We performed a comparison between Elastic Search and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two Indexing and Search solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Logsign provides us with the capability to execute multiple queries according to our requirements. The indexing is very high, making it effective for storing and retrieving logs. The real-time analytics with Elastic benefits us due to the huge traffic volume in our organization, which reaches up to 60,000 requests per second. With logs of approximately 25 GB per day, manually analyzing traffic behavior, payloads, headers, user agents, and other details is impractical."
"Gives us a more user-friendly, centralized solution (for those who just needed a quick glance, without being masters of sed and awk) as well as the ability to implement various mechanisms for machine-learning from our logs, and sending alerts for anomalies."
"It helps us to analyse the logs based on the location, user, and other log parameters."
"The solution offers good stability."
"The ability to aggregate log and machine data into a searchable index reduces time to identify and isolate issues for an application. Saves time in triage and incident response by eliminating manual steps to access and parse logs on separate systems, within large infrastructure footprints."
"The special text processing features in this solution are very important for me."
"The AI-based attribute tagging is a valuable feature."
"You have dashboards, it is visual, there are maps, you can create canvases. It's more visual than anything that I've ever used."
"The solution is definitely scalable."
"It's easily scalable."
"The most valuable feature is the ability to search through a large amount of data."
"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."
"Splunk is more user-friendly than some competing solutions we tried."
"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
"It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
"The most valuable features are the indexing and powerful search features."
"The UI point of view is not very powerful because it is dependent on Kibana."
"It is hard to learn and understand because it is a very big platform. This is the main reason why we still have nothing in production. We have to learn some things before we get there."
"We have an issue with the volume of data that we can handle."
"This product could be improved with additional security, and the addition of support for machine learning devices."
"There is another solution I'm testing which has a 500 record limit when you do a search on Elastic Enterprise Search. That's the only area in which I'm not sure whether it's a limitation on our end in terms of knowledge or a technical limitation from Elastic Enterprise Search. There is another solution we are looking at that rides on Elastic Enterprise Search. And the limit is for any sort of records that you're doing or data analysis you're trying to do, you can only extract 500 records at a time. I know the open-source nature has a lot of limitations, Otherwise, Elastic Enterprise Search is a fantastic solution and I'd recommend it to anyone."
"Its licensing needs to be improved. They don't offer a perpetual license. They want to know how many nodes you will be using, and they ask for an annual subscription. Otherwise, they don't give you permission to use it. Our customers are generally military or police departments or customers without connection to the internet. Therefore, this model is not suitable for us. This subscription-based model is not the best for OEM vendors. Another annoying thing about Elasticsearch is its roadmap. We are developing something, and then they say, "Okay. We have removed that feature in this release," and when we are adapting to that release, they say, "Okay. We have removed that one as well." We don't know what they will remove in the next version. They are not looking for backward compatibility from the customers' perspective. They just remove a feature and say, "Okay. We've removed this one." In terms of new features, it should have an ODBC driver so that you can search and integrate this product with existing BI tools and reporting tools. Currently, you need to go for third parties, such as CData, in order to achieve this. ODBC driver is the most important feature required. Its Community Edition does not have security features. For example, you cannot authenticate with a username and password. It should have security features. They might have put it in the latest release."
"Elastic Enterprise Search can improve by adding some kind of search that can be used out of the box without too much struggle with configuration. With every kind of search engine, there is some kind of special function that you need to do. A simple out-of-the-box search would be useful."
"We'd like more user-friendly integrations."
"If the price was lowered and the setup process was less complex, I would consider rating it higher."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
"The correlation engine should have persistent and definable rules."
"The initial setup was complex because some of the configurations that we required needed customization."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"We'd like the ability to do custom searches."
"The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes."
"It could be easier to scale the solution if you are using it on-premise, not in the cloud."
More Splunk User Behavior Analytics Pricing and Cost Advice →
Elastic Search is ranked 1st in Indexing and Search with 59 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics (UEBA) with 17 reviews. Elastic Search is rated 8.2, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of Elastic Search writes "Played a crucial role in enhancing our cybersecurity efforts ". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". Elastic Search is most compared with Faiss, Milvus, Azure Search, Pinecone and Exalead, whereas Splunk User Behavior Analytics is most compared with Darktrace, Microsoft Defender for Identity, IBM Security QRadar, Varonis Datalert and Vectra AI. See our Elastic Search vs. Splunk User Behavior Analytics report.
We monitor all Indexing and Search reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.