Splunk Observability Cloud

The use cases for Splunk Real User Monitoring (RUM)  are almost the same as Dynatrace , for people who want to do infrastructure monitoring, application monitoring, or check their front-end monitoring, such as monitoring for the real user. They are actually using Splunk Real User Monitoring (RUM) .

The best advantages and features in the product are notable. Splunk Real User Monitoring (RUM) seemed to have advantages in 2015, but when Cisco acquired AppDynamics, they stopped upgrading for a few years. Their advantage now is that they are the only solution that can monitor above SAP. Apart from that, Datadog  and Dynatrace  have superior features. Splunk Real User Monitoring (RUM) has one great advantage in that if they have SAP users, they can monitor their SAP applications.

In terms of features, UI, or the ability to do monitoring of RUM, the picture by UI or the ability to actually do the monitoring is pretty good, but not as good as Dynatrace, Catchpoint , Datadog , and New Relic .

My thoughts on room for improvement in general relate to Cisco trying to mount the Cisco cloud solution when they have AppDynamics, but after acquiring Splunk, they changed their roadmap. It's inevitable that when a big company has resources but changes the roadmap, it takes time to establish well-structured manuals and guidelines. I believe they will get better, but right now, they need some improvement.

I have been selling Splunk Real User Monitoring (RUM) for almost the same duration as NetScout; it's been 3 years.

In terms of deployment, Dynatrace is the easiest by far. For Datadog and Splunk Real User Monitoring (RUM), you have to work with scripts, meaning you need an engineer for deployment; Dynatrace is straightforward and really easy.

Regarding stability of RUM, stability is also a problem because during the POC, we ask customers not to deploy RUM or EUM scripts in the actual stage. We encourage them to test in staging because even if those solutions are certified and tested, customers have many different environments. Unlike NetScout or regular agents for APM , RUM has many problems during the POC phase because customer environments vary widely.

In terms of scalability, the solution is scalable enough, but sometimes implementation is hard. However, it doesn't take more than a month. The issue is mainly about pricing because if they want to monitor more, it costs money. Those who have a great pricing plan or volume table will gain an advantage.

Support from Splunk is not very helpful because Splunk doesn't have a dedicated APM ; they only have one APM engineer in Korea.

If I were to rate technical support for Splunk Real User Monitoring (RUM) from 1 to 10 points, I would give it a score of 5.5. I appreciate the engineer, but since there's only one person doing everything, it's not easy. Cisco doesn't hire enough personnel, and I heard they don't have enough staff in APAC. Datadog and Dynatrace, especially Datadog, cover a huge market share in Asia, and that's why other competitors are not investing enough at this time.

Neutral

My clients, such as Hyundai and POSCO, are using RUM; most of them use Dynatrace. For those using Splunk Real User Monitoring (RUM), it took time to implement because our engineer tried really hard.

Regarding whether the solution provides ROI or savings, I understand that even Dynatrace, Datadog, or Splunk has a low price per transaction, but it concerns the number of data and sessions. People struggle to comprehend the total budget, which might be massive. Customers need to understand this, and I'm not sure if it's possible; maybe some companies just decided to take the entire market and cut down prices, but anyone working in front-end management should recognize the market price to see the true value of end-user monitoring.

I am the general manager of this company, and a team leader focusing on Dynatrace, Cisco AppDynamics, and NetScout, while we used to do some other APM solutions but not extensively. We only focus on those three solutions.

We try to sell Splunk User Behavior Analytics , but we haven't been able to sell it so far because Splunk used to be a great company in Korea. After Cisco acquired it, it's complicated because when two companies merge together, they have issues with who will be the product seller, the sales personnel or the engineer. Their organization is not fully merged yet, which leads to fewer marketing and sales activities.

The integration in real user monitoring from Splunk is actually another problem because of some vacancies when they merged the companies and changed the organizations; there are issues with the manual not being complete. When you work with integration, Datadog and Dynatrace have issues but have to work with the manual; AppDynamics has many people and support. The satisfaction level is around six compared to Dynatrace, which might be a seven or eight. The innovation level is not complete, but they are working on it.

