Try our new research platform with insights from 80,000+ expert users

Splunk Enterprise Security vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk Enterprise Security
Ranking in Log Management
1st
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
304
Ranking in other categories
IT Operations Analytics (1st)
Wazuh
Ranking in Log Management
2nd
Ranking in Security Information and Event Management (SIEM)
2nd
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
45
Ranking in other categories
Extended Detection and Response (XDR) (3rd)
 

Mindshare comparison

As of February 2025, in the Log Management category, the mindshare of Splunk Enterprise Security is 7.8%, down from 12.0% compared to the previous year. The mindshare of Wazuh is 15.2%, up from 13.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The correlation capabilities are the first value that our clients say they like with Splunk."
"Its compatibility with other SIEMS is very useful."
"The speed of the search engine"
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"We can extract the metrics we want on the dashboards. We are able to react to the incidents."
"Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"The MITRE ATT&CK correlation is most valuable."
"It is a stable solution."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Wazuh is simple to use for PCI compliance."
"The most valuable feature of Wazuh is its EDR capabilities."
"Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs."
"The main thing I like about it is that it has an EDR."
"The deployment is easy and they provide very good documentation."
 

Cons

"Splunk is more expensive than other solutions."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"We'd like to see a more seamless cloud-based integration."
"The support that is included with the standard licensing fee is very bad."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"Splunk has a steeper learning curve, making it feel less user-friendly."
"Make it easier to include roles and user controls, as it is horrible now."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"The tool doesn't detect anomalies or new environments."
"Integration with Vyara could be better."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"The deployment is a bit complex."
"I want more support for regional compliance standards to serve my ANZ region customers better."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
 

Pricing and Cost Advice

"Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
"The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele."
"The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution."
"Splunk ES is quite expensive compared to some products on the market."
"It is a bit costly."
"Splunk Enterprise Security is an expensive solution."
"Splunk Enterprise becomes extremely expensive after the 20GB/month license."
"It would be nice if the pricing were cheaper. However, we did purchase it."
"Wazuh is an open-source tool, which means it is freely available for use."
"Wazuh is not an expensive solution."
"Wazuh is free and open source."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"Wazuh is a good tool, but the open-source version has scalability limitations."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"Wazuh has a community edition, and I was using that. It's free and open source."
"The current pricing is open source."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
833,108 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
Computer Software Company
16%
Comms Service Provider
8%
Government
7%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
I am investigating more about the community support for Wazuh. I can't provide a definitive answer yet. An issue I noticed is with tag values in certain rules not functioning properly. It's unclear...
What is your primary use case for Wazuh?
I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and...
 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Information Not Available
Find out what your peers are saying about Splunk Enterprise Security vs. Wazuh and other solutions. Updated: January 2025.
833,108 professionals have used our research since 2012.