We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"The analytic rule is the most valuable feature."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It has a lot of great features."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The Splunk queries are valuable."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The graph visualization is the most valuable feature."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"Splunk Enterprise Security is a standard solution providing good customer service and partnership."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"The solution is very fast and succinct."
"We are much faster finding and addressing issues with Splunk."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"The product is easy to customize."
"The product’s interface is intuitive."
"The main thing I like about it is that it has an EDR."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The reporting could be more structured."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"I think the number one area of improvement for Sentinel would be the cost."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"Technical support needs to be more responsive."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"This is a costly solution."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"The tool does not provide CTI to monitor darknet."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"The deployment is a bit complex."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Splunk Enterprise Security is most compared with Dynatrace, IBM Security QRadar, Elastic Security, Datadog and Azure Monitor, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and CrowdStrike Falcon. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.