Sold by: Splunk
Deployed on AWS
If you are looking for security and operational visibility across your AWS environment including applications, infrastructure and AWS services such as CloudTrail, Config, VPC Flow Logs, and more then Splunk Cloud is the right solution for you.
4.2
Overview
If you're looking for security and operational visibility across your AWS environment - including applications, infrastructure and AWS services such as CloudTrail, Config, VPC Flow Logs, and more - then Splunk Cloud is the right solution for you. Organizations of all sizes leverage Splunk visibility with AWS agility to rapidly troubleshoot applications, ensure security and compliance, and monitor business-critical services in real-time. Splunk Cloud makes it easy to gain end-to-end visibility across your AWS and hybrid environment. Leverage Splunk Cloud with the free Splunk App for AWS to gain critical security, operational and cost optimization insight into your AWS deployment. Whether you're managing applications, infrastructure or a security operations center in the cloud, Splunk delivers Operational Intelligence for a real-time understanding of what's happening across your business and IT so you can make informed decisions. It's easy to get started - and remember - when choosing a product option, match your location and anticipated index volume per day. Splunk Cloud is now FedRAMP authorized: Moderate
Highlights
- Collect and index any machine-generated data from virtually any source or location in real time. Just point Splunk Cloud at your data, and it immediately starts collecting and indexing so you can start searching and analyzing.
- Splunk Cloud offers single-pane-of-glass visibility across on-premise Splunk Enterprise and Splunk Cloud deployments, enabling customers to deploy Splunk as software or SaaS according to their business requirements, while maintaining centralized visibility.
- Splunk Cloud includes support for Splunk apps and other content. Splunk apps deliver a targeted user experience for different roles, use cases and enterprise technologies. These apps can help you visualize data in new ways or provide pre-defined views of leading technologies such as Linux, Windows, VMware and more.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
US - 5GB/Day | Index Volume | $8,100.00/GB |
US - 10GB/Day | Index Volume | $13,800.00/GB |
US - 20GB/Day | Index Volume | $24,000.00/GB |
US - 50GB/Day | Index Volume | $50,000.00/GB |
US - 100GB/Day | Index Volume | $80,000.00/GB |
EMEA - 5GB/Day | Index Volume | $9,315.00/GB |
EMEA - 10GB/Day | Index Volume | $15,870.00/GB |
EMEA - 20GB/Day | Index Volume | $27,600.00/GB |
EMEA - 50GB/Day | Index Volume | $57,500.00/GB |
EMEA - 100GB/Day | Index Volume | $92,000.00/GB |
Vendor refund policy
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Splunk offers a variety of support options to help ensure your success.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Top
10
In Data Anonymization, Data Security and Governance
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Real-time Data Collection and Indexing
Collects and indexes machine-generated data from virtually any source or location in real time with immediate search and analysis capabilities.
Multi-deployment Visibility
Provides single-pane-of-glass visibility across on-premise and cloud deployments, enabling centralized monitoring across hybrid environments.
AWS Service Integration
Supports integration with AWS services including CloudTrail, Config, and VPC Flow Logs for comprehensive AWS environment monitoring.
Pre-built Application Support
Includes support for Splunk apps with pre-defined views for leading technologies such as Linux, Windows, and VMware.
FedRAMP Authorization
Maintains FedRAMP Moderate authorization for compliance with federal security standards.
Real-time Data Collection and Indexing
Collects and indexes machine-generated data from virtually any source or location in real time with automatic indexing upon data ingestion.
Complex Event Correlation
Correlates complex events spanning multiple diverse data sources using time-based correlations, transaction-based correlations, sub-searches, lookups, and joins.
Scalable Data Processing
Scales to collect and index tens of terabytes of data per day with distributed computing architecture.
High Availability Clustering
Provides clustering technology for availability and fault tolerance across distributed computing environments.
Machine Data Search and Analysis
Enables searching, analyzing, and visualization of machine data generated by IT systems and technology infrastructure across physical, virtual, and cloud environments.
