We compared Fortinet FortiAnalyzer and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Fortinet FortiAnalyzer features exceptional log collection capabilities and customizable reporting. FortiAnalyzer enables users to centrally manage and analyze logs in real-time. Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality.
Room for Improvement: Fortinet FortiAnalyzer could simplify its reporting module and cloud storage capabilities. Users say Splunk is a highly scalable and customizable solution. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Some Fortinet customers were dissatisfied with support, but others said it was helpful and responsive. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: FortiAnalyzer's initial setup is uncomplicated and manageable, typically taking approximately 30 minutes to a few hours. Some IT knowledge may be required. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: While FortiAnalyzer isn't the most expensive option, users say the pricing could be more competitive. FortiAnalyzer's cost depends on the storage requirements, and many customers consider it reasonable. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: FortiAnalyzer helps customers by providing insight into network traffic and speeding up issue resolution. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"The most valuable feature is the capability to create a customized dashboard."
"The solution does what it is supposed to. I want it to do reports for Fortinet and it does it well."
"The reporting features, which offer customization, real-time insights, and compliance support, are particularly noteworthy aspects."
"One of the greatest advantages of Fortinet FortiAnalyzer is its ability to integrate with a variety of software and solutions, providing comprehensive visibility into the network. The solution's strength lies in its capability to work with Fortinet's own products, such as the FortiAP access point, which allows for deep monitoring, automation, correlation, and incident management. However, this functionality is not present when utilizing other products, such as those from Cisco, limiting the visibility and benefits that can be gained."
"The program is stable and it gives me great visibility."
"The scalability is good. It is also good in the cluster nodes. You can make multiple FortiAnalyzer clusters groups, and you can distribute the logs between these FortiAnalyzer nodes. In other words, you can expand the scale."
"From my perspective, we need to see the traffic in a good way so we can know what has happened in our network. The analyzing tools and the monitoring tools and the logs are the important part in the network."
"The most valuable features of Fortinet FortiAnalyzer are the dashboards and supporting services."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features."
"It is very scalable."
"I like the search feature and the indexing. It's very fast and comprehensive."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"UBA, User Behavior Analytics, is a key feature."
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"The solution is expensive."
"It's possible that they could add some advanced analytics and some proactive controls for logging analytics. That will help a lot."
"If Fortinet could introduce some firewalling or maybe FortiAnalyzer on the cloud, that would be interesting because I've never seen it on a cloud."
"We should be able to do the patch upgrades in a centralized manner. This functionality is currently not there. It would be good to be able to do the firmware updates from one place and at the same time. Currently, if we want to update all appliances, we require FortiManager, which is another solution from Fortinet. Its documentation can be improved. It will be helpful for implementing the product and gaining knowledge for management purposes."
"I would like to see an improvement in the technical support. Stronger authentication will also be a plus."
"FortiAnalyzer only integrates with Fortinet solutions. That is a limitation because many organizations use multiple vendors. It's often a mixture of Cisco network hardware and equipment from other vendors, such as switches, access points, etc."
"Their in-house technical support is extremely slow to respond. We have our own in-house team to manage issues so clients don't have to wait over two weeks for a response to issues."
"In terms of what could be improved, sometimes it's lagging and it also has some graphical issues with the GUI."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"It is a hugely complicated product."
"It needs more formatting control without having to be an admin."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
Fortinet FortiAnalyzer is ranked 8th in Log Management with 81 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Fortinet FortiAnalyzer is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Fortinet FortiAnalyzer writes "We can automate event-based handling solutions, is stable, and is great for heavy traffic". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Fortinet FortiAnalyzer is most compared with Wazuh, Graylog, Grafana Loki, LogRhythm SIEM and ManageEngine EventLog Analyzer, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Elastic Security. See our Fortinet FortiAnalyzer vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.