We performed a comparison between LogRhythm SIEM and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It seems like it will scale easily with the way our environment is set up."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"It allows us to automate a lot of things with a smaller team."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"Provides visibility into the network."
"The data management and instant search features are the most valuable ones for us, as they allow us to instantly retrieve information needed for reports and security compliance."
"The Splunk Cloud Platform has reduced our mean time to resolve. It has easily saved 20 to 30 minutes every time someone gets locked out. We get 10 or 15 instances per day where people get locked out. It definitely saves a few hours per day."
"For my current requirements, the tool theme seems to be meeting my requirements, from a cost and requirements perspective."
"Everything is maintained by the Splunk support team. Users do not have to maintain any physical servers. They do not have to maintain indexes and searches. It reduces a lot of work on the user side."
"It has definitely improved our organization by virtue of reducing the amount of overhead we would have had for those environments. Having to implement, maintain, or even update the existing stuff would have been extremely time-consuming. Splunk Cloud handles all of that for us. So it's definitely been helpful from that perspective. It's allowed them to maintain upgrades for far further than they are. Some of the hosts of that environment were still on version 7 so they could get upgraded feature parity."
"Splunk Cloud Platform's search modes are a powerful feature."
"In my organization, Splunk Cloud Platform has improved the issue revolving around transactions."
"The most valuable feature of Splunk Cloud is the quick setup."
"The responses provided by the cloud team are inefficient."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"Sometimes, the tool fails to get the correlated events that triggered the alerts."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"I would like to see more integration with more products that are out there within the same security field."
"NextGen SIEM's integration with other software is good but could be improved."
"The installation was a bit complex because we are running a virtual infrastructure."
"The Splunk interface is on-premises, so we have limited access to Splunk Cloud. Splunk support is not so good on Splunk Cloud. The Splunk side of the Splunk Cloud should also be more customizable. Integrating Splunk UBA, Splunk Phantom, and Splunk Cloud is also a bit difficult."
"It needs to mature; it's just getting established in the industry on a wider scale."
"Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly."
"Customization could be simplified."
"In the case of knowledge objects, even a Splunk admin does not have access to delete them. If we want to remove a knowledge object, we need to contact Splunk support and raise a case. After that, they delete it. They should give us access to delete knowledge objects."
"They can offer more self-service capability to their customers. Currently, most of the things happen behind the Splunk Cloud Platform. As a customer, I do not have an opportunity to see my platform. If they can offer more self-service to see the health of my endpoints and stack, it would be appreciated."
"There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use."
"The administration could use improvement. We have to rely on support more often than we're used to."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 36 reviews. LogRhythm SIEM is rated 8.4, while Splunk Cloud Platform is rated 8.0. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Microsoft Sentinel, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, Fortinet FortiAnalyzer, AppInsights and Check Point Security Management. See our LogRhythm SIEM vs. Splunk Cloud Platform report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.