Solved: Splunk Enterprise VS Splunk Cloud

Theo_ · ‎07-14-2022

What are the big differences in usability from Splunk Cloud and Splunk Enterprise? We are a finance company with around 75 people. We currently use SolarWinds as our SEM. We looked into Splunk because our goal is to centralize logs and transition into Splunk as our SEM. We want our firewall, update manager, anti malware, etc. to all have Logs in a centralized place.

Will Splunk enterprise/cloud be able to centralize logs?

If so, which of Splunk cloud or Splunk Enterprise would be better for the use case (SEM) I am after?

Thanks!

PickleRick · ‎07-14-2022

There are minor technical differences due to the fact that with Splunk Cloud you don't have direct access to servers and some settings are either deployed differently by automation scripts running "behind the scenes" in Cloud infrastructure or you have to request some changes through support. There are also some differences in possible methods of getting events (you can't send your syslogs directly to Cloud, you must use local forwarder whereas with Splunk Enterprise you could set up a UDP input directly on your indexer even though it's not a very good idea). Other than that there is no significant difference in available functionality.

The main differences are non-functional:

- who manages the environment (your own team or Splunk)

- where the data is stored (your infrastructure vs. external location)

- how the service/product is licensed/purchased (for some organization it might be important if the price can be counted agains OPEX or CAPEX, for example)

For a finance company there can be also some compliance issues which might need to be looked into (and I don't have a ready answer which option would be better for your particular needs especially since the law can differ greatly across the world).

These are all the topics which would be best talked over with one of your local Splunk Partners who will explain to you all the "organizational" details and help you choose the better solution.

View solution in original post

PickleRick · ‎07-14-2022

There are minor technical differences due to the fact that with Splunk Cloud you don't have direct access to servers and some settings are either deployed differently by automation scripts running "behind the scenes" in Cloud infrastructure or you have to request some changes through support. There are also some differences in possible methods of getting events (you can't send your syslogs directly to Cloud, you must use local forwarder whereas with Splunk Enterprise you could set up a UDP input directly on your indexer even though it's not a very good idea). Other than that there is no significant difference in available functionality.

The main differences are non-functional:

- who manages the environment (your own team or Splunk)

- where the data is stored (your infrastructure vs. external location)

- how the service/product is licensed/purchased (for some organization it might be important if the price can be counted agains OPEX or CAPEX, for example)

For a finance company there can be also some compliance issues which might need to be looked into (and I don't have a ready answer which option would be better for your particular needs especially since the law can differ greatly across the world).

These are all the topics which would be best talked over with one of your local Splunk Partners who will explain to you all the "organizational" details and help you choose the better solution.

Theo_ · ‎07-15-2022

Your advice is greatly appreciated, Thanks!

Splunk Enterprise VS Splunk Cloud

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life