We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"It's pretty powerful and its performance is pretty good."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The connectivity and analytics are great."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The initial setup is very simple and straightforward."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing."
"Splunk's visualizations make it easy for users to understand the data."
"The initial setup is really straightforward. It's one of the easiest installations."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The tool helps with advanced reports and keeps the system scalable and flexible. It provides a clear picture of the current status of any incidents. As a CISO, I see a lot of potential for future innovation, which is interesting. I've noticed better performance, especially with the reports."
"The log aggregation is great."
"In terms of customization and integration, we have more flexibility. We can automate configurations, define deletion rules, and customize based on the needs. The client interface allows for further configuration, making it quite comprehensive."
"We have found that Zabbix is more easy to use than other applications."
"It's a very reliable platform and we've never had any issues regarding the scalability or the stability of Zabbix."
"The features I found most valuable are the user interface and a wide range of network devices that are easy to configure."
"The solution allows you to configure and customize how you want to collect information from servers or other systems."
"During my testing, the features that I like the most are that it can be integrated with my system, and it provides me with reports of all of my servers."
"Zabbix is both stable and scalable."
"The integration capabilities and APIs are the best part."
"The solution should allow for a streamlined CI/CD procedure."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The reporting could be more structured."
"The AI capabilities must be improved."
"The solution could be more user-friendly; some query languages are required to operate it."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"This solution could be improved by better pricing in general and by easier installation."
"Splunk Enterprise Security should provide a better and richer integration."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"It is a hugely complicated product."
"The analytics of Splunk could be improved."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"Implementing Zabbix is difficult. I've deployed many solutions over the years, and Zabbix is the hardest to implement. You have to do some development to get it to work with IBM, Micro Focus, or HP products."
"The user web interface is a little bit too basic, we need to link Zabbix to Grafana to have more options, such as graphs and charts. The interface needs to be improved. Additionally, there could be better integration with Grafana API."
"Zabbix does not draw automatic mapping of the network, this is something they should add in the future. There is a lot of effort that is involved in tailoring some of the settings which could be made easier."
"It should be easy to modify the front end."
"There are some features of Zabbix that are not good for reporting. The DX Spectrum solution has better reporting."
"It would be helpful if they translated the documentation to Cyrillic languages."
"They should open an SSH session from the web interface."
"My company wanted to do an exercise command to access IT from Cameroon. They wanted to access an FSS to a second host with second equipment that was on another coast but it is not possible on Zabbix to do it. They want to directly access from the front-end of Zabbix to access a prompt in Zabbix to an access terminal. In the front-end, there is no way to do that. That would be an important improvement."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and LibreNMS.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.