we were using before, the price of Splunk Cloud Platform is very nominal because our sales team is already a partner with the Splunk team. We get some benefits in pricing. We already purchased existing Splunk. They also offer a cloud service to our organization. Improvement-wise, I do not see anything, because compared to AWS —and we also partner with the AWS cloud—it is very cheap.

Our entire SOC is deployed on that cloud only. I would suggest going for Splunk Cloud Platform because AWS, Microsoft Azure , and Google Cloud  are very expensive in comparison. Improvement-wise, I do not see anything. You can go for it.

I have been using Splunk Cloud Platform for six months.

Stability-wise, with Splunk Cloud Platform, I did not find any issue because it is a cloud. If it is down, then our whole server and client servers are all down. Stability-wise, it is very stable. There is no issue with using Splunk Cloud Platform. Any other cloud is very stable, which is why we are using the cloud service rather than having a hard disk in our organization. We do not require any hardware as a service. That is why we pay clients to have SaaS, a cloud as a service. Stability-wise, it is good. There are no issues. If an issue occurs in our organization, we usually raise a ticket to the team to handle it. If there is a storage issue or any integration issue that happens with our customer, we directly schedule a call with the customer and the tech team.

Regarding the ability to scale with Splunk Cloud Platform, you can. We have integrated Splunk with Splunk Cloud Platform, but as I told you, we also have Wazuh  and Microsoft Sentinel . We deploy all the servers on Splunk Cloud Platform only. It is up to you how you scale because it integrates with any other SIEM tool. We just want API keys to integrate with it. We have to pay for the amount of data or cloud we are using. That much we have to pay to the Splunk Cloud team.

All our data is on Splunk Cloud Platform. We have multiple customers, so as per their requirement and their purchasing from the SIEM tool, we deploy all the servers in Splunk Cloud Platform only.

I would rate the technical support of Splunk Cloud Platform as nine, because Splunk Enterprise has good technical support. Splunk Cloud Platform provides good support as a cloud service.

Regarding the deployment on AWS Cloud, it is very easy compared to others. It is very easy because I also work with the Azure  cloud because I am working with the Microsoft Sentinel  SIEM tool. Deployment is very easy for the cloud. We just require an API key to integrate with it or with any other tool. For cloud, the deployment is very easy.

My impressions of the visibility into cloud, on-prem, and hybrid models while using Splunk Cloud Platform are that there are no challenges. It is more that you want to know about the language for searching on the cloud. I already told you about the SPL language, for Splunk and for the cloud. If you have the knowledge about how to manage and search in the cloud, it is very easy. I am in the learning phase. It is new to me right now, but I am still learning.

When I compare Splunk Cloud Platform with other solutions or other vendors, I compare it with Microsoft Azure Sentinel . They are both cloud platforms. Compared to Microsoft Sentinel, Splunk Cloud Platform has a good area. Microsoft also gives a very wide area, such as Defender XDR , connectors, and threat intelligence. It is also the same in Splunk, but I prefer the Splunk one compared to Microsoft Sentinel because it is very easy to use.

In Sentinel , there are many roles and responsibilities for reader, contributor, and responder. However, in Splunk Cloud Platform, we can additionally give admin tasks or role-based tasks to the SOC analyst role. It is very easy for a SOC analyst to handle.

For others looking to implement Splunk Cloud Platform, my advice would be to go for it. First, you have to do the pilot deployment. Second, you have to learn the SQL language for Splunk Cloud Platform because it is very important to learn. If you do not learn that query language, the SPL search processing language, you cannot find or do threat hunting and investigation for alert analysis. You can follow the investigation chart, such as a process tree, analyzing the IP, and verifying the IOC with the PF. Most effectively, learn the SPL language. If you learn it, you can easily handle Splunk Cloud Platform.

To be a ten out of ten, when I compare Splunk Cloud Platform with others, Splunk Cloud Platform is leading the market. Our sales team is also going to tell customers to go for Splunk Cloud Platform because we are pushing Splunk only. We get the SIEM tool and cloud in one platform. We did not have to find a different way to store the logs or storage on another AWS cloud. As our organization's option, we are also pushing clients to use Splunk Cloud Platform as a cloud and SIEM tool. It is beneficial for us and for them.

Splunk Cloud Platform's cloud is AI, so I can say ten out of ten. However, there is one issue: when our storage limit is crossed, they directly charge higher. From a charging point of view, it is about cost and AI. If there is an improvement, or if they give some discount to our organization, such as we are using two hundred GB per day, but if on any day we exceed that limit, they charge our organization a higher amount. They charge high.

I would rate this review nine out of ten overall.

