Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs Splunk On-Call comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
312
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
Splunk On-Call
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
10
Ranking in other categories
IT Alerting and Incident Management (12th)
 

Mindshare comparison

While both are Systems Management solutions, they serve different purposes. Splunk Enterprise Security is designed for Security Information and Event Management (SIEM) and holds a mindshare of 9.5%, down 12.4% compared to last year.
Splunk On-Call, on the other hand, focuses on IT Alerting and Incident Management, holds 4.7% mindshare, down 9.9% since last year.
Security Information and Event Management (SIEM)
IT Alerting and Incident Management
 

Featured Reviews

ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
Wojtek Witowski - PeerSpot reviewer
Allows us to create flexible schedules for on-call rotations
For alerts, we could choose to get a text message, app notification, or a phone call. The phone calls were very unusable, because it just read a bunch of numbers, like an ID of the alert. If there was a way to customize the phone call message, that would be great. Later, we would try to read the message, but it wasn't great at reading that. They had some sort of internal chat functionality where if we got an alert, we could write to somebody else and ask them for help, but that was super cumbersome. There could be improvements with communicating an incident or alert. Imagine you call the help desk and you say that your computer is broken and then they say, "Actually, the internet is broken, so let us forward your alerts to the network people." And the network people say, "Actually, the electricity is the problem, so let us forward it to the electricity people." Basically, you could send the alert between the support teams inside the company.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"The flexibility of the solution is quite good."
"We can ingest and correlate data from virtually any type of system."
"Search language is easy to understand and teach to new users."
"I like the ease with which dashboards can be created."
"Splunk Enterprise Security helped improve our organization’s ability to ingest and normalize data."
"Its compatibility with other SIEMS is very useful."
"To get visibility from your network devices, servers, and security devices is a great feature."
"The alert calling feature is the best because notifications are delivered via phone messages."
"VictorOps has been good enough for us and it's effective for our needs in case of an on-call escalation process."
"The most valuable feature of the solution is helpdesk escalation."
"The flexible schedule is the most valuable feature. It was very easy to set out a rotation."
"Transmogrifier and automatic solution report gives me a report with the solution and the way to solve issues when an error occurred."
 

Cons

"Its performance can be better. Sometimes, it takes longer when we do queries."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"Their technical support sucks."
"Sometimes, the data does not match what we're looking for, or the tool contains incorrect data."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"This is not really a monitoring solution."
"I would like more assistance with use cases and help with teaching us how to use it once it's installed."
"The solution can be improved by including a wider list of permissions."
"Should have more YouTube webinars."
"At that stage, all our needs are fulfilled, but at the beginning, we had some feature requests and they were deployed during their roadmap."
"There could be improvements with communicating an incident or alert."
"The third-party configuration tool could be easier to use."
 

Pricing and Cost Advice

"The subscription is monthly."
"Splunk Enterprise Security is expensive."
"It is a bit costly."
"Splunk Enterprise Security's pricing is pretty competitive."
"The licensing costs are high for Splunk Enterprise Security."
"My experience with the solution's setup cost, pricing, and licensing was really good."
"Splunk Enterprise Security is priced lower than competitors."
"Splunk can be an expensive solution. It all depends on how we configure the alerts and the events from the endpoints. You can save some money if you do that correctly. If not, it becomes an expensive solution."
"The price of the solution could be less expensive."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
857,162 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
8%
Government
7%
Computer Software Company
35%
Manufacturing Company
11%
Financial Services Firm
11%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
Ask a question
Earn 20 points
 

Also Known As

No data available
VictorOps
 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
NVIDIA, Cisco, NBC, Rackspace, Intuit, DirectTV, NASCAR, Arrow Electronics, Alliance Health, NetApp, Edmunds, New York Times, Return Path, Sony Playstation, CA Technologies, Sphero, Symantic, HBO, Weatherford, Blackboard, Epic Games
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: June 2025.
857,162 professionals have used our research since 2012.