We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.
"The analytic rule is the most valuable feature."
"Log aggregation and data connectors are the most valuable features."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Free ingestion for Azure logs (with E5 licence)"
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"It's not very complicated to install Elastic."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"Elastic Security is very easy to adapt."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"Splunk has give us the capability to easily track problems and their status."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"The visibility is amazing with easy dashboard creation."
"The solution is the market leader."
"We have a more secure, robust environment, which keeps the harmful software out of the zone required."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The troubleshooting has room for improvement."
"There is room for improvement in entity behavior and the integration site."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"The solution's query building is not that intuitive compared to other solutions."
"The interface could be more user friendly because it is sometimes hard to deal with."
"Email notification should be done the same way as Logentries does it."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"We'd like Splunk to reduce false positives."
"Although the technical support is adequate, there is still room for improvement."
"Better directions on search head clusters."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"Many of my clients want to get better at Splunk, but they're afraid of using the tool because they feel it's too complex for them."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"The presence of multiple layers creates a significant challenge for monitoring across cloud environments."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Security is most compared with Wazuh, IBM Security QRadar, Microsoft Defender for Endpoint, CrowdStrike Falcon and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Datadog and Azure Monitor. See our Elastic Security vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.