We compared Splunk Enterprise Security and LogRhythm SIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. SIEM generally received praise for its helpful support, but some users encountered delays or had issues with inexperienced support engineers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Small or medium-sized companies generally find LogRhythm easy to deploy. However, the setup is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews say Splunk could be more user-friendly and improve its capabilities by leveraging AI. LogRhythm's strengths include its centralized dashboard and event-filtering abilities, but it falls short in terms of performance, scalability, and optimization for security operations.
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"It has a lot of great features."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Sentinel pricing is good"
"The machine learning and artificial intelligence on offer are great."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Their customer support is friendly and willing to help."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"It supports most standard log sources."
"I like LogRhythm's ease of use. The solution has improved compared to previous versions. It had many issues before, like integration, the console, creating reports, false positives, etc. The AI engine has made it stronger in the latest version."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"We now have a central point of monitoring for all potential threats."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
"The search function for spam is like a google search. You just enter and it will quickly show you the results."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
"Its integration is most valuable. Its UI is also pretty much easy."
"Splunk Enterprise Security offers valuable features like seamless integration and a SQL-standard Structured Query Language for easy searching."
"Splunk Enterprise Security offers two valuable features: the Common Information Model and arrangement modules."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"I think the number one area of improvement for Sentinel would be the cost."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"I would like to see case management become more independent from LogRhythm itself."
"The software needs to work on its pricing."
"The product's stability needs improvement."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"Writing queries is a bit complicated sometimes."
"There is a definite learning curve to starting out."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"Although the technical support is adequate, there is still room for improvement."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. LogRhythm SIEM is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". LogRhythm SIEM is most compared with IBM Security QRadar, Wazuh, LogRhythm Axon, Fortinet FortiSIEM and Fortinet FortiAnalyzer, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Google Chronicle Suite. See our LogRhythm SIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.