We performed a comparison between Coralogix and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI of Sentinel is very good and easy to use, even for beginners."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Log aggregation and data connectors are the most valuable features."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"A non-tech person can easily get used to it."
"The initial setup is straightforward."
"Numerous data monitoring tools are available, but Coralogix somehow fine-tunes our policies and effectively supports our teams."
"The solution offers very good convenience filtering."
"The solution is easy to use and to start with."
"The best feature of this solution allows us to correlate logs, metrics and traces."
"Splunk works based on parsing log files."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"The indexing and data collection are valuable."
"We can automatically suspend or terminate suspicious sessions."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"Visualizations are the best way to understand deviation techniques from the norm."
"It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The AI capabilities must be improved."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The solution should allow for a streamlined CI/CD procedure."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"From my experience, Coralogix has horrible Terraform providers."
"The documentation of the tool could be improved"
"It would be helpful if Coralogix could integrate the main modules that any organization requires into a single subscription."
"We want it to work at what it is expected to work at and not really based on the updated configuration which one developer has decided to change."
"The user interface could be more intuitive and explanatory."
"Maybe they could make it more user-friendly."
"Free-floating panels in the dashboards are like a glass table."
"I feel the solution to be too slow."
"I find that the learning curve for Splunk is relatively lengthy."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"I think the machine learning should be emphasized. Now, it's really important to analyze Big Data, data mining. A SIEM solution, like Splunk, needs an improved data mining solution, artificial intelligence."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
Coralogix is ranked 25th in Security Information and Event Management (SIEM) with 7 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Coralogix is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Coralogix writes "Good capabilities, has a helpful interface and is straightforward to set up". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Coralogix is most compared with Datadog, Grafana, Sentry, New Relic and Elastic Search, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Coralogix vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.