Data Routing and Destination Management
Routes data to multiple destinations with capability to deliver specific data to targeted tools while archiving full fidelity data to cost-effective storage
Data Optimization and Reduction
Reduces data streams by up to 50% through removal of unused log and metric data
Event Processing and Transformation
Processes event data through centralized parsing with capabilities to route, optimize, reformat, and enrich data in flight
Role-Based Access Control
Implements role-based access control with support for external authentication via LDAP, Splunk, and OpenID Connect identity providers
Real-Time Monitoring and Configuration
Provides GUI-based configuration and testing interface with live data capture and real-time observability pipeline monitoring
Standard contract
No
No
No
Customer reviews
Andrzej Nienaltowski
Training lab has improved threat hunting and now speeds up investigations with built-in visuals
Reviewed on Apr 29, 2026
Review provided by PeerSpot
What is our primary use case?
I use Splunk Cloud Platform for both IT alerting and incident management in my training.
I use it to find threats and strange behavior of applications or networking. I mostly use it for networking, strange processes, and behaviors. I use the alerting mechanism.
What is most valuable?
I appreciate the syntax that Splunk Cloud Platform uses because it is not KQL.
The whole product is really good, and I did not have much difficulty using it. The alerting mechanism is good to have, but in my personal training, I did not use it much because I did not need it that much.
The visualization feature in Splunk Cloud Platform is a pretty good feature because I did not need to go to any other vendors, for example, any.run or VirusTotal . This speeds the whole investigation up.
What needs improvement?
It is worth reconsidering the syntax language and changing it to KQL. The company would benefit from using the KQL language in queries. Pricing would be better.
For how long have I used the solution?
My experience with Splunk Cloud Platform is three months.
What do I think about the stability of the solution?
I have not heard a lot of problems or disconnections, so I think nine is correct. That is also nine.
How are customer service and support?
From what I heard, the technical support is pretty decent, so eight is okay.
Which solution did I use previously and why did I switch?
I have tried Elastic, Sentinel , and I think that is all.
How was the initial setup?
I cannot tell if the deployment is easy or complex. I cannot tell how long it took to deploy because I did not deploy it. I just started the session, and everything was already prepared for me.
I had some tasks to find, such as some strange processes. That was one big task to perform on Splunk Cloud Platform system. There were several of these tasks, but that was an example.
What other advice do I have?
I have not tried the machine learning tools yet. I did not integrate Splunk Cloud Platform with any tools. In my case, it is just me using the solution, but I know the whole platform because I am using Cyber Defender platform for learning. The whole platform has a lot of people, but in my case, it is only me.
I cannot tell if it requires any maintenance, but I do not think it is really rough to do it.
My overall review rating for Splunk Cloud Platform is eight.
reviewer2830626
Managed log analytics has provided real‑time monitoring and improves proactive issue resolution
Reviewed on Apr 27, 2026
Review provided by PeerSpot
What is our primary use case?
In the data and analytics domain, I work with Splunk Cloud Platform where we handle system logs and large scale data. I use Splunk Cloud Platform to monitor applications. I analyze logs and then build dashboards that provide real time insight for our technical team.
What is most valuable?
Splunk Cloud Platform is fully managed, so we do not need to handle infrastructure. The next thing I appreciate is its powerful search using SPL. It is easy to build dashboards in Splunk Cloud Platform and its visualization is also solid.
The alerting mechanisms of Splunk Cloud Platform have definitely helped in proactive issue resolution. Alerting is one of the most prominent features of Splunk Cloud Platform because we have set numerous alerts for daily ingestions. Health monitoring of Splunk dashboards is another valuable feature. We have alerts for thresholds, alerts for users, and alerts for failed logons. For example, if someone is trying to log in more than five times and failing, we have alerts for that as well. This is very useful for us.
Machine learning tools of Splunk Cloud Platform have helped to predict trends in our data. Using machine learning libraries, it is easy for us to analyze data and predict our upcoming data. This makes it pretty straightforward for us in daily operations using the machine learning toolkit.
