We compared Splunk Enterprise Security and LogRhythm SIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities.
Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. SIEM generally received praise for its helpful support, but some users encountered delays or had issues with inexperienced support engineers.
Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Small or medium-sized companies generally find LogRhythm easy to deploy. However, the setup is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities. Users like Splunk's customization options and ability to quickly process data from multiple sources. However, reviews say Splunk could be more user-friendly and improve its capabilities by leveraging AI. LogRhythm's strengths include its centralized dashboard and event-filtering abilities, but it falls short in terms of performance, scalability, and optimization for security operations.
"It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner."
"We now have a central point of monitoring for all potential threats."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"The security operation center is excellent."
"Their customer support is friendly and willing to help."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"Technical support is very helpful and responsive."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"It helps us uncover bottlenecks in the network."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"The speed of the search engine"
"The best part of Splunk Enterprise Security is its customizable settings."
"It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature."
"Splunk Enterprise Security is a standard solution providing good customer service and partnership."
"There are lots of free learning materials on their website."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"We're still struggling to get a real return on it and finding something that isn't false noise."
"In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"Move it to Linux. I would like to see it get off the SQL Server."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"This is not really a monitoring solution."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. LogRhythm SIEM is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". LogRhythm SIEM is most compared with IBM Security QRadar, Microsoft Sentinel, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Google Chronicle Suite. See our LogRhythm SIEM vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.