Splunk Cloud

FAQ for Splunk Cloud

Download manual as PDF

Download topic as PDF

FAQ

Thank you for your interest in Splunk Cloud. To help you understand this valuable managed cloud service, see the Splunk Cloud service description, as well as the following FAQ,

General Splunk Cloud FAQ

Question Answer
What is Splunk Cloud? Splunk Cloud delivers the benefits of award-winning Splunk® Enterprise, as a cloud-based service. Using Splunk Cloud, you gain the functionality of the Splunk Enterprise platform for collecting, searching, monitoring, reporting and analyzing all of your real-time and historical machine data via a cloud service centrally and uniformly delivered by Splunk to its large number of cloud customers, from Fortune 100 companies to small and medium-sized businesses. Splunk manages and updates the Splunk Cloud service uniformly, so all customers of Splunk Cloud receive the most current features and functionality.
What are the Splunk Cloud General Terms? You can read the Splunk Cloud General Terms here.
What is Splunk Cloud's pricing? Splunk Cloud pricing is based on the volume of uncompressed data that the customer wants to index on a daily basis. Customers can optionally add subscriptions for additional storage capacity to store more data, encryption service to maintain privacy of data at rest, and the additional functionality of Splunk premium solutions such as Enterprise Security and IT Service Intelligence. Optionally, Splunk offers infrastructure-based subscription as an alternative pricing option. For more information, see Infrastructure Pricing.
What is Splunk's Service Level Agreement? Splunk provides an uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis. More SLA schedule details can be found here.
In which global regions is Splunk Cloud available? Splunk Cloud is available in the following global regions:

Amazon Web Services (AWS) Data Centers:

  • US (Virginia, Oregon, GovCloud),
  • EU (Dublin, Frankfurt, London),
  • Asia Pacific (Singapore, Sydney, Tokyo, Seoul)
  • Canada (Central).

GCP Data Centers:

  • US (Iowa)
  • EU (London)
  • Asia Pacific (Singapore)

For details, contact your sales representative or email sales@splunk.com before purchasing.

How is Splunk Cloud different from Splunk Enterprise software? Splunk Cloud delivers the features of Splunk Enterprises software as a standardized, cloud-based service. Splunk manages the Splunk Cloud service. When customers purchase a license to on-premise Splunk Enterprise software, customers install the product in their own data centers or on public or private clouds, taking responsibility for infrastructure and administration. Customers who are familiar with Splunk Enterprise architecture should not make assumptions about the architecture or operational aspects of Splunk software deployed in the Splunk Cloud service.

For details, go here.

Can Splunk premium solutions and Splunk apps be added to Splunk Cloud? Yes. Subscriptions for Splunk premium solutions such as Enterprise Security and IT Service Intelligence, and for apps such as Splunk App for VMware and Splunk App for Microsoft Exchange can optionally be added to Splunk Cloud. Contact your Splunk sales representative or email sales@splunk.com for more details.
Can I send data to Splunk Cloud using a Splunk forwarder? There are two types of forwarder software: universal forwarder and heavy forwarder. In most situations, the universal forwarder is the best forwarder for Splunk Cloud since it includes the essential components that it needs to forward data, uses significantly fewer hardware resources, and is inherently scalable. For certain use cases when data needs to be parsed prior to forwarding or data needs to be forwarded based on criteria such as source or type of event, a heavy forwarder is required. For more information, see Work with forwarders.
Can I use the HTTP Event Collector (HEC), and SDKs with Splunk Cloud? You can use the HTTP Event Collector (HEC) with Splunk Cloud. For more information about using HTTP Event Collector with Splunk Cloud, see Set up and use HTTP Event Collector in Splunk Web.

