We performed a comparison between Datadog and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk has a slight edge in this comparison due to its impressive logging capabilities.
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"It's very, very versatile."
"Datadog's ability to group and visualize the servers and the data makes it relatively easy for the root cause analysis."
"Because of our client focus, it is easy for us to sell. This is because it is easy to use and easy to set up."
"Datadog is constantly adding new features."
"The most valuable features are logging, the extensive set of integrations, and easy jumpstart."
"Its integration definitely stands out. It provides seamless monitoring of all our systems, services, apps, and whatever else we secure and monitor. Visualizations have become simpler with dashboards. We are getting visibility into systems, services, and apps stack through a single pane of glass, which is good. We are able to put logs in context."
"I like that you can build out a dashboard pretty quickly. There are some things that come out of the box that you don't really need to do, which is great because they're default settings."
"Most of the features in the way Datadog does monitoring are commendable and that is the reason we choose it. We did some comparisons before picking Datadog. Datadog was recommended based on the features provided."
"We find they have a very helpful alert system."
"Great platform with user-friendly interface and GUI."
"The most valuable features are how stable and easy to use Splunk is."
"Our clients are easily able to modify and evolve their implementations."
"The reporting aspect is good and it does what I need it to do."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"It's basically one of the best SIEM products on the market."
"The integration is seamless with many devices and operating systems."
"You can use it to gather syslog messages from anything."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"Technical support could be better."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"All solutions have some area to improve, and in Datadog they can improve their overall technology moving forward."
"It can have a more modernized pricing mechanism. We're actually working with them to figure out how to become more modular and have a better and more modernized pricing mechanism. The issue with Datadog is that you have to buy the whole suite of different products, and you kind of get stuck in the old utilization of 40% of their suite. Most organizations today break down between application development, networking, and security. Therefore, there should be a way to break down different modules into just app dev, infosec, networking, etc. Customers have various needs across their business lines, and sometimes, they're just not willing to have tools that they're not using 100%. AppDynamics is probably a little bit better in terms of being modular."
"More pre-configured "Monitor Alerts" would be helpful."
"Datadog could improve the flexibility with AI and ML concepts. This will allow customers to be more leveraged towards publishing."
"Once agents are connected to the Datadog portal, we should be able to upgrade them quickly."
"The incident management beta looks promising, but it is still missing the ability to automatically create incidents based on certain alerts."
"Deploying the agents is still very manual."
"I'm not sure what kind of features are in the roadmap right now, but I encourage the development of features for defining your organization, and allowing the visibility of what kind of metrics you can get. Those features would be really useful for us."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"The configuration could be better."
"In the next releases, I would like to see more pricing flexibility."
"It needs integration with a configuration management solution."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"The configuration had a bit of a learning curve."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.
Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Datadog is ranked 2nd in Log Management with 32 reviews while Splunk is ranked 1st in Log Management with 69 reviews. Datadog is rated 8.4, while Splunk is rated 8.2. The top reviewer of Datadog writes "Provides insightful analytics and good visibility that assist with making architectural decisions". On the other hand, the top reviewer of Splunk writes "Very versatile for many use cases". Datadog is most compared with Dynatrace, New Relic APM, Azure Monitor, Elastic Security and Amazon CloudWatch, whereas Splunk is most compared with Microsoft Sentinel, Elastic Security, Dynatrace, IBM QRadar and AppDynamics. See our Datadog vs. Splunk report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.