We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The Log analytics are useful."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"There are lots of free learning materials on their website."
"There are a lot of third-party applications that can be installed."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"It has a big user base, so the community is useful."
"It has improved our server performance monitoring overall. We know right away when there are problems. It has built-in statistics, so we can go back and see if there's spiking. We can check what's happening every day around the same time and check the configuration to see if there's something that's running and needs to be fixed."
"It's a very reliable platform and we've never had any issues regarding the scalability or the stability of Zabbix."
"Health and communication links availability."
"Dashboard and the customization of the items and triggers are the most valuable features."
"There is a problems page that shows us every warning or problem that occurs on our VMs globally. The map screen is also really useful because this is something that was missing. I don't know every other tool in the market. So, I don't know if this is a good point of only Zabbix, or other tools are also doing it, but from my point of view, this is the most useful page that I use, along with the problems page that efficiently lists the problem, recovery time, ending hours, starting hours, and so on."
"The pricing of the product is reasonable."
"It has good graphs of what is going on within the operating system."
"Zabbix is good for discovery."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"The product can be improved by reducing the cost to use AI machine learning."
"We are invoiced according to the amount of data generated within each log."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"Splunk is more expensive than other solutions."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"Splunk needs local technical support."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
"The System Center Operations Manager can be improved."
"Zabbix could improve when it comes to large-scale use cases. Additionally, the inventory could be better when connecting to other solutions, such as ServiceNow. There show to be better integration with other platforms and storage."
"The documentation gets a bit messy between versions and is not too detailed, which is a bit painful for first-timers, especially when they run into issues."
"The reports are not great and should be improved."
"The reporting features need improvement, especially detailed inventory reporting. Since it's freeware, reporting may not be a major focus."
"I am having difficulties connecting it to Grafana, as well as some of the other plugins like Kibana."
"It would be helpful if they translated the documentation to Cyrillic languages."
"I would like to see a more flexible mobile client, and better HA out of the box."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Zabbix is ranked 1st in Network Monitoring Software with 100 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and LibreNMS.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.