We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The initial setup is very simple and straightforward."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It's pretty powerful and its performance is pretty good."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Sentinel pricing is good"
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"The most valuable features are the modules and metrics."
"The main thing I like about it is that it has an EDR."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"The tool is stable."
"The product’s interface is intuitive."
"If they support a solution, it is easy to do an integration."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Good for monitoring, active response, and for vulnerabilities."
"There is room for improvement in entity behavior and the integration site."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"We are invoiced according to the amount of data generated within each log."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We'd like also a better ticketing system, which is older."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The support that is included with the standard licensing fee is very bad."
"The solution could use a different licensing model."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"The product was difficult to back up the first time."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"The tool does not provide CTI to monitor darknet."
"While it is scalable, it can suffer from reduced latencies."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"The implementation is very complex."
Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Splunk Enterprise Security is most compared with Dynatrace, IBM Security QRadar, Elastic Security, Datadog and Azure Monitor, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and CrowdStrike Falcon. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.