Try our new research platform with insights from 80,000+ expert users

ELK Kibana vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ELK Kibana
Average Rating
7.2
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Featured Reviews

KJ
Visualization tools are optimized providing us with increased flexibility
One area that could be improved is security. Being an open source product, if you want to add security, if you want to add authentication, you've got to use a third party plugin that may or may not cost you, or alternatively upgrade to their subscription service, which is a downside as well. I think the types of visualizations are nice, but I think there's room to add more without having to go to third party plugins to do that. Just comparing the total number of visualizations that it provides compared to Grafana, you can see that it's lacking. The UI experience isn't as rich as it is with Grafana or certain other tools. I would like to see better authentication options, typical authentication options, like active directory and LDAP as well, just a richer UI with more graph type options.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The optimization and flexibility of visualization tools."
"The automatic update of the graphs from a dashboard is very convenient."
"Having a tool where you can find logs that were generated months ago, and being able to search over a long period of time, is great."
"The level of robustness on offer is very good."
"Support is quick and competent."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"The benefits my company has seen from the use of Splunk Enterprise Security revolve around the speed of detection it offers."
"It follows MITRE ATT&CK and Cyber Kill Chain frameworks. There are certain notable events for which we can configure our security posture."
"Splunk has machine learning which is a valuable feature."
"Overall, Splunk is among the top three SIEM tools due to its capabilities and agility in bridging business analytics with security needs."
"Splunk Enterprise Security helped us with faster detection of threats."
 

Cons

"Security could be improved thereby avoiding the necessity of a third party plugin."
"Having a kind of wizard that would help you when you are typing your search would make it easier and quicker to refine your search, and ultimately find what you are looking for."
"This solution should allow the user to combine two indices into one graph."
"Splunk Enterprise Security provides us with the relevant context to help guide our investigations, but it would be interesting to add even more context, for instance, in order to raise the level of risk."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
"The glass table feature does not perform as expected."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"There's been a big push for SBC compute over the ingestion model, which will hamper us."
"The licensing price is high and has room for improvement."
"In terms of training. I find that some things about Splunk aren't well-explained. I see features and then go to the website but don't find good explanations."
 

Pricing and Cost Advice

Information not available
"Luckily, we come under a large federal agency, and before the pandemic, they signed a large enterprise license agreement. It worked out great and to our advantage because we are a small organization. We got a 300 gig license, and we just did not have the buying power to be able to get products cheaply. Because we all partnered together under the agency umbrella, we were able to get Splunk Enterprise Security, UBA, and ITSI for cheap. This was good considering the fact that some of these premium apps require a minimum number of users, and we do not have the number of people needed to even justify buying it."
"It is economical than other solutions."
"Splunk Enterprise Security's pricing is based on data volume, which generally suits large enterprises."
"The pricing is very complicated, and it is very pricey. You do require a lot of different licenses in order to get a comprehensive solution that is not just the SIEM solution."
"Regarding the product's pricing, I think it has always been difficult to have a conversation with Splunk."
"Our ROI is high."
"Splunk Enterprise Security is an expensive solution."
"As a team, we prefer the old pricing model with a perpetual license. We are still evaluating the whole subscription-based model."
report
Use our free recommendation engine to learn which Data Visualization solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Sprint, Grab, Volkswagen, Autopilot, Voyages-SNCF.com, Just Eat, Accenture, Dell, Verizon Wireless, Kaidee, Green Man Gaming, Compare Group, Tango, Quizlet
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Salesforce, Qlik, Splunk and others in Data Visualization. Updated: March 2025.
842,767 professionals have used our research since 2012.