We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.
"It has a lot of great features."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The machine learning and artificial intelligence on offer are great."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The UI-based analytics are excellent."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It's open-source and free to use."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"Stability-wise, I rate the solution a ten out of ten."
"It's simple and easy to use."
"The ability to ingest different log types from many different products in our environment is most valuable."
"Splunk has give us the capability to easily track problems and their status."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"Being able to track impossible travel logins and things of that nature is valuable. We can track user logins from various IPs, various countries, and at various times to see if everything adds up."
"Splunk's visualizations make it easy for users to understand the data."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"Technical support could respond faster."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"Better directions on search head clusters."
"There is improvement needed when importing from some types of data sources."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"It's costly."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
Elastic Security is ranked 5th in Log Management with 58 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Security is most compared with Wazuh, IBM Security QRadar, Microsoft Defender for Endpoint, CrowdStrike Falcon and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Azure Monitor and Datadog. See our Elastic Security vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.