Try our new research platform with insights from 80,000+ expert users

Mezmo vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Mezmo
Ranking in Log Management
54th
Average Rating
9.0
Number of Reviews
2
Ranking in other categories
Application Performance Monitoring (APM) and Observability (77th)
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of March 2025, in the Log Management category, the mindshare of Mezmo is 0.2%, down from 0.2% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.6%, down from 11.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

TO
Has vastly increased our ability to reach SLA targets consistently
Scalability could be improved. We are using it through the IBM cloud deployment and on some of the data centers that are very heavily used, there is a significant lag in the event stream, sometimes 10, 15 minutes behind, which makes the RCA impossible. If an event hits but you don't have the information to look at it, then it's tricky. This is probably not an issue of the product itself, but more a deployment issue. There is something on the IBM side that needs some readjustment to make certain these lags don't happen too often. We now use other tools for back-up in that area. But if you really want to do SIEM type work, then that is an aspect that needs some improvement. It's hard to tell if it's the product or the IBM deployment of it. The user interface is really very productive interactively but for an additional feature, it would be nice if we somehow could encapsulate a query or a filter, and communicate or share that among the team so that specific types of actions can be carried out quickly. In particular, when we deal with a customer issue, it may pertain to a particular transaction through the system and each transaction has a unique ID. It would be great if we could query that ID and request all transactions that pertain to a specific ID. For now, we need to find the events, then extract the ID. Once we have that, we can go through the UI to set up the query and filter it to give us a transaction. But it would be really nice if we could simply say, "Here's the ID. Give me all the transactions."
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"LogDNA consolidates all logs into one place, which is super valuable."
"The solution aggregates all event streams, so that if there are any issues, it's all in the same interface."
"Splunk Enterprise Security allows us to create custom dashboards by changing fonts and modifying widgets."
"Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us."
"Splunk stands out for its extensive application integrations."
"I like Splunk's data aggregation and search capabilities."
"We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards."
"The level of robustness on offer is very good."
"The most valuable feature of Splunk Enterprise Security is the threat intelligence integration because essentially having to go out and correlate all the data on our own becomes convoluted."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
 

Cons

"Every once in a while, our IBM cloud operational implementation gets behind. Sometimes, when we have a customer event, we do not get access to the latest logs for about 30 minutes, particularly for the sites that are heavily utilized. This is clearly not good. It is impossible to RCA when you can't look at the logs that pertain to the time period in which the event occurred. It could be more of an operational problem than a feature problem. I don't have visibility about whether it is a LogDNA issue or just an operational issue."
"No ability to encapsulate a query or a filter, and communicate or share that among the team."
"The Splunk platform is not unified. We have all of these different tools and they feel a bit disjointed."
"Most of my interaction is with the user community, which is how Splunk wants it. When I need help, that community is very hit or miss."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"The integration could be a bit better. They charge for certain integrations."
"I do not have any pain points for Splunk Enterprise Security. I am still trying to learn it, but there can be more information on the education side for Splunk Enterprise Security. It would be nice if the certification path was more specific to what I use instead of being so broad."
"I find the graphical options really limited and you don't have enough control over how to display the data that you want to see."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
 

Pricing and Cost Advice

Information not available
"I think that most of the monitoring solutions are expensive."
"The licensing model can be expensive, but the value it provides is significant."
"Splunk ES is quite expensive compared to some products on the market."
"Luckily, we come under a large federal agency, and before the pandemic, they signed a large enterprise license agreement. It worked out great and to our advantage because we are a small organization. We got a 300 gig license, and we just did not have the buying power to be able to get products cheaply. Because we all partnered together under the agency umbrella, we were able to get Splunk Enterprise Security, UBA, and ITSI for cheap. This was good considering the fact that some of these premium apps require a minimum number of users, and we do not have the number of people needed to even justify buying it."
"While Splunk is more expensive than other solutions, we would still choose it because of its capabilities."
"It's a yearly subscription."
"Splunk is expensive based on our current requirements, but it's obviously worth what we pay."
"Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
842,194 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

LogDNA
No data available
 

Overview

 

Sample Customers

Instacart, Asics, Lime, Salesforce
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Mezmo vs. Splunk Enterprise Security and other solutions. Updated: March 2025.
842,194 professionals have used our research since 2012.