We performed a comparison between Elastic Search and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Elastic, IBM, Luigi's Box and others in Indexing and Search."The ability to aggregate log and machine data into a searchable index reduces time to identify and isolate issues for an application. Saves time in triage and incident response by eliminating manual steps to access and parse logs on separate systems, within large infrastructure footprints."
"The solution is stable and reliable."
"The special text processing features in this solution are very important for me."
"Elasticsearch includes a graphical user interface (GUI) called Kibana. The GUI features are extremely beneficial to us."
"The most valuable features are the data store and the X-pack extension."
"I appreciate that Elastic Enterprise Search is easy to use and that we have people on our team who are able to manage it effectively."
"The most valuable features of Elastic Enterprise Search are it's cloud-ready and we do a lot of infrastructure as code. By using ELK, we're able to deploy the solution as part of our ISC deployment."
"The most valuable feature for us is the analytics that we can configure and view using Kibana."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"This solution helps us increase our productivity."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"The logs on the solution are excellent."
"It's basically one of the best SIEM products on the market."
"Support is quick and competent."
"The solution has made us more secure."
"The most valuable feature of Splunk is the management and built-in workflows."
"We have an issue with the volume of data that we can handle."
"Technical support should be faster."
"Enterprise scaling of what have been essentially separate, free open source software (FOSS) products has been a challenge, but the folks at Elastic have published new add-ons (X-Pack and ECE) to help large companies grow ELK to required scales."
"The different applications need to be individually deployed."
"I have not been using the solution for many years to know exactly the improvements needed. However, they could simplify how the YML files have to be structured properly."
"I would rate the stability a seven out of ten. We faced a few issues."
"Elastic Search could benefit from a more user-friendly onboarding process for beginners."
"We'd like to see more integration in the future, especially around service desks or other ITSM tools."
"The solution could improve by giving more email details."
"It requires a significant amount of relatively complex architecture once you push past the single server instance."
"An improved user interface along with multi-tenancy support would be beneficial."
"Customizing our commands should be simpler. Creating custom commands in Splunk requires a long, complex process. For example, we have a command to add all the column data, but we don't have a command to get the average of the column data at the end. It would be useful to have a blank at the end to create our commands and leave the rest to others."
"Configuring a few apps is complex, not straightforward."
"Splunk Enterprise Security is complicated in terms of developing specific cybersecurity use cases."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
Elastic Search is ranked 1st in Indexing and Search with 59 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 255 reviews. Elastic Search is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Search writes "Played a crucial role in enhancing our cybersecurity efforts ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Search is most compared with Faiss, Milvus, Pinecone, Azure Search and Amazon Kendra, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel.
We monitor all Indexing and Search reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Generally Elastic is very strong in datasearch, and Splunk has a strong security solution. However Elastic has partnered with SIEM provider empow and together this integration provides a very strong platform both in datasearch and next generation SIEM.
Here's a thorough article on ELK vs. Splunk and here's a description from Elastic on what's included in the different versions.
Splunk: hard to use, expensive with predatory pricing, few OOTB rules, SOAR is a premium, good luck training analyst on their platform in under six months. SPLUNK SEARCH.
ELK Stack: easy to use, open-source, no predatory pricing, more robust use cases OOTB, loved and used by millions all over the globe, open ecosystem that can integrate with almost any major IT stack out of the box. LUCENE.
We use ELK or other freeware stacks in isolated small scenarios.
Think of a small or medium company with a „midsized“ webshop. You can easily do your Log management with an ELK-Stack, let's say size 5 up to 10 GB, no Problem. Please keep in mind to order Hardware. The best thing on ELK is that you can start immediately you don't have to wait for licensing and it's easy to build the first small things.
Another Example:
Your Marketing Dep. wants to do some singular evaluations and very specialized marketing stuff. It is temporary and they don't have the budget for licensing. The results are not for permanent use. Just use ELK.
In my opinion, ELK is only cost-effective if you don't need to buy their professional service. You must leave the cases small.
If you are looking for bigger scenarios or you want to build-up a SIEM, SOC or even doing elevated things like SOAR it is a very different kind of thing.
There can be account issues that a developer usually won't mind at the first glance but a Controller will.
You have to look at the Total Cost of Ownership, Scalability, Time to Market, Secureness of future development, maintenance e.g.
If you want to build up a complex scenario with the secureness of scalability you should go with SPLUNK. If tomorrow there is a better tool with lower costs and less need for input of manpower I will refer to this.