I did not evaluate other options. This solution was in place when I arrived. 

I have looked at other competitors. We recently looked at CrowdStrike's LogScale solution. It feels like Splunk to me. I cannot say how we would reproduce what we have done in Splunk on the infrastructure side or backend. Our environment is uniquely different. Technically, I am the only person who runs Splunk for our entire organization, similar to the way the previous person ran ArcSight for the organization. If I were to compare apples to apples, Splunk to me is still number one in that category.

Splunk's community is the biggest benefit. It is so easy to go to Slack and hit someone up. There is a good chance that you will find someone out there who has run into the exact same issue that you are having. Their documentation is fantastic. Because I am the only one who runs it for our organization, it is easy for me just to Google it, find the document, and just follow it. It is as simple as that. It gets a little dicey with XDR and all the other things that are happening in the market, such as using a data lake. Instead of putting our eggs in one basket or using Splunk, we might use something like Snowflake.

The company evaluated a few tools before deciding on Splunk. I used ArcSight at a previous job. Splunk is more flexible than ArcSight, and it has various modules you can purchase to expand the functionality. You don't need to invest in a different solution because you can purchase add-ons for your existing infrastructure. 

It's modular, so you can tailor Splunk to your organization's size, structure, and specific needs. The customer can do it. You don't need to request it from a service provider. 

We briefly looked at the open source product and we obviously looked at a Check Point product. When we looked at Splunk it seemed like they had a smaller cost to procure it, and a much smaller cost to maintain it than all of those other solutions. So it was kind of why we went with Splunk. This is very non-intuitive since everybody says they love Splunk but it costs too much.

Before choosing Splunk, we have evaluated QRadar and LogRhythm. QRadar is much more expensive. LogRhythm lacked reporting.

We ended up choosing Splunk due to the pricing and the reporting features. It also had the kind of scalability that was required. We felt it would help us in terms of positioning from both a cost perspective and an incident alert perspective.

We evaluated what was on the market, and fortunately, we picked Splunk. Looking back, it was the right decision.

I'm not sure if any other options were evaluated by the company. 

We evaluated other options. We had to evaluate the pros and cons in terms of the cost and the capabilities of each tool. A lot of that went into the proof of concept. We did our due diligence and determined that Splunk was the best fit for us.

We tried some other solutions, but they didn't work like Splunk. We found that Splunk is the best one.

I have worked with a number of other solutions including RSA enVision, IBM QRadar, as well as Microsoft, McAfee, and LogRhythm. 

If we want to build an add-on feature in Splunk, we have to build an application and then integrate it. But in other applications, there is a direct integration that only requires partial development and it will start functioning.

Also, there is something called correlation in a lot of other tools. Splunk also has it but it consumes a lot of memory. If we tag all the data, it is better, but tagging consumes storage and it makes it a little tough for us to run a search. 

If we want to work towards SOAR, if there were a little bit more integration so that our customers could taste SOAR, they could then move to Splunk Phantom or other tools. Right now, people are not using automation. Everything is done manually. Hopefully, that's the next goal. Security operations will surely use SOAR and, once they start tasting it, they'll get to know how it works. They can design playbooks and start using it. That's an additional feature I would like Splunk to bring in. 

Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great. It also has something called "stats" and it runs much faster. Within minutes, it gives the data from a very large set. Spunk's dashboards are also a very good thing. No other application or tool is as versatile in presenting the dashboard. It all comes down to presentation. It may take a little bit of engineering work to develop and customize, to parse the fields and fetch the data, but the presentation is good.

We did test AT&T and LogRhythm as well. We chose this solution as a balance between cost and functionality.

AT&T was a great security tool, however, it lacked a lot of the infrastructure things that Splunk does, in terms of server monitoring and network monitoring. LogRhythm did have a dose, however, at a very prohibitive price. It was almost twice the cost of Splunk.

Before choosing Splunk, I evaluated other options, including QRadar. However, if I were to evaluate them today, my choice might be different.

I did not evaluate other options. I adopted this tool when I joined my current organization. 

We are not evaluating any solutions because we already have Splunk, and we do not want to leave Splunk. I like it, so it is just a matter of making the commitment.

