Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs Stackify comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
Stackify
Ranking in Log Management
63rd
Average Rating
7.8
Number of Reviews
6
Ranking in other categories
Application Performance Monitoring (APM) and Observability (62nd), IT Infrastructure Monitoring (57th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Splunk Enterprise Security is 7.4%, down from 11.1% compared to the previous year. The mindshare of Stackify is 0.1%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
Moses Arigbede - PeerSpot reviewer
Easy to set up with great custom dashboards but needs to improve non-.NET infrastructure
They need to improve non-.NET infrastructure. We always had difficulty when it comes to reporting or metrics that come from Linux operating systems and Docker containers. For anything that runs within the Unix environment, we always had problems with them, however, if it was a document-based application, Stackify was 100%, it gave everything. Now, the aggregation agent, the metric agent for Stackify for Linux, collects everything. When I say everything, I mean, everything. It collects so much information that we now started to term it as useless data as all that ingestion will just come in and overwhelm your log retention limit for the month and really this spike up your cost at the end of the month. You'll need to do a lot in order to train down the data coming in from all your Linux environments, to get to what you really need, which actually takes some time as well. I would like to be able to see metrics about individual running containers on the host machines. Stackify has not really gotten that right, as far as I'm concerned. Netdata has done a better job and New Relic has also done a better job. They need to improve on that. We need to be able to see the individual resource usage of containers running within a particular host.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the ability to look at threats and link them to the MITRE ATT&CK framework."
"The risk-based alerting is excellent."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"The deployment is very fast."
"The filter feature on Stackify is one of the features I found valuable. It's awesome. When I want to get the application logs, the solution gives me many filters. For example, if I want to get logs from my test environment, the option is there for me to select the environment from Stackify, and you can also select the particular application, and you'll see the information you need there. The filter feature alone and the fact that Stackify offers a lot of different filters is what I like the most about the solution because I've used other tools with the filter feature, but the filtering was very difficult, versus Stackify that has good filtering. On Stackify, you can filter the information by the last one hour, or the last four hours, and you can also select the date range and specify the timestamp, then the solution will give you the information based on the date range you specified. Another feature I found valuable on Stackify is its rating feature because it tells you how your application is faring. For example, a rating of A means excellent, while a rating of F means very bad, or that your application is not doing well at all. The ratings are from A to F. I also like that Stackify helps you in terms of load management because the solution gives you information on overutilized resources. These are the most valuable features of the solution."
"The solution is stable and reliable."
"The performance dashboard and the accurate level of details are beneficial."
 

Cons

"I think the only thing lacking is that there are some answers that I couldn't find about the tool without reaching out to support, and it had to be escalated to the engineering team."
"The implementation and the scanning of the logs can be difficult."
"Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
"Splunk Enterprise Security can provide more details and help CISOs resolve vulnerability situations better. The reason is that the tools we choose for data analysis and log collection cannot collect all the data and logs. Splunk Enterprise Security should help me with this, but it cannot."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"An improved user interface along with multi-tenancy support would be beneficial."
"The user interface is not user-friendly for non-technical users."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"The search feature could be improved."
"I've not used Stackify for a while, and I'm currently using a solution now that's not as good as Stackify. Among the solutions I've been using so far, Stackify has been one of the best for me, but there's always room for improvement. For example, I don't know if it's just me, but when I try to get the log from Stackify, sometimes it doesn't appear in real-time. It takes a few minutes before the logs appear. When I redeploy my solution and the application starts, I don't see the logs immediately, and it would take two to three minutes before I see the logs. I don't know if other customers have a similar experience. It's the wait time for the logs to appear that's a concern for me, could be improved, and is what the Stackify team should be looking into. In terms of any additional feature that I'd like added to the solution, I'm not sure if Stackify has a way to export logs out. I've been trying to do it. On the solution, you can click on a spiral-like icon and it shows you the entire error, and I'd prefer an export button that would let me download the error and save that into a text file, for example, so it'll be available on my local machine for me to reference it, especially because the log keeps going and as you're using the solution, the system keeps pushing messages on to Stackify, so if I'm looking at a particular error at 12:05 PM, for example, by the time I go back to my system and would like to revisit the error at 12:25 PM, on Stackify, the logs would have gone past that level and I won't see it again which makes it difficult. When you now go back to that timestamp, you don't tend to see it immediately, but if the solution had an export feature for me to save that particular error information on my local machine for reference at a later time, I won't have to go back to Stackify. I just go to that log, specifically to that particular export that I've received on my local machine. I can get it and review it, and it would be easier that way versus me going back to Stackify to find that particular error and request that particular information."
"It should be easily scalable and configurable in different instances."
"I would like to be able to see metrics about individual running containers on the host machines."
 

Pricing and Cost Advice

"Be upfront about your needs and expectations. Splunk is great to work with."
"Luckily, we come under a large federal agency, and before the pandemic, they signed a large enterprise license agreement. It worked out great and to our advantage because we are a small organization. We got a 300 gig license, and we just did not have the buying power to be able to get products cheaply. Because we all partnered together under the agency umbrella, we were able to get Splunk Enterprise Security, UBA, and ITSI for cheap. This was good considering the fact that some of these premium apps require a minimum number of users, and we do not have the number of people needed to even justify buying it."
"Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel."
"Pricing is probably its weakest spot. As compared to some competitors, Splunk is really expensive."
"There is an annual license required to use this solution."
"The price of Splunk is reasonable."
"ROI is estimated at saving my team roughly 10 to 12 man hours per week in troubleshooting for our company as well as what our profits had been from our services of installing, configuring, and supporting other clients with the product."
"The pricing is based on the volume of data fed into it, which can lead to substantial costs. This pricing model is complex and unpredictable, making cost management difficult."
"The price is variable. It depends on how much data we have received in that particular month. Usually, it goes up to $2,000, or, at times, $3,000 USD per month."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
Financial Services Firm
23%
Computer Software Company
14%
Manufacturing Company
7%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
Ask a question
Earn 20 points
 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
MyRacePass, ClearSale, Newitts, Carbonite, Boston Software, Children's International, Starkwood Media Group, Fewzion
Find out what your peers are saying about Splunk Enterprise Security vs. Stackify and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.