We performed a comparison between ManageEngine EventLog Analyzer and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Free ingestion for Azure logs (with E5 licence)"
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"What I found most useful in ManageEngine EventLog Analyzer is its integration with other ManageEngine applications. It seamlessly integrates throughout the ManageEngine suite, and that's beneficial. I also like that the solution has chain management capabilities, it has a modular approach, and it's easy to reach the support team."
"The initial setup is straightforward"
"It's one of the easiest products. It's very simple to use."
"It is stable."
"The user interface is very good."
"The log management has helped to improve my organization."
"ManageEngine EventLog Analyzer is easy to gather reports to give to management. My supervisor has access to the solution and he enjoys the graphs."
"I have made use of technical support and am certainly very satisfied with them."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."
"It has reduced the time to resolution, time to investigate, and time to troubleshoot for debugging issues."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"We can do things in minutes instead of days."
"The product is good, it satisfies our customers."
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"I would like to see more AI used in processes."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The customization of reports could be a lot easier. It is not difficult but it could be made easier."
"I would like to see more detailed reports."
"The first tier of customer service and support is not great."
"Support could improve to make the solution better."
"The scalability is limited."
"It may not be as easy to use as Splunk."
"What I'd like to see as an improvement to ManageEngine EventLog Analyzer is for it to be more AI-driven. Having more automation would also make the solution better."
"The solution should improve on its log capturing capabilities."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"The product could be cheaper."
"The threat detection system has room for improvement."
"In the next releases, I would like to see more pricing flexibility."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"The prices are complicated as we operate in a small third-world country."
More ManageEngine EventLog Analyzer Pricing and Cost Advice →
ManageEngine EventLog Analyzer is ranked 21st in Log Management with 10 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 230 reviews. ManageEngine EventLog Analyzer is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of ManageEngine EventLog Analyzer writes "Modular software that seamlessly integrates with other applications and provides good technical support". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ManageEngine EventLog Analyzer is most compared with ManageEngine Log360, Fortinet FortiAnalyzer, Wazuh, SolarWinds Kiwi Syslog Server and SolarWinds Log Analyzer, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our ManageEngine EventLog Analyzer vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
