Splunk Competitors and Alternatives 2019

Get our free report covering IBM, Dynatrace, Graylog, and other competitors of Splunk. Updated: July 2019.
353,754 professionals have used our research since 2012.

Read reviews of Splunk competitors and alternatives

Real User
Senior Architect at a energy/utilities company with 201-500 employees
Oct 31 2018

What is most valuable?

We do a lot of the alerting, as far as user accounts. We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot.

How has it helped my organization?

We're still struggling to get a real return on it and finding something that isn't false noise. There have been a few things, such as weird service accounts that have an encrypted password which are locking things out. However, we haven't… more»

What needs improvement?

We still have a lot of noise, so this is a problem. We are having a hard time visually sifting through it. We need help dialing it in. We don't have the in-house expertise. Do we hire someone just for this purpose and have them sit there… more»

What other advice do I have?

I am rating the solution a six out of ten, because we have not gotten it to work yet. With all its components, there is such a learning curve. I haven't gotten far enough along in the process to know if the solution has a shortcoming or if… more»

Which other solutions did I evaluate?

We went back and forth between LogRhythm, Splunk, and AlienVault. I liked LogRhythm mostly for how it integrated with the network infrastructure. It was my decision, and I'm not 100% sure that I picked the right one. LogRhythm works well… more»
Omar Sánchez (Mr.Tech)
Consultant
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Oct 21 2018

What is most valuable?

They do have a way to pre-configure or have pre-configurations for companies that are starting and they don't know too much about SIEM or working with SIEMs. The solution uses SIEM to get the information to the managers so I will say that… more»

What needs improvement?

It is not a user-friendly program. It is a very glorified Excel program. I would love to see a more user-friendly version in a future rollout. In addition, the management services team needs some improvement. They are, at times, confused… more»

What's my experience with pricing, setup cost, and licensing?

It is a pricey product. It is very expensive.

If you previously used a different solution, which one did you use and why did you switch?

I have used Splunk in the past.

Which other solutions did I evaluate?

QRadar needs a lot of fine tuning. I had to schedule meetings with IBM for help. For example, one of the things that we were having difficulties with QRadar is that the detection rules are sent by IBM and we wanted those detection rules. In… more»
Jordan French
Consultant
Business Development Manager- Threat Management Services at a tech services company with 5,001-10,000 employees
Apr 25 2018

What is most valuable?

* Smart Connectors and Flex Wizard * Multi-tenant access * Customization for dashboards and reporting * Improvements made to the ADP platform

How has it helped my organization?

Without it, we would not have a managed SIEM offering to speak of. We spent over a year evaluating leading competitors and ArcSight was the clear winner. It opened up a… more»

What needs improvement?

The marketplace is a bit of a joke; steps should be taken to improve participation. Micro Focus desperately needs to improve their core offering rather than adding more… more»

What's my experience with pricing, setup cost, and licensing?

Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service. A lot of the complex setup and administration duties are… more»

If you previously used a different solution, which one did you use and why did you switch?

We have not use a previous solution past its initial evaluation period.

What other advice do I have?

It has its quirks, but ultimately, it delivers capabilities that no other SIEM could provide.

Which other solutions did I evaluate?

We evaluated Splunk, QRadar, and LogRhythm.
Patrick Noc
Real User
admin at a non-tech company with self employed
Jun 13 2018

What is most valuable?

* Centralized logs: All the details are in one place. This is helpful if you have over 100 servers. * Centralized IDS: We need this as we are able to see what is happening in (almost) real time.

How has it helped my organization?

From my perspective, it saves me about two to seven hours weekly. Now, I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not… more»

What needs improvement?

* Plugins could be better utilized, as some of them do not recognize all logs. * We could add little more customization to dashboards.

If you previously used a different solution, which one did you use and why did you switch?

I previously worked with Nagios, SolarWinds, and Big Brother. Though, this was at a different company. These products did not match the requirements in AWS at the time that we were getting AlienVault.

What other advice do I have?

Check other products, do POC as change from one to other get be very pricey and time consuming. Also training of people and changes cost lots of resources and not all employees like such changes every… more»

Which other solutions did I evaluate?

We were also looking at LogRhythm, Splunk, and few others. We decided on AlienVault, as they had a nice presentation (which told us what we wanted to hear) and the PoC proved it could do what we… more»
Real User
Enterprise Architect at a transportation company with 10,001+ employees
Dec 19 2018

What is most valuable?

* The tools that they have for searching through logs. * Doing log comparisons. * Time shifting the logs. * The dashboards are good.

How has it helped my organization?

We have used it many times to find a root cause of a live issue, then fix the problem in the applications.

What needs improvement?

We would like the ability to drill down into a dashboard and get into deeper levels. Some of the operations and security team members don't think Sumo Logic does as well as Splunk in their field. Sumo Logic could possibly do more work with… more»

What other advice do I have?

I would recommend Sumo Logic. It is easy to use. The culture at Sumo Logic seems to be developer focused. The product is good. The developers are able to use it to get their job done quickly and easily. It fits into the developer's… more»

Which other solutions did I evaluate?

We also looked at Splunk. However, Sumo Logic was better liked by the developers. It had a more intuitive interface and a better set of tools for analyzing logs to do root cause analysis and caching. We chose the product based on the input… more»
Get our free report covering IBM, Dynatrace, Graylog, and other competitors of Splunk. Updated: July 2019.
353,754 professionals have used our research since 2012.
Sign Up with Email