We compared Splunk Enterprise Security and LogPoint across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. LogPoint is noted for its advanced technology and extensive log-collection, parsing, and analysis mechanisms.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. LogPoint can improve its dashboard customization, resource efficiency, network hierarchy diagrams, and agent deployment.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. LogPoint's customer service receives high marks for its exceptional technical support and responsive engineers, but some users reported delays in receiving help from higher-level support.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. The complexity of LogPoint's initial setup can range from complex and time-consuming to fast and easy, depending on the user's experience and the organization’s size.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. LogPoint's fixed pricing model is seen as cost-effective and competitive.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Logpoint makes costs more predictable and enables companies to generate revenue through security operation services.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to process data from multiple sources quickly, but reviewers say it could be more intuitive and offer advanced AI capabilities. Logpoint excels at log collection and analysis but would benefit from improvements in its user interface and resource usage.
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The automation feature is valuable."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The solution's most valuable aspect is the combination of the software and the support that they have."
"Technical support is responsive and very friendly."
"The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform."
"The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface."
"The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report."
"The solution is user-friendly."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"Log collection, dashboards and reporting are good."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"The product is adept at log mining."
"The most valuable feature is that it's very good for log aggregation."
"It helps streamline troubleshooting and log analysis."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The playbook is a bit difficult and could be improved."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The reporting could be more structured."
"The thing that makes it a little bit challenging is when you run into a situation where you have logs that are not easily parsable. If a log has a very specific structure, it is very easy to parse and create a parser for it, but if a log has a free form, meaning that it is of any length or it can change at any time, handling such a log is very challenging, not just in LogPoint but also in everything else. Everybody struggles with that scenario, and LogPoint is also in the same boat. One-third of logs are of free form or not of a specific length, and you can run into situations where it is almost impossible to parse the log, even if they try to help you. It is just the nature of the beast."
"In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
"Sometimes, the product is not stable."
"The solution should offer more integrations and third-party solutions like incident response platforms or allow access to third-party big data"
"It is a good product, but its interface or GUI could be better."
"Logpoint is not flexible. Its documentation is not user-friendly."
"I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
"One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues."
"The prices are complicated as we operate in a small third-world country."
"I have concerns about the architecture as well since I can see it is not very well defined."
"Splunk could be improved by reducing the cost. The cost is one of the biggest challenges for us in keeping to our production requirements."
"The documentation is in definite need of improvement."
"The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"The product must improve insider threat detection."
"It takes time to train people."
Logpoint is ranked 26th in Security Information and Event Management (SIEM) with 20 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Logpoint is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Logpoint writes "Good technical support but it is complex to use and resource-heavy". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Logpoint is most compared with IBM Security QRadar, Elastic Security, Rapid7 InsightIDR, Wazuh and SolarWinds Security Event Manager , whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Logpoint vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.