We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The main benefit is the ease of integration."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"It's simple and easy to use."
"The feature that we have found the most valuable is scalability."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The stability of the solution is good."
"It's very customizable, which is quite helpful."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"The Splunk user community and forum are most valuable."
"The speed of the search engine"
"The best part of Splunk Enterprise Security is its customizable settings."
"The security part is useful as it helps secure the entire environment."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"I am satisfied with the support."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The playbook is a bit difficult and could be improved."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"The tool should improve its scalability."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"The biggest challenge has been related to the implementation."
"Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"I feel the solution to be too slow."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"We'd like Splunk to reduce false positives."
"While Splunk offers SOAR as a separate product, integrating it into the next version of Splunk Enterprise Security as a unified solution would be beneficial."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Security is most compared with Wazuh, IBM Security QRadar, Microsoft Defender for Endpoint, CrowdStrike Falcon and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Datadog and Azure Monitor. See our Elastic Security vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.