Try our new research platform with insights from 80,000+ expert users

Grafana vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Grafana
Average Rating
7.8
Reviews Sentiment
7.2
Number of Reviews
42
Ranking in other categories
Application Performance Monitoring (APM) and Observability (6th)
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
306
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

While both are Application Lifecycle Management solutions, they serve different purposes. Grafana is designed for Application Performance Monitoring (APM) and Observability and holds a mindshare of 6.4%, up 5.8% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 9.5% mindshare, down 12.6% since last year.
Application Performance Monitoring (APM) and Observability
Security Information and Event Management (SIEM)
 

Featured Reviews

Vikash-Agarwal - PeerSpot reviewer
Displays data visually from multiple sources while integrating seamlessly with existing systems
Grafana provides a user-friendly interface for viewing infrastructure metrics through dashboards. It integrates with Prometheus to pull data and offers a straightforward setup process. Users can monitor metrics with greater ease, and the tool aids in quickly identifying issues by providing a visual representation of data. Grafana's integration capability is straightforward, which facilitates building dashboards as needed.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The comparison feature is very good."
"It provides a graphical representation and it's clear to see what's happening."
"The solution has good features."
"​Grafana has improved our analysis capability to solve an issue, increasing the co-working between IT services and business services.​"
"Compatibility with Prometheus databases and the Spring Boot application make it the first choice when moving toward an SRE model."
"Grafana's built-in integration with third-party tools, databases, and MQs is an amazing feature."
"The best feature was the creation of graphs and trends."
"This solution provides valuable insights into the health of our infrastructure in real time."
"The most valuable feature is the log aggregation, being able to scan through all of the logs."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"I like the ease with which dashboards can be created."
"The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing."
"It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
"Our clients are easily able to modify and evolve their implementations."
"The data representation options in the dashboards are excellent."
"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs."
 

Cons

"I would like the ability to download my results into any format in order to share the information with my clients."
"Lacks event management which affects our DevOps people."
"​The security needs to be improved, such as the capacity to add permissions on dashboards.​"
"The interface is not well-liked by my customers. Grafana cannot be easily embedded into certain applications and offers limited customization options for graphs."
"Setting up alerts via Grafana is a bit complicated, and alerting needs to improve."
"Grafana could consider building its own metrics system to eliminate the reliance on other tools like Prometheus, providing a one-stop solution."
"Grafana could improve by having its own query language. Currently, it uses languages like Prometheus or InfluxDB, which not everyone knows. Their query language should be easier."
"Writing queries can be a bit difficult because the syntax must be maintained."
"There is a learning curve in order to start using machine learning. We have been trying to do it for three years, and we have not managed anything. It is too complex."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"The product was difficult to back up the first time."
"It requires a significant amount of relatively complex architecture once you push past the single server instance."
"We've sometimes faced issues with upgrades. The incident review dashboard sometimes breaks after updates. When we add a space or something in the description or anywhere in the SQL, the drill-down value may be reset with a blank value. Before rolling out any software, they should test it thoroughly and ensure clients won't have issues with the upgraded version. It should be compatible with all or most of the apps. All major issues must be addressed before rolling out the upgrade."
"In terms of training. I find that some things about Splunk aren't well-explained. I see features and then go to the website but don't find good explanations."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
 

Pricing and Cost Advice

"For me, Grafana is a cheap tool because I don't have to spend much time learning the product since it is a simple solution."
"The solution is expensive."
"We use the open-source version of Grafana."
"I am using an open-source version"
"We are using the open-source license."
"Since Grafana is an open-source solution, it is free of cost."
"My company uses the open-source version of Grafana, so it's free."
"​Grafana is free and open source.​"
"I am not personally involved with the pricing of the solution."
"It is expensive, but it is a good tool. It is worth the cost."
"The solution is a little expensive."
"Splunk Enterprise Security is affordable."
"Splunk differs from other SIEM solutions by using a gigabyte-based pricing model, rather than the agent-based licenses common with its competitors."
"The price of this solution is expensive. However, it has great features. If you want a great solution you need to pay a price matching the features."
"Splunk is expensive based on our current requirements, but it's obviously worth what we pay."
"Its price is fair. Like with anything else, if you go into the cloud, different providers cost more, and you are able to throttle back or throttle up. The cost is comparable with anything else."
report
Use our free recommendation engine to learn which Application Performance Monitoring (APM) and Observability solutions are best for your needs.
850,671 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
9%
Retailer
6%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Grafana?
The product's initial setup phase was very easy.
What is your experience regarding pricing and costs for Grafana?
I used the open-source version for my learning, which was free. In an enterprise setting, pricing is reasonable, as many customers use it.
What needs improvement with Grafana?
The interface is not well-liked by my customers. Grafana cannot be easily embedded into certain applications and offers limited customization options for graphs. I think predictive capabilities in ...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Overview

 

Sample Customers

Microsoft, Adobe, Optum, Sky, Nvidia, Roblox, Wells Fargo, BlackRock, Informatica, Maersk, Daimler Truck, SNCF, Atlassian, DHL, SAP, JPMorgan Chase, Cisco, Citi and many others.
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Grafana vs. Splunk Enterprise Security and other solutions. Updated: May 2023.
850,671 professionals have used our research since 2012.