We performed a comparison between ArcSight Logger and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"We haven't had any crashes or bugs. It is stable."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"It provides in-depth information on business activities once we log into the system."
"It is one of the best products available in the market."
"The machine learning is a good feature."
"It's a robust, mature product and you can do some really complex operations and analytics."
"ArcSight provides the basic information that we want."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"Splunk Enterprise Security helped us with faster detection of threats."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"The console in older versions is not user-friendly."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"The next release should have AI capabilities."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"I would like to see better scheduling in the next release of this solution."
"It would be better if the product is cheaper."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"I would like to see ability to master management. In terms of clustering, how it manages clustering needs improvement."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"This is a costly solution."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"We'd like Splunk to reduce false positives."
ArcSight Logger is ranked 29th in Log Management with 30 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. ArcSight Logger is rated 7.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of ArcSight Logger writes "A scalable and stable solution that enables users to see all the event logs in one place". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ArcSight Logger is most compared with IBM Security QRadar, Elastic Security, Wazuh, LogRhythm SIEM and VMware Aria Operations for Logs, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Graylog. See our ArcSight Logger vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.