We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It has a lot of great features."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"The tool helps with advanced reports and keeps the system scalable and flexible. It provides a clear picture of the current status of any incidents. As a CISO, I see a lot of potential for future innovation, which is interesting. I've noticed better performance, especially with the reports."
"The technical support has been very good. They are very responsive and have been helpful."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"I like the ease with which dashboards can be created."
"Its integration is most valuable. Its UI is also pretty much easy."
"This solution helps us increase our productivity."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
"Zabbix is very easy to implement."
"Simple network monitoring that is easy to install and manage."
"Zabbix is scalable."
"It not only provides the preconfigured item monitoring feature, but it is also easy to configure custom items."
"We have found that Zabbix is more easy to use than other applications."
"Health and communication links availability."
"The template system in Zabbix is very beneficial as it saves time in configuration."
"We are able to do problem determination on runaway processes."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"We'd like to see more connectors."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"We'd like also a better ticketing system, which is older."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Sentinel's reporting is complex and can be more user-friendly."
"The solution could improve the playbooks."
"Sometimes, there is latency in the logs."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"Considering the contract thing and the whole legal area, it takes forever to get the contracts signed and to be able to agree to the terms and conditions for my company as well as for Splunk's team."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"The configuration could be better."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"If Zabbix had a better dashboard then it would be nice."
"Zabbix can use better documentation and support for troubleshooting."
"Zabbix is not easy to configure, and upgrading is also an issue."
"The System Center Operations Manager can be improved."
"Even though it’s such a powerful monitoring system, it would be more helpful if it had a flexible UI."
"Implementation is always tailored to the customer and the kind of information we need from the client to carry it out can make them very uncomfortable. Sometimes the clients are not ready to share it."
"One of the things we don't like is that Zabbix has a license structure with a price that is high compared to the competition. It's very high, for example, compared to something like Microsoft Teams."
"There are some features of Zabbix that are not good for reporting. The DX Spectrum solution has better reporting."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 235 reviews while Zabbix is ranked 1st in Network Monitoring Software with 100 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and LibreNMS.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.