Splunk Cloud Security and Privacy FAQ

Question Answer
How does Splunk protect customer data? Splunk understands that the security and privacy of your data are of the utmost importance to you and your organization, and Splunk makes this a top priority. To learn more about Splunk Data Privacy, Security and Compliance, please visit Splunk Protects.
Can I attach my own security terms to the Splunk General Terms? No. Splunk provides the Splunk Cloud service uniformly for all customers. As a service provided to a large number of customers, the security measures and controls that Splunk implements are the same for every customer, and Splunk cannot implement different controls for any one customer. Splunk is transparent with its security controls, and each Splunk Cloud customer must review these controls and make its own determination regarding the adequacy of the controls for their particular needs.
When does Splunk delete data? Customer data retention in Splunk Cloud is based on the specific data retention volumes and periods purchased by a customer, as well as the retention settings selected by a customer. Aside from the deletion that occurs in accordance with a customer's purchased data retention volume and specific retention settings, Splunk will delete a customer's data 31 days after the end of the customer's subscription period. Once data is deleted, or 31 days after the end of a customer subscription, the data can no longer be recovered. For details, go here and here.
How does Splunk store and retain customer data? Data retention is based on the parameters that customer purchases and selects for Splunk Cloud. Customers can tailor retention options (for additional fees) for any duration required. Customers are solely responsible for archiving their data for compliance needs via DDSS by exporting the data to a customer-owned AWS S3 account. DDSS is not available for Splunk Cloud on GCP.
How do I add more storage to allow higher indexing volume and longer data retention duration? To increase the storage available in your Splunk Cloud environment, please contact your Splunk sales representative or email sales@splunk.com.
How do I retrieve my data if I stop using Splunk Cloud? Prior to termination of a Splunk Cloud subscription, you can enable Dynamic Data Self-Storage (DDSS) to export your aged data to your Amazon S3 account in the same region. Note that self-service export is not available for your configuration data. If you choose to use DDSS to export your aged ingested data, you must do so prior to the termination of your subscription. You are responsible for AWS charges you incur for your use of Amazon S3. Splunk will delete your data remaining in Splunk Cloud thirty-one (31) days after the end of your subscription period. DDSS is not available for Splunk Cloud on GCP.

General Compliance FAQ

Question Answer
How can Splunk Cloud address my long term data retention requirements? Splunk Cloud accommodates customers who have long term data retention requirements. You can purchase additional storage in Splunk Cloud to store more data.
What are the terms of Limitation of Liability? Splunk offers market standard terms for limitation of liability in its Splunk General Terms. The limitation of liability is mutual, allows both parties to disclaim any consequential and incidental damages. This approach is an integral part of our cloud offering that enables us to provide Splunk Cloud at favorable prices.
Will Splunk review my SaaS agreement? Splunk Cloud is a uniform service provided under the same terms to all customers, Splunk's cloud operations team, support team, and other Splunk resources provide the services in accordance with Splunk policies and procedures, and Splunk is not able to adjust its services specifically for any one customer. The Splunk General Terms are carefully and specifically drafted and structured to reflect the manner that Splunk offers its service. Therefore, Splunk can only offer Splunk Cloud under its General Terms. It cannot accommodate any customer SaaS agreement.
Can I audit Splunk Cloud? Splunk does not permit customers to audit Splunk Cloud operations or facilities. This is due to Splunk's confidentiality commitments and obligations to its other customers, as well as Splunk's inability to provide access to Cloud Service Providers (CSP) facilities. However, Splunk contracts with independent third parties to annually audit Splunk Cloud's compliance with its security attestations (e.g., SOC2, ISO 27001,etc.).
Does Splunk allow for acceptance testing? Splunk does not allow for acceptance testing. Splunk recommends that you select a free trial if you require functionality or capacity verification before purchasing a subscription.
How does Splunk help ensure data and service durability? Splunk continuously monitors the status of your Splunk Cloud environment to help ensure uptime and availability. We look at various health and performance variables such as the ability to log in, ingest data, access Splunk Web and perform searches. Splunk maintains a rolling 30 day history of health and utilization data to help ensure uptime and assist troubleshooting of your Splunk Cloud. In addition, Splunk Cloud maintains a rolling seven day daily backup of your ingested data and configuration files to support data durability.
I am in the Public Sector and I am required to only utilize SaaS services that are FedRAMP authorized. Can I use Splunk Cloud? Yes. Splunk Cloud has received FedRAMP authorization at a moderate impact level. For more information regarding Splunk Cloud FedRAMP, please contact your Splunk sales representative or email sales@splunk.com. Please note FedRAMP is only available in the GovCloud region.
I have a requirement to have my data maintained in a regulated HIPAA or PCI DSS cloud environment to assist me with meeting compliance needs. Can I use Splunk Cloud? Yes. For more information regarding Splunk Cloud HIPAA or PCI DSS, please contact your Splunk sales representative or email sales@splunk.com. Please note HIPAA and PCI DSS is not available for Splunk Cloud on GCP.