When using real user monitoring to analyze performance bottlenecks, the most critical metrics include data from Catchpoint , which has extensive data to gather, and Dynatrace also gathers substantial data. However, sometimes it's unnecessary because customers in charge of front-end monitoring should see the problems immediately and act with reporting to their superior. A simple UI is crucial; that's perhaps why Datadog has the advantage with their comprehensive UI.

Regarding pricing for RUM, it becomes another problem because Splunk and Dynatrace and Datadog don't ask customers to use RUM for every single session. Many large customers want to monitor every session, resulting in a big gap. For example, Korean Air, which is among the top five air travel companies in the world, uses Datadog but changed to Dynatrace because, even with a limited budget, Dynatrace managed to persuade them to monitor just 10% of user sessions to reduce the budget, and they are satisfied with the results.

This review rates Splunk Real User Monitoring (RUM) 5 out of 10.

We are using the Splunk Observability Cloud  for monitoring purposes and troubleshooting, and we are using that infrastructure in real time, in which we have infrastructure monitoring, application monitoring, log observer, and RUM synthetic monitoring. For troubleshooting purposes, we are installing the open telemetry collector agent on some of the servers, including Intel, Windows, and UNIX servers. 

I have also worked on the agent upgrade from version 0.103 to 0.1113, which is ongoing right now.

We are also using the dashboards and detectors in Splunk Observability  Cloud. For client needs, we are creating dashboards, reports, and detectors as well. For the detectors, we mostly work on host-down situations. When a server is down, we troubleshoot using the detector infra host down and identify the root cause of the failure, such as why it was down or not reporting to Splunk Observability  Cloud. We find out the root cause by using that detector when the alert gets triggered and cleared.

We use the tracing features in the Splunk Observability Cloud, primarily for application performance monitoring. It helps us figure out service maps for root cause analysis. It provides visibility and helps address blind spots in data collection.

Splunk Observability Cloud offers a transparent, customized tool with real-time visibility. We use AWS, ReactJS, Python, and Java for tracing. It helps create customized dashboards and service maps based on customer requirements. It has AI that automatically generates visualizations, allowing us to create more reports based on customer needs. My seniors are primarily working on creating dashboards, reports, and for monitoring purposes.

Their technical team is performing well. About a year ago, Splunk Observability Cloud was slow and lacked features compared to now. It didn't provide exact details for any searched server in the metrics, but the situation has improved significantly, and we can now retrieve complete data on when servers were down or up.

The best features in Splunk Observability Cloud  are the metrics; I can see any logs or anything related to the server or services we want to monitor, and the metrics are a good function. It provides exact details. It offers unified visibility for logs, metrics, and traces.

In Splunk Observability Cloud, I notice room for improvement in synthetic monitoring. It does not provide output based on server names. It only gives a response when we input a URL. I'm not sure if this issue is specific to my organization, but it would be beneficial if server details could be retrieved directly in synthetic monitoring.

I have been using this solution for two years and two months.

I would rate its stability an eight out of ten.

I would rate its scalability an eight out of ten.

Around 100+ users access Splunk Observability Cloud in my organization, including the cloud SRE team, Windows Intel team, Linux team, and AD team.

My client base primarily consists of enterprise financial services.

If any issues arise, we can raise a vendor case, and resolutions are provided in a timely and accurate manner. 

Positive

In my organization, we also work with Sentry , Datadog , PagerDuty, and Dynatrace . Splunk Observability Cloud offers more features than Datadog , which also provides APM monitoring, log observer, and metrics, but does not match the feature set of Splunk Observability Cloud.

It is a bit complicated. For deploying Splunk Observability Cloud, we first need an access token, after which we connect to our AWS Cloud account and provide the access token. We must set up CloudWatch or AWS Lambda  and forward the metrics or logs from all sources to AWS.

The implementation took about 45 days.

The return on investment varies based on requirements; for smaller tasks, we can leverage our team's capabilities effectively, so I can estimate around a 20% efficiency gain.

Currently, we are providing outputs to clients within the required time frames. If a client requests any dashboard, logs, APM monitoring, or synthetic monitoring, we have been able to deliver output on time, achieving approximately an 80% efficiency in response.

