We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"The UI-based analytics are excellent."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The initial setup is very simple and straightforward."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"We have no complaints about the features or functionality."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"The completeness of the solution is what we like the most."
"This solution helps us increase our productivity."
"You can run reports against multiple devices at the same time. You are able to troubleshoot a single application on a thousand servers. You can do this with a single query, since it is very easy to do."
"We can easily configure things as required in relation to our use cases."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well."
"The initial setup isn't overly complex."
"The solution allows you to configure and customize how you want to collect information from servers or other systems."
"It provides high scalability, alerting, notification, templating, and end-to-end security."
"Health and communication links availability."
"Simple network monitoring that is easy to install and manage."
"It not only provides the preconfigured item monitoring feature, but it is also easy to configure custom items."
"In terms of customization and integration, we have more flexibility. We can automate configurations, define deletion rules, and customize based on the needs. The client interface allows for further configuration, making it quite comprehensive."
"Zabbix is scalable."
"Zabbix can use old data to current data to set the threshold. We can use previous data to set the threshold."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"There can be a bit of complexity around some fields during the initial setup."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"I have concerns about the architecture as well since I can see it is not very well defined."
"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Splunk Enterprise Security can provide more details and help CISOs resolve vulnerability situations better. The reason is that the tools we choose for data analysis and log collection cannot collect all the data and logs. Splunk Enterprise Security should help me with this, but it cannot."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
"It needs integration with a configuration management solution."
"There are some features of Zabbix that are not good for reporting. The DX Spectrum solution has better reporting."
"I would like to see a more flexible mobile client, and better HA out of the box."
"We would like to monitor other touchpoints such as ATM machines. It would be great if it can provide monitoring of ATM machines. Compatibility with other products would also be great."
"There is a bit of a learning curve during installation."
"For us, the initial setup was complex"
"I think the reporting part of Zabbix can be improved in terms of more user-friendly graphics to display the collected data. Many simple users who don't know how to use Zabbix properly might get confused by the reporting, although at the same time it is very versatile for my company."
"The networking monitor is not too easy to work with."
"The documentation could be improved."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and ArcSight Logger, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and ManageEngine OpManager.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.