Try our new research platform with insights from 80,000+ expert users

CrowdStrike Observability vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 13, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CrowdStrike Observability
Ranking in Log Management
38th
Average Rating
8.2
Reviews Sentiment
5.0
Number of Reviews
7
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
369
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of October 2025, in the Log Management category, the mindshare of CrowdStrike Observability is 0.5%, down from 0.5% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.7%, down from 9.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Market Share Distribution
ProductMarket Share (%)
Splunk Enterprise Security7.7%
CrowdStrike Observability0.5%
Other91.8%
Log Management
 

Featured Reviews

HectorRios - PeerSpot reviewer
Has provided reliable alerts and helped identify infrastructure issues through detailed reporting
The best features of CrowdStrike Observability include the way they show issues to the client or agent, and their data collection method is interesting because they use an agent-less approach in some cases, collecting data from infrastructure such as firewalls. Additionally, they have the agent, but the presentation in the management console is excellent as we have observability end-to-end with the servers and all the services configured in the use cases. The intelligent alerting feature is excellent and configured on our console, being highly effective as it detects real alerts and just warnings or real issues. Identifying performance bottlenecks is important because they collect numerous MD5 or hash keys including movements or playbooks. The way they organize that in the console is excellent, allowing you to have reports detecting issues, which not only includes detection but also provides solutions to those issues.
Kyle Vernham - PeerSpot reviewer
Built-in searches and unified data access streamline alert investigation and boosts analyst efficiency
The two features I appreciate the most in Splunk Enterprise Security are the built-in searches, which have been very easy for us to get started with right out of the box, and the fact that it accesses all of our other systems. You can access it as a pane of glass rather than having to search individually. We also have the option to compare our analysts from our service to service. Splunk Enterprise Security helps our SOC team prioritize and investigate high-fidelity alerts more effectively by providing a more in-depth look and the ability to access a lot more of our data. Instead of jumping from several segmented systems, it allows us to have everything brought together in one place. For example, you have to move from our purview to our build system and to Splunk Enterprise Security, and it enables us to streamline that process. The built-in features of Splunk Enterprise Security, which we recently procured, have given us a good starting point and demonstrated the value of the product, providing an easy way to sell it to our company. The ease of getting everything into our purview helps us, and it serves as a good start for the investigation part in one location rather than what we usually have, which is jumping from system to system to system. Splunk Enterprise Security plays a role in our company's strategy to combat insider threats and advanced persistent threats by currently being in its technical test phase. We are still rolling it out, and it should help us find any insider threats based on information that our policy states should not be present in our system. Splunk Enterprise Security's risk-based alerting (RBA) has impacted our alert volume and analyst productivity because we've got many different systems feeding into it. However, it has helped to make it easier for our analysts to go through a set of events rather than 100 alerts. RBA allows us to streamline the process and customize it for our analysts. When it comes to leveraging Splunk Enterprise Security's dashboards and visualizations to communicate security posture to executives, it's pretty straightforward for any type of information. The visualization is easy to understand, but I haven't had any direct conversations with our executives.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I find the most effective feature of CrowdStrike Observability to be its cloud vision and attack surface vision, which enhance network traffic analysis."
"The intelligence database provided by CrowdStrike is very impressive."
"In the logs and the trajectory, it shows detailed information about where the source of infection comes from, how it travels, and how to reach there."
"The intelligence database provided by CrowdStrike is very impressive."
"The best features of CrowdStrike Observability include the way they show issues to the client or agent, and their data collection method is interesting because they use an agent-less approach in some cases, collecting data from infrastructure such as firewalls."
"The price is worth it."
"CrowdStrike Observability offers strong predictive analytics capabilities, and the intelligent alerting system helps minimize noise and optimize IT resources effectively."
"The intelligent alerting feature is excellent and configured on our console, being highly effective as it detects real alerts and just warnings or real issues."
"To get visibility from your network devices, servers, and security devices is a great feature."
"It actually helps us by not having to develop all the use cases ourselves, providing an integrated product that has everything in one place."
"Splunk Enterprise Security's dashboards are a key asset."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"We can easily configure things as required in relation to our use cases."
"Correlation search, in general, is valuable because it allows us to search multiple data sources easily."
"Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later."
 

Cons

"For reporting or log management, having a longer duration for backup without needing to purchase a paid subscription would be beneficial. Currently, there is a default ninety-day backup period."
"Integration with Huawei should be more straightforward."
"The customer service is not satisfactory for me. The support is only available in English, and my users in LATAM regions such as Peru and Colombia require local language support, which is not currently provided."
"We had some difficulties at the beginning, but at this moment they are improving, so probably in some months I will give them a ten."
"Technical support received a rating of 4 out of 10."
"The pricing is very high and small companies cannot afford it. They should reduce the price because the backend infrastructure is the same."
"We had some difficulties at the beginning, but at this moment they are improving, so probably in some months I will give them a ten."
"Integration with Huawei should be more straightforward."
"Stability is there, but every release has some bugs."
"The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management part."
"Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"We've sometimes faced issues with upgrades. The incident review dashboard sometimes breaks after updates. When we add a space or something in the description or anywhere in the SQL, the drill-down value may be reset with a blank value. Before rolling out any software, they should test it thoroughly and ensure clients won't have issues with the upgraded version. It should be compatible with all or most of the apps. All major issues must be addressed before rolling out the upgrade."
"There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good."
"It will be helpful for customers if they can create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers."
 

Pricing and Cost Advice

Information not available
"Splunk ES is quite expensive compared to some products on the market."
"Splunk Enterprise Security is an expensive solution."
"Splunk Enterprise Security is an expensive solution."
"It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."
"My experience with the solution's setup cost, pricing, and licensing was really good."
"It is not cheap."
"I think the price could be improved."
"Splunk is expensive based on our current requirements, but it's obviously worth what we pay."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
869,566 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
12%
Healthcare Company
8%
Manufacturing Company
7%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business2
Midsize Enterprise3
Large Enterprise2
By reviewers
Company SizeCount
Small Business110
Midsize Enterprise50
Large Enterprise257
 

Questions from the Community

What needs improvement with CrowdStrike Observability?
From a technical standpoint, the solution performs excellently without significant flaws. The solution includes advanced log management and distributed tracing features.
What is your primary use case for CrowdStrike Observability?
The main use cases for CrowdStrike Observability include distributed tracing and log management capabilities.
What advice do you have for others considering CrowdStrike Observability?
The reviewer works as a system integrator and reseller, dealing with various security products including Fortinet, Palo Alto, FortiNDR, FortiXDR, ADC, and EDR. Their clients actively use FortiNDR a...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about CrowdStrike Observability vs. Splunk Enterprise Security and other solutions. Updated: September 2025.
869,566 professionals have used our research since 2012.