We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"It has a lot of great features."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The automation feature is valuable."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The SIEM is the most valuable feature of the product."
"The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for."
"It gives us the liberty to do more in terms of use cases."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"The most valuable feature is the custom dashboard feature."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"Splunk is stable, and this is why many customers want it."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"The flexibility of this solution is amazing."
"It has an intuitive UI with beautiful graphs and customizable maps."
"Templates are good. We download them from the official Zabbix site or the community. If the information we need isn't available, we create custom templates based on client requirements."
"The overall functionality of Zabbix is very good. The monitoring of bank applications that Zabbix provides is great. The information is displayed on a dashboard that is easily viewed."
"Every new asset placed in the environment can be automatically detected, predicting human failures."
"I like being able to use proxy servers for different locations. The agents are pretty cool. They're easy to roll out. The standard out-of-the-box templates are also pretty easy to use. The integration with other learning products is also good. I have, in the past, used Slack, but we've integrated it with Microsoft Teams. We also use it for SMS with a service called Redcoat. It is very flexible. It does what I need it to do, and my manager is very happy because it doesn't cost anything. We are nearing 4,000 hosts inside Zabbix, and we've got another 6,000 access points to add to it. We've thrown everything at it, and it has managed to keep going. I am very impressed with the tool, and I'd shake their hand very hard if I got to say the compliments to the Zabbix team. They keep improving it and doing refreshes, which is one good thing about it. There is also online information as well as books that you can purchase if you're willing to read enough. There is a lot to pick up, but it is a pretty complete solution."
"The most valuable features in Zabbix are those that help us overcome bottlenecks in CPU usage, as well as reduce memory delay. I know that we have only reached the tip of the iceberg of what Zabbix's features can do for us, and we have not used all of them yet."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I find that the learning curve for Splunk is relatively lengthy."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"Considering the contract thing and the whole legal area, it takes forever to get the contracts signed and to be able to agree to the terms and conditions for my company as well as for Splunk's team."
"If you monitor too much, you can lose performance on your systems."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"AngularJS/ReactJS inclusion could be made easier in GUI."
"While Splunk offers SOAR as a separate product, integrating it into the next version of Splunk Enterprise Security as a unified solution would be beneficial."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"The networking monitor is not too easy to work with."
"There are some features of Zabbix that are not good for reporting. The DX Spectrum solution has better reporting."
"Improvement is needed as per customer requirements."
"It could be more stable."
"There's a small module of APM, however, it is not an enhanced version. People usually ask for a full-fledged APM solution."
"The event correlation could be better."
"To improve Zabbix, adding more features to support the monitoring of modern workloads like containers would be beneficial."
"The dashboard and the graph section could be a little bit more professional."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and ManageEngine OpManager.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.