Try our new research platform with insights from 80,000+ expert users

ELK Kibana vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ELK Kibana
Average Rating
7.2
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
306
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Featured Reviews

KJ
Visualization tools are optimized providing us with increased flexibility
One area that could be improved is security. Being an open source product, if you want to add security, if you want to add authentication, you've got to use a third party plugin that may or may not cost you, or alternatively upgrade to their subscription service, which is a downside as well. I think the types of visualizations are nice, but I think there's room to add more without having to go to third party plugins to do that. Just comparing the total number of visualizations that it provides compared to Grafana, you can see that it's lacking. The UI experience isn't as rich as it is with Grafana or certain other tools. I would like to see better authentication options, typical authentication options, like active directory and LDAP as well, just a richer UI with more graph type options.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The optimization and flexibility of visualization tools."
"The automatic update of the graphs from a dashboard is very convenient."
"Having a tool where you can find logs that were generated months ago, and being able to search over a long period of time, is great."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"I like the Splunk dashboard and search engine."
"We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"There are lots of free learning materials on their website."
"I like the search feature and the indexing. It's very fast and comprehensive."
"I can create dashboards to collect and view information in a tabular, graphical format. This feature is important because it helps me understand time-series data over one or two hours."
 

Cons

"This solution should allow the user to combine two indices into one graph."
"Having a kind of wizard that would help you when you are typing your search would make it easier and quicker to refine your search, and ultimately find what you are looking for."
"Security could be improved thereby avoiding the necessity of a third party plugin."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"Data retention can be better. If we want to look at the data for five months or six months, that is not available to us."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"Splunk Enterprise Security is complicated in terms of developing specific cybersecurity use cases."
"I would like to see future development in terms of ML (Machine Learning)."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
 

Pricing and Cost Advice

Information not available
"We have had a reduction in the time it takes to resolve issues and correlate what has failed."
"The pricing of Splunk Enterprise Security is high."
"While some clients find the cost of Splunk Enterprise Security to be on the higher end, its pricing is comparable to other SIEM solutions."
"We had a yearly subscription."
"The pricing is based on the volume of data fed into it, which can lead to substantial costs. This pricing model is complex and unpredictable, making cost management difficult."
"Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel."
"It's definitely worth it."
"Splunk Enterprise Security is not a cheap product, but I think it is worth every dollar that you pay."
report
Use our free recommendation engine to learn which Data Visualization solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Sprint, Grab, Volkswagen, Autopilot, Voyages-SNCF.com, Just Eat, Accenture, Dell, Verizon Wireless, Kaidee, Green Man Gaming, Compare Group, Tango, Quizlet
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Salesforce, Qlik, Splunk and others in Data Visualization. Updated: April 2025.
849,190 professionals have used our research since 2012.