Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs syslog-ng comparison

Splunk and One Identity are both solutions in the Log Management category. Splunk is ranked #1 with an average rating of 8.4, while One Identity is ranked #14 with an average rating of 8.6. Splunk holds a 9.4% mindshare in LM, compared to One Identity’s 3.0% mindshare. Additionally, 93% of Splunk users are willing to recommend the solution, compared to 100% of One Identity users who would recommend it.
Splunk Enterprise Security
Read 301 Splunk Enterprise Security reviews
  • 19,280 Views
  • 15,949 Comparison Views
93% willing to recommend
syslog-ng
Read 5 syslog-ng reviews
  • 4,475 Views
  • 3,536 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 29, 2024

Splunk Enterprise Security and syslog-ng are robust security solutions with different strengths. Splunk Enterprise Security excels in user satisfaction and overall functionality, while syslog-ng is valued for efficiency and cost-effectiveness.

Features: Splunk Enterprise Security users highly value its comprehensive analytics, real-time threat detection, and extensive integrations. syslog-ng is praised for its high performance, ability to handle large volumes of log data efficiently, and simplicity in log management.

Room for Improvement: Users of Splunk Enterprise Security suggest improvements in its resource consumption, complexity, and user interface. syslog-ng users point out the need for a more intuitive configuration process, better support documentation, and enhanced filtering capabilities.

Ease of Deployment and Customer Service: Deploying Splunk Enterprise Security can be resource-intensive, with responsive customer support. syslog-ng's deployment is relatively straightforward and efficient, although its customer service requires improvement.

Pricing and ROI: Users indicate that Splunk Enterprise Security has higher setup costs and a significant learning curve but delivers strong ROI through its powerful capabilities. syslog-ng offers a more affordable solution with quicker ROI due to simpler implementation and excellent performance.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Splunk Enterprise Security vs. syslog-ng Report (Updated: October 2024).
Buyer's Guide
Splunk Enterprise Security vs. syslog-ng
October 2024
Download the complete report
Helped 814,763 peers since 2012
 

Categories and Ranking

Splunk Enterprise Security
Ranking in Log Management
1st
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
syslog-ng
Ranking in Log Management
14th
Average Rating
8.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2024, in the Log Management category, the mindshare of Splunk Enterprise Security is 9.4%, down from 13.6% compared to the previous year. The mindshare of syslog-ng is 3.0%, up from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.
Read full review
RyanVargas - PeerSpot reviewer
Feb 13, 2023
It's a user-friendly open-source solution that can replace or augment a commercial product in some cases
I rate syslog-ng 10 out of 10. It's free and easy to use. It has built-in tools that help us index the various logs sent to it. It's a solid log product. If you're looking for a SIEM solution, syslog-ng will work as a stopgap measure at beginning of the project. It can also work as an injector for a true SIEM solution. You can send all the logs to syslog-ng and forward all the data to the SIEM solution after you've cleaned up the data and got the pertinent information. It's a good front end for a commercial SIEM solution, which becomes more expensive as you load more data into it. I would highly recommend syslog-ng for that use case. However, if you lack the expertise, you might need to go with a cloud-based SIEM instead. You need some in-house expertise or an outside consultant to manage it and set it up.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"Splunk has machine learning which is a valuable feature."
"The solution allows easy gathering and ingestion of the data."
"The technical support is among the best in the market."
More Splunk Enterprise Security pros
"For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior."
"The ability to extract and store the logs is the most valuable feature of syslog-ng."
"Syslog-ng has a separate config file in addition to the core configuration."
"Syslog-ng provides easy access to all my logs. It helps me show managers and other clients precisely where an incident occurred. I also like it because you can integrate syslog-ng with multiple solutions to allow real-time monitoring."
"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."
 

Cons

"The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc."
"Could be more user friendly."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"Configuring a few apps is complex, not straightforward."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"The main issue that I have with it is that the field transformations sometimes overlap with those in Splunk Enterprise, and then you get permissions issues that lead to troubles."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
More Splunk Enterprise Security cons
"There is always the potential for additional integration and protocol extensions."
"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."
"It's hard to find people who know how to use syslog-ng. I often find problems with configurations, and solutions aren't integrated correctly with syslog-ng. For example, there might be data with extra decimals, or the collector agents are incorrectly named. It isn't a problem with the solution; it's a lack of professionals."
"The filtering has room for improvement."
"There is room for improvement in terms of observability."
 

