We performed a comparison between Elastic Search and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Elastic, IBM, OpenText and others in Indexing and Search."The most valuable features are the detection and correlation features."
"The UI is very nice, and performance wise it's quite good too."
"Data indexing of historical data is the most beneficial feature of the product."
"Logsign provides us with the capability to execute multiple queries according to our requirements. The indexing is very high, making it effective for storing and retrieving logs. The real-time analytics with Elastic benefits us due to the huge traffic volume in our organization, which reaches up to 60,000 requests per second. With logs of approximately 25 GB per day, manually analyzing traffic behavior, payloads, headers, user agents, and other details is impractical."
"It gives us the possibility to store and query this data and also do this efficiently and securely and without delays."
"Helps us to store the data in key value pairs and, based on that, we can produce visualisations in Kibana."
"The products comes with REST APIs."
"Elasticsearch includes a graphical user interface (GUI) called Kibana. The GUI features are extremely beneficial to us."
"It has a rapid response search environment in the event of an incident."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"Splunk setup is easy and straightforward. "
"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"The data representation options in the dashboards are excellent."
"The solution must provide AI integrations."
"The solution has quite a steep learning curve. The usability and general user-friendliness could be improved. However, that is kind of typical with products that have a lot of flexibility, or a lot of capabilities. Sometimes having more choices makes things more complex. It makes it difficult to configure it, though. It's kind of a bitter pill that you have to swallow in the beginning and you really have to get through it."
"We'd like more user-friendly integrations."
"Something that could be improved is better integrations with Cortex and QRadar, for example."
"It is hard to learn and understand because it is a very big platform. This is the main reason why we still have nothing in production. We have to learn some things before we get there."
"I would like to see more integration for the solution with different platforms."
"The different applications need to be individually deployed."
"Machine learning on search needs improvement."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"This is not really a monitoring solution."
"Its interface and usability can always be improved."
Elastic Search is ranked 1st in Indexing and Search with 59 reviews while Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 228 reviews. Elastic Search is rated 8.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Search writes "Played a crucial role in enhancing our cybersecurity efforts ". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Elastic Search is most compared with Faiss, Milvus, Azure Search, Pinecone and Amazon Kendra, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Elastic Security.
We monitor all Indexing and Search reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Generally Elastic is very strong in datasearch, and Splunk has a strong security solution. However Elastic has partnered with SIEM provider empow and together this integration provides a very strong platform both in datasearch and next generation SIEM.
Here's a thorough article on ELK vs. Splunk and here's a description from Elastic on what's included in the different versions.
Splunk: hard to use, expensive with predatory pricing, few OOTB rules, SOAR is a premium, good luck training analyst on their platform in under six months. SPLUNK SEARCH.
ELK Stack: easy to use, open-source, no predatory pricing, more robust use cases OOTB, loved and used by millions all over the globe, open ecosystem that can integrate with almost any major IT stack out of the box. LUCENE.
We use ELK or other freeware stacks in isolated small scenarios.
Think of a small or medium company with a „midsized“ webshop. You can easily do your Log management with an ELK-Stack, let's say size 5 up to 10 GB, no Problem. Please keep in mind to order Hardware. The best thing on ELK is that you can start immediately you don't have to wait for licensing and it's easy to build the first small things.
Another Example:
Your Marketing Dep. wants to do some singular evaluations and very specialized marketing stuff. It is temporary and they don't have the budget for licensing. The results are not for permanent use. Just use ELK.
In my opinion, ELK is only cost-effective if you don't need to buy their professional service. You must leave the cases small.
If you are looking for bigger scenarios or you want to build-up a SIEM, SOC or even doing elevated things like SOAR it is a very different kind of thing.
There can be account issues that a developer usually won't mind at the first glance but a Controller will.
You have to look at the Total Cost of Ownership, Scalability, Time to Market, Secureness of future development, maintenance e.g.
If you want to build up a complex scenario with the secureness of scalability you should go with SPLUNK. If tomorrow there is a better tool with lower costs and less need for input of manpower I will refer to this.