We performed a comparison between Logz.io and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Free ingestion for Azure logs (with E5 licence)"
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The query mechanism for response codes and application health is valuable."
"The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks."
"We use the product for log collection and monitoring."
"It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want."
"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues."
"We use the tool to track the dev and production environment."
"InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general."
"The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive."
"The initial setup is pretty straightforward."
"The product is adept at log mining."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
"Splunk has helped improve our company's resilience level."
"Its integration is most valuable. Its UI is also pretty much easy."
"The ability to ingest any data and display it in a way that anyone can understand."
"Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The product can be improved by reducing the cost to use AI machine learning."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The solution needs to expand its access control and make it accessible through API."
"Capacity planning could be a little bit of a struggle."
"I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back."
"I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two."
"When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more."
"The price can be cheaper and they should have better monitoring."
"The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well."
"The product needs improvement from a filtering perspective."
"Splunk could have more built-in use case presets that customers can build on and customize."
"I would like to see more SIEM functionality and a better ticket tool."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"Splunk is more expensive than other solutions."
"The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."
"I find that the learning curve for Splunk is relatively lengthy."
Logz.io is ranked 27th in Security Information and Event Management (SIEM) with 8 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Logz.io is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Logz.io is most compared with Datadog, Wazuh, Coralogix, Grafana Loki and ManageEngine File Audit Plus, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Logz.io vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.