We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"The tools for logs and metrics are pretty good and easy to use."
"I am monitoring all of my Azure Monitor and getting good reports. I can customize the reports to get the information I need. I am also getting emails about which AAS instances are down and everything in the system related to my services. It is easy to use, scalable, and user-friendly. Microsoft has Many guides and videos to help you understand how to create and use Azure Monitor."
"Data exporting is easy, and this tool works seamlessly with other solutions. It's a stable and low-priced solution."
"It's a Microsoft native tool, so it works well with other Microsoft technologies, which is predominantly what our customer end-user base is."
"It's a service from Microsoft, so it will scale."
"It has good troubleshooting features."
"Good load and metrics gathering and very good analysis."
"It is a move-in powerful feature compared to other market-leading tools."
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
"The alerts are very effective."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"UBA, User Behavior Analytics, is a key feature."
"Low barrier to start searching with the ability to normalize data on the fly."
"Search language is easy to understand and teach to new users."
"We cannot use AI services with the solution."
"Azure Monitor is not user-friendly, and the interface is not exciting. Switching between the dashboards is not easy."
"have used multiple products like Webex and PRTG. Some features could be added. Azure Monitor should add SMS and APIs. We have very limited access to Azure Monitor. I usually get alerts on my phone when they are integrated with Slack. I am not always available, but my team is. Sometimes, I am traveling and don't have access to my email, but I have Slack and other third-party projects that send me instant messages if a sensor goes down."
"The default interface should be improved."
"The query builder could be better. In comparison to other monitoring tools, in order to use Azure Monitor, your engineers need to have KQL experience. If they don't, it's not intuitive as a system."
"The process of implementation needs to be easier."
"In my opinion, they should improve the overall user experience, especially when it comes to indexing and searching collective logs."
"Azure Monitor's integration with applications could be improved."
"An improved user interface along with multi-tenancy support would be beneficial."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"The solution could improve by giving more email details."
"Some of the queries are difficult to run and have room for improvement."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"The UI can be difficult to understand for non-technical people."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Prometheus, Sentry and AWS X-Ray, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Datadog. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.