Try our new research platform with insights from 80,000+ expert users

CA Digital Operational Intelligence [EOL] vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CA Digital Operational Inte...
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
306
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Featured Reviews

it_user1273302 - PeerSpot reviewer
Good performance, efficiency, and focuses on monitoring
When you choose a solution, you compare the bad points and the good points with the requirements that are needed. DOI does have some bad points. The real bad part is that it's impossible to be integrated on-premise. Broadcom chose to build only on the Cloud. In the beginning, I first started to check on-premise solutions to integrate in the future with Cloud models. So when we chose DOI, we knew the bad point was its obligation to use the Cloud or the SaaS model. But it's not a bad point now because Cloud and SaaS computing is the future of IT. But it's too early to really know about the security and what the other companies are seeing and changing. Monitoring information is critical for a company - information about the IPs, names that we keep, and some technical information. Also critical is the security of the monitoring itself. Broadcom manages the security of the data well. If you have securable monitoring and your team is already using Century or other products, DOI is not a good choice because DOI is not open-source. DOI is a static solution so you will not have access to the code. It is difficult with Sharepoint, too. If you are not in the habit of managing your static Broadcom relationship, it's not easy. The support is in India and it's already closed by the midday shift. The Broadcom support is very bad. I had a previous integration of Broadcom and their static software. But I was able to manage the support. But for new customers, it's quite difficult to create this relationship. Please keep in mind, Broadcom is a very huge company and when you're small or medium, about 1,000 or so employees, if you don't have the team, monitoring will be difficult. If you start a new company or are a startup, don't use Broadcom software. You don't have the weight to negotiate with Broadcom. It's not a bad point with DOI, just a bad point with the Broadcom relationship. But if you only choose DOI, keep in mind that the product is not only its technical capabilities, but also it's support relationship with the enterprise. We already plan to integrate automatic recognition in future releases. Now we don't use a major part of the automatic recognition. The plan is to create or automatically correct some command execution or re-run of the image and to integrate the VPN. The next step is to use the automatic recognition and to bypass the human intervention and to have automatic intervention of the critical system.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The features that I have found most valuable are the machine learning and the algorithm. We tried seven solutions. The good points of DOI are performance and efficiency under machine learning systems."
"If properly built, I'm very impressed with the stability of Splunk ES."
"Overall, I would rate it a nine out of ten."
"The security part is useful as it helps secure the entire environment."
"Its integration is most valuable. Its UI is also pretty much easy."
"We can ingest and correlate data from virtually any type of system."
"Its alerting is most valuable. We have alerts set up in our environment for certain attacks, such as an SQL injection attempt. We have a front-facing server for the website. It is out there, and anybody can access it. When those SQL injection attempts come in, we are able to detect that with the alert."
"Splunk can deliver more information by going deeper. By creating a dashboard, we can identify the root cause of the threat. Let's say I have a firewall from Check Point. Splunk will find the dashboard for Check Point, implement it in our environment, and connect it to the Check Point firewall logs, which are shown on the dashboard. If we request a custom dashboard, the engineer will take longer to complete the task."
"The visibility is amazing with easy dashboard creation."
 

Cons

"It's impossible to be integrated on-premise. Broadcom chose to build only on the Cloud."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging."
"Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives."
"The price has room for improvement."
"Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market."
"In the next release, they should include machine learning-based rules that would streamline the process of finding anomalies."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"Features related to content management must be improved."
 

Pricing and Cost Advice

Information not available
"Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel."
"Splunk Enterprise Security is expensive. I would rate the cost an eight out of ten with ten being the most expensive."
"The pricing is very complicated, and it is very pricey. You do require a lot of different licenses in order to get a comprehensive solution that is not just the SIEM solution."
"I think that most of the log analytics solutions are expensive and I'm not sure if it's worth it."
"I would highly recommend anyone evaluating this option to download the free trial which allows for the ingestion of 500MB of data per day in order to get a feel for what Splunk does at its core. It will get pricey once your ingestion rates start to sky rocket, but I would consider it expensive given the amount of information that it allows you to analyze and react on straight out-of-the-box."
"It is expensive. That is why many customers have moved to IBM QRadar. The price is definitely a challenge for customers."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
"It is economical than other solutions."
report
Use our free recommendation engine to learn which IT Operations Analytics solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Splunk, New Relic, IBM and others in IT Operations Analytics. Updated: April 2025.
849,190 professionals have used our research since 2012.