Prometheus vs Splunk Enterprise Security comparison

The compared Prometheus and Splunk solutions aren't in the same category. Prometheus is ranked #8 in APM , with an average rating of 8.3, and holds a 3.3% mindshare in the category. Splunk is ranked #1 in SIEM , with an average rating of 8.4, and holds a 10.8% mindshare. Additionally, 100% of Prometheus users are willing to recommend the solution, compared to 93% of Splunk users who would recommend it.

Prometheus

Read 34 Prometheus reviews

6,588 Views
5,858 Comparison Views

100% willing to recommend

Splunk Enterprise Security

Read 303 Splunk Enterprise Security reviews

15,261 Views
12,770 Comparison Views

93% willing to recommend

Prometheus

Splunk Enterprise Security

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Prometheus and Splunk Enterprise Security based on real PeerSpot user reviews.

Find out in this report how the two Application Performance Monitoring (APM) and Observability solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Prometheus vs. Splunk Enterprise Security Report (Updated: May 2023).

Buyer's Guide

Prometheus vs. Splunk Enterprise Security

May 2023

Download the complete report

Helped 825,399 peers since 2012

Categories and Ranking

Prometheus

Average Rating

8.2

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Performance Monitoring (APM) and Observability (8th)

Splunk Enterprise Security

Average Rating

8.4

Reviews Sentiment

7.6

Number of Reviews

303

Ranking in other categories

Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Mindshare comparison

While both are Application Lifecycle Management solutions, they serve different purposes. Prometheus is designed for Application Performance Monitoring (APM) and Observability and holds a mindshare of 3.3%, down 3.7% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 10.8% mindshare, down 14.6% since last year.

Application Performance Monitoring (APM) and Observability

Security Information and Event Management (SIEM)

Featured Reviews

Noam Blidstein

Head of Global IT Operations at a financial services firm with 501-1,000 employees

A very flexible open box that can be used vastly to do anything you need

Make sure that you have dedicated manpower to configure and manage the solution. It requires handling, not necessarily on a daily basis, but it definitely requires someone who is focused and has expertise with the solution. Know in advance what you want to gain from the solution. Don't jump in to configuring or deploying before knowing what you expect from it. I like the solution very much. I think it is a major tool, especially in advanced environments. The open box provides a lot of flexibility and gives a very holistic view of the entire Kubernetes environment. Integrating with the Rancher management tool gives the solution even more abilities. There are several tools that we use behind the scenes to ease the process but the solution on its own is a very good tool. I rate the solution an eight out of ten.

Read full review

Avinash Gopu.

Associate VP & Cyber Security Specialist at US Bank

Offers good visibility into multiple environments, significantly reduces our alert volume, and speeds up our security investigations

There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices. This is because Splunk relies on agents, which cannot access certain workstations. In these cases, we have to rely on application data. For example, with mainframes, manual reports are generated and sent to Splunk, limiting visibility to what's manually reported. This lack of automation for specific platforms needs improvement from Splunk. Additionally, API access is limited for other applications that rely on API calls and requests. This requires heavy customization on Splunk's end. These are the main challenges we've encountered. Monitoring multiple cloud platforms, like Azure, GCP, and AWS, with Splunk Enterprise Security presents some challenges. While Splunk provides different connectors for each provider, consolidating data from two domains across distinct cloud environments can be complex. However, leveraging pre-built templates and Splunk's data collation capabilities can help overcome these hurdles. Despite initial difficulties, I believe Splunk can effectively address this task, earning it an eight out of ten rating for its multi-cloud monitoring capabilities. While Splunk Enterprise Security offers insider threat detection capabilities, its effectiveness could be enhanced by integrating with additional tools, such as endpoint security solutions. This integrated approach is particularly crucial for financial institutions, which often require dedicated endpoint security teams. While using multiple tools is valuable, further improvements within Splunk itself are also necessary. Considering both external integration and internal development, I would rate its current insider threat detection capabilities as three out of ten. Threat detection is where Splunk falls behind. While it offers tools, other use cases require additional work. PAM is an enterprise tool that centralizes information about users, servers, and everything else. It needs real-time monitoring, which I haven't seen in any of the companies I've worked for. They only rely on Splunk for alerting, but real-time monitoring should be handled by the endpoint security team's tools. This means there's no detection or analysis at the machine or endpoint level. Additionally, threat analysis reporting is also absent.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Stability-wise, I rate the solution a ten out of ten."

"It is highly valuable as it serves as the foundation for our infrastructure monitoring tools."

"The most valuable features of the solution are metrics scraping capabilities and the open source community and support."

"The most valuable features of Prometheus for metrics collection and monitoring are its stability, robustness, and rich set of features."

"I like its lightweight configuration functions."

"The good thing is it integrates well with the Grafana dashboard. It comes with a UI where you see everything as a graph."

"The resilience of the solution's metric collection is very nice."

"The solution is useful to collect huge metrics."

More Prometheus pros

"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."

"The flexibility of the solution is quite good."

"Splunk can deliver more information by going deeper. By creating a dashboard, we can identify the root cause of the threat. Let's say I have a firewall from Check Point. Splunk will find the dashboard for Check Point, implement it in our environment, and connect it to the Check Point firewall logs, which are shown on the dashboard. If we request a custom dashboard, the engineer will take longer to complete the task."

"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."

"The technical support has been very good. They are very responsive and have been helpful."

"We have created a few custom use cases for Splunk that have helped us detect threats faster. For example, we set up endpoint-related data models and specialized setups for various scenarios. It's more efficient than some other products I've used."

