Hi everyone,
Just want to get some opinions on Splunk cloud vs on prem.
Originally when we first started using splunk we were on prem. This was all going fine and then the director decided to move to cloud due to being sold the whole deal about speed and not having to look after Splunk so much.
As time has gone by i have found cloud to be quite restrictive (especially when it comes to scripted inputs and app creation) and its getting annoying have to raise a case constantly for splunk to do something.
Would be good to hear some opinions from yourselves about both sides?
Hi @zeusjuggler22,
in my opinion, it's useful to use Splunk Cloud if you haven't an infrastructure and/or people to manage it.
If you have Splunk Cloud, you haven't to manage infrastructure, but evere request of intervene (e.g. installation of an App) is ususlly executed in around 24 hours.
Anyway, also having Splunk Cloud, remember that usually you should have two Heavy Forwarders as concentrators of the other Universal Forwarders and syslogs, then you need a Deployment Server.
Ciao.
Giuseppe