We performed a comparison between Logsign Next-Gen SIEM and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The pricing of the product is excellent."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Logsign provides sample logs within the product, allowing users to see how logs will appear before integration, which is a valuable feature for testing and understanding log formats."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"It has a big user base, so the community is useful."
"There are a lot of third-party applications that can be installed."
"The solution allows easy gathering and ingestion of the data."
"Splunk setup is easy and straightforward. "
"Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data."
"I think the number one area of improvement for Sentinel would be the cost."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"I hope they address the pricing model for Logsign Next-Gen SIEM, especially regarding regional variations. The pricing should not differ based on the country of operation as it can lead to dissatisfaction among customers. A fixed pricing structure would be more favorable for us. I would also suggest enhancing the GUI interface and adding features similar to xFi Exchange from IBM Pure. This would streamline operations and save time for analysts."
"There can be a bit of complexity around some fields during the initial setup."
"It would be great if I could have a certain dialogue box in Splunk that uses innovative AI tools like ChatGPT, which are available now in the tech department."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"Missing capability for audio/video and image processing."
Logsign Next-Gen SIEM is ranked 44th in Log Management with 2 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Logsign Next-Gen SIEM is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Logsign Next-Gen SIEM writes "Easy to use and find the features that you need". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Logsign Next-Gen SIEM is most compared with Grafana Loki, Wazuh, IBM Security QRadar, ManageEngine EventLog Analyzer and Sematext Logs, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Logsign Next-Gen SIEM vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.