We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The UI-based analytics are excellent."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It's pretty powerful and its performance is pretty good."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"This is a straightforward solution, easy to configure."
"You can check up on security from the dashboards."
"It helps us uncover bottlenecks in the network."
"This solution helps us increase our productivity."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The pricing of the product is reasonable."
"During my testing, the features that I like the most are that it can be integrated with my system, and it provides me with reports of all of my servers."
"It's a very reliable platform and we've never had any issues regarding the scalability or the stability of Zabbix."
"It provides high scalability, alerting, notification, templating, and end-to-end security."
"Setup was straightforward. Initial deployment took two or three months."
"Zabbix is very easy to implement."
"Every new asset placed in the environment can be automatically detected, predicting human failures."
"The most valuable feature is network traffic monitoring."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The solution should allow for a streamlined CI/CD procedure."
"The solution could improve the playbooks."
"The troubleshooting has room for improvement."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"Better directions on search head clusters."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"Their technical support sucks."
"It requires a significant amount of relatively complex architecture once you push past the single server instance."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"Splunk has a steeper learning curve, making it feel less user-friendly."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"Its UI needs to be improved a little bit more so that an end-user is also able to handle it. I can handle it, but others should also be able to handle it in a better way. It becomes complex when we are growing and need to add proxies. We need more scalability features and documentation for different use cases. A lot of articles are available, but they need to be in proper documentation. For example, when you have thousands of servers that have to be monitored in different regions of the world, there should be some kind of documentation to describe how you can create proxies and add them. Sometimes, when you are using the database, it can get overloaded. When the network is growing, the number of transactions becomes very high, and the database gets overloaded. There should be information about how to reduce the load on the MySQL database, which is what Zabbix is using. The market is growing a lot, and it should be enhanced for a lot more things. We are currently bringing enhancements at our end for different use cases. For example, when dockerization is going on, how can we check the logs inside the Dockers. We should also be able to monitor and check the number of logins and add features such as SSO login and two-factor authentication as a protocol. These are the security features and concerns that we have to deal with. Currently, we are developing modules to add features to Zabbix, but they should also work on these features."
"The only improvement I would suggest, revolves around its AI and ML capabilities."
"Zabbix is not easy to configure, and upgrading is also an issue."
"Outside of the normal standard monitoring, I would like to extend patching, importing patching, and supporting patching for Windows Servers."
"To improve Zabbix, adding more features to support the monitoring of modern workloads like containers would be beneficial."
"The main problem with Zabbix is that you have to spend time writing templates for all of the products that you have."
"Its UI should be improved. They did some improvements in version 5, but it could benefit from some more work. Its integrations should also be improved. They've been active for one year, and they seem to have noticed that. It has new integrations, but it could benefit from more integrations. As far as I know, there is no model to push statistics, metrics, or events towards Zabbix. This type of API isn't yet there, whereas some other tools provide an API for this."
"If you want to use all of the features then you have to pay a licensing fee."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and ManageEngine OpManager.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
