We performed a comparison between Devo and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"It's very, very versatile."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"Devo has a really good website for creating custom configurations."
"As compared to other tools, it is very easy. It is very easy to learn. It also integrates well."
"The solution is user friendly and has extensive uses."
"The most valuable feature for me is the flexibility of being able to send the log to the https endpoint."
"The most valuable feature of Splunk Cloud is the quick setup."
"Dashboards and alerting are the most valuable features. The dashboards let us see how the system looks in terms of anomalies, and the alerts trigger us to go and look at what possible problems are happening."
"Splunk Cloud Platform's most valuable features are enterprise security and ticketing integration."
"We only buy the services we need. We don't have to pay for other things we don't."
"The most valuable feature is we don't have to deal with any back-end server maintenance because the solution is cloud-based."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"Splunk Cloud Platform should improve its integrations and consider multiple integrations or direct integration with other platforms like Microsoft Azure, Google Cloud, or AWS."
"When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud."
"There is sometimes no documentation or updated documentation available."
"There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that."
"Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly."
"The Splunk Cloud Platform dashboard could benefit from some improvements."
"The security connection should have a seamless integration. Other than that, the way we are using it, so far, it seems quite good."
"Splunk currently manages the components, which restricts our ability to access them directly."
Devo is ranked 16th in Log Management with 21 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 34 reviews. Devo is rated 8.4, while Splunk Cloud Platform is rated 8.0. The top reviewer of Devo writes "Keeps 400 days of hot data, covers our cloud products, and has a high ingestion rate and super easy log integrations". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". Devo is most compared with Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar, Wazuh and LogRhythm SIEM, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, Check Point Security Management, AppInsights and Fortinet FortiAnalyzer. See our Devo vs. Splunk Cloud Platform report.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