What needs improvement?
One aspect I dislike about Splunk Cloud Platform is that cost can become high as data ingestion increases. The initial learning curve for SPL and cloud setup is also difficult for some new beginners.
For how long have I used the solution?
I have been using Splunk Cloud Platform for the past one year.
What do I think about the stability of the solution?
Regarding stability, Splunk Cloud Platform does not lag or crash. It is highly scalable and stable for us.
What do I think about the scalability of the solution?
Splunk Cloud Platform is very scalable for us because we conduct day-to-day operations in Splunk Cloud Platform itself. We are increasing our team both horizontally and vertically.
How are customer service and support?
The technical support regarding Splunk Cloud Platform is good because they are always helpful. Whenever there is an upgrade, we notify them and they upgrade it for us. Everything is straightforward and simple with them. So far, we have had no issues with them.
What other advice do I have?
Since Splunk Cloud Platform is a fully managed service, there is no need to handle servers, upgrades, or maintenance. Everything is managed by Splunk, which makes it pretty straightforward for us to use and complete every everyday task. There is no infrastructure management required and it enables faster development. It is highly scalable for us.
For new users, my advice is that if you are looking for a SIEM tool and you can afford it, then Splunk Cloud Platform is the best SIEM tool you can use because it is highly scalable and solves our day-to-day operations and use case. Everything is available within a single platform. I would rate this solution a nine out of ten.
Dhruv Vyas
Centralized monitoring has improved real-time insights and alerting for daily operations
Reviewed on Apr 26, 2026
Review from a verified AWS customer
What is our primary use case?
We have used Splunk Cloud Platform for the past one year. We use Splunk Cloud Platform for system monitoring and alerts, and we have personal dashboards to monitor our activities. We ingest logs and monitor all of our operations. We also use AWS along with Splunk Cloud Platform.
What is most valuable?
The powerful search capabilities using SPL are what I appreciate about Splunk Cloud Platform. The second feature we value is its real-time monitoring and alerting.
The best feature is that Splunk Cloud Platform is handled by the Splunk team itself, including installation and all related tasks. We do not have to touch anything; we simply use it for our case.
SPL search capability is one of the primary tools we use every day. We have different search queries configured for alerts, dashboards, and all related functions. It is one of the major tools we use in our daily operations.
Overall, Splunk Cloud Platform is cost-efficient for us because we are Splunk partners, and it offers better performance. It has improved our faster query execution and includes an inbuilt dashboard with better dashboard performance. We gain more meaningful insights using Splunk Cloud Platform compared to other SIEM tools.
What needs improvement?
The initial learning curve should be more personalized for new users who just started using Splunk Cloud Platform. Additionally, the documentation should be more beginner-friendly.
For how long have I used the solution?
I have been using Splunk Cloud Platform for the past one year.
What do I think about the stability of the solution?
Splunk Cloud Platform is working fine for us; it is superb.
What do I think about the scalability of the solution?
It is super scalable for us, whether you consider horizontal or vertical scaling. We are expanding in both directions, so it is highly scalable for us.
How are customer service and support?
We have escalated questions regarding Splunk Cloud to Splunk. During the upgrade, we experienced some issues with our forwarders not coming up and some issues with our search head. All of the issues were resolved. We raised support cases and our issues were solved by the Splunk team itself. It has been good for us so far.
Which solution did I use previously and why did I switch?
We directly use Splunk Cloud Platform.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
It is super smooth; Splunk Cloud Platform integrates with ServiceNow smoothly. We have experienced no problems so far in that regard.
What was our ROI?
We have seen a return on investment with Splunk Cloud Platform at 30 to 40 percent.
What's my experience with pricing, setup cost, and licensing?
We are Splunk partners, so in Splunk Cloud Platform, pricing is not an issue. It is balanced, and from a pricing perspective, it is good for us.
What other advice do I have?
