We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"The solution's most valuable features are its ability to focus on delivery and maximizing the performance of applications and services."
"Azure Monitor's best features are its graphs and charts, the different visibility options, and reporting."
"Among the valuable features of this solution, Application Insights stands out as one of the most significant. It provides insights into application performance and helps identify issues and bottlenecks."
"It is a move-in powerful feature compared to other market-leading tools."
"You can scale the product."
"Recently, they have improved their integration with other resources, so we get even more robust data."
"It is a robust, stable product."
"The most valuable feature is the universality of their functionalities in all Azure services, including, software solutions."
"We solve issues that we previously could not since we now have the data."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"There are lots of free learning materials on their website."
"Search language is easy to understand and teach to new users."
"I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"Visualizations helped the organisation with a better understanding of its KPIs."
"This solution has fewer features than some of its competitors, so adding more features to it would make it better."
"The query builder could be better. In comparison to other monitoring tools, in order to use Azure Monitor, your engineers need to have KQL experience. If they don't, it's not intuitive as a system."
"The troubleshooting logs need improvement. There should be some improvement there. I have a hard time finding the right logs at the right times whenever there is an issue occurring."
"In my opinion, they should improve the overall user experience, especially when it comes to indexing and searching collective logs."
"The monitoring of Kubernetes clusters needs improvement to be on par with competitors."
"In terms of pricing, Azure Monitor's billing based on data size can sometimes lead to increased costs, especially when developers need to purge data frequently. While there are mechanisms in place to track and manage this, there is room for improvement in terms of optimizing data pausing and related processes. Enhancements in this area could help mitigate potential billing concerns and provide a more seamless experience for users."
"They need to work on a more hybrid deployment that will allow us to monitor local on-premise deployments and connect to different systems. I would like to see more integration."
"have used multiple products like Webex and PRTG. Some features could be added. Azure Monitor should add SMS and APIs. We have very limited access to Azure Monitor. I usually get alerts on my phone when they are integrated with Slack. I am not always available, but my team is. Sometimes, I am traveling and don't have access to my email, but I have Slack and other third-party projects that send me instant messages if a sensor goes down."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"Make it easier to include roles and user controls, as it is horrible now."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.