Try our new research platform with insights from 80,000+ expert users

ELK Kibana vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

ELK Kibana
Average Rating
7.2
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Featured Reviews

KJ
Jul 22, 2020
Visualization tools are optimized providing us with increased flexibility
One area that could be improved is security. Being an open source product, if you want to add security, if you want to add authentication, you've got to use a third party plugin that may or may not cost you, or alternatively upgrade to their subscription service, which is a downside as well. I think the types of visualizations are nice, but I think there's room to add more without having to go to third party plugins to do that. Just comparing the total number of visualizations that it provides compared to Grafana, you can see that it's lacking. The UI experience isn't as rich as it is with Grafana or certain other tools. I would like to see better authentication options, typical authentication options, like active directory and LDAP as well, just a richer UI with more graph type options.
Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Having a tool where you can find logs that were generated months ago, and being able to search over a long period of time, is great."
"The automatic update of the graphs from a dashboard is very convenient."
"The optimization and flexibility of visualization tools."
"It is a very stable solution. I never really had a hiccup with the tool."
"The most valuable feature of Splunk is the management and built-in workflows."
"The site is constantly up, and it's been really easy to adjust the data."
"This solution helps us increase our productivity."
"If properly built, I'm very impressed with the stability of Splunk ES."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"Being able to aggregate detection and alerts from various sources is valuable. Like everyone else, we have a wide range of tools in our shop. We are able to stop at one spot and look at all the data. All the data is able to come through, and we can then jump from source to source or index to index. We can dig deep whenever we need to and get a good high-level understanding."
 

Cons

"This solution should allow the user to combine two indices into one graph."
"Security could be improved thereby avoiding the necessity of a third party plugin."
"Having a kind of wizard that would help you when you are typing your search would make it easier and quicker to refine your search, and ultimately find what you are looking for."
"Its interface and usability can always be improved."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"In the next release, they should include machine learning-based rules that would streamline the process of finding anomalies."
"Splunk is such a large product. Allowing it to be more easily used by people who have not had a lot of training on it would be an improvement."
"My biggest struggle with Splunk in general is memorizing all the commands. If I want to know which users have logged in between certain hours, I cannot write that query out. It would be helpful to have AI so that I can explain in simple terms what I want and then the search gives that back to me. I am waiting for that."
"It would be good if the solution had some kind of copilot to automate or help write correlation searches."
"There can be a bit of complexity around some fields during the initial setup."
"The first thing that comes to mind is a little bit of UI improvement. It sometimes can be a little bit buggy or it can be a little bit slow, but that varies from customer to customer."
 

Pricing and Cost Advice

Information not available
"Splunk is really expensive."
"From what I have seen so far, Splunk has multiple cost models. The one that we are using is pretty good when it comes to ingesting data into the environment. It has worked out pretty well."
"The price of Splunk is too high for our market."
"It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
"ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product."
"I've heard Splunk is often preferred over other options, but the cost can be prohibitive for smaller organizations."
"In terms of pricing, I believe Splunk is unreasonably costly for the majority of mid and small-sized companies."
"Expensive compared to other options."
report
Use our free recommendation engine to learn which Data Visualization solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Learn More

 

Overview

 

Sample Customers

Sprint, Grab, Volkswagen, Autopilot, Voyages-SNCF.com, Just Eat, Accenture, Dell, Verizon Wireless, Kaidee, Green Man Gaming, Compare Group, Tango, Quizlet
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Salesforce, Qlik, Splunk and others in Data Visualization. Updated: October 2024.
814,763 professionals have used our research since 2012.