We performed a comparison between Splunk Enterprise Security and Tableau based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The main benefit is the ease of integration."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"The solution is the market leader."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"The alerts are very effective."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"The solution has plenty of features that are good."
"It is a complete solution allowing a lot of integrations, different graphics, multiple operations and analyzes our date and gives us meaning from it."
"The data visualization piece is most valuable. We do ad-hoc analysis or one-time shot things, but there are things that we have to track every single day. When our management and our customers want to see how things are changing, the dashboarding provides that information. Tableau is key in providing that data on a refresh basis. We use a data blending tool that pumps the data into Tableau, and we just schedule it to run every single day. So, the automation of the data and being able to present it to people who are interested are the most valuable features."
"The most important feature is the tool is very easy to use. This makes it simple to introduce it to CxOs. After a rapid demo, they are usual impressed by the results shown, because it has such a rare simplicity."
"The most valuable feature is the ease of use."
"Data handling, visualizations, and aesthetics of it are the most valuable features."
"It allows us to basically understand and evaluate our numbers in an expedient manner."
"It is easy to use, and it can handle a large amount of data."
"Very user friendly."
"Sentinel's reporting is complex and can be more user-friendly."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Free-floating panels in the dashboards are like a glass table."
"They should make data onboarding easier."
"My biggest struggle with Splunk in general is memorizing all the commands. If I want to know which users have logged in between certain hours, I cannot write that query out. It would be helpful to have AI so that I can explain in simple terms what I want and then the search gives that back to me. I am waiting for that."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"The configuration had a bit of a learning curve."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"They need to improve the icons and the filters, because they look too old, resembling Excel from 1997."
"When I've done presentations in the past, I've had issues with uploading the cartography."
"Requires a lot of user training."
"I have used Power BI as well as Tableau. There are a couple of interesting features that I like in Power BI, but they are not present in Tableau. For example, in Power BI, if I am looking at country-wise population, I can type and ask for the country that has the maximum population, and it will automatically give an answer and address that query. This kind of feature is not there in Tableau. Similarly, in Power BI, for integrating with the latest ML algorithms, we have decision trees and primarily multiple machine learning algorithms. The decision tree essentially visualizes the patterns in the data. We don't have such a feature in Tableau. If Tableau can integrate with the machine learning algorithms and help us to do visualizations, it would be a wonderful combination. Most of the people are going for Tableau primarily for visualization purposes. However, in the data science industry, users want to do model building as well as tell a story. As of now, Tableau is fulfilling the requirements for visualization purposes. If they can bring it up to a level where I can use it for machine learning purposes as well as for visualization, it would be very helpful. Many people who want to do data science don't want to write a code. Tableau is anyway a drag and drop tool, and if they can provide those options as well, it will be a powerful combination."
"The extraction, transformation and loading of data in Tableau takes a lot of time and we do not have confidence that Tableau is showing all the data we need."
"The product needs to allow for better ways to drill down more effectively on the information at hand."
"Small multiples (a.k.a. Trellis charts) are possible only through very hacky means. Update: Still remains a challenge."
"We would like a report model, because currently there is no schema that we can create in the tool."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Tableau is ranked 2nd in BI (Business Intelligence) Tools with 293 reviews. Splunk Enterprise Security is rated 8.4, while Tableau is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Tableau writes "Provides fast data access with in-memory extracts, makes it easy to create visualizations, and saves time". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Tableau is most compared with Microsoft Power BI, Amazon QuickSight, Domo, SAS Visual Analytics and Databricks.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.