We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"Positive features include replication capabilities, software development kits, and the architecture."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust."
"The technical support is among the best in the market."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Good for monitoring, active response, and for vulnerabilities."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"It is a stable solution."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"It's stable."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The UI can be difficult to understand for non-technical people."
"Its interface could be improved."
"The product was difficult to back up the first time."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"Splunk can be an expensive solution. Technical support could be improved as well."
"I feel the solution to be too slow."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"The product is relatively expensive."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"It would be great if there could be customization for the decoder portion."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
Splunk Enterprise Security is ranked 1st in Log Management with 246 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Splunk Enterprise Security is most compared with IBM Security QRadar, Dynatrace, Elastic Security, Microsoft Sentinel and Datadog, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and IBM Security QRadar. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.