We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"One of the most useful aspects of this solution is the out-of-the-box functionality on all areas, especially on Application Insights, zero instrumentation, and artificial intelligence for event correlation."
"It's a Microsoft native tool, so it works well with other Microsoft technologies, which is predominantly what our customer end-user base is."
"The most valuable feature is the universality of their functionalities in all Azure services, including, software solutions."
"I am impressed by the reporting on the average eight ports that we get from this solution."
"Log analytics and log queries are the most valuable features of Azure Monitor."
"The feature that I found most valuable in Azure Monitor is its monitoring abilities. With Azure Monitor, you are able to monitor all of your cloud resources across multiple subscriptions in one dashboard and create solution-specific alerts that can trigger an email to the team responsible for that specific solution."
"It's a service from Microsoft, so it will scale."
"For me, the best feature is the log analysis with Azure Monitor's Log Analytics. Without being able to analyze the logs of all the activities that affect the performance of a machine, your monitoring effectiveness will be severely limited."
"Our clients are easily able to modify and evolve their implementations."
"We can automatically suspend or terminate suspicious sessions."
"The Splunk user community and forum are most valuable."
"The scalability is good."
"Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
"Good for log collection and log management."
"Splunk Enterprise Security's dashboards are a key asset."
"The product provides visibility and enables us to correlate data and generate alerts."
"The solution's monitoring feature has limitations for analyzing multiple metrics."
"Lacks information including details related to where problems lie."
"It's really complex to retrieve or query the logs in Azure Monitor."
"The biggest one is probably just the user interface. There could be more advanced logging at the database level. They can also improve their query builder to allow you to search for things better, but I last used it about a year ago. They might have already changed a ton of things in the newer versions."
"There is room for improvement in stability."
"In terms of pricing, Azure Monitor's billing based on data size can sometimes lead to increased costs, especially when developers need to purge data frequently. While there are mechanisms in place to track and manage this, there is room for improvement in terms of optimizing data pausing and related processes. Enhancements in this area could help mitigate potential billing concerns and provide a more seamless experience for users."
"In my opinion, they should improve the overall user experience, especially when it comes to indexing and searching collective logs."
"I'd like the solution to do more around vulnerability assessment. It's lacking in the product right now."
"Licensing costs can be a barrier for those with limited budgets."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"The product's price may be an area of concern where improvements are required."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"I would like to see future development in terms of ML (Machine Learning)."
"Splunk Enterprise Security should provide a better and richer integration."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.