If you are looking for a SIEM tool that has all the capabilities, you should definitely opt for Splunk Cloud Platform. I would rate this solution a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Sydney D'Souza
Advanced searches and tuned alerts have improved investigations and support daily security work
Reviewed on Apr 22, 2026
Review provided by PeerSpot
What is our primary use case?
Correlation searches and search indexing queries in Splunk Cloud Platform are very valuable and quite useful for my daily work.
Splunk Cloud Platform 's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.
I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.
What is most valuable?
Splunk Cloud Platform's search capabilities are quite effective in uncovering operational insights. I was searching for one of the accounts related to backup, and I was not able to search in any other tool. Since we are collecting data from all different sources, I was able to trace this out. It was a request made from the customer because we reported a notable event from Splunk, and they asked us to check this account if we were able to see it, as they had checked from their end and were not able to search it. Using the indexing, I pulled the account details and shared them, and we concluded it was a false positive.
I do use Splunk Cloud Platform's alerting mechanisms. The alerting mechanisms have helped in proactive issue resolution because we receive alerts directly to our SOC mailbox, which we have fine-tuned based on our findings and customer involvement. Initially, we received a lot of notables that were not fine-tuned well, but now we receive approximately twelve to fifteen notables, and once we get alerted, we work on them. For instance, when we detected suspicious activity on a backup account, we responded back to the customer within three minutes, which they found interesting. We were able to dig further into a unique account and provide them with the necessary information, which was corroborated by their technician.
Splunk Cloud Platform's integrations with third-party tools have had quite an easy impact on my daily operations. Initially, the outdated threat intelligence led to notable IP addresses going undetected. However, after integrating Talos and VirusTotal , we can quickly determine whether an investigation requires immediate attention or a deeper analysis, which has saved us considerable time. When we implement the SOAR solution in August, I expect we can provide even more details about integration with third-party intelligence platforms.
What needs improvement?
Splunk Cloud Platform's user interface is quite simple and needs to be updated; it feels as if I am using a platform from two thousand fifteen. However, I do appreciate the new feature for starting investigations, which allows us to save our work for later analysis.
I would like to see improvements in the UI, and while I recall that Cisco has acquired parts of Splunk, I would love to see more integration with threat intelligence platforms like VirusTotal , which are widely used. Currently, to implement VirusTotal, we have to purchase it, whereas we use Talos, but we mostly rely on AbuseIPDB and VirusTotal in the SOC.
For how long have I used the solution?
I have been dealing with Splunk Cloud Platform for two and a half years.
How are customer service and support?
I have no problems with technical support at all. We connect with them often, and when we have issues, we raise a ticket and schedule a call. Generally, we find a resolution during that same call, which is quite efficient.
I would rate their technical support as eight out of ten.
There is still some room for improvement regarding response time and first-level support quality. While responses are typically received the same day, the analysis process can take time.
How was the initial setup?
Initially, the setup was tough for us, but now that we have become familiar with Splunk Cloud Platform, I find it quite simple. However, newcomers may still face difficulties.
What other advice do I have?
Regarding Splunk Cloud Platform's machine learning tools, we are not currently exploring the XDR solution or SOAR solution part but are planning to move from SIM to SOAR this coming August. We have implemented Cisco Talos as a threat intelligence platform, and we also included VirusTotal.
I have created approximately one hundred reports for different users since we fetch data from various sources. Each team has different requirements, whether it is for Trend Micro, M365, Zscaler, or Okta, and I have organized these reports on a dedicated dashboard. It is quite useful for them, and they regularly come up with new requests that we incorporate into the dashboard.
When it comes to pricing, I would say it is a bit more than fair—more than competitive. Compared to Microsoft, which is cheaper, Splunk Cloud Platform is a bit expensive. However, relative to Trend Vision One or CrowdStrike, the pricing is comparatively lower.
We have a lot of documentation available, which I feel is adequate. Each solution, including CrowdStrike and Trend Micro, has its documentation, and it is about how well one handles it based on their experience.
My overall review rating for Splunk Cloud Platform is eight out of ten.
