Most Helpful Review
Researched Splunk User Behavior Analytics but chose ELK Elasticsearch: Has a good UI with good performance although deployment requires multiple applications
Find out what your peers are saying about ELK Elasticsearch vs. Splunk User Behavior Analytics and other solutions. Updated: January 2021.
457,209 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"We had many reasons to implement Elasticsearch for search term solutions. Elasticsearch products provide enterprise landscape support for different areas of the company."
"The most valuable feature for us is the analytics that we can configure and view using Kibana."
"The special text processing features in this solution are very important for me."
"The most valuable features are the data store and the X-pack extension."
"I value the feature that allows me to share the dashboards to different people with different levels of access."
"The product is scalable with good performance."
"Dashboard is very customizable."
"There's lots of processing power. You can actually just add machines to get more performance if you need to. It's pretty flexible and very easy to add another log. It's not like 'oh, no, it's going to be so much extra data'. That's not a problem for the machine. It can handle it."
"The most valuable feature is the ability to search through a large amount of data."
"The most valuable features are its data aggregation and the ability to automatically identify a number of threats, then suggest recommended actions upon them."
"Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks."
"The most valuable feature is being able to take data and put it into other systems so that we could see the output, and to see where we need to apply our focus."
"It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
"The solution is extremely scalable. Our customers are regularly scaling up after installing Splunk."
"The most valuable features are the indexing and powerful search features."
"The solution is definitely scalable."
"We see the need for some improvements with Elasticsearch. We would like the Elasticsearch package to include training lessons for our staff."
"This product could be improved with additional security, and the addition of support for machine learning devices."
"Better dashboards or a better configuration system would be very good."
"The pricing of this product needs to be more clear because I cannot understand it when I review the website."
"Ratio aggregation is not supported in this solution."
"The GUI is the part of the program which has the most room for improvement."
"Could have more open source tools and testing."
"The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it."
"It could be easier to scale the solution if you are using it on-premise, not in the cloud."
"The initial setup was complex because some of the configurations that we required needed customization."
"The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
"The correlation engine should have persistent and definable rules."
"In the future I would like to see simplified statistics and analytical threats."
"The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."
"Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes."
Pricing and Cost Advice
"We are using the free version and intend to upgrade."
"It can be expensive."
"This product is open-source and can be used free of charge."
"We are using the open-sourced version."
"The basic license is free, but it comes with a lot of features that aren't free. With a gold license, we get active directory integration. With a platinum license, we get alerting."
"The pricing model is questionable and needs to be addressed because when you would like to have the security they charge per machine."
"My biggest complaint is the way they do pricing... You can never know the pricing for next year. Every single time you adjust to something new, the price goes up. It's impossible to truly budget for it. It goes up constantly."
"There are additional costs associated with the integrator."
"The licensing costs is around 10,000 dollars."
"Pricing varies based on the packages you choose and the volume of your usage."
Questions from the Community
Top Answer: Dashboard is very customizable.
Top Answer: I would like to see more open source tools and testing as well as a signature analysis in the solution. I think that a lot of times when we go into a corporate environment where it becomes more add on… more »
Ask a question
Earn 20 points
out of 7 in Anomaly Detection Tools
Average Words per Review
out of 7 in Anomaly Detection Tools
Average Words per Review
Compared 40% of the time.
Compared 32% of the time.
Compared 7% of the time.
Compared 5% of the time.
Compared 4% of the time.
Compared 18% of the time.
Compared 14% of the time.
Compared 7% of the time.
Compared 6% of the time.
Compared 3% of the time.
Also Known As
|Caspida, Splunk UBA|
|Elasticsearch is a distributed, JSON-based search and analytics engine designed for horizontal scalability, maximum reliability, and easy management. Elasticsearch lets you perform and combine many types of searches â structured, unstructured, geo, metric â any way you want.||Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics â for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.|
Learn more about ELK Elasticsearch
Learn more about Splunk User Behavior Analytics
|HotelTonight, Perceivant, Docker, Green Man Gaming, Xoom, AutoScout24, TheLadders, Center for Open Science, Parleys, Tango||8 Securities, AAA Western, AdvancedMD, Amaya, Cerner Corporation, CJ O Shopping, CloudShare, Crossroads Foundation, 7-Eleven Indonesia|
Financial Services Firm43%
Computer Software Company23%
Comms Service Provider18%
Financial Services Firm57%
Computer Software Company25%
Comms Service Provider22%
Financial Services Firm7%
ELK Elasticsearch is ranked 2nd in Anomaly Detection Tools with 15 reviews while Splunk User Behavior Analytics is ranked 1st in Anomaly Detection Tools with 11 reviews. ELK Elasticsearch is rated 8.0, while Splunk User Behavior Analytics is rated 8.0. The top reviewer of ELK Elasticsearch writes "Good processing power, very scalable, and able to handle all data formats". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". ELK Elasticsearch is most compared with Amazon Athena, Azure Search, Amazon AWS CloudSearch, Algolia and Loom Systems, whereas Splunk User Behavior Analytics is most compared with Darktrace, Cisco Stealthwatch, Exabeam, Varonis Datalert and Forcepoint UEBA. See our ELK Elasticsearch vs. Splunk User Behavior Analytics report.
See our list of best Anomaly Detection Tools vendors.
We monitor all Anomaly Detection Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.