Spread our blog

About Splunk Cloud

Well !! we are all aware of Splunk Enterprise and its capabilities, but what about Splunk Cloud and its features, when Splunk cloud can be chosen as an alternative to Splunk Enterprise?? No Worries, We will here, cover all the information that you need before jumping into Splunk Cloud.

The Splunk Cloud Service:

As soon as you subscribe to the Splunk Cloud service, you get a dedicated Splunk deployment that is hosted in Amazon Web Services(AWS). Splunk Cloud is available in the following Amazon Web Services (AWS) regions: US (Virginia, California, Oregon, GovCloud), EU (Dublin, Frankfurt, London), Asia Pacific (Singapore, Sydney, Tokyo) and South America (São Paulo) For details, contact your sales representative or email sales@splunk.com before purchasing. Source splunk.com

Features of the Splunk platform with Brief Descriptions

Indexing : Splunk software indexes machine data. This can be data from various sources such as custom and packaged applications, application/web servers,databases, networks, virtual machines, operating systems, sensors, and so on, that make up your IT infrastructure. 

Data model : A data model is a hierarchically-structured search-time mapping of semantic knowledge about one or more datasets. It encodes the domain knowledge necessary to build a variety of specialized searches of those datasets. These specialized searches are used to generate reports for Pivot users. Data model objects represent different datasets within the larger set of indexed data. 

Pivot : Pivot refers to the table, chart, or data visualization you create using the Pivot Editor. The Pivot Editor lets users map attributes defined by data model objects to a table or chart data visualization without having to write the searches to generate them. Pivots can be saved as reports and added to dashboards. 

Search :  You can write a search to retrieve events from an index, use statistical commands to calculate metrics and generate reports, search for specific conditions within a rolling time window, identify patterns in your data, predict future trends, and so on. You can save searches as reports and use them to power dashboard panels too. 

Alerts : Alerts are triggered when conditions are met by search results for both historical and real-time searches. Alerts can be configured to trigger actions such as sending alert information to certain email addresses, posting alert information to an RSS feed, or running a custom script, such as one that posts an alert event to syslog. 

Reports: Reports are saved searches and pivots. You can run reports on an ad hoc basis, schedule them to run on a regular interval, or set scheduled reports to generate alerts when the results of their runs meet particular conditions. You can add reports to dashboards as dashboard panels. 

Dashboards: Dashboards are made up of one or more panels that contain modules such as search boxes, fields, charts, tables, forms, and so on. Dashboard panels are usually powered by saved searches or pivots. They display the results of completed searches as well as data from background real-time searches. 

Differences between Splunk Cloud and Splunk Enterprise:

            Feature(s)     Splunk Enterprise            Splunk Cloud
Command line interface
              Available Splunk Cloud customers lack direct access to the command line. You have the option of carrying out most of the administration tasks through the web browser, such as management of indexes and source types. For other stuff that requires CLI access you need to contact Splunk Support, they will perform on your behalf.
You are in control of what app runs on your Splunk Only apps verified and approved from Splunk are allowed to run in Splunk Cloud. You have the option to use Splunk Web to install approved apps.
Direct TCP and syslog
             Supported You can’t send these kinds of data straight to Splunk Cloud. You must use a mediator, an on-premises forwarder to send such data.
   Scripted alerts
             Supported Supported for all the Splunk approved apps
   License Pooling
              Supported Not supported, since the license master is not accessible to Splunk Cloud customers.
HTTP event collector (HEC)
(want to know more about HEC.click here!)
        Enabled(default)  HEC must be enabled by Splunk Support and uses the port 443 (Splunk Enterprise uses port 8088).
      Splunk API
       Enabled(default) Disabled by default for managed Splunk Cloud deployments. You must Contact Splunk Support for enabling access for managed Splunk Cloud deployments, Splunk Cloud trials, and sandboxes.

Splunk Cloud Licensing

The Splunk Cloud service is charged by how much data you send into Splunk Cloud in a day. Splunk Cloud is available as an annual subscription, support is also included in the service. A Splunk Cloud subscription includes sufficient data storage to retain the equivalent of Ninety(90) days of ingested data (based on the subscribed index capacity).

Splunk Cloud Trial

You can try Splunk Cloud for free, this cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days. Click Here! to open the Splunk cloud trial page.

When to choose Splunk Cloud?

The thing which one should keep in mind is that the Splunk Cloud is a delivery variation – One that offers the same set of powerful features as the Splunk Enterprise but with no software to maintain or manage on site. You can think of it as a fully-featured,fully-functional cloud service. The delivery option that customers end up choosing can be based on one or many of the factors, including the location of source data, total cost of ownership, internal capacity, data sensitivity, domain expertise, etc.

                            Most of the times the Total Cost of Ownership is comparatively less for Splunk cloud than the on-premise solution.


We are here to help with that, post your queries in the comment box.

Happy Splunking!!

What’s your Reaction?

Spread our blog


Please enter your comment!
Please enter your name here