Try our new research platform with insights from 80,000+ expert users

Grafana Loki vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 19, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Grafana Loki
Ranking in Log Management
3rd
Average Rating
8.2
Reviews Sentiment
7.8
Number of Reviews
18
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
2nd
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
369
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of October 2025, in the Log Management category, the mindshare of Grafana Loki is 7.9%, up from 6.5% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.7%, down from 9.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Market Share Distribution
ProductMarket Share (%)
Splunk Enterprise Security7.7%
Grafana Loki7.9%
Other84.4%
Log Management
 

Featured Reviews

Volodymyr Bondarchuk - PeerSpot reviewer
Integrations enhance monitoring but problem-solving proves challenging
Different types of integrations with various sources are the most helpful and useful features of Grafana Loki that I found for myself. As part of Kubernetes technology, I noticed benefits from using this product such as availability, configuration balancing, high availability solutions for high performance, and failover clustering. It provides a clear picture about the state of the system and gives needed information for taking action and quickly fixing problems.
Kyle Vernham - PeerSpot reviewer
Built-in searches and unified data access streamline alert investigation and boosts analyst efficiency
The two features I appreciate the most in Splunk Enterprise Security are the built-in searches, which have been very easy for us to get started with right out of the box, and the fact that it accesses all of our other systems. You can access it as a pane of glass rather than having to search individually. We also have the option to compare our analysts from our service to service. Splunk Enterprise Security helps our SOC team prioritize and investigate high-fidelity alerts more effectively by providing a more in-depth look and the ability to access a lot more of our data. Instead of jumping from several segmented systems, it allows us to have everything brought together in one place. For example, you have to move from our purview to our build system and to Splunk Enterprise Security, and it enables us to streamline that process. The built-in features of Splunk Enterprise Security, which we recently procured, have given us a good starting point and demonstrated the value of the product, providing an easy way to sell it to our company. The ease of getting everything into our purview helps us, and it serves as a good start for the investigation part in one location rather than what we usually have, which is jumping from system to system to system. Splunk Enterprise Security plays a role in our company's strategy to combat insider threats and advanced persistent threats by currently being in its technical test phase. We are still rolling it out, and it should help us find any insider threats based on information that our policy states should not be present in our system. Splunk Enterprise Security's risk-based alerting (RBA) has impacted our alert volume and analyst productivity because we've got many different systems feeding into it. However, it has helped to make it easier for our analysts to go through a set of events rather than 100 alerts. RBA allows us to streamline the process and customize it for our analysts. When it comes to leveraging Splunk Enterprise Security's dashboards and visualizations to communicate security posture to executives, it's pretty straightforward for any type of information. The visualization is easy to understand, but I haven't had any direct conversations with our executives.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I appreciate the capability to process logs from microservices and seamlessly integrate them into Grafana."
"The most valuable feature of Grafana Loki is the dashboards which are really simple to create."
"There are new features like that pilot code and things like that for profiling."
"Loki significantly saves time in troubleshooting by quickly pinpointing network issues."
"The most valuable feature is the capability to set up alerts, which becomes necessary when we need to receive notifications for specific events."
"The most valuable part of Loki is the ability to filter logs by keywords and devices."
"The tool can be used in multi-cluster environments."
"The most valuable feature of the solution is the tool's GUI. The solution's GUI is very user-friendly."
"The solution allows easy gathering and ingestion of the data."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"The most valuable function is the notable events. When I joined the team, I asked them what they could currently see, and they said nothing. I was pretty shocked. I know for a fact that they're using Enterprise Security or at least they had purchased it. I told them that there are several dashboards within Splunk that we can leverage. There is also notable events where we can see potential incidents or potential alerts about the infrastructure and the network itself."
"You can use it to gather syslog messages from anything."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"The most valuable features of Splunk Enterprise Security are reporting capabilities. It is a good tool for checking systems and analyzing situations. I find it useful to check my systems and analyze situations."
"The solution has proven to be quite stable."
"It helps streamline troubleshooting and log analysis."
 

Cons

"Visualization-wise, Grafana Loki's dashboard looks a little outdated compared to other open-source visualization tools like Chronograf."
"The correlation of requests is not simple in Grafana Loki and can be improved."
"The platform's stability needs improvement."
"We face some bugs when we install the latest version of Grafana Loki."
"The solution has shortcomings regarding security monitoring-oriented features that need improvement."
"I would rate Grafana Loki a seven out of ten because it is open source, and sometimes there can be problems that are difficult to fix without official support."
"The product must improve its UI."
"There is a need for some change in the alerting types of the product. In short, a few changes in the alert area are needed due to minor shortcomings."
"Splunk's high cost, despite its recognition in our region, prevents many organizations from adopting Splunk Enterprise Security, suggesting there's room for improvement in their pricing strategy."
"There's been a big push for SBC compute over the ingestion model, which will hamper us."
"We find that the maintenance process could be a lot better."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"I would like to see more SIEM functionality and a better ticket tool."
"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
"Deployment is not difficult but the lock sources and configurations can take time."
"Splunk Enterprise Security has not helped reduce our alert volume."
 

Pricing and Cost Advice

"We use a free version."
"I use the open-source version of the product."
"The solution is open source."
"You can use the free version of Grafana Loki on-premises."
"I find the licensing structure quite reasonable, as the free license effectively meets my requirements."
"I use the solution's open-source version. Grafana Loki is a completely free solution for me."
"My company doesn't need to pay for the licensing cost of the solution."
"Since we are using the open-source version of Grafana Loki, we are not paying anything for the solution."
"Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app."
"Further reductions would be fantastic, and I believe that more and more people would flock to it."
"Splunk differs from other SIEM solutions by using a gigabyte-based pricing model, rather than the agent-based licenses common with its competitors."
"Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
"It's more expensive than the other tools, but it's worth it. Every penny is worth it."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
"Unlike other security tools, Splunk provides a fixed amount of gigabytes per day, and we are required to pay for any additional usage beyond that limit, in addition to our monthly cost."
"The pricing and licensing of the product are quite high."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
872,655 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Comms Service Provider
10%
Financial Services Firm
10%
Manufacturing Company
8%
Financial Services Firm
14%
Computer Software Company
14%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise8
Large Enterprise3
By reviewers
Company SizeCount
Small Business110
Midsize Enterprise50
Large Enterprise257
 

Questions from the Community

What do you like most about Grafana Loki?
We are using Grafana Loki as a database for real-time metrics.
What is your experience regarding pricing and costs for Grafana Loki?
Since it is an open source tool, there are no charges or fees.
What needs improvement with Grafana Loki?
I have no ideas at this moment about what could be improved in Grafana Loki.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Information Not Available
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Grafana Loki vs. Splunk Enterprise Security and other solutions. Updated: September 2025.
872,655 professionals have used our research since 2012.