We compared Fortinet FortiAnalyzer and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Fortinet FortiAnalyzer features exceptional log collection capabilities and customizable reporting. FortiAnalyzer enables users to centrally manage and analyze logs in real-time. Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality.
Room for Improvement: Fortinet FortiAnalyzer could simplify its reporting module and cloud storage capabilities. Users say Splunk is a highly scalable and customizable solution. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Some Fortinet customers were dissatisfied with support, but others said it was helpful and responsive. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: FortiAnalyzer's initial setup is uncomplicated and manageable, typically taking approximately 30 minutes to a few hours. Some IT knowledge may be required. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: While FortiAnalyzer isn't the most expensive option, users say the pricing could be more competitive. FortiAnalyzer's cost depends on the storage requirements, and many customers consider it reasonable. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: FortiAnalyzer helps customers by providing insight into network traffic and speeding up issue resolution. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"It gives us reporting features, which are helpful in the case of troubleshooting and audit purposes."
"The features that our customers have found most valuable are their different type of reports including the drill down report, as well as the flexibility to connect to any number of appliances which can be connected to it centrally."
"Separating sections or conditions on Fortinet FortiAnalyzer is quite clear."
"Log View is the most valuable part for us, as we can view logs from different Fortigates on a single GUI."
"The most valuable feature is the capability to gather logs and generate reports."
"The analyzer is the most valuable feature."
"It is easy to integrate Fortinet FortiAnalyzer with other products. You have a better overview of what's going on."
"We have the most data visibility."
"The initial setup is really straightforward. It's one of the easiest installations."
"Splunk has significantly reduced the time in performing the task of aggregating logs, reviewing as well as time spent during investigations."
"The solution allows easy gathering and ingestion of the data."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"It is easy to use in any environment."
"The correlation capabilities are the first value that our clients say they like with Splunk."
"Good for log collection and log management."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software. It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow."
"They could improve the user interface a bit."
"I don't find Fortinet FortiAnalyzer to be as robust as Check Point Security Management."
"The technical support is not very good."
"Fortinet FortiAnalyzer could improve the user interface, and the experience of users receiving the reports and tracking could be better."
"The integration with other vendors for log collection could be enhanced."
"Their pricing model is not the best and needs work."
"They can include integration with devices, such as firewalls, endpoints, from other vendors. They can include graphic monitoring of everything in the network, not just Fortinet products. It would also be good to include customizable reports and customizable views of the reports."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"Deployment is not difficult but the lock sources and configurations can take time."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"Some of the queries are difficult to run and have room for improvement."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"Splunk has a steeper learning curve, making it feel less user-friendly."
Fortinet FortiAnalyzer is ranked 7th in Log Management with 44 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 67 reviews. Fortinet FortiAnalyzer is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiAnalyzer writes "It creates a central point of management and control, giving you real-time insight into what is going on. ". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Fortinet FortiAnalyzer is most compared with Wazuh, Graylog, ManageEngine EventLog Analyzer, LogRhythm SIEM and IBM Security QRadar, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and ArcSight Logger. See our Fortinet FortiAnalyzer vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.