Try our new research platform with insights from 80,000+ expert users

CrowdStrike Observability vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CrowdStrike Observability
Ranking in Log Management
38th
Average Rating
8.4
Reviews Sentiment
6.1
Number of Reviews
3
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of CrowdStrike Observability is 0.5%, down from 0.6% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

ManelAlvarez - PeerSpot reviewer
Protection improves through superior global visibility and robust cloud integration
CrowdStrike Observability is especially useful when using a multi-cloud environment. Although it is expensive, the protection level it provides justifies the price. For users on Google Cloud, I prefer using Google's GTI technology. Overall, I would rate CrowdStrike Observability as nine out of ten. I rate the overall solution as nine.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The intelligence database provided by CrowdStrike is very impressive."
"The log aggregation and correlation of data are notable features that enhance our operations."
"The price is worth it."
"The intelligence database provided by CrowdStrike is very impressive."
"I find the most effective feature of CrowdStrike Observability to be its cloud vision and attack surface vision, which enhance network traffic analysis."
"The search lookups are useful."
"From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful."
"Splunk Enterprise Security is a standard solution providing good customer service and partnership."
"Being able to aggregate detection and alerts from various sources is valuable. Like everyone else, we have a wide range of tools in our shop. We are able to stop at one spot and look at all the data. All the data is able to come through, and we can then jump from source to source or index to index. We can dig deep whenever we need to and get a good high-level understanding."
"The solution's most valuable feature is threat intelligence correlations."
"Deployment server for deploying changes in one go."
"The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing."
"The Splunk user community and forum are most valuable."
 

Cons

"Integration with Huawei should be more straightforward."
"Integration with Huawei should be more straightforward."
"For reporting or log management, having a longer duration for backup without needing to purchase a paid subscription would be beneficial. Currently, there is a default ninety-day backup period."
"The customer service is not satisfactory for me. The support is only available in English, and my users in LATAM regions such as Peru and Colombia require local language support, which is not currently provided."
"For reporting or log management, having a longer duration for backup without needing to purchase a paid subscription would be beneficial."
"For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."
"I would like to have fraud detection features. Fraud is within the same turf as with security operations. Fraud and cybersecurity work hand in hand. I would like to have detection capabilities, or at least dashboards in Enterprise Security for fraud."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"Their technical support sucks."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"I would like to see the asset and identity lookups be more automatic and less manual."
"Splunk can improve its third-party device application plugins."
 

Pricing and Cost Advice

Information not available
"The licensing model can be expensive, but the value it provides is significant."
"The price of Splunk Enterprise Security is reasonable, falling somewhere in the middle range."
"The tool's pricing model is great. You can choose between workloads or volume."
"We have seen ROI and improvements as we have continued to use the product, but they are more reactive."
"Its pricing model can be improved."
"Unlike other security tools, Splunk provides a fixed amount of gigabytes per day, and we are required to pay for any additional usage beyond that limit, in addition to our monthly cost."
"The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution."
"While Splunk offers generous developer licenses and obtaining annual licenses is straightforward, the cost is a major consideration."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
848,253 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
7%
University
6%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with CrowdStrike Observability?
CrowdStrike Observability could improve in terms of understanding the functionality of different modules. The complexity of having multiple modules such as vulnerability management and identity man...
What is your primary use case for CrowdStrike Observability?
I have been using CrowdStrike Observability for the past two months with a focus on the cloud environment, specifically integrating with Google Cloud. We are currently utilizing it for detection pu...
What advice do you have for others considering CrowdStrike Observability?
CrowdStrike Observability is especially useful when using a multi-cloud environment. Although it is expensive, the protection level it provides justifies the price. For users on Google Cloud, I pre...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about CrowdStrike Observability vs. Splunk Enterprise Security and other solutions. Updated: April 2025.
848,253 professionals have used our research since 2012.