We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"It has good troubleshooting features."
"You can scale the product."
"Data exporting is easy, and this tool works seamlessly with other solutions. It's a stable and low-priced solution."
"For me, the best feature is the log analysis with Azure Monitor's Log Analytics. Without being able to analyze the logs of all the activities that affect the performance of a machine, your monitoring effectiveness will be severely limited."
"Technical support is good and helpful...The initial setup is easy."
"Azure Monitor is really just a source for Dynatrace. It's just collecting data and monitoring the environment and the infrastructure. It is fairly good at that."
"The solution works well overall. It's easy to implement and simple to use."
"The solution's most valuable features are its ability to focus on delivery and maximizing the performance of applications and services."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"To get visibility from your network devices, servers, and security devices is a great feature."
"Support is quick and competent."
"Our clients are easily able to modify and evolve their implementations."
"It is easy to use in any environment."
"The length of latency is terrible and needs to be improved."
"In terms of pricing, Azure Monitor's billing based on data size can sometimes lead to increased costs, especially when developers need to purge data frequently. While there are mechanisms in place to track and manage this, there is room for improvement in terms of optimizing data pausing and related processes. Enhancements in this area could help mitigate potential billing concerns and provide a more seamless experience for users."
"There are a lot of things that take more time to do, such as charting, alerting, and correlation of data, and things like that. Azure Monitor doesn't tell you why something happened. It just tells you that it happened. It should also have some type of AI. Environments and applications are becoming more and more complex every day with hundreds or thousands of microservices. Therefore, having to do a lot of the stuff manually takes a lot of time, and on top of that, troubleshooting issues takes a lot of time. The traditional method of troubleshooting doesn't really work for or apply to this environment we're in. So, having an AI-based system and the ability to automate deployments of your monitoring and configurations makes it much easier."
"I'd like the solution to do more around vulnerability assessment. It's lacking in the product right now."
"The query builder could be better. In comparison to other monitoring tools, in order to use Azure Monitor, your engineers need to have KQL experience. If they don't, it's not intuitive as a system."
"The price could be lower but it is not a must."
"If it is configured incorrectly, you can end up with a huge bill."
"I would like more transparency when we use the solution with another environment, like on-premises, or on another cloud environment, like AWS or GCP."
"Splunk needs local technical support."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"Professional support is great, but too expensive."
"Integrating tools and creating use cases could be easier. It's hard for a junior security engineer with only a couple of years of experience to write use cases. They can do it, but it's much easier in a solution like IBM QRadar. Setting conditions is like a multiple-choice type of thing. It's a more user-friendly process."
"Splunk can improve regex/asset analysis as we do not want to crawl until it is done."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"The glass table feature does not perform as expected."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 44 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "A powerful Kusto query language but the alerting mechanism needs improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Azure Monitor is most compared with Datadog, Dynatrace, Prometheus, Sentry and AWS X-Ray, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Datadog. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.