Pricing and Cost Advice

"It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation."
"The price of Splunk is too high for our market."
"The Splunk licensing is high."
"Splunk Enterprise Security's pricing is pretty competitive."
"As a team, we prefer the old pricing model with a perpetual license. We are still evaluating the whole subscription-based model."
"The price of this solution is expensive. However, it has great features. If you want a great solution you need to pay a price matching the features."
"The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele."
"The pricing of Splunk Enterprise Security is high."
More Splunk Enterprise Security pricing and cost advice
"Syslog-ng is open-source."
"Syslog-ng is a free open-source solution."
report
See which vendors are best for you
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
See recommendations
814,763 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
Computer Software Company
14%
Government
14%
Financial Services Firm
8%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
See all answers
What do you like most about syslog-ng?
For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior.
See all answers
What is your experience regarding pricing and costs for syslog-ng?
The pricing is in the middle. I would rate the pricing a six out of ten, with one being expensive and ten being cheap.
See all answers
What needs improvement with syslog-ng?
There is room for improvement in terms of observability. Additionally, a possible new feature could be Kafka integration.
See all answers
 

Comparisons

Wazuh vs Splunk Enterprise Security Logo
Wazuh vs Splunk Enterprise Security
Compared 11% of the time
IBM Security QRadar vs Splunk Enterprise Security Logo
IBM Security QRadar vs Splunk Enterprise Security
Compared 9% of the time
Dynatrace vs Splunk Enterprise Security Logo
Dynatrace vs Splunk Enterprise Security
Compared 8% of the time
Datadog vs Splunk Enterprise Security Logo
Datadog vs Splunk Enterprise Security
Compared 4% of the time
AppDynamics vs Splunk Enterprise Security Logo
AppDynamics vs Splunk Enterprise Security
Compared 4% of the time
More Splunk Enterprise Security Competitors
SolarWinds Kiwi Syslog Server vs syslog-ng Logo
SolarWinds Kiwi Syslog Server vs syslog-ng
Compared 34% of the time
Graylog vs syslog-ng Logo
Graylog vs syslog-ng
Compared 23% of the time
Grafana Loki vs syslog-ng Logo
Grafana Loki vs syslog-ng
Compared 16% of the time
Elastic Stack vs syslog-ng Logo
Elastic Stack vs syslog-ng
Compared 4% of the time
Logstash vs syslog-ng Logo
Logstash vs syslog-ng
Compared 4% of the time
More syslog-ng Competitors
 

Product Reports

Buyer's Guide
Splunk Enterprise Security
October 2024
Splunk Enterprise Security reportDownload Splunk Enterprise Security product report
Buyer's Guide
Log Management
November 2024
syslog-ng reportDownload syslog-ng product report
 

Learn More

Splunk
One Identity
 

Overview

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?
  • Comprehensive Dashboards: Provide a holistic view of security operations.
  • Flexible Data Ingestion: Supports various data sources for better analysis.
  • Robust Log Aggregation: Centralizes log management for easier monitoring.
  • Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
  • SIEM Capabilities: Integrates security information and event management.
  • Threat Intelligence: Utilizes external information to improve security measures.
  • Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
  • Correlation Searches: Identifies and correlates security events effectively.
What benefits or ROI should users look for?
  • Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
  • Faster Incident Response: Speeds up identification and resolution of security issues.
  • Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
  • Scalability: Adapts to growing and changing security needs.
  • Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Optimizing SIEM
syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM.

Rapid search and troubleshooting
With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs.

Meeting compliance requirements
syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance.

Big data ingestion
syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others.

Universal log collection and routing
syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management.

Secure data archive
syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs.

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Tecnocom, University of Victoria, University of Exeter, Datapath
Buyer's Guide
Splunk Enterprise Security vs. syslog-ng
October 2024
Free Report: Splunk Enterprise Security vs. syslog-ng
Find out what your peers are saying about Splunk Enterprise Security vs. syslog-ng and other solutions. Updated: October 2024.
DOWNLOAD NOW
814,763 professionals have used our research since 2012.
See our Splunk Enterprise Security vs. syslog-ng report.
See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.