We performed a comparison between Elastic Search and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Elastic, IBM, OpenText and others in Indexing and Search."The solution has good security features. I have been happy with the dashboards and interface."
"The observability is the best available because it provides granular insights that identify reasons for defects."
"The flexibility and the support for diverse languages that it provides for searching the database are most valuable. We can use different languages to query the database."
"The products comes with REST APIs."
"The AI-based attribute tagging is a valuable feature."
"The solution is valuable for log analytics."
"I have found the sort capability of Elastic very useful for allowing us to find the information we need very quickly."
"It provides deep visibility into your cloud and distributed applications, from microservices to serverless architectures. It quickly identifies and resolves the root causes of issues, like gaining visibility into all the cloud-based and on-prem applications."
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
"The correlation capabilities are the first value that our clients say they like with Splunk."
"The SIEM is the most valuable feature of the product."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"We are much faster finding and addressing issues with Splunk."
"It has virtual visualization, and other products do not."
"It is very stable. We have not had any problems."
"Splunk is a user-friendly solution."
"Better dashboards or a better configuration system would be very good."
"Elastic Search needs to improve its technical support. It should be customer-friendly and have good support."
"The UI point of view is not very powerful because it is dependent on Kibana."
"Its licensing needs to be improved. They don't offer a perpetual license. They want to know how many nodes you will be using, and they ask for an annual subscription. Otherwise, they don't give you permission to use it. Our customers are generally military or police departments or customers without connection to the internet. Therefore, this model is not suitable for us. This subscription-based model is not the best for OEM vendors. Another annoying thing about Elasticsearch is its roadmap. We are developing something, and then they say, "Okay. We have removed that feature in this release," and when we are adapting to that release, they say, "Okay. We have removed that one as well." We don't know what they will remove in the next version. They are not looking for backward compatibility from the customers' perspective. They just remove a feature and say, "Okay. We've removed this one." In terms of new features, it should have an ODBC driver so that you can search and integrate this product with existing BI tools and reporting tools. Currently, you need to go for third parties, such as CData, in order to achieve this. ODBC driver is the most important feature required. Its Community Edition does not have security features. For example, you cannot authenticate with a username and password. It should have security features. They might have put it in the latest release."
"It was not possible to use authentication three years back. You needed to buy the product's services for authentication."
"We see the need for some improvements with Elasticsearch. We would like the Elasticsearch package to include training lessons for our staff."
"I would like to see more integration for the solution with different platforms."
"Elastic Enterprise Search can improve by adding some kind of search that can be used out of the box without too much struggle with configuration. With every kind of search engine, there is some kind of special function that you need to do. A simple out-of-the-box search would be useful."
"If it could be made available as a service, this would be much better than as a product."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"I think the tech support response time could be a bit better. Sometimes I need to wait more than 24 hours for a response to my tickets."
"Professional support is great, but too expensive."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier."
Elastic Search is ranked 1st in Indexing and Search with 59 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Elastic Search is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Search writes "Played a crucial role in enhancing our cybersecurity efforts ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Search is most compared with Faiss, Milvus, Pinecone, Azure Search and Amazon Kendra, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel.
We monitor all Indexing and Search reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Generally Elastic is very strong in datasearch, and Splunk has a strong security solution. However Elastic has partnered with SIEM provider empow and together this integration provides a very strong platform both in datasearch and next generation SIEM.
Here's a thorough article on ELK vs. Splunk and here's a description from Elastic on what's included in the different versions.
Splunk: hard to use, expensive with predatory pricing, few OOTB rules, SOAR is a premium, good luck training analyst on their platform in under six months. SPLUNK SEARCH.
ELK Stack: easy to use, open-source, no predatory pricing, more robust use cases OOTB, loved and used by millions all over the globe, open ecosystem that can integrate with almost any major IT stack out of the box. LUCENE.
We use ELK or other freeware stacks in isolated small scenarios.
Think of a small or medium company with a „midsized“ webshop. You can easily do your Log management with an ELK-Stack, let's say size 5 up to 10 GB, no Problem. Please keep in mind to order Hardware. The best thing on ELK is that you can start immediately you don't have to wait for licensing and it's easy to build the first small things.
Another Example:
Your Marketing Dep. wants to do some singular evaluations and very specialized marketing stuff. It is temporary and they don't have the budget for licensing. The results are not for permanent use. Just use ELK.
In my opinion, ELK is only cost-effective if you don't need to buy their professional service. You must leave the cases small.
If you are looking for bigger scenarios or you want to build-up a SIEM, SOC or even doing elevated things like SOAR it is a very different kind of thing.
There can be account issues that a developer usually won't mind at the first glance but a Controller will.
You have to look at the Total Cost of Ownership, Scalability, Time to Market, Secureness of future development, maintenance e.g.
If you want to build up a complex scenario with the secureness of scalability you should go with SPLUNK. If tomorrow there is a better tool with lower costs and less need for input of manpower I will refer to this.