We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"Technical support is good and helpful...The initial setup is easy."
"Azure Monitor is a very easy-to-use product in the cloud environment."
"Azure Monitor is very stable."
"The solution very easily integrates with Azure services and in one click you can monitor your resource."
"The upside to the solution is if you are working in a Microsoft or Azure environment, it makes things easier."
"Log analytics and log queries are the most valuable features of Azure Monitor."
"For me, the best feature is the log analysis with Azure Monitor's Log Analytics. Without being able to analyze the logs of all the activities that affect the performance of a machine, your monitoring effectiveness will be severely limited."
"It is a robust, stable product."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"Splunk has machine learning which is a valuable feature."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"The technical support is among the best in the market."
"Visualizations helped the organisation with a better understanding of its KPIs."
"Splunk Enterprise Security helped us with faster detection of threats."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The solution's monitoring feature has limitations for analyzing multiple metrics."
"Automation related to gathering metrics from more applications could be improved."
"have used multiple products like Webex and PRTG. Some features could be added. Azure Monitor should add SMS and APIs. We have very limited access to Azure Monitor. I usually get alerts on my phone when they are integrated with Slack. I am not always available, but my team is. Sometimes, I am traveling and don't have access to my email, but I have Slack and other third-party projects that send me instant messages if a sensor goes down."
"Currently, it seems it's complicated to get the correct information in terms of what to do and how things work."
"They should include advanced logging on the database level in the Azure pool."
"The length of latency is terrible and needs to be improved."
"I'd like the solution to do more around vulnerability assessment. It's lacking in the product right now."
"The price could be lower but it is not a must."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"I find that the learning curve for Splunk is relatively lengthy."
"The security can be improved."
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"This is a costly solution."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"The product's price may be an area of concern where improvements are required."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Sentry, Prometheus and SolarWinds Server and Application Monitor, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.