I work with Splunk Cloud Platform  for visualization and alerting. Use cases include real-time threat detection, monitoring, firewall, VPN, EDR, Windows log, and detecting brute force attacks, suspicious login activity, and security alert investigations. Examples of alert names include detecting multiple failed logins. In these cases, I have to write query languages in Splunk. The query language is SPL, which is the Splunk Processing Language, and I have to write coding by indexing first, ensuring the index is equal to Windows, and then for event code, I type 4625, which represents failed login, to find failed logins.

Splunk Cloud Platform 's best features include powerful log management and real-time monitoring features, advanced threat detection features, easy scalability without managing servers, cloud-based fast data search, a great dashboard UI, automated alerts, and strong security analytics for our organization's SOC team.

The benefits I have seen from using Splunk Cloud include centralized log management, real-time monitoring, strong security analytics, and easy scalability without needing to manage physical servers. It helps our organization quickly detect threats and investigate incidents, monitor cloud infrastructure, and with the help of SOAR , we can automate alerts. The platform also supports many third-party integrations, making our environment more efficient and reliable.

I think the dashboards could be better. I mentioned earlier that SPL and dashboard can be hard to understand for beginners, so I would suggest an easier learning curve for beginners and lower pricing for small organizations. Additionally, faster dashboard loading with large data sets, more user-friendly reporting and visualization options, and reduced false positive alerts in SIEM  detection would improve usability. Improving documentation and guided troubleshooting is key so we can troubleshoot easily. Overall, while Splunk Cloud Platform is powerful, usability and cost optimization could still improve for new users.

I have been working with Splunk Cloud Platform for the last six months.

I rate it eight because it offers strong stability, powerful log analysis, advanced security threat monitoring, and excellent cloud integration, improving visibility and SOC efficiency. However, the pricing can be high, and some configurations or advanced features may require technical expertise, which takes time. There is room for improvement.

Scalability in Splunk Cloud Platform aligns well with our organization's demand fluctuations, allowing us to handle increasing amounts of logs and security data without major infrastructure changes. The cloud manages this, reducing the workload on our internal IT team by handling server maintenance, updates, and scaling automatically. This helps our organization save time, improve performance, and reduce infrastructure management efforts.

I would rate the customer service and technical support teams an eight out of ten.

Previously, we used Wazuh  in our environment before going with Splunk Cloud Platform.

The differences between Wazuh  and Splunk Cloud Platform lie in cost, scalability, features, and management. Splunk Cloud Platform is a commercial SIEM  type, while Wazuh is open source. The security provided by Wazuh is less robust, whereas Splunk Cloud Platform's technical team and pricing reflect its more comprehensive capabilities. Splunk Cloud Platform provides a better dashboard, faster large-scale log searching, strong support, advanced threat detection, and better third-party integrations.

I find the initial setup process very easy, simple, and straightforward.

The setup process is generally easier compared to on-premises Splunk because infrastructure and updates are managed by Splunk Cloud Platform. However, configuration, integration, and log onboarding might still require technical knowledge, especially for Level 2 personnel.

The deployment setup was mainly a third-party managed deployment for Splunk Cloud Platform.

HDFC Bank is the partner that helped us deploy Splunk Cloud Platform. We work directly with Splunk for deploying Splunk Cloud Platform, especially for cloud subscription support onboarding and enterprise deployment. In our case, we used both the partner for integration and customization.

I have seen a strong ROI with Splunk Cloud by improving security visibility, reducing incident response times, and lowering infrastructure management efforts. It centralizes log monitoring and automation, offering real-time analytics that help our organization detect issues faster, reduce downtime, and improve operational efficiency. Although the platform can be costly at times, many companies find value through enhanced security operations and reduced manual workload.

The subscription model impacts our financial planning for data platform investments by being subscription-based, meaning our organization pays based on data ingestion volume and workload usage. This model includes cloud hosting, maintenance, updates, and security support from Splunk. It helps companies scale resources as their logging and monitoring needs grow without the burden of managing physical infrastructure.

We evaluated other options before choosing Splunk Cloud Platform, and compared to some alternatives, Splunk Cloud Platform offers greater scalability, faster log searching, and was one of the options we evaluated alongside other SIEM and monitoring solutions such as IBM QRadar .

We chose Splunk Cloud Platform because it provides better scalability, faster log analysis, strong cloud and third-party integrations, and advanced security threat monitoring compared to other solutions. It offers centralized visibility, real-time alerts, and a user-friendly dashboard that makes it easy to understand and create dashboards, improving our organization's overall monitoring efficiency.

