No more typing reviews! Try our Samantha, our new voice AI agent.

RSA enVision vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 25, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

RSA enVision
Ranking in Security Information and Event Management (SIEM)
32nd
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
405
Ranking in other categories
Log Management (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of RSA enVision is 0.8%, up from 0.3% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.3%, down from 9.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Splunk Enterprise Security7.3%
RSA enVision0.8%
Other91.9%
Security Information and Event Management (SIEM)
 

Featured Reviews

SF
Président at ARS Solutions
Support both French and English, which is important for us and adapted to the evolving security landscape over time in my experience
You need a skilled engineer to deploy it because you can do anything with this tool. You can see everything on the network. A good engineer will be surprised and have fun using this tool because it's very powerful. Deployment process: You need to build a recipe/layout when you want to deploy something. Once the recipe is done, you just have to copy it. So you really need a good engineer at first, but then any other technician can copy the recipe. You don't need to be an expert once the recipe is finalized. So, once you have it set up, it's easy to deploy. But you need a good engineer to deploy it correctly. You will get alerts from the system, but if you want to fully explore and maximize the tool, the engineering needs are different.
Sathis-Kumar - PeerSpot reviewer
Senior Manager at Bank of America
Helps us detect cyber threats quickly and integrate multiple feeds effectively
Overall, the product is good, but when it comes to some infrastructure issues, we have to dig into more logs. There is no straightforward indication of an issue. Health check kind of dashboards are not available. More AI would help us, and more optimization, since security products run more queries. The AI module could suggest solutions, optimizing queries or workload balancing. If the product itself advises on running queries during peak times, it would be similar to what ChatGPT currently offers. We see quite a few issues on stability. Even last week, we faced something, and identifying bottlenecks is not easy. We need more SMEs, and there is no mechanism to tell us about indexer or search head issues. Self-monitoring dashboards could be beneficial. The technical support still requires more improvement. Often, primary support takes a lot of time and forwards most solutions to the engineering side. The primary support team has very limited knowledge to provide.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ease of log collection and stability of the platform are the most valuable features."
"The custom dashboard and correlation alerts in this solution improved our incident response process."
"We developed around this solution and received excellent support from the company."
"The most valuable feature of this solution is the reporting."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"RSA enVision provides the full system visibility of your events within your IT ecosystem."
"Splunk can deliver more information by going deeper. By creating a dashboard, we can identify the root cause of the threat. Let's say I have a firewall from Check Point. Splunk will find the dashboard for Check Point, implement it in our environment, and connect it to the Check Point firewall logs, which are shown on the dashboard. If we request a custom dashboard, the engineer will take longer to complete the task."
"We use the solution as a log collector, and to analyze and provide alerts from the IT instructor."
"We use Splunk Cloud as a SIEM solution and to monitor traffic and the network for detection purposes."
"The main advantage of the solution is that it provides an easy setup platform in the new environment."
"It has increased our business resilience. It's a top-of-the-line SIEM security product. It's the best tool for our security analysts which helps them do their job better. That then protects our company from adversary actors."
"The solution has improved our organization by providing a comprehensive picture of any external threats to the operating system and improves asset control."
"Splunk has machine learning which is a valuable feature."
"We can extract the metrics we want on the dashboards. We are able to react to the incidents."
 

Cons

"RSA enVision log manager is out of date and is not in use anymore."
"There is no future for this solution. It does not exist anymore."
"Sometimes the investigation panel and reporting engine work very slowly."
"Licensing could be improved to be more oriented towards Managed Service Providers (MSPs)."
"The integration could be easier, it should support more products."
"In general, the solution currently isn't user-friendly."
"Whenever you perform the query, it takes too long."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
"Splunk is very complex. The implementation and the scanning of the logs can be difficult."
"I have not seen ROI with Splunk Enterprise Security."
"I rate the technical support of Splunk Enterprise Security as a three. I find it not good because whenever I raise a ticket, they take a very long time."
"Splunk can be an expensive solution. Technical support could be improved as well."
"The ticketing platform could be improved."
"From time to time, there are some glitches with stability; some logs are missing, and whenever there is something wrong with Splunk Enterprise Security, our external SOC team needs to raise a ticket and it can be time-consuming to wait for them to reply."
"There is not much to improve in Splunk Enterprise Security, but points such as deep learning and writing complex queries can be time-consuming, and managing multiple correlation rules can become complex over time, especially with high volumes of log data that can affect performance."
 

Pricing and Cost Advice

"We no longer pay a licensing fee because it is out of date and don't pay for support."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing a six."
"The tool's pricing model is great. You can choose between workloads or volume."
"Splunk differs from other SIEM solutions by using a gigabyte-based pricing model, rather than the agent-based licenses common with its competitors."
"While some clients find the cost of Splunk Enterprise Security to be on the higher end, its pricing is comparable to other SIEM solutions."
"Splunk is a bit pricier, but the benefits and ROI are huge."
"Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
"From what I have seen so far, Splunk has multiple cost models. The one that we are using is pretty good when it comes to ingesting data into the environment. It has worked out pretty well."
"Splunk is priced higher than other solutions."
"ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
903,067 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Comms Service Provider
14%
Construction Company
13%
Manufacturing Company
11%
Retailer
10%
Financial Services Firm
14%
Manufacturing Company
9%
Computer Software Company
8%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business125
Midsize Enterprise61
Large Enterprise279
 

Questions from the Community

What needs improvement with RSA enVision?
Licensing could be improved to be more oriented towards Managed Service Providers (MSPs). Perhaps offering different types of licensing would be beneficial, as it can be expensive for industries wi...
What advice do you have for others considering RSA enVision?
Overall, I would rate it a nine out of ten. I recommend using it, but it also depends on the needs and the budget. If I still had my company, I think we would continue using RSA enVision. However, ...
What is your experience regarding pricing and costs for RSA enVision?
It's competitive, but they need to adapt to MSPs. Maybe that's not their target market, though.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

BPS (SUISSE), Hypovereinsbank Germany, MAX Hamburgers, Infoplex, Neotel, Telus
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about RSA enVision vs. Splunk Enterprise Security and other solutions. Updated: June 2026.
903,067 professionals have used our research since 2012.