• Home
  • Elastic Security vs. Splunk Enterprise Security

Elastic Security vs Splunk Enterprise Security comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Elastic Security vs. Splunk Enterprise Security
September 2023
Executive Summary
Updated on May 25, 2022

We performed a comparison between Elastic Security and Splunk based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: All Elastic Security users agree that its setup is a straightforward and easy process. While many Splunk users say the initial setup is straightforward, several users disagree and say it is complex.
  • Features: Users of both products are happy with their stability and scalability. Elastic Security reviewers report that it is fast and flexible but needs better AI capabilities. Splunk users are happy with its performance, flexibility, log management, and ease of use, but mention that it is difficult to configure.
  • Pricing: Elastic Security users feel that it is fairly priced. In contrast, Splunk users feel that the price of the product is high.
  • ROI: Elastic Security users do not mention ROI. Splunk users report an impressive ROI.
  • Service and Support: Elastic Security users give mixed reviews for the level of support they receive. Most Splunk users report being satisfied with the level of support they receive.

Comparison Results: Splunk comes out on top in this comparison. It is easier to use and has better support than Elastic Security. Splunk users also report a significant ROI. Elastic Security does come out on top in the pricing and ease of deployment categories, however.

To learn more, read our detailed Elastic Security vs. Splunk Enterprise Security Report (Updated: September 2023).
Download the complete report
734,678 professionals have used our research since 2012.
Featured Review
FahadAhmed
Researched Splunk Enterprise Security but chose Microsoft Sentinel: Comes with different playbooks you can execute with one click or program to run automatically in response to an incident
Sentinel enhances our visibility by integrating with on-prem and cloud log sources. It provides visibility into any cloud environment, including... Read more →
Giuseppe Ragazzini
Researched Splunk Enterprise Security but chose Elastic Security: A good SIEM solution but doesn't have as many features as its competitors
Anat Garty
Excellent support, great visibility, and helpful for digesting any information and correlating it
The visibility that it provides is awesome. You can connect it to whatever you want and create whatever visibility you want. Its insider threat... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.""I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily.""The solution offers a lot of data on events. It helps us create specific detection strategies.""Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications.""The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects.""The dashboard that allows me to view all the incidents is the most valuable feature.""It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.""Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."

More Microsoft Sentinel Pros →

"It's open-source and free to use.""Elastic Security is a highly flexible platform that can be implemented anywhere.""The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for.""We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it.""The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients.""Elastic is straightforward, easy to integrate, and highly customizable.""The most valuable features of the solution are the prevention methods and the incident alerts.""The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."

More Elastic Security Pros →

"The search lookups are useful.""The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me.""I like Splunk's data aggregation and search capabilities.""The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well.""Splunk's advantage is its search capability. Its search is notably faster. With Splunk, I can search easily on keywords. That is great.""What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis.""The ability to ingest different log types from many different products in our environment is most valuable.""Splunk is stable, and this is why many customers want it."

More Splunk Enterprise Security Pros →

Cons
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc.""When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear.""The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities.""If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable.""The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress.""If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."

More Microsoft Sentinel Cons →

"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them.""We'd like to see some more artificial intelligence capabilities.""Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks.""We'd like better premium support.""I would like more ways to manage permissions and restrict access to certain users.""The tool should improve its scalability.""The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming.""An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."

More Elastic Security Cons →

"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."". Having a trial version or more training on Splunk would be helpful.""Splunk Enterprise Security can be improved by including backup network detection and response and safe management to the paid platform.""The pricing can be better.""We had some connections issues with the solution at the beginning.""The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex.""Its interface could be improved.""It will be helpful for customers if they can create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers."

More Splunk Enterprise Security Cons →

Pricing and Cost Advice
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • "Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
  • "I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "Affordable but with additional costs"
  • "When compared to other products, the price is average or on the low side."
  • "The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
  • "The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
  • "The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
  • "The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
  • "The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."

    • More Elastic Security Pricing and Cost Advice →

  • "The price of Splunk is reasonable."
  • "The subscription is monthly."
  • "It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
  • "It's a yearly subscription."
  • "This product could use better pricing in general."
  • "The pricing modules could be improved."
  • "This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement."
  • "It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."

    • More Splunk Enterprise Security Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    See Recommendations
    734,678 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    Datadog vs ELK: which one is good in terms of performance, cost and effic...
    Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times… more »
    Read all 7 answers   →
    What do you like most about Elastic Security?
    Top Answer:Elastic Security is very easy to adapt.
    Read all 23 answers   →
    What is your experience regarding pricing and costs for Elastic Security?
    Top Answer:The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example… more »
    Read all 16 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Read all 12 answers   →
    How does Splunk compare with Azure Monitor?
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Read all 2 answers   →
    What do you like most about Splunk?
    Top Answer:The solution helped reduce our alert volume.
    Read all 113 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Elastic SIEM, ELK Logstash
    Learn More
    Microsoft
    Elastic
    Splunk
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Unify SIEM, endpoint security, and cloud security
    Elastic Security modernizes security operations — enabling analytics across years of data, automating key processes, and bringing native endpoint security to every host.
    Elastic Security equips teams to prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open platform.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Offer
    Learn more about Microsoft Sentinel
    Learn More
    Learn more about Elastic Security
    Learn More
    Learn more about Splunk Enterprise Security
    Learn More
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Computer Software Company7%
    Manufacturing Company7%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government10%
    Financial Services Firm9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm37%
    Computer Software Company26%
    Comms Service Provider11%
    Healthcare Company11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Government9%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company15%
    Government11%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government10%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business32%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise15%
    Large Enterprise61%
    REVIEWERS
    Small Business59%
    Midsize Enterprise16%
    Large Enterprise25%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise17%
    Large Enterprise59%
    REVIEWERS
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Buyer's Guide
    Elastic Security vs. Splunk Enterprise Security
    September 2023
    Free Report: Elastic Security vs. Splunk Enterprise Security
    Find out what your peers are saying about Elastic Security vs. Splunk Enterprise Security and other solutions. Updated: September 2023.
    DOWNLOAD NOW
    734,678 professionals have used our research since 2012.

    Elastic Security is ranked 5th in Log Management with 24 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 71 reviews. Elastic Security is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Elastic Security writes "A highly flexible and customizable tool that needs to improve automation and integration". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Elastic Security is most compared with Wazuh, Microsoft Defender for Endpoint, IBM Security QRadar, Graylog and AlienVault OSSIM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Azure Monitor and Zabbix. See our Elastic Security vs. Splunk Enterprise Security report.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.