We have evaluated other solutions, and Splunk definitely comes out as one of the top competitors due to its interoperability with a lot of data sources that are sprinkled around in our environment. This interoperability is a key piece because we have such a diverse asset environment.

We did not evaluate other solutions. Splunk came in with the modernization effort that we were going through, so it just came with the system.

We do an evaluation annually. It is important for us to do a market comparison and make sure we are looking at options in our work. What makes Splunk Enterprise Security competitive is the variabilities that they bring to the table for the overall solution. It has things like APIs that you can tie into. There is also the bonus functionality of being able to do analytics there. User behavior analytics is important for us.

The other product that I've seen is Elastic, and I think that it would be a better choice than Splunk. This is something that I'm basing on performance, as well as the other features.

We were using QRadar as a POC. We were using for real at our cloud but also it was a POC for us because we were watching the product. But, QRadar needs a lot of fine tuning.

We also looked at Dynatrace before choosing Splunk. 

I have worked with Wazuh and ManageEngine Endpoint Central.

I have been proposing to management to take the solution to be a primary product in our dealings with it. We do not encounter many issues involving the solution. One of the problems I have with the RSA Netwitness platform is its complexity. Splunk is straightforward for us when it comes to views and it provides us the network security posture.

The ability for the solution to work with Cisco shows that the solution can work with other products. The only thing is that when the solution is compared with other vendors, one sees that there is only a single other vendor that has endpoint security like this one, Netwitness platform having its component for the endpoint. This is why an integrated endpoint would be a nice feature, even though the solution works on Cisco. 

The main advantage of the solution is that it provides an easy setup platform in the new environment. When set up afresh, it is also easy to build queries. Historical queries can be used to site for a new event, which makes it easy to use, deploy and understand. 

When it comes to a data platform, there is RSA NetWitness, which may also be a good platform. I have not done much training of my own on Splunk, but have gained much experience through learning and working with clients that I support. This is because the platform is understandable. 

I would rate Splunk as one of the big five platforms. I would give it a high rating based on the efficiency of the platform. Clearly, I cannot include Wazuh in the top five categories, as its rating is not up there with Splunk, Qradar and LogRythm.

We also looked at HP ArcSight and two other solutions. 

I would consider ELK Kibana a competitor for this solution. If you have time, and you want to do it yourself, you can save a little money going with Kibana. However, Splunk is pretty good and I would recommend an enterprise to switch to Splunk.

By comparison, I feel QRadar to be better than Splunk Cloud, since it comes with Watson. 

Another advantage is that QRadar works like a threat intelligence tool. It, also, does not require queries, which Splunk Cloud does. It is important that we have an understanding of the queries for the purpose of pulling the logs which we seek. I feel QRadar to be better than Splunk Cloud, as it does not require us to work on the queries. 

I have worked on Splunk Cloud in the past, as well as on QRadar. As there is no SIEM solution in my current organization, we have plans to build it up. This is an ongoing process. I have suggested QRadar to my team and others are considering Sentinel. 

We were using ArcSight before.

I have not evaluated other options. 

Other options were evaluated, such as ELK, but Splunk was identified to be more feature rich out-of-the-box.

I did some research for a school project. I needed to compare it to Splunk and a few other tools. As a result, I'm not particularly interested in purchasing them.

I also evaluated IBM QRadar and LogRhythm NextGen SIEM. 

There are a lot of vendors in the space at the conference this year. Therefore, we probably talked to six or seven different ones, and the market seems to be consolidating. The market's metrics and log monitoring all seem to be rolling up into a single provider. It looks like that is what will be happening in the next few years.

Right now, there are a ton of different smaller providers doing little pieces of this and that. All the big players, like Splunk, New Relic, and Datadog, seem to be rolling them all up into one offering. 

We evaluated the ELK Stack, of which recently we have implemented with a customer who was looking for a more lightweight, cheaper alternative that would work "Good Enough". They felt they did not need all of the bells and whistles that came with Splunk.

The other SIEM solution providers we looked at were ArcSight, QRadar and SolarWinds LEM.

I evaluated other things. I also integrated with other solutions too. I decided to go with Splunk due to the fact that it worked well.

We work with Splunk, but we are looking for some LOG Kinetics solutions for our clients.

We evaluated our existing tool, LogRhythm.

