We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"Log analytics and log queries are the most valuable features of Azure Monitor."
"I am impressed by the reporting on the average eight ports that we get from this solution."
"The solution integrates well with the Microsoft platform."
"A product that is well-integrated for monitoring Microsoft Azure."
"Azure Monitor is useful because of the useful application insights and telemetry, such as metrics and logs."
"It's a service from Microsoft, so it will scale."
"The feature that I found most valuable in Azure Monitor is its monitoring abilities. With Azure Monitor, you are able to monitor all of your cloud resources across multiple subscriptions in one dashboard and create solution-specific alerts that can trigger an email to the team responsible for that specific solution."
"Azure Monitor is very stable."
"You can use it to gather syslog messages from anything."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The product is good, it satisfies our customers."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"The solution helped reduce our alert volume."
"The client site login is pretty extensible and probably cost-effective."
"Our clients are easily able to modify and evolve their implementations."
"There are a lot of things that take more time to do, such as charting, alerting, and correlation of data, and things like that. Azure Monitor doesn't tell you why something happened. It just tells you that it happened. It should also have some type of AI. Environments and applications are becoming more and more complex every day with hundreds or thousands of microservices. Therefore, having to do a lot of the stuff manually takes a lot of time, and on top of that, troubleshooting issues takes a lot of time. The traditional method of troubleshooting doesn't really work for or apply to this environment we're in. So, having an AI-based system and the ability to automate deployments of your monitoring and configurations makes it much easier."
"They need to work on a more hybrid deployment that will allow us to monitor local on-premise deployments and connect to different systems. I would like to see more integration."
"The biggest one is probably just the user interface. There could be more advanced logging at the database level. They can also improve their query builder to allow you to search for things better, but I last used it about a year ago. They might have already changed a ton of things in the newer versions."
"I would like more transparency when we use the solution with another environment, like on-premises, or on another cloud environment, like AWS or GCP."
"Lacks information including details related to where problems lie."
"This solution could be improved with more out-of-the-box functionalities and artificial intelligence to complete event correlation."
"Setting up this solution is complex. It's also missing the functionality of assigning alerts."
"I need connectivity with cost management."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"This solution could be improved by better pricing in general and by easier installation."
"This is a costly solution."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"The integration could be a bit better. They charge for certain integrations."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 228 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Prometheus, Sentry and AWS X-Ray, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and AppDynamics. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.