We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It's pretty powerful and its performance is pretty good."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The analytic rule is the most valuable feature."
"The alerts are very effective."
"The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"The most valuable feature is that it's very good for log aggregation."
"The logs on the solution are excellent."
"Visualizations are the best way to understand deviation techniques from the norm."
"I like the ease with which dashboards can be created."
"Zabbix can use old data to current data to set the threshold. We can use previous data to set the threshold."
"It is a great product. The SNMP protocol tracking feature is good. I really like how it tracks SNMP. The alerts are also great."
"It has good graphs of what is going on within the operating system."
"The implementation process is very straightforward."
"Zabbix has a roadmap and they are continuously and frequently adding new features."
"The integration with third-party tools and the alerts are most valuable."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"It not only provides the preconfigured item monitoring feature, but it is also easy to configure custom items."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The reporting could be more structured."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The upgrading process could be smoother."
"The price has room for improvement."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
"There is a definite learning curve to starting out."
"There can be a bit of complexity around some fields during the initial setup."
"Splunk can be an expensive solution. Technical support could be improved as well."
"The GUI could be more intuitive. Also, we'd like streaming telemetry. Zabbix might have this feature, but I haven't seen it yet. It took us a long time to get started because the documentation isn't very descriptive. We had to go through various sources like YouTube and forums to get this solution working."
"There are not too much documentation or manuals. We found the tutorials very easy to understand but do not go deep enough in the use of Zabbix. We need more manuals, proper use, documentation, etc."
"Documentation terminology could be improved."
"In the next release, I'm hoping for features targeted towards larger users with more customizable options. Despite this, I think pre-canned reports that can be used straight out of the box would be beneficial rather than having to configure each report individually. Additionally, a deeper dive into software configurations on the machines would be useful, although I understand there may be challenges in implementing this due to scripting requirements. More documentation would also be appreciated."
"One of the things we don't like is that Zabbix has a license structure with a price that is high compared to the competition. It's very high, for example, compared to something like Microsoft Teams."
"I think the reporting part of Zabbix can be improved in terms of more user-friendly graphics to display the collected data. Many simple users who don't know how to use Zabbix properly might get confused by the reporting, although at the same time it is very versatile for my company."
"I would like to see a more flexible mobile client, and better HA out of the box."
"There are some features of Zabbix that are not good for reporting. The DX Spectrum solution has better reporting."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews while Zabbix is ranked 1st in Network Monitoring Software with 98 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and New Relic, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and PRTG Network Monitor.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.