We performed a comparison between Logz.io and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI of Sentinel is very good and easy to use, even for beginners."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The analytic rule is the most valuable feature."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The connectivity and analytics are great."
"It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want."
"The query mechanism for response codes and application health is valuable."
"InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general."
"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues."
"The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive."
"We use the product for log collection and monitoring."
"We use the tool to track the dev and production environment."
"The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks."
"The logs on the solution are excellent."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"It helps us uncover bottlenecks in the network."
"The SIEM is the most valuable feature of the product."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The product can be improved by reducing the cost to use AI machine learning."
"I would like to see more AI used in processes."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The solution needs to expand its access control and make it accessible through API."
"The product needs improvement from a filtering perspective."
"Capacity planning could be a little bit of a struggle."
"I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two."
"The price can be cheaper and they should have better monitoring."
"The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well."
"I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back."
"When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"They should make data onboarding easier."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"Could be more user friendly."
"For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"The product must improve insider threat detection."
Logz.io is ranked 24th in Log Management with 8 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. Logz.io is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Logz.io is most compared with Datadog, Wazuh, Coralogix, Grafana Loki and ManageEngine File Audit Plus, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our Logz.io vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.