Splunk Maintenance and Support FAQ

Question Answer
What can Splunk support help me with? Splunk Cloud enables you to customize user, index and app management via Splunk Web in a self-service manner. However, there may be situations that will require assistance from Splunk. You can contact Splunk support by submitting a case on the Support Portal. Examples include:
  • report an inability to login, ingest data, access Splunk Web or perform searches
  • unlock your instance due to license violations
  • assist with tasks to enable real-time search, AWS Kinesis Data Firehose data to be received, or installing apps that cannot be self-service installed.
How do I open or close a Splunk support case? Submit a case on the Support Portal.
Which release will be installed in my Splunk Cloud environment? Splunk Cloud adopts the release that has the most benefits for Splunk Cloud customers as quickly as possible. You are notified as soon as possible when the latest release is available for your Splunk Cloud. Notifications are sent through the Splunk Support organization to the operational and entitlement contacts listed in your profile.
Can I decline an upgrade to the latest release? No. As a cloud service it is very important to maintain all subscribers on the most current release. This provides you the best features and most recent product enhancements.
Is there flexibility on the timing of an upgrade? As a cloud service it is very important to maintain all subscribers on the most current release. Your Splunk Cloud environment will be upgraded when your assigned upgrade cohort is scheduled. For more information about the Splunk Cloud Maintenance Policy, please refer to https://www.splunk.com/en_us/legal/splunk-cloud-service-maintenance-policy.html.
How do I check the consumption and health of my Splunk Cloud environment? You can use the Cloud Monitoring Console (CMC) to holistically monitor the data consumption and health of your Splunk Cloud environment. Your license limits the amount of data per day that you can send to your Splunk Cloud deployment. For more details on data policies, go here.

CMC is designed to help you manage your usage of the service, while Splunk continuously monitors the status of your Splunk Cloud environment to help ensure uptime and availability. We look at various health and performance variables such as the ability to log in, ingest data, access Splunk Web and perform searches.

How do I configure SMTP so I can email a report? Splunk Cloud gives you the option to send outbound email by default.

Splunk Cloud Free Trial FAQ

Question Answer
What is the Splunk Cloud Free Trial? The Splunk Cloud Free Trial lets you try Splunk Cloud for 15 days so you can search, analyze, and visualize your own data.
How do I get a Splunk Cloud Free Trial? Request a free trial on the Splunk Cloud Free Trial page.
Do I need to set up a Splunk.com account to use the Splunk Cloud Free Trial? Yes. You can create a Splunk.com account on the Splunk Cloud Free Trial page.
How many Splunk Cloud Free Trials can I try? You may try up to three, 15-day trials per account.
Can I send my own data to the Splunk Cloud Free Trial? Yes. You may upload your own data to your Splunk Cloud Free Trial. The maximum upload limit for a single file is 500MB. You must have the rights, licenses, and authorization to any data that you upload. Do not include any type of legally-protected data or data that is meant for internal use only.
Is my data encrypted when using Splunk Cloud Free Trial? All data in your Splunk Cloud Free Trial is encrypted by default.
What is the indexing volume limit for my Splunk Cloud Free Trial? The maximum indexing volume is 5GB per day with a maximum of 75GB data retention.
If I am using my Splunk.com user login to access my instance, how do I invite a collaborator? For information on adding users, see Manage Splunk Cloud users and roles in the Splunk Cloud Admin Manual.
If I am using my Splunk.com user login to access my instance, how do I assign a role or create a custom role? For information on creating custom roles, see Manage Splunk Cloud users and roles in the Splunk Cloud Admin Manual.
How do I get help with my Splunk Cloud Free Trial? The Splunk Cloud Free Trial has community-level support. You can search or post your questions to Splunk Answers.
What happens to my data when the Splunk Cloud Free Trial expires after 15 days? When your Splunk Cloud Free Trial expires, the instance is deleted along with the data.
Can I automatically transition from the Splunk Cloud Free Trial to a paid account? Currently, trials cannot be converted to paid accounts. To purchase a new Splunk Cloud subscription, please email sales@splunk.com.
Is my self-service Splunk Cloud SOC 2 and ISO 27001 compliant? Yes, any self-service Splunk Cloud provisioned after May 14, 2020 is both SOC 2 and ISO 27001 compliant.
Last modified on 14 July, 2020
 

This documentation applies to the following versions of Splunk Cloud: 8.0.2003, 8.0.2004, 8.0.2006


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters