Try our new research platform with insights from 80,000+ expert users

CrowdStrike Observability vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CrowdStrike Observability
Ranking in Log Management
42nd
Average Rating
8.4
Reviews Sentiment
6.1
Number of Reviews
3
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of March 2025, in the Log Management category, the mindshare of CrowdStrike Observability is 0.5%, down from 0.6% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.6%, down from 11.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

ManelAlvarez - PeerSpot reviewer
Protection improves through superior global visibility and robust cloud integration
CrowdStrike Observability is especially useful when using a multi-cloud environment. Although it is expensive, the protection level it provides justifies the price. For users on Google Cloud, I prefer using Google's GTI technology. Overall, I would rate CrowdStrike Observability as nine out of ten. I rate the overall solution as nine.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The log aggregation and correlation of data are notable features that enhance our operations."
"The intelligence database provided by CrowdStrike is very impressive."
"I find the most effective feature of CrowdStrike Observability to be its cloud vision and attack surface vision, which enhance network traffic analysis."
"The intelligence database provided by CrowdStrike is very impressive."
"The price is worth it."
"The alerts are very effective."
"I am enjoying our implementation of risk-based alerting. That has helped very much with cutting out a lot of the noise that we have. It has reduced our alert volume significantly. There is about an 80% reduction."
"The most valuable features are how stable and easy to use Splunk is."
"The security part is useful as it helps secure the entire environment."
"The visibility is amazing with easy dashboard creation."
"This solution helps us increase our productivity."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
 

Cons

"Integration with Huawei should be more straightforward."
"For reporting or log management, having a longer duration for backup without needing to purchase a paid subscription would be beneficial."
"The customer service is not satisfactory for me. The support is only available in English, and my users in LATAM regions such as Peru and Colombia require local language support, which is not currently provided."
"For reporting or log management, having a longer duration for backup without needing to purchase a paid subscription would be beneficial. Currently, there is a default ninety-day backup period."
"Integration with Huawei should be more straightforward."
"This is not really a monitoring solution."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"There's been a big push for SBC compute over the ingestion model, which will hamper us."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging."
 

Pricing and Cost Advice

Information not available
"Splunk Enterprise Security is an expensive solution."
"It's definitely worth it."
"The licensing model can be expensive, but the value it provides is significant."
"The tool's pricing model is great. You can choose between workloads or volume."
"We have an unlimited one, and we pay yearly, but I don't know how much it costs. Previously, I worked for a startup, and when they started building it up, it was complicated for them because they didn't have the budget for that many licenses. It was very costly for them. So, startups might find it a little bit problematic because of the licensing, but for bigger companies, there is no issue."
"It is expensive. I work for multiple clients. I am working for more than five clients, but most of the clients are switching from Splunk to Sentinel because of the cost. Even though Sentinel is very limited, clients are moving to Sentinel."
"ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product."
"We had a yearly subscription."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
842,592 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
16%
Manufacturing Company
7%
Healthcare Company
6%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with CrowdStrike Observability?
CrowdStrike Observability could improve in terms of understanding the functionality of different modules. The complexity of having multiple modules such as vulnerability management and identity man...
What is your primary use case for CrowdStrike Observability?
I have been using CrowdStrike Observability for the past two months with a focus on the cloud environment, specifically integrating with Google Cloud. We are currently utilizing it for detection pu...
What advice do you have for others considering CrowdStrike Observability?
CrowdStrike Observability is especially useful when using a multi-cloud environment. Although it is expensive, the protection level it provides justifies the price. For users on Google Cloud, I pre...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about CrowdStrike Observability vs. Splunk Enterprise Security and other solutions. Updated: March 2025.
842,592 professionals have used our research since 2012.