We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The main benefit is the ease of integration."
"Log aggregation and data connectors are the most valuable features."
"The automation feature is valuable."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The solution is quite stable. The performance has been good."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"It's very stable and reliable."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It's simple and easy to use."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"It's very customizable, which is quite helpful."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"The most valuable feature of Splunk is the log monitoring."
"I like the ease with which dashboards can be created."
"Visualizations helped the organisation with a better understanding of its KPIs."
"The most valuable feature is the custom dashboard feature."
"The ability to ingest any data and display it in a way that anyone can understand."
"The solution is stable and reliable."
"The AI capabilities must be improved."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The solution should allow for a streamlined CI/CD procedure."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The on-prem log sources still require a lot of development."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"If it could be made available as a service, this would be much better than as a product."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"The solution could use a different licensing model."
"The configuration could be better."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Security is most compared with Wazuh, IBM Security QRadar, Microsoft Defender for Endpoint, CrowdStrike Falcon and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Datadog and Azure Monitor. See our Elastic Security vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.