We are currently working with the Splunk Enterprise product. The client has informed us that we will be transitioning to Splunk Cloud.

From what I understand, Splunk Cloud refers to the Splunk Cloud Platform, where the entire infrastructure is hosted and managed by Splunk on AWS. Even though it runs on AWS, it's still referred to as Splunk Cloud—not AWS Cloud—since the architecture and services are maintained by Splunk. Is that correct?

---

@sreeranjan wrote:

We are currently working with the Splunk Enterprise product. The client has informed us that we will be transitioning to Splunk Cloud.

From what I understand, Splunk Cloud refers to the Splunk Cloud Platform, where the entire infrastructure is hosted and managed by Splunk on AWS. Even though it runs on AWS, it's still referred to as Splunk Cloud—not AWS Cloud—since the architecture and services are maintained by Splunk. Is that correct?

---

It’s exactly this way. Usually when we are talking about splunk cloud it means just splunk core platform in cloud. That cloud can be in aws, azure or gcp. Then there are classic and Victoria experiences over it. This user point of view this means which kind of options it have e.g. for deployment apps etc. you can see those from splunk cloud description from docs.splun.com.

With SCP your could expand your environment with edge or ingest processor which helps you with data ingestion configurations.

As far as I remember (but I'm no Cloud expert so you can double-check it) when subscribing to Splunk Cloud you have a choice between AWS and GCP hosting.

And, to add to this confusion 😉 if you don't want Splunk to manage whole infrastructure for you (it has its pros and its cons) you can also just deploy your own "on-premise" Splunk Enterprise environment on your own cloud of choice VM instances. But this has nothing to do with Splunk Cloud. It would still be Splunk Enterprise.

You must select between AWS, Azure or GCP. Personally I select always AWS with Victoria experience.

With SCP you don’t need to manage base infra like indexers, search heads etc. in OS and HW level. But you must manage some configurations like users, roles, apps, indexes etc.

Usually there is some nodes in your onprem like DS, some HF like modular inputs, IHF/IUFs/HEC if you need to do some modifications for inputs.

Most apps and inputs could be installed directly into SCP and used there, but some is better to put into onprem.

As you could see there are still some administrative tasks left to you even the core is in SCP. At least I have seen that this combination is working quite well and is much easier for admins than running everything by yourself. It has better cost efficiency than running everything by yourselves.

On the other hand - you have no control over some of the settings (for some you can engage Support to set them for you). You have limited control over size of your environment. Your options are limited in terms of handling frozen data. You can't integrate authentication with your on-prem LDAP...

So there are pros and cons, as I said 😉

You are absolutely correct with these words!

There are pros and cons with SCP as there are also in Enterprise. And definitely there is a new way how you must to do things. Some of changes are really annoying and decrease your working performance and some of those are "Why I haven't those in onprem too" 😉

And as in any situation with Splunk, you must say It depends on which one is best for you and you must go through your use case to make correct decision.

As @richgalloway already said there are many different products not only one which you are talking about. I suppose that your best option is to contact your local Splunk sales engineer or splunk partner and they could go through that offering to you. Then it's much easier to select correct options to your client.