Dhaval Bhalgamadiya
Centralized log insights have improved incident response and operational visibility
Reviewed on Apr 17, 2026
Review from a verified AWS customer
What is our primary use case?
In our organization, we use Splunk Cloud Platform for log management, operational visibility, security monitoring, and for ingesting logs and fast data. We focus on creating dashboards and configuring alerts for the overall visibility of our systems and for the monitoring and observability aspect.
What is most valuable?
I appreciate that Splunk Cloud Platform accepts all of my data. All of my data from different firewalls and applications gets to the one platform. Another valuable feature is the SPL query. After my data is centralized, I can use SPL queries for better analyzing and searching my data so I can detect anomalies or threats or for incident response. If any of my deployments fail, I can quickly respond to the incident.
Operational insights are crucial because my application logs are there, my firewall logs are generating there, and any new deployment from the CI/CD is there. This generates logs there. If any deployment has failed or if any application is failing, it increases my overall operational efficiency and helps my team with incidents.
The search capabilities of Splunk Cloud Platform are very powerful and can give me deep analysis of the events. The dashboards and the visual capabilities of Splunk Cloud Platform are also excellent. Dashboard Studio allows me to highly customize and create visually rich dashboards. The infrastructure features such as Smart Store and proactive monitoring help me in my day-to-day operations of the company.
We use Splunk Cloud Platform's alerting mechanism. We have integrated an API with ServiceNow , which works well for us.
The third-party tool integration with Splunk Cloud Platform is beneficial for us. We were using third-party tools before Splunk Cloud Platform. When we introduced Splunk Cloud Platform to our organization, it was very helpful that it could be integrated with third-party tools, so we did not need to change our tools. Splunk Enterprise tools for security and other functions can also be integrated with this platform. That is also a good feature for us.
What needs improvement?
One improvement I would suggest is in the cost part. Splunk Cloud Platform cost is generally generated on high data volume. It can be relatively expensive for a smaller company. Our company is in the mid-term range, but the cost could be improved. Additionally, the learning curve for SPL is a little bit hard for beginners, otherwise it is fine.
For how long have I used the solution?
I have been personally using Splunk Cloud Platform for the last one year, but my company has been using it for the last two to three years. However, I recently joined three months ago.
How are customer service and support?
Technical support for Splunk Cloud Platform is good and proactive. In some cases, the initial responses may not fully address the issue. However, through escalation, the support team usually provides effective solutions and is very helpful.
Which solution did I use previously and why did I switch?
We first used Grafana and Prometheus for the monitoring and observability. We had used open source tools as well. For the security and better visibility, my organization switched to Splunk Cloud Platform.
How was the initial setup?
Splunk Cloud Platform is a public cloud SaaS deployment. The initial setup was very fast and we do not need to maintain any infrastructure or backend infrastructure. This is a huge benefit for us.
Splunk Cloud Platform handles the platform deployment. From the user side, the main task was only to install forwarders and configure data ingestion, which was also quite a simpler task.
What was our ROI?
The ROI with Splunk Cloud Platform is on the higher part. It has improved the efficiency of our overall organization. The incident response time to any failure has increased more than 50 percent. The overall visibility of the system, architecture, and infrastructure has increased. All of our data is going on the one platform. These are all the ROIs which we get from Splunk Cloud Platform.
What other advice do I have?
We have not used Splunk Cloud Platform's machine learning tools yet, but we are planning to use them for threat detection and anomalies, so it can detect that threat by itself through automation. We are planning to use it in the future.
Splunk Cloud Platform has improved the efficiency and reduced the manual effort for us. It has improved faster detection and the response time has decreased significantly. The data pipeline optimization feature reduces the ingestion volume for us. These metrics are very helpful for us, and it also reduces the cost through data pipeline optimization.
My advice would be to fully utilize Splunk Cloud Platform by ingesting as much data as possible and to invest time in learning SPL and best practices for leveraging the Splunk community. My overall rating for this product is 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud