We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The connectivity and analytics are great."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Positive features include replication capabilities, software development kits, and the architecture."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"To get visibility from your network devices, servers, and security devices is a great feature."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"Every new asset placed in the environment can be automatically detected, predicting human failures."
"Templates are good. We download them from the official Zabbix site or the community. If the information we need isn't available, we create custom templates based on client requirements."
"It's a very reliable platform and we've never had any issues regarding the scalability or the stability of Zabbix."
"In terms of customization and integration, we have more flexibility. We can automate configurations, define deletion rules, and customize based on the needs. The client interface allows for further configuration, making it quite comprehensive."
"The product is very stable."
"It can send messages to our ticketing system."
"It provides high scalability, alerting, notification, templating, and end-to-end security."
"Zabbix helps to save time."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The solution should allow for a streamlined CI/CD procedure."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"Splunk Enterprise Security should provide a better and richer integration."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"I think the reporting part of Zabbix can be improved in terms of more user-friendly graphics to display the collected data. Many simple users who don't know how to use Zabbix properly might get confused by the reporting, although at the same time it is very versatile for my company."
"The APM monitoring has room for improvement, although I hear that the new 5.2 version has some improvements in that area, and I'd like to give that a go. I would like to see a few more templates out there for different styles of monitoring. I use the Grafana interface for reporting. I would also like it to have an out-of-the-box ability to email reports. You can create reports, but to be able to email those reports would be really helpful. I've got users who are not interested in logging in and generating a report. They want it all pre-canned and sent to an email address. It would also be really handy if we could pin certain reports up onto platforms such as Teams or SharePoint. A GUI for the proxy server would be cool to have for debugging purposes and for the support teams to have a look at, but I don't know whether that's really feasible to do. I get enough from the log files themselves."
"I would like for this solution to be more cloud-friendly."
"If Zabbix had a better dashboard then it would be nice."
"An area for improvement would be the ease of doing aggregation from the value or different devices."
"The product could be more secure and more stable."
"They should open an SSH session from the web interface."
"Zabbix is not easy to configure, and upgrading is also an issue."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and ManageEngine OpManager.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.