• Home
  • Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)

Splunk Enterprise Security vs Splunk ITSI (IT Service Intelligence) comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)
May 2023
Executive Summary

We performed a comparison between Splunk Enterprise Security and Splunk ITSI (IT Service Intelligence) based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) Report (Updated: May 2023).
Download the complete report
772,127 professionals have used our research since 2012.
Featured Review
Harsh Kashiparekh
Used for compliance, logging, log storage, and root cause analysis
Splunk has fantastic brand value, which helps us sell it as resellers. The solution's pricing is quite competitive. The solution meets all the... Read more →
Anonymous User
Provides end-to-end visibility, improves our incident management process, and reduces our alert noise
Splunk ITSI provides end-to-end visibility into your IT environment. It displays key performance indicators for various services. If a KPI is red,... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.""Low barrier to start searching with the ability to normalize data on the fly.""The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization.""The SIEM is the most valuable feature of the product.""The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data.""The logs on the solution are excellent.""The product provides visibility and enables us to correlate data and generate alerts.""It helped us consolidate all our solutions into an easy tool to use for various employees."

More Splunk Enterprise Security Pros →

"I find the episode review, glass tables, and correlation search features very useful.""The most valuable aspect lies in its utilization of predictive analytics to anticipate and prevent incidents within a window of twenty to thirty minutes.""In my opinion, Splunk IT Service Intelligence (ITSI) is better than QRadar. With the help of Splunk, we can get results.""The solution is easy to scale.""The root cause analysis is very helpful for us.""ITSI's most valuable feature is that it's easy to integrate DLP.""The modeling required to setup ITSI has been very helpful in providing us a better understanding and a logical view of our services. The modeling is flexible and can be as granular or high level as our needs dictate.""We have a lot of teams using Splunk and they would be blind without it."

More Splunk ITSI (IT Service Intelligence) Pros →

Cons
"Their technical support sucks.""The threat detection library needs to increase the frequency at which the playbooks are updated.""I would like to see more SIEM functionality and a better ticket tool.""The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code.""I'd like to see more integration with more antivirus systems.""It needs integration with a configuration management solution.""Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply.""The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."

More Splunk Enterprise Security Cons →

"We're using predictive analytics, and there are three or four algorithms. It would be helpful if this process were more standardized and scalable.""If the product had some prebuilt machine learning features, it would add value to our use cases.""We have problems doing upgrades and operating alternate new versions.""The problem becomes the price, as Splunk is an expensive product.""The end-to-end visibility in Splunk ITSI is limited and has room for improvement.""It is pretty okay. I am not sure whether the current release has already moved to the new framework where instead of the glass tables, we can directly use the Dashboard Studio. It would be nice to have that integrated into the same framework.""It would be advantageous to enhance the dashboard by incorporating sections for monitoring, service health, and a filter for the KPIs.""After upgrading Splunk ITSI from version 4.11 to 4.13, the analyzer stopped finding values for KPS and services."

More Splunk ITSI (IT Service Intelligence) Cons →

Pricing and Cost Advice
  • "Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
  • "Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
  • "It is not cheap."
  • "Splunk Enterprise becomes extremely expensive after the 20GB/month license."
  • "You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
  • "Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
  • "Pricing is pretty fair."
  • "While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."

    • More Splunk Enterprise Security Pricing and Cost Advice →

  • "I would prefer that the price be reduced, as it would be easier to implement it and to sell it."
  • "Splunk pricing is high."
  • "The pricing of Splunk is a bit high."
  • "Splunk ITSI is a pay-per-use service that is priced fairly based on the amount of data we use."
  • "Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much."
  • "Splunk ITSI is expensive; however, with the appropriate use case, it justifies the cost."
  • "Splunk ITSI is an expensive tool, and we need to purchase the utility license."
  • "Pricing has some room for improvement."

    • More Splunk ITSI (IT Service Intelligence) Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    772,127 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Read all 12 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    How does Splunk compare with Azure Monitor?
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we… more »
    Read all 2 answers   →
    What do you like most about Splunk ITSI (IT Service Intelligence)?
    Top Answer:Our mean time to detect is down to five minutes.
    Read all 21 answers   →
    What is your experience regarding pricing and costs for Splunk ITSI (IT S...
    Top Answer:I don't have any visibility on the cost of the product.
    Read all 15 answers   →
    What needs improvement with Splunk ITSI (IT Service Intelligence)?
    Top Answer:We're getting alerts with delays of maybe five minutes, however, we'd like to see real-time alerting in the future. From a predictive analysis point of view, we'd like to see emails corresponding to… more »
    Read all 21 answers   →
    Ranking
    1st
    out of 80 in Security Information and Event Management (SIEM)
    Views
    24,689
    Comparisons
    20,244
    Reviews
    69
    Average Words per Review
    930
    Rating
    8.4
    5th
    out of 55 in IT Alerting and Incident Management
    Views
    142
    Comparisons
    91
    Reviews
    24
    Average Words per Review
    811
    Rating
    8.1
    Comparisons
    Learn More
    Splunk
    Splunk
    Overview

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Splunk IT Service Intelligence (ITSI) is a powerful analytics-driven monitoring and analytics solution that provides real-time insights into the health and performance of IT services. 

    It enables organizations to proactively identify and resolve issues, optimize service delivery, and improve overall IT operations. With its advanced machine learning capabilities, ITSI automatically detects anomalies, predicts future events, and prioritizes alerts based on business impact. 

    The solution offers a centralized view of IT services, allowing users to visualize and analyze data from multiple sources in a single dashboard. ITSI also provides customizable KPIs, service-level agreements (SLAs), and key performance indicators (KPIs) to measure and track service performance. 

    With its intuitive interface and powerful analytics capabilities, Splunk ITSI empowers IT teams to deliver reliable and efficient services, ensuring maximum uptime and customer satisfaction.

    Sample Customers
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    TransUnion, Cox Automotive, Carnival Cruises, Leidos, Econocom, National Ignition Factory, Entrust Datacard, Molina Healthcare, United States Census Bureau
    Top Industries
    REVIEWERS
    Computer Software Company19%
    Financial Services Firm14%
    Government9%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government9%
    Manufacturing Company8%
    REVIEWERS
    Financial Services Firm35%
    Computer Software Company18%
    Insurance Company12%
    Logistics Company12%
    VISITORS READING REVIEWS
    Financial Services Firm20%
    Computer Software Company13%
    Government13%
    Manufacturing Company9%
    Company Size
    REVIEWERS
    Small Business30%
    Midsize Enterprise12%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business10%
    Midsize Enterprise19%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise7%
    Large Enterprise80%
    Buyer's Guide
    Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)
    May 2023
    Free Report: Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence)
    Find out what your peers are saying about Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) and other solutions. Updated: May 2023.
    DOWNLOAD NOW
    772,127 professionals have used our research since 2012.

    Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 245 reviews while Splunk ITSI (IT Service Intelligence) is ranked 5th in IT Alerting and Incident Management with 30 reviews. Splunk Enterprise Security is rated 8.4, while Splunk ITSI (IT Service Intelligence) is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Splunk ITSI (IT Service Intelligence) writes "Helps improve our incident response time, and our mean time to resolve, but visibility is limited". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel, whereas Splunk ITSI (IT Service Intelligence) is most compared with ServiceNow IT Operations Management, Dynatrace, Grafana, Splunk APM and BigPanda. See our Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) report.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.