Splunk Observability Cloud is expensive.

For operational performance, we created monitoring within the Splunk Observability Cloud for most servers with agent installation. We upgraded the open telemetry collector from version 0.82 to 0.103, then again to a newer version, enhancing visibility and use cases, especially after the upgrade, which has improved operational purposes.

My impressions of Splunk Observability Cloud for focusing on business-critical initiatives are positive. I manage six tools, but Splunk Observability Cloud is one of my favorites, and I aspire to build my career specializing in it because it has great features, more attention in the market, and is a relatively new tool with promising growth.

I would recommend Splunk Observability Cloud to other users for its accurate data fetching, dashboard creation, report generation, and synthetic monitoring capabilities.

I would rate Splunk Observability Cloud a nine out of ten.

The solution involves observability in general, such as Application Performance Monitoring , and generally addresses digital applications, web applications, sites, and mobile applications. I worked with it in two companies: one in the energy sector and one in the hotel sector.

The Splunk teams helped us with data collection, instrumentation, and many other options.

The testing and monitoring of infrastructure is useful. We also use it for many metrics and can use it effectively for troubleshooting and for detection. It's very helpful. 

With Splunk Observability Cloud , I appreciate working with open telemetry. The standards of open telemetry are especially useful for collecting data such as traces, matrices, and logs. Splunk respects the standards of open telemetry. This is beneficial. Many clients work with AWS  and the cloud in general with multiple solutions such as Datadog , Dynatrace , and Splunk. Working with the standard open telemetry is very advantageous. Splunk Observability  Cloud is very simple for users in general, including developers, DevOps, and data teams. It's more straightforward compared to Dynatrace .

There are many out-of-the-box solutions proposed by Splunk, such as dashboards for AWS  instances, EC2 , Fargate, and Lambda. It's very helpful for beginning, especially for monitoring, and the detectors for alerting help understand how the platforms work.

The no-sample feature is great. It eliminates blind spots.

After completing the instrumentations, we have many dashboards and tests for monitoring infrastructure, particularly CPU and memory. We also use applicative metrics such as JVM, Java Runtime, and many other applicative metrics and testing. For troubleshooting, we can detect problems in seconds, which is particularly helpful for digital teams.

AI analytics have the potential for a lot of functionality. The detectors for alerting may prove useful.

When we deploy the instrumentation in the application, we can start using the dashboards immediately. The dashboard building is very helpful for starting work.

It's beneficial for monitoring performance and infrastructure, especially when deploying applications with multiple versions with Git . It's important to detect performance issues, such as CPU consumption or memory consumption, particularly over time in Java and Python.

For other teams, they need help and guidance to use custom metrics. For observability engineers and specialists, it's straightforward, but for others, it can be challenging.

The solution overall is very valuable for me.

The time to value was immediate. Once we deployed, we started to use the dashboard directly and began detecting issues. 

Saving time with automation can save us weeks. It's improving our resilience. It helps us detect issues and increase performance. 

The solution has been very useful for helping us focus on business-critical initiatives.

Regarding dashboard customization, while Splunk has many dashboard building options, customers sometimes need to create specific dashboards, particularly for applicative metrics such as Java and process terms. These categories of dashboards would be very helpful for customers.

I started working with Splunk Observability Cloud in 2023.

The system is relatively stable. We rarely have problems accessing the dashboard or the page. We encounter problems in the Splunk platform very rarely.

It's very scalable. We haven't experienced any problems with the instrumentation or scalability. On a scale of one to ten, I'd rate it a ten.

We've used the solution across more than 250 people, including engineers.

I would rate Splunk technical support at six out of ten.

When we have a problem and need to create a case, the response isn't quick. They often require multiple questions, with five or six emails to get a response. Problem resolution typically takes between two and five days, which isn't very helpful. However, sometimes we do receive quicker solutions.

Neutral

We used legacy solutions such as Grafana  and Prometheus. There are several differences between Splunk Observability Cloud and these solutions. We used Grafana  as a monitoring solution, however, it's not truly observability. We used OpenSearch  for logs, Prometheus for metrics, and Grafana to work with Prometheus. That said, it's not equivalent. Observability is different.

