Which would you recommend, SolarWinds LEM or Splunk?

18

One of the most popular comparisons on IT Central Station is SolarWinds LEM vs Splunk.

One user says about SolarWinds LEM, "It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk."

Another user says about Splunk, "Splunk has helped our organization mainly on our increased use of the security side. We use Splunk to monitor all machine logins (both successful and unsuccessful) and actions taken on those machines under each user."

In your experience, which is better and why?

Guest
As seen in
18 Answers
Jeffrey RobinetteUserTOP 20

I've been able to correlate across devices and logs using nDepth in SolarWinds LEM. Many people don't realize SolarWinds has a Log analyzer, ie LEM. Most know about NPM and SAM, which should be part of your Security Tool box as well. You can see denial attacks in NPM, my old Cyber team used it for that. Is SolarWinds LEM a SIEM? appears to be. I agree with several people, Splunk for large enterprises(Large), SolarWinds LEM for Medium to small. We did very little dashboard work in LEM but the long term archiving and retrieval of old logs is clunky. Splunk is my better with its aging of logs. Costing goes to LEM.

07 January 19
Gangikunta SomanathReal UserTOP 10

Depends on Requirement. But my vote goes to Splunk due to different types of solutions they have to fit the requirement!!

18 July 18
John LamReal User

Based on description, both are very good. If I have to select one, I may pick SolarWinds as it is easy to retrieve logs. But Splunk is also useful as well as it detects unauthorized usage.

17 July 18
KedarKulkarniUser

Like the name says SolarWinds LEM is broadly a "Log and Event Monitoring Solution". It is fantastically doing that for ages till today however, when it come to "Security Information and Event Monitoring", that solution must be able to work with all types of logs in raw / structured format, it must be able to provide a correlation between the logs and then must be able to provide the clear view on the incident that took place. Additionally, some of the vendors do provide vulnerability assessment module to help you having tight grip on your infrastructure items such as desktops, laptops, servers, manageable network devices etc. On top of these features the SIEM must provide the ready templates of reports which you may use to comply with specific needs of your industry standards or regulatory needs. Splunk has all these qualities and it also provides vulnerability assessment as one of the add on module, Unlike Solarwinds, you can also use splunk to pull specific parameters from system and then build a custom report on Infrastructure monitoring. There for I would suggest the following:

If you are looking forward to buy an SIEM solution go with Splunk

If you just need to maintain the logs in human readable format and want to be able to pull the reports based on point in time needs such as internal audit, regulators etc. and you are ok with this reactive approach then you should go with Solarwinds.

I have specifically not considered the cost in this discussion since that parameter will change according to the business needs.

15 July 18
Chingiz AbdukarimovUserTOP 5LEADERBOARD

I would prefer SolarWinds LEM for environments with high log volumes (e.g. network equipment at local providers, because with LEM you pay for nodes). And I would choose Splunk for wide network of any connected devices, if I need to dig logs later (because with Splunk you pay for GBs per day)

14 July 18
Jim WandReal UserTOP 5

I would use FortiSiem. It brings security from the NOC SOC together in one panel. The dashboards are great.

14 July 18
MS AlamReal UserTOP 5LEADERBOARD

I recommend for Splunk for any type of organization.

13 July 18
Agustinus DWIJOKOUser

If we need cyber report, and to analyze information related to the event that we already collected from environment, go with Splunk.

13 July 18
Sadiq Panjwani (CISSP, ITIL, ISMS-LA, CCNP)Real UserTOP 5

It all depends on your specific requirement and preference, the convenience of use. In a small business environment like up to 1000 users, SolarWinds will suffice but when we go from medium to large environments, Splunk is a perfect choice. However one must look at their licensing costs for each.

Hope this helps.

13 July 18
Shunleung ChanUser

I have no experience on SolarWinds LEM but I know that Solarwinds can keep track of the status of our servers and systems. Solarwinds is good for network monitoring while splunk is good for analysing logs. In my opinion, Splunk is not difficult to use and if your company use it, you can keep using it to analyse log. It can provide all features that Solarwinds has.

13 July 18
GregKikerUser

Splunk is not truly a SIEM. SolarWinds... Eh. JASK is what people should be looking at for this type of solution.

13 July 18
David EskoUser

Well in the context of a DevOps strategy, in the toolchain it would be Splunk. It’s a very good choice as long-term strategy & commitment.

I’m sorry, but I don’t know enough about Solarwind to comment.

12 July 18
Manager, Cybersecurity at a tech company with 11-50 employeesUser

If I need a SIEM I would definitely go with Splunk, but only if it has the Security Essentials enabled, else it is only a Log Management platform and not a SIEM.

12 July 18
Colin Jackson, CISSP, MMIS, GMONReal UserTOP 5LEADERBOARD

Splunk. Go with Splunk. Even Splunk light is better than LEM.

At a prior company, we got the SolarWinds suite and that included LEM. I set it up, onboarded data feeds. It could barely handle maybe 500MB/minute of data. It was flash-based, I had to restart the service a couple times a day and didn't provide value for us. That same company has since dumped LEM for Splunk Enterprise.

Splunk is scalable, very very fast, storage compression rates are around 97%, extensible, integrations off the charts, etc. I'll go with Splunk every time. Splunk vs LEM, I'd go with Wireshark 24/7 watching than LEM.

12 July 18
Ayodeji AbimbolaReal UserTOP 5LEADERBOARD

Splunk is a more robust and analytically sound tool for Log monitoring. My view is that Solarwinds will be suitable for SMEs with less network security heterogeneity while Splunk can perfectly serve a Large Enterprise with wide Log Analysis needs.

12 July 18
MS AlamReal UserTOP 5LEADERBOARD

SolarWinds is good for network monitoring but analyzing for critical logs splunk is best. As my opinion splunk is best.

12 July 18
Kent Gladstone-USAConsultant

They are different. Figure what your requirements are first. What are you going to integrate it with? Talk to the vendor are get evaluation copies.

12 July 18
Johney ShadeUserTOP 20

Comparing SolarWinds to Splunk is unwise. One responds to active monitoring where as the other uses stored data to analyze trends and can alert on events stored in the Log Files.

12 July 18
As seen in

Sign Up with Email