We performed a comparison between Splunk Enterprise Security and Splunk On-Call based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The Log analytics are useful."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We have no complaints about the features or functionality."
"The main benefit is the ease of integration."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
"Its compatibility with other SIEMS is very useful."
"The ability to ingest different log types from many different products in our environment is most valuable."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"Splunk works based on parsing log files."
"The flexible schedule is the most valuable feature. It was very easy to set out a rotation."
"The most valuable feature of the solution is helpdesk escalation."
"Transmogrifier and automatic solution report gives me a report with the solution and the way to solve issues when an error occurred."
"VictorOps has been good enough for us and it's effective for our needs in case of an on-call escalation process."
"The alert calling feature is the best because notifications are delivered via phone messages."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The AI capabilities must be improved."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"Splunk has a steeper learning curve, making it feel less user-friendly."
"We usually have to follow up with technical support on our open cases."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"Should have more YouTube webinars."
"The solution can be improved by including a wider list of permissions."
"There could be improvements with communicating an incident or alert."
"The third-party configuration tool could be easier to use."
"At that stage, all our needs are fulfilled, but at the beginning, we had some feature requests and they were deployed during their roadmap."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while Splunk On-Call is ranked 8th in IT Alerting and Incident Management with 10 reviews. Splunk Enterprise Security is rated 8.4, while Splunk On-Call is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk On-Call writes "Allows us to create flexible schedules for on-call rotations". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Splunk On-Call is most compared with PagerDuty Operations Cloud, Opsgenie, New Relic, Everbridge IT Alerting and xMatters .
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.