We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We have no complaints about the features or functionality."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"It has a lot of great features."
"The feature that we have found the most valuable is scalability."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It's open-source and free to use."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"Enables monitoring of application performance and the ability to predict behaviors."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The solution is very fast and succinct."
"It's basically one of the best SIEM products on the market."
"The speed of the search engine"
"Support is quick and competent."
"It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust."
"My favorite example of improving of organization is saving a $60k/mo in payroll fraud and $10k/mo in wasted API credits by using simple searches and clear reports."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Sentinel's reporting is complex and can be more user-friendly."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The solution could improve the playbooks."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"We'd like also a better ticketing system, which is older."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I would like more ways to manage permissions and restrict access to certain users."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"Technical support could respond faster."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"It's costly."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"The configuration had a bit of a learning curve."
"Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."
Elastic Security is ranked 5th in Log Management with 58 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Security is most compared with Wazuh, IBM Security QRadar, Microsoft Defender for Endpoint, CrowdStrike Falcon and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Azure Monitor and Datadog. See our Elastic Security vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.