Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs Splunk ITSI (IT Service Intelligence) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 31, 2024
 

Categories and Ranking

Splunk Enterprise Security
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
Splunk ITSI (IT Service Int...
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
49
Ranking in other categories
Application Performance Monitoring (APM) and Observability (11th), IT Alerting and Incident Management (4th)
 

Featured Reviews

Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.
Sunil K R - PeerSpot reviewer
Apr 5, 2024
Helps improve our incident response time, and our mean time to resolve, but visibility is limited
In my previous project, I successfully led the end-to-end deployment of a Splunk migration. The process went smoothly thanks in part to Splunk's professional services team. They conducted a thorough assessment, identified all our potential pain points, and developed a tailored solution and migration plan. This comprehensive approach ensured a seamless transition. Our core deployment team consisted of 5 internal members and two specialists from Splunk. Additionally, the project included a project manager and a product owner. We also benefited from the expertise of two professional service consultants and two representatives from the customer's side. An on-site admin architect further provided valuable technical support. Throughout the deployment process, we leveraged support from various resources whenever necessary. This included assistance with configuration changes, deployments, and other related tasks. We also collaborated effectively with our teammates to ensure a smooth and successful implementation.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I am enjoying our implementation of risk-based alerting. That has helped very much with cutting out a lot of the noise that we have. It has reduced our alert volume significantly. There is about an 80% reduction."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"Splunk Enterprise Security's dashboards are a key asset."
"It has been really good at consolidating a lot of data from different sources. It's really good at generating summaries."
"Splunk Enterprise Security is a valuable tool that allows us to monitor data from the APS daily."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"The solution's most valuable feature is threat intelligence correlations."
"ITSI's most valuable feature is that it's easy to integrate DLP."
"The solution's most valuable feature is the aggregation of the metrics and the relative ease of getting them away from search."
"I particularly like the preview feature because it provides a prompt experience for impact analysis."
"One of the excellent features is the service analyzer, which is truly impressive."
"Customers have noted the solution helps streamline incident management."
"I find the episode review, glass tables, and correlation search features very useful."
"One particularly useful feature of Splunk ITSI is the ability to create custom services."
"Splunk ITSI helps us secure our environment by allowing us to create automatons that run when alerts are triggered."
 

Cons

"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"Being able to have a one-stop shop where you have the alert, but then you can generate the case right there from Splunk Enterprise Security instead of having to pivot to another tool such as Mission Control. You do not have to keep bouncing between them, so if you could do it all in one place, that would be great. The new release is supposed to start getting in that direction."
"The configuration had a bit of a learning curve."
"Free-floating panels in the dashboards are like a glass table."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"Cybersecurity and infrastructure monitoring have room for improvement."
"The user interface visualization could be improved."
"There should be entity conflict resolution, specifically regarding duplicate entities. There should be case sensitivity for various keys amongst entities, specifically host names. We need IT metrics-based indexes and more content packs. I know they are coming out with these features"
"Integration is the most critical area to improve in Splunk IT Service Intelligence (ITSI). It wasn't a great experience because you had to do a little back and forth to integrate the solution."
"While Splunk has existing add-ons, they are unreliable and do not provide accurate results."
"When we check the service analyzer, and we have custom inputs, there are issues."
"Splunk ITSI should include ease of integration and more templating."
"Microservices is the only area where Splunk ITSI can be improved. When things come from one EC2 instance to another, there's a lack of exposure to microservices, so we can't know what's happening. Apart from that, it's doing pretty well."
"They should make it easier to use. Many people are new to it. It is hard and has a steep learning curve."
 

Pricing and Cost Advice

"Most people share the same thought that the ingestion rates can get pretty pricey. There is a lot of work we do to curate the data that we send to Splunk so that it is not too noisy or too expensive."
"Splunk Enterprise Security is affordable."
"I think we recently switched to the SVC pricing compared to the ingest pricing."
"Splunk has always been on the expensive side."
"The price of Splunk is too high for our market."
"While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."
"It is economical than other solutions."
"We had a yearly subscription."
"The licensing is based on data usage."
"It depends on how big an organization is. If we have a lot of resources, the licensing needs to be upgraded. If we have a small environment, the licensing cost is definitely going to be less."
"Splunk is pretty expensive, but it gives you a decent insight into the data. It is easy to learn, and ITSI has a great interface. You can run those queries and pass the data. I"
"Splunk ITSI is an expensive tool, and we need to purchase the utility license."
"Pricing was pretty good, and it is possible to just add on the features we want."
"Its pricing has been changed as per the market. You get a good support service with it as well. They have 24/7 customer support. There is a portal, and if you are having issues, they are available in order to resolve them. So, its pricing isn't too much."
"Splunk ITSI is a premium application and comes with a premium price tag."
"It would have been good if the product cost was much lower."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
Financial Services Firm
19%
Computer Software Company
14%
Government
13%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
What needs improvement with Splunk ITSI (IT Service Intelligence)?
Currently, Glass tables in ITSI only display metrics related to KPIs. I proposed adding an option to show metrics related to entities. This would eliminate the need for custom SPL to achieve this f...
 

Learn More

 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
TransUnion, Cox Automotive, Carnival Cruises, Leidos, Econocom, National Ignition Factory, Entrust Datacard, Molina Healthcare, United States Census Bureau
Find out what your peers are saying about Splunk Enterprise Security vs. Splunk ITSI (IT Service Intelligence) and other solutions. Updated: May 2023.
814,649 professionals have used our research since 2012.