We evaluated HPE ArcSight.

Yes, Graylog and QRadar.

We evaluated Graylog, Elastic.io, etc.

We also looked at Selopene SIEM. It is a premier logging site.

We knew we were going to go with Splunk. It was the leader and the one we liked. We didn't consider any others since Splunk met our needs.

We chose Splunk because of the ease of the UI, querying, and creating dashboards. It has a standardized query language, which a lot of the IT staff were already familiar with it. It was the market leader from our prospective for our needs.

No.

I wasn't there when the evaluation was done. When I came on board, this product was handed down to me, and we have not evaluated any other solutions or products since then.

We also evaluated ELK, Dynatrace, and New Relic, but Splunk provided a comprehensive solution to fit our all around needs.

We started researching ELK (Elastic, Logstash, Kibana). But management was so impressed with Splunk that we ended this research.

We are a partner of Splunk. So, we did not evaluate other solutions.

Splunk has no real competition. It is just Splunk, and that is it.

We have evaluated SoapUI and Postman, and we are still evaluating others.

Yes all the other competitors, Splunk by far is the best.

We studied four or five tools including Logrhythm and Exabeam. We went with Splunk for now and will see how that goes.

We considered Oracle Enterprise Manager, but Splunk is way more powerful. Splunk is product-agnostic, as it can move across different platforms and products. 

We evaluated ELK Stack and QlikView.

We evaluated ArcSight, QRadar, and LogRhythm.

We provide IT consulting services. Our customers occasionally ask us to assist them in locating specific solutions.

I have evaluated DataDog.

No,we went with the free trial and got so much value so quickly we bought in.

We considered a few alternative products because the logging was faster. In the end, we decided to go to Splunk.

We looked at the Elk Stack, Kibana, and Sumo Logic.

We chose Splunk because their cost is better, the maintenance factor is a little higher, and the core functionality is higher than what other products provide. The core functionality is out-of-the-box. E.g., with a Toyota Scion, you can customize the parts to make it whatever you want, but it's a lot of work to get there. Where if you buy a Cadillac, you pay the Cadillac's price, but it's a Cadillac. It will work right out-of-the-box.

We evaluated Trustwave and QRadar.

There are a lot of solutions: IBM QRadar, Splunk, LogRhythm. Splunk was good for us because of the support, the documentation, the scalability, the stability. It gives us everything that we need in our business, everything necessary for helping us do our job.

We evaluated QRadar.

I have evaluated Tableau.

We evaluated Alert Logic and Splunk. We still use both products heavily. 

We have different use cases for the products. At first, Splunk was free, so we started to take more advantage of it.

We evaluated Logstash and others, but Splunk plays a pivotal role.

I have done some research on LogRhythm, IBM QRadar, and ArcSight, but I don't have any hands-on experience yet.

I did a comparison for a customer two weeks ago and the outcome of my comparison was SIEMonster, effortable price model, even though it's a niche player, it's quite powerful. I also provided Splunk as a recommendation because it is a market leader, really powerful, and really good to use. I also recommended LogRhythm; it is also expensive but it's also really powerful, and the feedback of customers is really good.

With respect to Splunk, I would recommend it but when a customer is budget-driven then Splunk is not the solution. Money shouldn't be the question.

I have evaluated other solutions, such as IBM QRadar.

We have other log searching tools, but we have standardized on Splunk. 

We looked at IBM SmartCloud Analytics and Log Analytics.

We didn’t evaluate any alternatives.

We evaluated Elastic Stack and Sumo Logic.

IBM QRadar

It was the customer's choice.

We give support for VMware and other technologies. We purchased Splunk because our customers were asking for our services to take control of the implementation from another company.

We also looked at AlienVault.

We evaluated LogRhythm.

We looked at ELK Stack.

We did a SIEM solutions review with this and other systems for one of our customers.

Curator is more scalable than certain other solutions. 

We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.

Our client was considering the other solutions as well. However, due to their overall assessment, they still considered going with it.

We considered Datadog and Zabbix. In comparison to those options, Splunk has virtual visualization. Furthermore, it can be a host on our environment. Typically, we cannot deploy SaaS on our environment, but with Splunk, we can. 

We also looked at AlienVault.