We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"We like this searchability and availability of the data."
"It's a service from Microsoft, so it will scale."
"I am impressed by the reporting on the average eight ports that we get from this solution."
"Azure Monitor is useful because of the useful application insights and telemetry, such as metrics and logs."
"A product that is well-integrated for monitoring Microsoft Azure."
"The solution's most valuable features are its ability to focus on delivery and maximizing the performance of applications and services."
"Azure Monitor is really just a source for Dynatrace. It's just collecting data and monitoring the environment and the infrastructure. It is fairly good at that."
"Azure Monitor gives us the observability to check everything that we have in the cloud."
"I really like the user interface and how it works."
"We can easily configure things as required in relation to our use cases."
"UBA, User Behavior Analytics, is a key feature."
"The graph visualization is the most valuable feature."
"It follows MITRE ATT&CK and Cyber Kill Chain frameworks. There are certain notable events for which we can configure our security posture."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"There are lots of free learning materials on their website."
"The length of latency is terrible and needs to be improved."
"Setting up this solution is complex. It's also missing the functionality of assigning alerts."
"As a younger product it still has room for feature improvement and enhancement."
"They need to work with other cloud providers - not just Azure."
"In my opinion, they should improve the overall user experience, especially when it comes to indexing and searching collective logs."
"Azure Monitor could improve the visualization aspect and integrate better with other third-party services."
"The query builder could be better. In comparison to other monitoring tools, in order to use Azure Monitor, your engineers need to have KQL experience. If they don't, it's not intuitive as a system."
"Azure Monitor is not user-friendly, and the interface is not exciting. Switching between the dashboards is not easy."
"You do need a lot of training and certification with this product."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"If it could be made available as a service, this would be much better than as a product."
"Many of my clients want to get better at Splunk, but they're afraid of using the tool because they feel it's too complex for them."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"Splunk should have more regional data centers in the Middle East."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.