We compared Splunk Enterprise Security and LogRhythm SIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. SIEM generally received praise for its helpful support, but some users encountered delays or had issues with inexperienced support engineers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Small or medium-sized companies generally find LogRhythm easy to deploy. However, the setup is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews say Splunk could be more user-friendly and improve its capabilities by leveraging AI. LogRhythm's strengths include its centralized dashboard and event-filtering abilities, but it falls short in terms of performance, scalability, and optimization for security operations.
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The main benefit is the ease of integration."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The initial setup process is very user-friendly."
"AXON has the ability to add and compare use cases."
"Technical support has always been helpful."
"It seems like it will scale easily with the way our environment is set up."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"It's reliable and the performance is good."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"The solution has plenty of features that are good."
"The log aggregation is great."
"The client site login is pretty extensible and probably cost-effective."
"Easy to deploy and simple to use."
"The level of robustness on offer is very good."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"The security part is useful as it helps secure the entire environment."
"We can easily configure things as required in relation to our use cases."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The solution should allow for a streamlined CI/CD procedure."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"It should have some more message monitoring features. It can also have some free message monitoring tools."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"It's not easy for someone new to the solution."
"We find that the maintenance process could be a lot better."
"An improved user interface along with multi-tenancy support would be beneficial."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"It needs integration with a configuration management solution."
"The documentation is in definite need of improvement."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"We had an instance when Splunk failed and it took us a couple of days to recover."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. LogRhythm SIEM is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". LogRhythm SIEM is most compared with IBM Security QRadar, Wazuh, LogRhythm Axon, Fortinet FortiSIEM and Fortinet FortiAnalyzer, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Google Chronicle Suite. See our LogRhythm SIEM vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.