We performed a comparison between Splunk Enterprise Security and Tableau based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Free ingestion for Azure logs (with E5 licence)"
"Splunk is stable, and this is why many customers want it."
"Splunk Enterprise Security helped us with faster detection of threats."
"It has a rapid response search environment in the event of an incident."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"Splunk Enterprise Security's dashboards are a key asset."
"The data representation options in the dashboards are excellent."
"The most valuable feature is the richness of its visualization and from a self-service standpoint, the ease of use."
"The most valuable feature is the aggregation function."
"The solution deployment was straightforward."
"The maps and colors and interface are all fantastic."
"It provides business users with a tool, so they are not dependent on IT."
"Scheduled extract and the multiple connectors are fantastic!"
"Tableau is easy to use. That's the first and most important thing. I not only provide consulting but I also train people to use it, so with its ease-of-use it's not as difficult for me to train executives and management staff, because they don't have the IT background, unlike when I'm using Python."
"I love the customization skills that Tableau has, it is not restricted to what is built-in already."
"The playbook is a bit difficult and could be improved."
"Sentinel's reporting is complex and can be more user-friendly."
"The product can be improved by reducing the cost to use AI machine learning."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The reporting could be more structured."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The product's price may be an area of concern where improvements are required."
"The setup time is quite long."
"My biggest struggle with Splunk in general is memorizing all the commands. If I want to know which users have logged in between certain hours, I cannot write that query out. It would be helpful to have AI so that I can explain in simple terms what I want and then the search gives that back to me. I am waiting for that."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"Technical support needs to be more responsive."
"There is a definite learning curve to starting out."
"It needs integration with a configuration management solution."
"The SQL programming functionality needs to be improved."
"The price could be better."
"Overall, the only major frustration that I have had so far is with Tableau Public. I first used Tableau Public when I was building capacity, and when there was a later release to download and you wanted to upgrade, all your work would have to be manually re-entered."
"There are not enough language options. It needs to be offered in more than just English."
"We did have issues with Tableau 10.1 server with the brokers failing on heavy load but since moving to 10.2, then to 10.3, this issue seems to have been resolved and the environment is now quite stable."
"It would be nice to include more features on each dashboard."
"The solution needs to improve its integration capabilities."
"Licensing and pricing options could be made better so that more users would be able to use it."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Tableau is ranked 2nd in BI (Business Intelligence) Tools with 293 reviews. Splunk Enterprise Security is rated 8.4, while Tableau is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Tableau writes "Provides fast data access with in-memory extracts, makes it easy to create visualizations, and saves time". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Tableau is most compared with Microsoft Power BI, Amazon QuickSight, Domo, SAS Visual Analytics and Databricks.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.