We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The most valuable feature is the custom dashboard feature."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"Its integration is most valuable. Its UI is also pretty much easy."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"Easy to deploy and simple to use."
"The solution has made us more secure."
"The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
"It is easy to use, and easy to implement."
"Every new asset placed in the environment can be automatically detected, predicting human failures."
"The solution is quite mature and very stable."
"We detect problems before the customer does and before it actually happens using the predictive functions in Zabbix."
"Zabbix is an excellent performance monitoring tool."
"It has good graphs of what is going on within the operating system."
"There is a problems page that shows us every warning or problem that occurs on our VMs globally. The map screen is also really useful because this is something that was missing. I don't know every other tool in the market. So, I don't know if this is a good point of only Zabbix, or other tools are also doing it, but from my point of view, this is the most useful page that I use, along with the problems page that efficiently lists the problem, recovery time, ending hours, starting hours, and so on."
"It's a very reliable platform and we've never had any issues regarding the scalability or the stability of Zabbix."
"The pricing of the product is reasonable."
"I would like to see more AI used in processes."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"We are invoiced according to the amount of data generated within each log."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"It requires a significant amount of relatively complex architecture once you push past the single server instance."
"Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
"Sometimes, there is latency in the logs."
"The documentation gets a bit messy between versions and is not too detailed, which is a bit painful for first-timers, especially when they run into issues."
"Implementation is always tailored to the customer and the kind of information we need from the client to carry it out can make them very uncomfortable. Sometimes the clients are not ready to share it."
"There's a small module of APM, however, it is not an enhanced version. People usually ask for a full-fledged APM solution."
"I would like to see a more flexible mobile client, and better HA out of the box."
"The System Center Operations Manager can be improved."
"The performance reporting could be improved."
"Its UI needs to be improved a little bit more so that an end-user is also able to handle it. I can handle it, but others should also be able to handle it in a better way. It becomes complex when we are growing and need to add proxies. We need more scalability features and documentation for different use cases. A lot of articles are available, but they need to be in proper documentation. For example, when you have thousands of servers that have to be monitored in different regions of the world, there should be some kind of documentation to describe how you can create proxies and add them. Sometimes, when you are using the database, it can get overloaded. When the network is growing, the number of transactions becomes very high, and the database gets overloaded. There should be information about how to reduce the load on the MySQL database, which is what Zabbix is using. The market is growing a lot, and it should be enhanced for a lot more things. We are currently bringing enhancements at our end for different use cases. For example, when dockerization is going on, how can we check the logs inside the Dockers. We should also be able to monitor and check the number of logins and add features such as SSO login and two-factor authentication as a protocol. These are the security features and concerns that we have to deal with. Currently, we are developing modules to add features to Zabbix, but they should also work on these features."
"We would like to see the addition of automatic push functionality to this product. This would save time when monitoring our servers and networks as, at present, we have to manually install the Zabbix agent on any hardware to be monitored."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews while Zabbix is ranked 1st in Network Monitoring Software with 100 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and LibreNMS.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.