Splunk Competitors and Alternatives

Get our free report covering IBM, Dynatrace, Graylog, and other competitors of Splunk. Updated: January 2020.
390,245 professionals have used our research since 2012.

Read reviews of Splunk competitors and alternatives

JayGrant
Real User
Manager of Security Services at OpenText
Jan 09 2020

What is most valuable?

The Activeboards are the most valuable feature. Given multiple different types of unstructured and structured data, we can then build Activeboards that can do queries… more»

How has it helped my organization?

Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five… more»

What needs improvement?

The only downfall that I have is it is browser based. So, when you start doing some larger searches, it will cause the browser to lock up or shut down. You have to learn… more»

What's my experience with pricing, setup cost, and licensing?

It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had… more»

Which solution did I use previously and why did I switch?

I've used a ton of other solutions: ELK Stack, Kibana, and Splunk. The cost of Devo, as it relates to Splunk, is significantly less with higher value. Its capabilities of… more»

What other advice do I have?

Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of… more»

Which other solutions did I evaluate?

We have used everything out there. We have used Splunk, ArcSight, and LogRhythm. We've used all those tools. We have leveraged them from customer environments and used… more»
JeffHaidet
Real User
Director of Application Development and Architecture at South Central Power Company
Jan 05 2020

What is most valuable?

Other than the log aggregation and alerting, their reports modules have come a long way. But for the most part, we stay right in the wheelhouse of the product to use it to… more»

How has it helped my organization?

Their run-and-watch service (now renamed SIEMphonic) has saved from having to hire at least one FTE. In addition, having an expert set of eyes on things and their… more»

What needs improvement?

In terms of advanced queries, I wouldn't say EventTracker is lagging behind its peers. The latter just make it easier to get to them. EventTracker is designed more for a… more»

What's my experience with pricing, setup cost, and licensing?

Our cost is significantly less than what it would have been for one of the competitor's products, and that includes the run-and-watch service (SIEMphonic). You can go with… more»

Which solution did I use previously and why did I switch?

We did not have a previous solution. We do annual audits, and the lack of a SIEM showed up in one of our audits as a piece that we needed to start investigating, four or… more»

What other advice do I have?

The biggest lesson really isn't an EventTracker lesson, it's more of a SIEM lesson. And that lesson is: It's a lot of data. When you have a lot of data, it's going to take… more»

Which other solutions did I evaluate?

When we acquired EventTracker, we went through an assessment process, reviewing five or six different manufacturers of SIEMs. The frontrunners were the typical players… more»
Real User
Senior Architect at a energy/utilities company with 201-500 employees
Oct 31 2018

What is most valuable?

We do a lot of the alerting, as far as user accounts. We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot.

How has it helped my organization?

We're still struggling to get a real return on it and finding something that isn't false noise. There have been a few things, such as weird service accounts that have an encrypted password which are locking things out. However, we haven't… more»

What needs improvement?

We still have a lot of noise, so this is a problem. We are having a hard time visually sifting through it. We need help dialing it in. We don't have the in-house expertise. Do we hire someone just for this purpose and have them sit there… more»

What other advice do I have?

I am rating the solution a six out of ten, because we have not gotten it to work yet. With all its components, there is such a learning curve. I haven't gotten far enough along in the process to know if the solution has a shortcoming or if… more»

Which other solutions did I evaluate?

We went back and forth between LogRhythm, Splunk, and AlienVault. I liked LogRhythm mostly for how it integrated with the network infrastructure. It was my decision, and I'm not 100% sure that I picked the right one. LogRhythm works well… more»
Omar Sánchez (Mr.Tech)
Consultant
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Oct 21 2018

What is most valuable?

They do have a way to pre-configure or have pre-configurations for companies that are starting and they don't know too much about SIEM or working with SIEMs. The solution uses SIEM to get the information to the managers so I will say that… more»

What needs improvement?

It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. In addition, the management services team needs some improvement. They are, at times, confused… more»

What's my experience with pricing, setup cost, and licensing?

It is a pricey product. It is very expensive.

Which solution did I use previously and why did I switch?

I have used Splunk in the past.

Which other solutions did I evaluate?

QRadar needs a lot of fine tuning. I had to schedule meetings with IBM for help. For example, one of the things that we were having difficulties with QRadar is that the detection rules are sent by IBM and we wanted those detection rules. In… more»
Cybersecon67
Consultant
Cyber Security Consultant at a tech services company with 51-200 employees
Aug 12 2019

What is most valuable?

The most valuable features of this solution are the logging and the dashboards. This solution integrates easily and very well with other technologies. We are creating… more»

How has it helped my organization?

This solution helps us to provide services for our clients and integrates well with their other technologies.

What needs improvement?

We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version. I would like to see the Active… more»

What's my experience with pricing, setup cost, and licensing?

The cost is dependent on the customer's environment and requirements.

Which solution did I use previously and why did I switch?

We did not previously offer a different solution to our customers. We are currently onboarding Splunk to work concurrently with this solution, but it depends on the… more»

What other advice do I have?

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than… more»

Which other solutions did I evaluate?

We have experience using ArcSight, but it is very difficult when it comes to creating the connector to integrate with different technologies. We spend time evaluating each… more»
Get our free report covering IBM, Dynatrace, Graylog, and other competitors of Splunk. Updated: January 2020.
390,245 professionals have used our research since 2012.