Try our new research platform with insights from 80,000+ expert users

Mezmo vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Mezmo
Ranking in Log Management
53rd
Average Rating
9.0
Number of Reviews
2
Ranking in other categories
Application Performance Monitoring (APM) and Observability (77th)
Splunk Enterprise Security
Ranking in Log Management
1st
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
304
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of February 2025, in the Log Management category, the mindshare of Mezmo is 0.2%, down from 0.2% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.8%, down from 12.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

TO
Has vastly increased our ability to reach SLA targets consistently
Scalability could be improved. We are using it through the IBM cloud deployment and on some of the data centers that are very heavily used, there is a significant lag in the event stream, sometimes 10, 15 minutes behind, which makes the RCA impossible. If an event hits but you don't have the information to look at it, then it's tricky. This is probably not an issue of the product itself, but more a deployment issue. There is something on the IBM side that needs some readjustment to make certain these lags don't happen too often. We now use other tools for back-up in that area. But if you really want to do SIEM type work, then that is an aspect that needs some improvement. It's hard to tell if it's the product or the IBM deployment of it. The user interface is really very productive interactively but for an additional feature, it would be nice if we somehow could encapsulate a query or a filter, and communicate or share that among the team so that specific types of actions can be carried out quickly. In particular, when we deal with a customer issue, it may pertain to a particular transaction through the system and each transaction has a unique ID. It would be great if we could query that ID and request all transactions that pertain to a specific ID. For now, we need to find the events, then extract the ID. Once we have that, we can go through the UI to set up the query and filter it to give us a transaction. But it would be really nice if we could simply say, "Here's the ID. Give me all the transactions."
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution aggregates all event streams, so that if there are any issues, it's all in the same interface."
"LogDNA consolidates all logs into one place, which is super valuable."
"We solve issues that we previously could not since we now have the data."
"This is a straightforward solution, easy to configure."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Splunk Enterprise Security's dashboards are a key asset."
"The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well."
"It has virtual visualization, and other products do not."
"The speed of the search engine"
"The feature that we use the most is the correlation search engine within ES."
 

Cons

"Every once in a while, our IBM cloud operational implementation gets behind. Sometimes, when we have a customer event, we do not get access to the latest logs for about 30 minutes, particularly for the sites that are heavily utilized. This is clearly not good. It is impossible to RCA when you can't look at the logs that pertain to the time period in which the event occurred. It could be more of an operational problem than a feature problem. I don't have visibility about whether it is a LogDNA issue or just an operational issue."
"No ability to encapsulate a query or a filter, and communicate or share that among the team."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"Splunk Enterprise Security provides us with the relevant context to help guide our investigations, but it would be interesting to add even more context, for instance, in order to raise the level of risk."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"Cybersecurity and infrastructure monitoring have room for improvement."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"Make it easier to include roles and user controls, as it is horrible now."
 

Pricing and Cost Advice

Information not available
"I am not personally involved with the pricing of the solution."
"The tool's licensing is good and we haven't received any complaints from the team handling it."
"Splunk Enterprise Security is expensive."
"Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel."
"Splunk can be an expensive solution. It all depends on how we configure the alerts and the events from the endpoints. You can save some money if you do that correctly. If not, it becomes an expensive solution."
"Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive."
"We had a yearly subscription."
"I think we recently switched to the SVC pricing compared to the ingest pricing."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
No data available
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

LogDNA
No data available
 

Overview

 

Sample Customers

Instacart, Asics, Lime, Salesforce
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Mezmo vs. Splunk Enterprise Security and other solutions. Updated: January 2025.
838,640 professionals have used our research since 2012.