We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.
"The features that stand out are the detection engine and its integration with multiple data sources."
"Free ingestion for Azure logs (with E5 licence)"
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"ELK documentation is very good, so never needed to contact technical support."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"The scalability is good. It can be scaled easily in the production environment."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"It's simple and easy to use."
"The cost is reasonable. It's not overly pricey."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features."
"It is very scalable."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"We can automatically suspend or terminate suspicious sessions."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"The product is good, it satisfies our customers."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We are invoiced according to the amount of data generated within each log."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Sentinel's reporting is complex and can be more user-friendly."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"I think the number one area of improvement for Sentinel would be the cost."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"The tool should improve its scalability."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"The biggest challenge has been related to the implementation."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"It needs integration with a configuration management solution."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"My company could benefit from doing more Splunk training with Splunk consultants teaching us how to use it."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
Elastic Security is ranked 5th in Log Management with 58 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Security is most compared with Wazuh, IBM Security QRadar, Microsoft Defender for Endpoint, CrowdStrike Falcon and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Datadog and Azure Monitor. See our Elastic Security vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.