We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"It is a robust, stable product."
"I am impressed by the reporting on the average eight ports that we get from this solution."
"Azure Monitor gives us the observability to check everything that we have in the cloud."
"For me, the best feature is the log analysis with Azure Monitor's Log Analytics. Without being able to analyze the logs of all the activities that affect the performance of a machine, your monitoring effectiveness will be severely limited."
"The solution integrates well with the Microsoft platform."
"Technical support is good and helpful...The initial setup is easy."
"It has good troubleshooting features."
"You can scale the product."
"The product provides visibility and enables us to correlate data and generate alerts."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"It helps streamline troubleshooting and log analysis."
"I like Splunk's data aggregation and search capabilities."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"There are a lot of things that take more time to do, such as charting, alerting, and correlation of data, and things like that. Azure Monitor doesn't tell you why something happened. It just tells you that it happened. It should also have some type of AI. Environments and applications are becoming more and more complex every day with hundreds or thousands of microservices. Therefore, having to do a lot of the stuff manually takes a lot of time, and on top of that, troubleshooting issues takes a lot of time. The traditional method of troubleshooting doesn't really work for or apply to this environment we're in. So, having an AI-based system and the ability to automate deployments of your monitoring and configurations makes it much easier."
"Lacks information including details related to where problems lie."
"have used multiple products like Webex and PRTG. Some features could be added. Azure Monitor should add SMS and APIs. We have very limited access to Azure Monitor. I usually get alerts on my phone when they are integrated with Slack. I am not always available, but my team is. Sometimes, I am traveling and don't have access to my email, but I have Slack and other third-party projects that send me instant messages if a sensor goes down."
"We encounter some difficulties in monitoring the operating system on its own."
"The solution's monitoring feature has limitations for analyzing multiple metrics."
"This solution could be improved with more out-of-the-box functionalities and artificial intelligence to complete event correlation."
"This solution has fewer features than some of its competitors, so adding more features to it would make it better."
"Azure Monitor could improve the visualization aspect and integrate better with other third-party services."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"It is a hugely complicated product."
"The price of the solution could be cheaper."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.