We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"The tool's most valuable feature is the alert system, which can be set according to our metrics. The integration is smooth."
"I use the solution to monitor the infrastructure and applications."
"Azure Monitor is useful because of the useful application insights and telemetry, such as metrics and logs."
"Azure Monitor is a very easy-to-use product in the cloud environment."
"Azure Monitor gives us the observability to check everything that we have in the cloud."
"The most valuable feature is that it's stable. It hasn't crossed any thresholds."
"Provides an overview and high-level information."
"The most valuable features of Azure Monitor are the login analytics workspace and we can write any kind of custom queries in order to receive the data that is inserted into the login analytics workspace, diagnostic settings, et cetera."
"The speed of the search engine"
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"We can do things in minutes instead of days."
"It has virtual visualization, and other products do not."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"They need to work with other cloud providers - not just Azure."
"As a younger product it still has room for feature improvement and enhancement."
"Azure Monitor's integration with applications could be improved."
"It might not have all of the capabilities we will need."
"This solution could be improved with more out-of-the-box functionalities and artificial intelligence to complete event correlation."
"I need connectivity with cost management."
"The solution should have cross-connection or cross-communication between tech partners."
"I'd like the solution to do more around vulnerability assessment. It's lacking in the product right now."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"This is not really a monitoring solution."
"Writing queries is a bit complicated sometimes."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.