Try our new research platform with insights from 80,000+ expert users

Microsoft Purview Audit vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Purview Audit
Ranking in Log Management
45th
Average Rating
8.0
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Microsoft Security Suite (31st)
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
306
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Microsoft Purview Audit is 0.3%, down from 0.4% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Nagendra Nekkala - PeerSpot reviewer
Enables us to create a user in the cloud and give them access to resources through a single workflow
The PAM for Active Directory is good. ActiveOps is quite useful as a feature. The One Identity active role enables us to create a user in the cloud and give them access to resources through a single workflow. We can create rules-based access. It helps us control audit management and IT access management. We can decide what people can access and detect job functions. It enables zero trust security with hybrid AD, find delegation, and role-based access control. It provides all certificates and provides secure authentication, call-based access control, et cetera. It's really important for my critical applications. We can see who's using what, whether they are authorized, and other information to decide what access to offer. With the active role console, I can find out the obvious issues and also perform a decent setup. The One Identity active roles enable us to reduce password reset times. We can handle tasks in a matter of a minute. It simplifies AD and Azure AD management, efficiency, and security overall. The password manager is very secure and is a self-service password manager solution. It is considerably decreasing my help desk tasks. Our engineering users can reset forgotten passwords, and it can implement a stronger password. The management around access to enterprise resources keeps my data and systems secure. We're easily saving at least one hour per day using this solution. The migration from AD to Azure AD is very easy. There are simple configurations, and the migration goes rather smoothly. We use the solution support for SaaS apps through Cloud Delivered SCIM connectors. There are controls that can be configured and we can add and set permissions easily.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The platform has significantly enhanced our operational insight into the overall Microsoft 365 environment."
"We're easily saving at least one hour per day using this solution."
"The solution has proven to be quite stable."
"Splunk is user-friendly. We can easily customize the monitoring script."
"The most valuable feature of Splunk Enterprise Security is the threat intelligence integration because essentially having to go out and correlate all the data on our own becomes convoluted."
"It helps us uncover bottlenecks in the network."
"The solution allows easy gathering and ingestion of the data."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"The site is constantly up, and it's been really easy to adjust the data."
"The initial deployment was straightforward."
 

Cons

"Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features."
"We do have a Denial of Access happening."
"Configuring a few apps is complex, not straightforward."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"I do not have any pain points for Splunk Enterprise Security. I am still trying to learn it, but there can be more information on the education side for Splunk Enterprise Security. It would be nice if the certification path was more specific to what I use instead of being so broad."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"Improving the infrastructure behind Splunk Enterprise Security is vital—enhanced cores, CPUs, and memory should be prioritized to support better processing power."
"I would like to see future development in terms of ML (Machine Learning)."
"Splunk should align its security principles with those of other vendors like SentinelOne. Splunk has mature APIs that can communicate with various security applications and devices. Splunk can process more to produce an understandable dashboard."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
 

Pricing and Cost Advice

Information not available
"I believe that Splunk Enterprise Security is worth the price, but it is expensive."
"I've heard Splunk is often preferred over other options, but the cost can be prohibitive for smaller organizations."
"The pricing and licensing of the product are quite high."
"The price is comparable."
"I work on the technical side, so I don't know precise figures. However, I know that Splunk is a premium product, so it's somewhat costly. Still, you get a lot of unique features for the money."
"The solution is a little expensive."
"I assume that the pricing is reasonable, because if it was too costly, there are other alternatives."
"The solution is costly."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
13%
Educational Organization
8%
Government
8%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with Microsoft Purview Audit?
Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features.
What is your primary use case for Microsoft Purview Audit?
We utilize Microsoft Purview Audit for monitoring security and compliance aspects.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Microsoft Purview Audit vs. Splunk Enterprise Security and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.