Try our new research platform with insights from 80,000+ expert users

Palantir Foundry vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

Palantir Foundry
Ranking in IT Operations Analytics
4th
Average Rating
7.6
Number of Reviews
15
Ranking in other categories
Data Integration (12th), Supply Chain Analytics (1st), Cloud Data Integration (10th), Data Migration Appliances (3rd), Data Management Platforms (DMP) (1st), Data and Analytics Service Providers (1st)
Splunk Enterprise Security
Ranking in IT Operations Analytics
1st
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (1st)
 

Mindshare comparison

As of November 2024, in the IT Operations Analytics category, the mindshare of Palantir Foundry is 4.2%, down from 6.1% compared to the previous year. The mindshare of Splunk Enterprise Security is 30.2%, down from 36.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
IT Operations Analytics
 

Featured Reviews

Manilal Kasera - PeerSpot reviewer
Nov 22, 2022
Transparent with good reliability and good data visibility
The initial setup had a medium level of difficulty. If we go through the documentation, we can learn about what to do. In Palantir, they had a section called Academy, and that Academy was quite useful. If you go through that as a new user, it makes the process easier as you learn what to do. Initially, we didn't have many sources that would help us learn things, so we struggled a bit. In contrast, with Azure and Amazon Cloud, you have many sources from where you would be easily able to learn. You could just Google what you needed with them, as there's so much available documentation online. What was easy was the fact that everything was in one place. With AWS Cloud, there are many applications to support. You can use Glue or Athena, and you have all these other applications. However, with Palantir, everything is easy due to the fact that it is centralized. It's drag and drop and everything is very transparent.
Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ease of use is my favorite feature. We're able to build different models and projects or combine different projects to build one use case."
"Great features available in one tool."
"The data lineage is great."
"Palantir Foundry is a robust platform that has really strong plugin connectors and provides features for real-time integration."
"The security is also excellent. It's highly granular, so the admins have a high degree of control, and there are many levels of security. That worked well. You won't have an EDC unless you put everything onto the platform because it is its own isolated thing."
"The interface is really user-friendly."
"It's scalable."
"Live video sessions enhance the available documentation and allow you to ask questions directly."
"We can quickly search for almost anything across many log sources in seconds."
"The logs on the solution are excellent."
"The search engine and indexes are fast and optimized, and the report generation dashboard is user-friendly."
"The search lookups are useful."
"Splunk is user-friendly. We can easily customize the monitoring script."
"We were able to create a catalog of dashboards and have a holistic view at all levels. We could understand our business much better. Real-time errors, which were buried in emails before now, surfaced up on dashboards."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"Visualizations are the best way to understand deviation techniques from the norm."
 

Cons

"It would be helpful to build applications based on Azure functions or web apps in Palantir Foundry."
"The data lineage was challenging. It's hard to track data from the sources as it moves through stages. Informatica EDC can easily capture and report it because it talks to the metadata. This is generated across those various staging points."
"The workflow could be improved."
"It requires a lot of manual work and is very time-consuming to get to a functional point."
"Cost of this solution is quite high."
"Compared to other hyperscalers, Palantir Foundry is complex and not so user-intuitive."
"Difficult to receive data from external sources."
"Some error messages can be very cryptic."
"I think the only thing lacking is that there are some answers that I couldn't find about the tool without reaching out to support, and it had to be escalated to the engineering team."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"The setup time is quite long."
"The prices are complicated as we operate in a small third-world country."
"The glass table feature does not perform as expected."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"The security can be improved."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
 

Pricing and Cost Advice

"Palantir Foundry is an expensive solution."
"Palantir Foundry has different pricing models that can be negotiated."
"The solution’s pricing is high."
"It's expensive."
"It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation."
"I am fine with the licensing, but in terms of the cost, it is expensive for the data that we have. We have an open discussion with our account rep about this."
"Splunk has always been on the expensive side."
"Expensive compared to other options."
"We have seen ROI and improvements as we have continued to use the product, but they are more reactive."
"We had a yearly subscription."
"There is an annual license required to use this solution."
"Be upfront about your needs and expectations. Splunk is great to work with."
report
Use our free recommendation engine to learn which IT Operations Analytics solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Manufacturing Company
13%
Financial Services Firm
11%
Computer Software Company
10%
Government
7%
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Palantir Foundry?
Palantir Foundry is a robust platform that has really strong plugin connectors and provides features for real-time integration.
What needs improvement with Palantir Foundry?
The solution’s data security could be improved. We cannot use many Python packages with the solution. We were able to use only a few compatible Python packages.
What is your primary use case for Palantir Foundry?
Our use cases are mostly related to data analytics. We are building some dashboards and ETL pipelines on the Palantir side. Palantir Foundry is a low-code/no-code platform with a user-friendly UI. ...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Learn More

 

Overview

 

Sample Customers

Merck KGaA, Airbus, Ferrari,United States Intelligence Community, United States Department of Defense
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Palantir Foundry vs. Splunk Enterprise Security and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.