We're also familiar with Datadog and Dynatrace.

The implementation took between two and three weeks.

For cloud deployment, it's straightforward. We can use GitLab  and DevOps CI/CD. For on-premise deployment, such as Linux and deployment with satellite, it's easy yet requires some work to configure the configuration files.

Updates are generally needed, especially for the open telemetry version or SDK. However, regarding the platform itself, we don't need to do anything.

I worked with my company when they used the solution, so I'm not certain about the history of how long it took to detect problems. However, for mean time to detect, and mean time to respond, I'm sure it's very helpful, and we can estimate a minimum improvement of 20%.

We're a customer and end-user.

Currently, in France, we cannot use the artificial intelligence option. While this option is enabled for the United States and many countries, it's not yet available in France. However, the solution with detectors, especially for alerting, is important for us.

I recommend it, especially for teams using legacy monitoring.

I would rate Splunk Observability Cloud nine to ten out of ten.

We primarily use Splunk Real User Monitoring to analyze performance bottlenecks and application transactions. It allows us to see how applications are experienced on the user side, making it easy to capture any bottlenecks or performance issues.

The most valuable features include user time tracking and the ability to analyze application load times. Splunk provides advanced notifications of roadblocks in the application, which helps us to improve and avoid impacts during high-volume days. It is very useful for identifying performance bottlenecks.

It would be beneficial to have more enhanced features with capabilities to adapt more integrated applications. Improvements in dashboard configuration, customization, and artificial intelligence functionalities are desired. There is room for improvement in customer support due to delays and standard feedback responses.

I have been working with Splunk Real User Monitoring for almost two years.

In terms of stability, I would rate it a nine out of ten. It is a very stable solution.

Splunk Real User Monitoring is definitely scalable. I would rate its scalability a nine out of ten.

Technical support is rated an eight. There is some delay in their in-depth responses and standard answers to questions.

Positive

I worked with Splunk alongside Dynatrace . Before Splunk, I did not use any other services.

It takes about an hour to set up the client for real-time monitoring.

We have a separate team for deployment, consisting of about three to four people.

We have achieved a return on investment between 10% to 20% as it helped in removing roadblocks, which could lead to more savings with wider usage.

Splunk is a little expensive, however, it is in line with the current market pricing. I would rate the pricing an eight on a scale of one to ten, as it reflects the going rate in the market.

I would recommend this product to other users because of its capabilities in monitoring and analytics. 

I rate the overall solution eight out of ten, considering the comparison with other products like Dynatrace .

Splunk is primarily used for log monitoring, where I collect all my security logs, system logs, and application logs into a centralized place. This helps me customize my monitoring models.

Splunk has provided me with a centralized platform to manage multiple features. Instead of using various products, Splunk offers everything in one solution, which adds value to my organization.

The most valuable feature is the ability to customize dashboards based on my queries or any other customization I may need.

I'm still experiencing some features of the product. However, in future updates, I would like to see more predefined monitoring query solutions, which could be more effective.

I have been using Splunk Synthetic Monitoring  for almost five years, primarily focusing on log monitoring.

Overall, the product is stable, and I would rate it an eight out of ten.

For scalability, I would give it a nine out of ten.

Technical support is good but could be improved, particularly concerning the time taken for ticket resolution.

Neutral

The main reason for choosing Splunk over other products is its comprehensive capabilities and flexible customization options. It is widely used and provides cloud solutions.

The initial setup was quite straightforward, and agent installation can be done quickly. However, the entire setup process might involve multiple people due to organizational policies.

The implementation process involved around five to ten people due to our organization's processes and need for multiple approvals.

Using Splunk has saved my organization about 30% of our budget compared to using multiple different monitoring products.

Splunk is a bit expensive since it charges based on the indexing rate of data. However, considering the features it provides, the pricing is quite affordable compared to other monitoring solutions.

Overall, I would recommend Splunk to anyone seeking a monitoring solution, thanks to its extensive capabilities and features.

I'd rate the solution nine out of ten.