Try our new research platform with insights from 80,000+ expert users

CA Digital Operational Intelligence [EOL] vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CA Digital Operational Inte...
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Featured Reviews

it_user1273302 - PeerSpot reviewer
Good performance, efficiency, and focuses on monitoring
When you choose a solution, you compare the bad points and the good points with the requirements that are needed. DOI does have some bad points. The real bad part is that it's impossible to be integrated on-premise. Broadcom chose to build only on the Cloud. In the beginning, I first started to check on-premise solutions to integrate in the future with Cloud models. So when we chose DOI, we knew the bad point was its obligation to use the Cloud or the SaaS model. But it's not a bad point now because Cloud and SaaS computing is the future of IT. But it's too early to really know about the security and what the other companies are seeing and changing. Monitoring information is critical for a company - information about the IPs, names that we keep, and some technical information. Also critical is the security of the monitoring itself. Broadcom manages the security of the data well. If you have securable monitoring and your team is already using Century or other products, DOI is not a good choice because DOI is not open-source. DOI is a static solution so you will not have access to the code. It is difficult with Sharepoint, too. If you are not in the habit of managing your static Broadcom relationship, it's not easy. The support is in India and it's already closed by the midday shift. The Broadcom support is very bad. I had a previous integration of Broadcom and their static software. But I was able to manage the support. But for new customers, it's quite difficult to create this relationship. Please keep in mind, Broadcom is a very huge company and when you're small or medium, about 1,000 or so employees, if you don't have the team, monitoring will be difficult. If you start a new company or are a startup, don't use Broadcom software. You don't have the weight to negotiate with Broadcom. It's not a bad point with DOI, just a bad point with the Broadcom relationship. But if you only choose DOI, keep in mind that the product is not only its technical capabilities, but also it's support relationship with the enterprise. We already plan to integrate automatic recognition in future releases. Now we don't use a major part of the automatic recognition. The plan is to create or automatically correct some command execution or re-run of the image and to integrate the VPN. The next step is to use the automatic recognition and to bypass the human intervention and to have automatic intervention of the critical system.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The features that I have found most valuable are the machine learning and the algorithm. We tried seven solutions. The good points of DOI are performance and efficiency under machine learning systems."
"The Splunk user community and forum are most valuable."
"Splunk is user-friendly. We can easily customize the monitoring script."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The logs on the solution are excellent."
"The two features I appreciate most in Splunk Enterprise Security are the content management system and the inter-incident review dashboard."
"The best part of Splunk Enterprise Security is its customizable settings."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform."
 

Cons

"It's impossible to be integrated on-premise. Broadcom chose to build only on the Cloud."
"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."
"The product must improve insider threat detection."
"I feel the solution to be too slow."
"​Not even Splunk's support guy, who came to our firm, could help with defining proper role management.​"
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."
"The solution could use a different licensing model."
"It requires a significant amount of relatively complex architecture once you push past the single server instance."
"You do need a lot of training and certification with this product."
 

Pricing and Cost Advice

Information not available
"We have an unlimited one, and we pay yearly, but I don't know how much it costs. Previously, I worked for a startup, and when they started building it up, it was complicated for them because they didn't have the budget for that many licenses. It was very costly for them. So, startups might find it a little bit problematic because of the licensing, but for bigger companies, there is no issue."
"Splunk Enterprise Security is expensive."
"Most people share the same thought that the ingestion rates can get pretty pricey. There is a lot of work we do to curate the data that we send to Splunk so that it is not too noisy or too expensive."
"Splunk Enterprise becomes extremely expensive after the 20GB/month license."
"The price of this solution is expensive. However, it has great features. If you want a great solution you need to pay a price matching the features."
"We have had a reduction in the time it takes to resolve issues and correlate what has failed."
"While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
report
Use our free recommendation engine to learn which IT Operations Analytics solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Splunk, New Relic, IBM and others in IT Operations Analytics. Updated: March 2025.
844,944 professionals have used our research since 2012.