We performed a comparison between Splunk Enterprise Security and Tableau based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The machine learning and artificial intelligence on offer are great."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"It has a lot of great features."
"Out-of-the-box, it seems very powerful."
"The most valuable aspect of the solution is the dashboard. It's very intuitive."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"We solve issues that we previously could not since we now have the data."
"Visualizations are the best way to understand deviation techniques from the norm."
"The most valuable feature of Splunk is the management and built-in workflows."
"This is a straightforward solution, easy to configure."
"The most valuable feature is the user experience."
"The action feature which Tableau has is very useful for us. If we click on one visualization, it will pass the value to another visualization. That interactivity within different visualizations is the most valuable feature of Tableau."
"It provides supporting data for critical policy and operational changes"
"It is an excellent tool for data capture, processing, and visualization."
"The geospatial maps representation and the visualizations are nice."
"The solution deployment was straightforward."
"It’s good for quick visualization and being able to quickly consume unstructured data to play around with."
"The platform's most important feature is predictive analysis."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Features related to content management must be improved."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"There is a definite learning curve to starting out."
"In the cloud sometimes the performance is a little bit slow."
"The data entered into Tableau must be clean. Otherwise, it won't work properly."
"More integration with Python or something related to machine learning would be a good improvement."
"When we put more information on a single screen, it gets compressed and superimposed in many places while scrolling."
"At the organizational level, increasing the servers' capabilities to support us as an enterprise tool."
"Small multiples (a.k.a. Trellis charts) are possible only through very hacky means. Update: Still remains a challenge."
"They need a write-back; that is what is missing. If they get the write back to the database, they will be fully automated, but for the time being, they are not."
"From the developer perspective, the data connection handling the target data set is what most needs to be improved."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Tableau is ranked 2nd in BI (Business Intelligence) Tools with 293 reviews. Splunk Enterprise Security is rated 8.4, while Tableau is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Tableau writes "Provides fast data access with in-memory extracts, makes it easy to create visualizations, and saves time". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Tableau is most compared with Microsoft Power BI, Amazon QuickSight, Domo, SAS Visual Analytics and Databricks.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.