Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs Splunk On-Call comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
310
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
Splunk On-Call
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
10
Ranking in other categories
IT Alerting and Incident Management (12th)
 

Mindshare comparison

While both are Systems Management solutions, they serve different purposes. Splunk Enterprise Security is designed for Security Information and Event Management (SIEM) and holds a mindshare of 9.5%, down 12.4% compared to last year.
Splunk On-Call, on the other hand, focuses on IT Alerting and Incident Management, holds 4.7% mindshare, down 9.9% since last year.
Security Information and Event Management (SIEM)
IT Alerting and Incident Management
 

Featured Reviews

ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
Wojtek Witowski - PeerSpot reviewer
Allows us to create flexible schedules for on-call rotations
For alerts, we could choose to get a text message, app notification, or a phone call. The phone calls were very unusable, because it just read a bunch of numbers, like an ID of the alert. If there was a way to customize the phone call message, that would be great. Later, we would try to read the message, but it wasn't great at reading that. They had some sort of internal chat functionality where if we got an alert, we could write to somebody else and ask them for help, but that was super cumbersome. There could be improvements with communicating an incident or alert. Imagine you call the help desk and you say that your computer is broken and then they say, "Actually, the internet is broken, so let us forward your alerts to the network people." And the network people say, "Actually, the electricity is the problem, so let us forward it to the electricity people." Basically, you could send the alert between the support teams inside the company.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"Splunk has machine learning which is a valuable feature."
"Splunk has helped improve our company's resilience level."
"Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools."
"Splunk Enterprise Security helped improve our organization’s ability to ingest and normalize data."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"It is very simple to tweak or write a small piece of glue code to go ahead and create a new dashboard for a business unit to make near real-time decisions to focus more on other geographies when launching the product."
"It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
"VictorOps has been good enough for us and it's effective for our needs in case of an on-call escalation process."
"Transmogrifier and automatic solution report gives me a report with the solution and the way to solve issues when an error occurred."
"The alert calling feature is the best because notifications are delivered via phone messages."
"The most valuable feature of the solution is helpdesk escalation."
"The flexible schedule is the most valuable feature. It was very easy to set out a rotation."
 

Cons

"We usually have to follow up with technical support on our open cases."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"This is a costly solution."
"There is a definite learning curve to starting out."
"The solution's case management system could be further improved to make it easier for analysts to manage cases."
"Splunk Enterprise Security offers a vast amount of information to learn and comprehend, resulting in a challenging initial learning curve."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"The glass table feature does not perform as expected."
"The solution can be improved by including a wider list of permissions."
"At that stage, all our needs are fulfilled, but at the beginning, we had some feature requests and they were deployed during their roadmap."
"The third-party configuration tool could be easier to use."
"Should have more YouTube webinars."
"There could be improvements with communicating an incident or alert."
 

Pricing and Cost Advice

"The Splunk licensing is high."
"Splunk is a bit pricier, but the benefits and ROI are huge."
"Splunk Enterprise Security is expensive but the solution is equipped with a lot of features."
"The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele."
"Splunk Enterprise Security's pricing is competitive."
"Luckily, we come under a large federal agency, and before the pandemic, they signed a large enterprise license agreement. It worked out great and to our advantage because we are a small organization. We got a 300 gig license, and we just did not have the buying power to be able to get products cheaply. Because we all partnered together under the agency umbrella, we were able to get Splunk Enterprise Security, UBA, and ITSI for cheap. This was good considering the fact that some of these premium apps require a minimum number of users, and we do not have the number of people needed to even justify buying it."
"Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult."
"Splunk is priced higher than other solutions."
"The price of the solution could be less expensive."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
854,618 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
8%
Government
8%
Computer Software Company
35%
Manufacturing Company
11%
Financial Services Firm
11%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
Ask a question
Earn 20 points
 

Also Known As

No data available
VictorOps
 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
NVIDIA, Cisco, NBC, Rackspace, Intuit, DirectTV, NASCAR, Arrow Electronics, Alliance Health, NetApp, Edmunds, New York Times, Return Path, Sony Playstation, CA Technologies, Sphero, Symantic, HBO, Weatherford, Blackboard, Epic Games
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: May 2025.
854,618 professionals have used our research since 2012.