Try our new research platform with insights from 80,000+ expert users

Grafana Loki vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Grafana Loki
Ranking in Log Management
4th
Average Rating
8.2
Reviews Sentiment
8.0
Number of Reviews
17
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Grafana Loki is 8.5%, up from 3.0% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

CarlosPimentel - PeerSpot reviewer
Efficient log filtering enhances quick network troubleshooting
We use Grafana Loki for various verticals including manufacturing, finance, health, and aerospatial sectors. It primarily helps in monitoring security and access to devices. Grafana dashboards are used to track access success and failure and audit commands issued on devices Loki significantly…
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The effectiveness of filters is pivotal for optimizing the search process and extracting the specific information we need from the extensive log data."
"The solution's stability has never been a problem. Stability-wise, I rate the solution a nine to ten out of ten."
"The tool can be used in multi-cluster environments."
"The most valuable feature of Grafana Loki is the dashboards which are really simple to create."
"The most valuable feature of the solution is the tool's GUI. The solution's GUI is very user-friendly."
"I appreciate the capability to process logs from microservices and seamlessly integrate them into Grafana."
"Grafana Loki is easy to monitor and detect errors."
"The most valuable part of Loki is the ability to filter logs by keywords and devices."
"The incident review pane is the best part of it because that is where the SOC lives. It is the heartbeat of what the SOC needs to do. You are able to start the investigative process. As you are sitting in the incident review pane, you see the alert, and from that one alert, which is called a notable alert, you can drill in and see all the different specific details that are tied to that."
"Splunk Enterprise Security's value lies in its ability to collect and analyze security logs, providing insightful dashboards."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"Splunk Enterprise Security is a valuable tool that allows us to monitor data from the APS daily."
"We evaluated several solutions and selected Splunk due to the functionality and cost."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
 

Cons

"We encountered certain limitations when it came to alerting, particularly when dealing with specific data sources."
"The Docker container partition feature needs improvement as they do not reuse the space and goes into a pending state."
"Visualization-wise, Grafana Loki's dashboard looks a little outdated compared to other open-source visualization tools like Chronograf."
"We had a well-structured dashboard with a functional query. However, an issue arose when the Kubernetes pod restarted. The statistics from our Grafana query would reset, dropping to zero and starting anew. This was particularly noticeable with linear graphs, which are expected to show consistent growth."
"It would be beneficial if Loki could directly access Windows Server logs or events directly from the servers."
"The solution's scalability depends on the team managing the Grafana instance."
"We face some bugs when we install the latest version of Grafana Loki."
"Enhancing speed could be a game-changer, and while it might vary depending on the application, it's a factor worth exploring."
"I would like more assistance with use cases and help with teaching us how to use it once it's installed."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"They could offer pre-built search queries for everyday use cases like brute force attacks, DDoS attacks, and other security threats."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"It currently has limited default rules and customizations. If they can concentrate more on the compliance part and the security information part, it would be helpful. The platform part is good, but it requires many features from the security aspect."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"I do not like the pricing model. It is expensive."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
 

Pricing and Cost Advice

"I use the open-source version of the product."
"Grafana Loki is a free, open-source solution."
"I use the solution's open-source version. Grafana Loki is a completely free solution for me."
"I find the licensing structure quite reasonable, as the free license effectively meets my requirements."
"Grafana Loki is an open-source solution."
"The pricing structure varies based on the number of users; there might be specific taxes to pay for it."
"Since we are using the open-source version of Grafana Loki, we are not paying anything for the solution."
"We use a free version."
"You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
"Splunk Enterprise Security is affordable."
"We had a yearly subscription."
"The pricing is a little bit on the higher side, but looking at what Splunk provides us, it is reasonable."
"The pricing is based on the volume of data fed into it, which can lead to substantial costs. This pricing model is complex and unpredictable, making cost management difficult."
"I believe that Splunk Enterprise Security is worth the price, but it is expensive."
"I am fine with the licensing, but in terms of the cost, it is expensive for the data that we have. We have an open discussion with our account rep about this."
"Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
10%
Comms Service Provider
10%
Manufacturing Company
8%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Grafana Loki?
We are using Grafana Loki as a database for real-time metrics.
What is your experience regarding pricing and costs for Grafana Loki?
We use the open-source version of Loki. The cloud version is competitively priced compared to other market solutions.
What needs improvement with Grafana Loki?
It would be beneficial if Loki could directly access Windows Server logs or events directly from the servers.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Grafana Loki vs. Splunk Enterprise Security and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.