We performed a comparison between Azure Monitor and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk is clear the winner in this comparison. It is easier to deploy, more user-friendly, and has better support than Azure Monitor. In addition, Splunk received positive feedback in the ROI category.
"Azure Monitor gives us the observability to check everything that we have in the cloud."
"Technical support is helpful."
"The tools for logs and metrics are pretty good and easy to use."
"The initial setup is straightforward."
"Technical support is good and helpful...The initial setup is easy."
"Recently, they have improved their integration with other resources, so we get even more robust data."
"Provides an overview and high-level information."
"Azure Monitor is useful because of the useful application insights and telemetry, such as metrics and logs."
"Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate."
"The most valuable features are how stable and easy to use Splunk is."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"The solution helped reduce our alert volume."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"It is very easy to use and integrate. There are connectors for every technology."
"Azure Monitor is not user-friendly, and the interface is not exciting. Switching between the dashboards is not easy."
"Currently, it seems it's complicated to get the correct information in terms of what to do and how things work."
"It's really complex to retrieve or query the logs in Azure Monitor."
"Azure Monitor could improve network performance monitoring and make it more advanced."
"This solution has fewer features than some of its competitors, so adding more features to it would make it better."
"If it is configured incorrectly, you can end up with a huge bill."
"Azure Monitor could improve the visualization aspect and integrate better with other third-party services."
"The solution's monitoring feature has limitations for analyzing multiple metrics."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"Splunk ES could have more pre-built integrations and rules. The detection is fairly accurate, but it depends on the rules you create. Splunk's out-of-the-box configuration isn't that useful."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"The price of the solution could be cheaper."
"The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex."
"The product could be cheaper."
"It would be nice if they had a wizard to construct searches, including more complex searches that include math or statistics."
Azure Monitor is ranked 4th in Application Performance Monitoring (APM) and Observability with 30 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 71 reviews. Azure Monitor is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Azure Monitor writes "Helps us test the performance and efficiency of cloud applications; good log analysis". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Azure Monitor is most compared with Datadog, Dynatrace, Prometheus, New Relic and Grafana, whereas Splunk Enterprise Security is most compared with Wazuh, Microsoft Sentinel, Dynatrace, Elastic Security and Zabbix. See our Azure Monitor vs. Splunk Enterprise Security report.
We monitor all Application Performance Monitoring (APM) and Observability reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi @Netanya Carmi,
Below are some comparisons on features and Integrations.
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy.
The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus.
Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform.
There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better.
Conclusion:
For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.