• Home
  • Logz.io vs. Splunk Enterprise Security

Logz.io vs Splunk Enterprise Security comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 85 Microsoft Sentinel reviews
31,886 views|17,713 comparisons
92% willing to recommend
Logz.io Logo
Logz.io
Read 8 Logz.io reviews
1,354 views|944 comparisons
90% willing to recommend
Splunk Logo
Splunk Enterprise Security
Read 240 Splunk Enterprise Security reviews
26,790 views|21,907 comparisons
92% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Logz.io vs. Splunk Enterprise Security
April 2024
Executive Summary

We performed a comparison between Logz.io and Splunk Enterprise Security based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Logz.io vs. Splunk Enterprise Security Report (Updated: April 2024).
Download the complete report
770,458 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Splunk Enterprise Security but chose Microsoft Sentinel: Easy to integrate, offers good documentation, and the setup is simple
The main benefit is the ease of integration. Having a cloud-based SIEM means scalability. We also received very good support and documentation from... Read more →
Derrick Brockel
The solution is a consistent logging platform that provides excellent query mechanisms
The query mechanism for response codes and application health is valuable. It can predetermine if we have a problem or if the error count goes up.... Read more →
Sathish Suluguri
User-friendly, feature-rich, and best support
Splunk Enterprise Security helps with real-time detection. When we integrate any data source, if any external IPs or external devices are accessing... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL.""I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box.""The automation feature is valuable.""There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection.""There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive.""Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements.""We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place.""It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."

More Microsoft Sentinel Pros →

"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues.""It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want.""The query mechanism for response codes and application health is valuable.""We use the tool to track the dev and production environment.""The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks.""The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive.""InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general.""We use the product for log collection and monitoring."

More Logz.io Pros →

"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures.""The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.""We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.""We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular.""The reporting aspect is good and it does what I need it to do.""You can integrate Splunk with third-party security automation solutions and set rules for automatic response.""We can ingest and correlate data from virtually any type of system.""The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems."

More Splunk Enterprise Security Pros →

Cons
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.""The solution should allow for a streamlined CI/CD procedure.""The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs.""The solution could improve the playbooks.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""One key area that can be improved is by building a strong integration with our XDR platform.""It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."

More Microsoft Sentinel Cons →

"Capacity planning could be a little bit of a struggle.""When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more.""I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back.""The price can be cheaper and they should have better monitoring.""I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two.""The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well.""The solution needs to expand its access control and make it accessible through API.""The product needs improvement from a filtering perspective."

More Logz.io Cons →

"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them.""There is a definite learning curve to starting out.""The solution could improve by giving more email details.""The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it.""A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down.""There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices.""I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk.""The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."

More Splunk Enterprise Security Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "You pay for what you need, and that is a good model. They are also quite happy to talk to you about your uses and your use case. They will even go as far as suggesting things that you don't need to do in order to save you money. At one point, I was quite surprised at how cheap it could be if we wanted it to be or how much they would help us manage our costs."
  • "At the time it was set up, we thought Logz.io was very reasonable for what we were getting in terms of how much time and hosting costs it was saving us, because you don't have to run the servers for it anymore."
  • "The tool is an open source product."
  • "The product is a little expensive."
  • "The product's pricing is cheaper than other solutions."

    • More Logz.io Pricing and Cost Advice →

  • "Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
  • "Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
  • "It is not cheap."
  • "Splunk Enterprise becomes extremely expensive after the 20GB/month license."
  • "You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
  • "Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
  • "Pricing is pretty fair."
  • "While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."

    • More Splunk Enterprise Security Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    See Recommendations
    770,458 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about Logz.io?
    Top Answer:The query mechanism for response codes and application health is valuable.
    Read all 8 answers   →
    What is your experience regarding pricing and costs for Logz.io?
    Top Answer:The product is a little expensive. We're pushing 17 TB. It costs us one and a half million dollars a year.
    Read all 5 answers   →
    What needs improvement with Logz.io?
    Top Answer:Capacity planning could be a little bit of a struggle. The product must add some AI capabilities to learn from previous… more »
    Read all 8 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Read all 12 answers   →
    How does Splunk compare with Azure Monitor?
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Read all 2 answers   →
    What do you like most about Splunk?
    Top Answer:Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful… more »
    Read all 130 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Logz
    Learn More
    Microsoft
    Logz.io
    Splunk
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Logz.io is a leading cloud-native observability platform that enables engineers to use the best open source tools in the market without the complexity of operating, managing, and scaling them. Logz.io offers four products: Log Management built on ELK, Infrastructure Monitoring based on Prometheus, Distributed Tracing based on Jaeger, and an ELK-based Cloud SIEM. These are offered as fully managed, integrated cloud services designed to help engineers monitor, troubleshoot and secure their distributed cloud workloads more effectively. Engineering driven companies like Siemens, Unity and ZipRecruiter use Logz.io to simplify monitoring and security workflows, increasing developer productivity, reducing time to resolve issues, and increasing the performance and security of their mission-critical applications.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Dish Network, The Economist, Forbes, Holler, Kenshoo, OneSpan, Siemens, Sisense, Unity, ZipRecruiter
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Comms Service Provider29%
    Insurance Company14%
    Healthcare Company14%
    Computer Software Company14%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm11%
    Comms Service Provider10%
    Healthcare Company9%
    REVIEWERS
    Computer Software Company20%
    Financial Services Firm15%
    Government9%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business30%
    Midsize Enterprise10%
    Large Enterprise60%
    VISITORS READING REVIEWS
    Small Business32%
    Midsize Enterprise12%
    Large Enterprise57%
    REVIEWERS
    Small Business32%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Buyer's Guide
    Logz.io vs. Splunk Enterprise Security
    April 2024
    Free Report: Logz.io vs. Splunk Enterprise Security
    Find out what your peers are saying about Logz.io vs. Splunk Enterprise Security and other solutions. Updated: April 2024.
    DOWNLOAD NOW
    770,458 professionals have used our research since 2012.

    Logz.io is ranked 24th in Log Management with 8 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. Logz.io is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Logz.io is most compared with Datadog, Wazuh, Coralogix, ManageEngine File Audit Plus and Grafana Loki, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Logz.io vs. Splunk Enterprise Security report.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.