My experience with Splunk Cloud Platform's app ecosystem shows that it is not very difficult to use, and once you understand the basics, it becomes straightforward. The SQL queries are easy to understand and write. For first-time users, it might seem confusing at first when searching logs or creating dashboards, but after some practice, it becomes much easier. The setup of Splunk Cloud Platform is simpler because Splunk manages updates and infrastructure, allowing users to focus more on monitoring alerts and investigations instead of server maintenance.

My perception of using native models over third-party integrations in Splunk Cloud Platform's environment is that integrating third-party tools or platforms with Splunk Cloud Platform provides a mostly smooth experience. It supports many integrations such as AWS , Microsoft, CrowdStrike, and other security tools through APIs, and we also use add-ons. The initial setup can take some time, especially for permissions and log configuration, but once we connect, data collection and monitoring become much easier and more efficient.

We have integrated with many third-party solutions, such as AWS , Microsoft Azure , CrowdStrike, Google Cloud , Microsoft Defender, Palo Alto firewalls, FortiGate firewalls, Cisco firewalls, and other security or monitoring tools. These integrations are usually done through APIs, add-ons, or log forwarding, with various types of forwarders available, such as heavy forwarders and universal forwarders. They help teams collect data, monitor activities, automate alerts, and improve security visibility from a single platform.

My impression of the solution's visibility into multiple environments, including cloud, on-premises, or hybrid environments, is that Splunk Cloud Platform offers very good visibility across all these environments. It helps monitor logs, security events, applications, and network activity from different platforms in one centralized dashboard, making threat detection faster and more efficient in our environment.

Regarding Splunk Cloud Platform's zero-setup feature for AI models, it uses AI and machine learning features for security analytics, including anomaly detection and automation. Splunk User Behavior Analytics  uses machine learning to detect abnormal user and entity behavior, and the Splunk machine learning toolkit helps create machine learning models for forecasting, anomaly detection, and data analysis. These AI features help our organization and IT team automate investigations, detect threats faster, and reduce false positive alerts while improving monitoring.

The zero-setup feature for AI models affects my ability to deploy AI solutions by providing a flexible setup for deploying AI and machine learning solutions. It supports integration with other third-party AI tools and cloud services, making it easier to develop and deploy AI-driven security and monitoring use cases. Future features including the Splunk Machine Learning Toolkit and AI assistant help create predictive analytics and anomaly detection with less manual effort.

My advice for teams considering Splunk Cloud Platform is to plan data ingestion and use cases properly to avoid unnecessary costs. Start with important log sources and build dashboards and alerts gradually. Understanding SPL queries through integration with cloud and security tools will help get the best value from the platform. Proper tuning and monitoring are also crucial to reduce false positives and improve SOC efficiency. I would rate my overall experience with Splunk Cloud Platform a 9 out of 10.

Currently, we are using Splunk Cloud Platform  for our basic security. We have our own firewall, and we are getting that firewall data. We have installed Splunk agent on all of the laptops for our 200 to 300 plus employees. We are collecting data from a lot of servers and all internal sources everywhere and putting that into Splunk Cloud Platform . We are performing analysis on what users are doing, and some security use cases are based on the firewall logs. We also have Zscaler logs that we are using for all purposes.

For AI models, there is one good feature in Splunk Cloud Platform. We are using the latest version 10.2, so there will be SPL to SPL3 conversion. There are AI features as well that can help write some Splunk queries. AI will help in this area. Other than this, we are not using AI in Splunk Cloud Platform.

For Splunk Cloud Platform, the best feature is that we don't need to manage the infrastructure. That is one of the best things. We don't face any downtime issues. If we are facing anything, we just need to create a support case and the Splunk team will resolve everything. There are maintenance windows, and they will take care of everything. That is a good thing that I appreciate. We just need to manage only search and no background things. Everything will be taken care of by the cloud teams.

With Splunk Cloud Platform, we are managing the apps ecosystem. Inside the manager, we will see all of the apps. For this, we do have a deployment server and a cluster master. With that, if we need to upgrade the app, we just need to create a support case, and the Splunk team will upgrade all of the apps on behalf of us. We can also do manual things as well. Sometimes in the UI, there is an upgrade apps option available. We are upgrading that manually as well. For our forwarders and our clients, we are pushing apps from our deployment server. For this, we can download apps from Splunkbase, put it in the deployment server, and just deploy there. It will go everywhere and it will restart Splunk and it will come up. This is a straightforward process. It's easy. We just need to take care of one thing, which is to read the Splunk release notes.

