Try our new research platform with insights from 80,000+ expert users

CA Digital Operational Intelligence [EOL] vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CA Digital Operational Inte...
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Featured Reviews

it_user1273302 - PeerSpot reviewer
Good performance, efficiency, and focuses on monitoring
When you choose a solution, you compare the bad points and the good points with the requirements that are needed. DOI does have some bad points. The real bad part is that it's impossible to be integrated on-premise. Broadcom chose to build only on the Cloud. In the beginning, I first started to check on-premise solutions to integrate in the future with Cloud models. So when we chose DOI, we knew the bad point was its obligation to use the Cloud or the SaaS model. But it's not a bad point now because Cloud and SaaS computing is the future of IT. But it's too early to really know about the security and what the other companies are seeing and changing. Monitoring information is critical for a company - information about the IPs, names that we keep, and some technical information. Also critical is the security of the monitoring itself. Broadcom manages the security of the data well. If you have securable monitoring and your team is already using Century or other products, DOI is not a good choice because DOI is not open-source. DOI is a static solution so you will not have access to the code. It is difficult with Sharepoint, too. If you are not in the habit of managing your static Broadcom relationship, it's not easy. The support is in India and it's already closed by the midday shift. The Broadcom support is very bad. I had a previous integration of Broadcom and their static software. But I was able to manage the support. But for new customers, it's quite difficult to create this relationship. Please keep in mind, Broadcom is a very huge company and when you're small or medium, about 1,000 or so employees, if you don't have the team, monitoring will be difficult. If you start a new company or are a startup, don't use Broadcom software. You don't have the weight to negotiate with Broadcom. It's not a bad point with DOI, just a bad point with the Broadcom relationship. But if you only choose DOI, keep in mind that the product is not only its technical capabilities, but also it's support relationship with the enterprise. We already plan to integrate automatic recognition in future releases. Now we don't use a major part of the automatic recognition. The plan is to create or automatically correct some command execution or re-run of the image and to integrate the VPN. The next step is to use the automatic recognition and to bypass the human intervention and to have automatic intervention of the critical system.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The features that I have found most valuable are the machine learning and the algorithm. We tried seven solutions. The good points of DOI are performance and efficiency under machine learning systems."
"We can quickly search for almost anything across many log sources in seconds."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"Support is quick and competent."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"The log aggregation is great."
"I really like the user interface and how it works."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
 

Cons

"It's impossible to be integrated on-premise. Broadcom chose to build only on the Cloud."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"The implementation and the scanning of the logs can be difficult."
"Free-floating panels in the dashboards are like a glass table."
"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
"Sometimes, there is latency in the logs."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
 

Pricing and Cost Advice

Information not available
"While Splunk offers generous developer licenses and obtaining annual licenses is straightforward, the cost is a major consideration."
"Pricing is pretty fair."
"Splunk should be able to integrate with other product using the free version."
"Splunk is costly but it’s worth it due to the high-end features."
"I remember Splunk being relatively affordable. Kibana was more reasonable, but you get more with Splunk. If I was suggesting something, I would probably suggest Splunk because it is better to pay a little bit more and get a lot more."
"It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits."
"It is pretty straightforward and based on the sizing. If I compare it with other competitors, it makes sense."
"It can be tough to determine if you are getting all of the value out of your investment at times."
report
Use our free recommendation engine to learn which IT Operations Analytics solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Splunk, New Relic, IBM and others in IT Operations Analytics. Updated: March 2025.
842,767 professionals have used our research since 2012.