We performed a comparison between Quest InTrust, Splunk Enterprise Security, and VMware Aria Operations for Logs based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I would rate the technical support very well as they are knowledgeable and quick to respond."
"Its compatibility with other SIEMS is very useful."
"It's basically one of the best SIEM products on the market."
"It has virtual visualization, and other products do not."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"The graph visualization is the most valuable feature."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"The ability to ingest any data and display it in a way that anyone can understand."
"The solution's simplicity, flexibility, and extensibility are valuable features as we can integrate everything in vRealize."
"The most valuable feature is server virtualization. It's been very useful."
"What I like is that you can have different storage locations for different applications."
"It is very scalable and can handle a large workload."
"The tool helps my company deal with security and log analysis, which are very important areas for us...It is a scalable solution."
"The events are notably more descriptive, aiding in security and event analysis. We've also integrated Sky Collector, providing valuable insights and solutions for troubleshooting."
"Our current costs are too high, and this tool will help us to better optimize our infrastructure."
"It gives the customer a quick overview, so they don't have to dig. There's a clear dashboard with many sensors in a single space. He gets a helicopter view of his environment, but he can investigate further if there are serious issues. It's pretty user-friendly."
"It needs to have better reporting. "
"It was very complex. There was poor native correlation. "
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"Better directions on search head clusters."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"The GUI could be improved to include some of the capabilities that other BI solutions have. The layout is a little restrictive where you can’t resize all the panels to exactly how you would like them without tweaking some XML code."
"Splunk does not provide any default threat intelligence like Microsoft Sentinel, but you can integrate any third-party threat intelligence with Splunk. By default, no threat intelligence suite is there, whereas, with IBM QRadar or Microsoft Sentinel, the default feature of threat intelligence is there. It is free. If Splunk can provide a default threat intelligence suite, it would be better."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"The solution should be more user-friendly. The user interface and dashboard could be simplified."
"What I'd like to improve in vRealize Log Insight is the licensing model. VMware provides vRealize Log Insight along with the VMware Cloud Foundation, but customers who would like to go for the native VMware would have to procure vRealize Log Insight separately. Today, vRealize Log Insight is offered on two different licenses, one is based on the number of VMs, and the other is based on the number of physical codes on the machine. If VMware can provide a bundle offer for customers who procure more than ten licenses, where you can have an option to run, for example, three hundred machines on vRealize Log Insight with no extra cost, this would encourage more people to adopt the solution. What I'd like to see in the next release of vRealize Log Insight is for a cloud option to be available, which would be a pay-as-you-go licensing model that would allow me to pick and choose what I'll monitor. For example, I have one thousand and three hundred critical servers, and the seven hundred servers for basic development, I don't want to monitor on vRealize Log Insight today, so I should be able to pick what I need to monitor on the solution and only pay for that specific instance. If VMware can apply these changes, it would help VMware customers to procure more or adopt more of vRealize Log Insight even in smaller projects."
"The tool does not provide a centralized pane for monitoring."
"Technical support should be improved."
"The dashboard needs to be improved because this is what I need to monitor my infrastructure."
"It's great for VMware, but it would be good if they had third-party logins."
"From an improvement perspective, the tool needs to be made more user-friendly."
"The pricing of the solution could be improved."
More VMware Aria Operations for Logs Pricing and Cost Advice →
Earn 20 points