"The feature that we use the most is the correlation search engine within ES."

"It is the best tool if you have a complex environment or if data ingestion is too huge."

More Splunk Enterprise Security pros

Cons

"The product must improve its documentation."

"The setup process could be more straightforward."

"Prometheus' UI color can improve. Using the Prometheus UI for configuration or analyzing queries is a horrible experience."

"The UI and GUI are areas of concern in the product."

"Improvements could be made to the user interface."

"The interface is not particularly user-friendly and that could be improved."

"If you are not quite technical, it can be pretty hard to understand the way it works and how to query data in Prometheus."

"Prometheus requires improvement on the query side."

More Prometheus cons

"The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment."

"If it could be made available as a service, this would be much better than as a product."

"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."

"If you monitor too much, you can lose performance on your systems."

"The product's price may be an area of concern where improvements are required."

"We'd like Splunk to reduce false positives."

"The product was difficult to back up the first time."

"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."

More Splunk Enterprise Security cons

Pricing and Cost Advice

"We have the open-source version, so we don't pay for it."

"We use the solution's open-source version."

"Prometheus is an open-source solution."

"The product is expensive compared to Datadog."

"The solution is free of cost."

"It is an open-source tool."

"Prometheus is an open-source solution."

"The product is free."

More Prometheus pricing and cost advice

"It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."

"It's more expensive than the other tools, but it's worth it. Every penny is worth it."

"Splunk Enterprise becomes extremely expensive after the 20GB/month license."

"Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive."

"Setup cost is cheap: It is free, it is user-friendly, and it is fast."

"The pricing and licensing of the product are quite high."

"The pricing modules could be improved."

"Splunk Enterprise Security is expensive."

More Splunk Enterprise Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Performance Monitoring (APM) and Observability solutions are best for your needs.

See recommendations

825,399 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Financial Services Firm

26%

Computer Software Company

15%

Manufacturing Company

Government

Financial Services Firm

15%

Computer Software Company

14%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Prometheus?

The most valuable feature of Prometheus is its ability to collect metrics.

See all answers

What is your experience regarding pricing and costs for Prometheus?

Prometheus is an open-source tool.

See all answers

What is your primary use case for Prometheus?

We use Prometheus for observability and analyzing data for business metrics and system metrics. It helps us with messaging services observability. It also helps a lot with the architecture and scal...

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

See all answers

Comparisons

Azure Monitor vs Prometheus

Compared 16% of the time

Zabbix vs Prometheus

Compared 12% of the time

Dynatrace vs Prometheus

Compared 9% of the time

New Relic vs Prometheus

Compared 8% of the time

Apache SkyWalking vs Prometheus

Compared 8% of the time

More Prometheus Competitors

Wazuh vs Splunk Enterprise Security

Compared 10% of the time

IBM Security QRadar vs Splunk Enterprise Security

Compared 9% of the time

Dynatrace vs Splunk Enterprise Security

Compared 8% of the time

Datadog vs Splunk Enterprise Security

Compared 5% of the time

Sentinel vs Splunk Enterprise Security

Compared 4% of the time

More Splunk Enterprise Security Competitors

Product Reports

Buyer's Guide

Prometheus

December 2024

Download Prometheus product report

Buyer's Guide

Splunk Enterprise Security

December 2024

Download Splunk Enterprise Security product report

Learn More

Prometheus

Splunk

Overview

Prometheus specializes in gathering, monitoring, and analyzing logs and metrics. Utilized for data visualization in Grafana, cloud deployments, Kubernetes monitoring, and financial transactions, it provides a comprehensive view of application performance.

Prometheus is widely adopted for its robust metrics collection and scraping capabilities. It integrates seamlessly with Grafana for detailed visualizations and supports installations in cloud environments like Azure and Amazon. Prometheus is especially valued for monitoring Kubernetes deployments and ensuring efficient operation of servers, databases, and microservices. Its open-source nature provides reliability, flexibility, and scalability. Users appreciate its extensive integrations, APIs, and libraries, supporting multiple languages. Prometheus also offers remote writing, dynamic conflict resolution, high availability, and lightweight configuration with detailed documentation.

What are the key features of Prometheus?

Extensive Integrations: Supports APIs and libraries across multiple languages
Metrics Collection: Efficiently handles large amounts of metrics
Scraping Capabilities: Effective data gathering from applications
HTTP Monitoring: Reliable and detailed tracking
Grafana Integration: Seamless dashboards and visualizations
High Availability: Ensures system reliability
Lightweight Configuration: User-friendly setup process
Robust Querying: Advanced data querying and long-term storage integration

What benefits should users look for in reviews?

Holistic Application Performance: Provides a comprehensive view
Scalability: Handles growing amounts of metrics
Flexibility: Adapts to various cloud and on-premises environments
Reliability: Ensures consistent performance
Detailed Documentation: Offers clear guidance for users

Prometheus is extensively used in industries requiring robust monitoring and alerting systems. Financial services leverage it for tracking transactions, while tech companies deploy it for Kubernetes and microservices monitoring. Its scalable and flexible nature makes it a preferred choice for cloud environments, supporting the efficient operation of infrastructure and applications.

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Sample Customers

Information Not Available

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Buyer's Guide

Prometheus vs. Splunk Enterprise Security

May 2023

Free Report: Prometheus vs. Splunk Enterprise Security

Find out what your peers are saying about Prometheus vs. Splunk Enterprise Security and other solutions. Updated: May 2023.

DOWNLOAD NOW

825,399 professionals have used our research since 2012.

See our Prometheus vs. Splunk Enterprise Security report.

We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.