Try our new research platform with insights from 80,000+ expert users

ArcSight Logger vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
31st
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
31
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
306
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of ArcSight Logger is 0.8%, down from 1.2% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Geraldo Freitas - PeerSpot reviewer
Enhances our security incident investigation but not good for correlation
Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"We haven't had any crashes or bugs. It is stable."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"The most valuable feature is the search capability, which is simple to use."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"ArcSight's robustness is its most valuable feature."
"It helps us uncover bottlenecks in the network."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The initial deployment was straightforward."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
 

Cons

"We have had problems with archiving."
"The solution should make it possible to integrate network analysis features."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"The platform is quite expensive. They should reduce its cost."
"ArcSight has been sold two or three times, and the quality has decreased."
"In the next release, I want to see more intelligence."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"This is a costly solution."
"The setup time is quite long."
"While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."
"The implementation and the scanning of the logs can be difficult."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"It does not give us permission to implement on-premise so we implement them on the cloud."
 

Pricing and Cost Advice

"The pricing is quite harsh."
"I would rate the product a seven out of ten since it's an enterprise product."
"It's not cheap at all as it's a big product and has been in the market for quite some time now."
"ArcSight is an expensive solution."
"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"We have a lifetime license, so we don't pay a monthly fee."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."
"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."
"It is not cheap."
"I think we recently switched to the SVC pricing compared to the ingest pricing."
"Splunk Enterprise Security's pricing is pretty competitive."
"The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele."
"I remember Splunk being relatively affordable. Kibana was more reasonable, but you get more with Splunk. If I was suggesting something, I would probably suggest Splunk because it is better to pay a little bit more and get a lot more."
"The pricing depends on the bandwidth of an organization and is good compared to some SIEM tools. IBM, for example, is quite costly. But Microsoft Sentinel is notably cheaper."
"Splunk is a bit pricier, but the benefits and ROI are huge."
"Further reductions would be fantastic, and I believe that more and more people would flock to it."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
17%
Government
9%
Educational Organization
6%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ArcSight Logger?
We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.
What is your experience regarding pricing and costs for ArcSight Logger?
The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.
What needs improvement with ArcSight Logger?
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
No data available
 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about ArcSight Logger vs. Splunk Enterprise Security and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.