For improvement in Splunk Cloud Platform, the Splunk docs are available, which is helpful. However, for cloud, they need to give some more visibility. They need to give cluster master access to us and some more visibility into what they are doing and what they are performing. We would like to see what the settings and backend access are. We are not modifying anything, but they must need to give some read access so that we can see what the configuration is being deployed behind our search UI and all the things. That is one thing that they can improve.

For improvement, they can integrate a lot of default apps. There are a lot of default apps already, but let's say we are using Palo Alto firewall, we are getting Windows event logs, Linux logs, and these types of logs. Every customer is getting this kind of logs. They need to give some default dashboards or we just need to change the index, and that will help to populate all of the data. Everyone wants to know who is logging in and who is logging out. These are some basic security use cases that are there. Splunk Cloud Platform needs to publish one app as a default app and inside this app, you will have all of these things.

We are using this product since two years. Last year we think about Cribl .

This is a very stable product. It will act immediately and will give alerts. Everything is on time, so it's very good. I rate stability from 1 to 10 as nine.

The scalability of Splunk Cloud Platform is 10. It's a fully scalable product.

For Splunk Cloud Platform, there will be some issues I faced for downscale while coordinating with Splunk support. However, for upscale, they can easily do it. If we want to add more data, they can add more indexers and can add more size as well. Let's say we are storing right now 100 TB, but if we want to increase from 100 to 150 TB, we just need to say that to the support sales team, and they can increase it in one to two days. So for upscale, it is very good, but for downscale, sometimes we face issues.

The technical support for Splunk Cloud Platform is very good. I will give a 10 because they immediately help and support. I rated it 10 out of 10, the support.

I never used other SIEM , but I can compare Splunk Cloud Platform as one of the stable SIEM  products. Other than this, there are log connectors, and one more thing is DataDog. However, they are not very feasible compared to Splunk Cloud Platform. With Splunk Cloud Platform, you can modify whatever you want. Let's say you want to run Python, you want to run any script, you want to monitor any port, you want to monitor data from syslog, whatever you think, you can do it in Splunk Cloud Platform. But you cannot do the same thing in some other solutions. In that case, Splunk Cloud Platform is one of the best things.

Deployment of Splunk Cloud Platform was easy, but you need to learn Splunk. For example, if you have some understanding and you are at least a Splunk certified admin minimum, then you can able to do all of the things. Deployment doesn't face any issues. You just need to download the .tar.gz file, extract this and start this. That's all. However, there are a lot of components, such as search head, indexer, forwarder, heavy forwarder, and universal forwarder. To connect all of these things, you must know how Splunk works and how to configure all the things. You must go through training.

We have 200 plus users working with Splunk Cloud Platform, around 250 or 200.

Maintenance for Splunk Cloud Platform is not required because Splunk version upgrades and some security fixes will be taken care of automatically by the Splunk Cloud team. However, for our heavy forwarder and from our side, there is a half infrastructure on our side as well. For that, we need to manage it, but one person is enough for that.

Regarding pricing for Splunk Cloud Platform, it is not cheap. It's cost-efficient if you are using it properly. If you really need the SIEM solution, then it is very cost-effective for your company. However, if you are not using it properly, then it is very costly for you. If you are just using this for storing data and just to see the things, then this will be a costly product.

I will give advice to others looking to implement this product that if you have more than one TB of data, then this product is helpful. Other than this, this is mainly a SIEM solution. It will help for security use cases. It is mostly designed with a lot of AI features and threat intelligence available. This is very helpful for the people who are looking for security solutions because there are a lot of intelligent dashboards available in enterprise security and it will give you a full map of your company where the data is flowing. You can collect the data and put it in Splunk Cloud Platform and you can see visually. This will give you raw things to visualization. So it's good.

For Splunk Cloud Platform, we are using cloud, so visibility is less. I can say that because I don't know where my indexer is or where my data is getting stored. It's in the cloud, it's secure, and it's managed by Splunk and Cisco. It's a trusted thing, but we don't know where they are storing or what the things are. We just have one URL, which is a search URL and we are using that. Visibility is less, very less in the cloud.

For the integration capabilities of Splunk Cloud Platform, we don't need to go anywhere. Splunkbase is there. Whatever, let's say tomorrow I'm purchasing a new product, Fortinet or any product. I just need to search 'FortiGate add-on Splunk' or 'FortiGate app for Splunk'. I can browse that on Google Chrome  and I can easily find one of the apps that is built already. For Okta, there are default apps. Whatever product you think, there is a default app available on Splunkbase. We just need to simply download and install in Splunk Cloud Platform. That's it. It will work. We can integrate other solutions with this with the help of this app in Splunk Cloud Platform and we can get the data and we can visually see these things. I give this product an overall rating of 9 out of 10.