• Home
  • Splunk Enterprise Security vs. Zabbix

Splunk Enterprise Security vs Zabbix comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 71 Microsoft Sentinel reviews
35,430 views|20,278 comparisons
Splunk Logo

Splunk Enterprise Security

Read 71 Splunk Enterprise Security reviews
31,370 views|26,029 comparisons
Zabbix Logo

Zabbix

Read 35 Zabbix reviews
31,347 views|24,683 comparisons
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Information and Event Management (SIEM)
September 2023
Executive Summary
Updated on Sep 5, 2022

We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Splunk users share mixed reviews on deployment. Zabbix users say deployment is straightforward and fast.
  • Features: Users of both products are happy with their stability and scalability.

    Splunk users like the solution’s logging and data capabilities. Reviewers mention that the monitoring could be improved and that it is not so user-friendly.

    Zabbix users say it is a mature solution that integrates well with Microsoft Office but that its UI needs improvement.
  • Pricing: Most Splunk users say that it is an expensive solution. Zabbix is open-source and free of charge.
  • Service and Support: Most Splunk and Zabbix users are satisfied with the technical support.
  • ROI: Reviewers of both products report seeing an ROI.

Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.

To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: September 2023).
Download the complete report
734,156 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Splunk Enterprise Security but chose Microsoft Sentinel: Gives us granular visibility into traffic from multiple firewalls and proxies, and MIP Labels help secure our data
With the investigation and threat-hunting services in Sentinel, we have been able to track and map our complete traffic: Where it started from,... Read more →
Venkatesh
Good monitoring and visibility with helpful threat detection capabilities
It helps with security and making sure our infrastructure is compliant. It also allows reporting to be in one centralized location. We can monitor... Read more →
AVELINO MARTINEZ
Very user friendly, but needs more documentation to help understand how to use the product
It gave us one powerful tool to develop monitoring systems tailored to customer needs and maintenance staff.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.""The dashboard that allows me to view all the incidents is the most valuable feature.""The solution offers a lot of data on events. It helps us create specific detection strategies.""The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it.""Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases.""We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place.""We are able to deploy within half an hour and we only require one person to complete the implementation.""Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."

More Microsoft Sentinel Pros →

"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable.""The product has a good security posture.""We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing.""One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us.""Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.""The product provides visibility and enables us to correlate data and generate alerts.""Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs.""The solution helped reduce our alert volume."

More Splunk Enterprise Security Pros →

"Zabbix is a cost-effective solution. We're a small organization with a few dozen devices to monitor, and it was available for free. We can see what we need. We haven't done an in-depth analysis on it, but we're currently okay with the product.""The integration capabilities and APIs are the best part.""SNMP monitoring, source discovery, and alert triggering are most valuable.""There is a problems page that shows us every warning or problem that occurs on our VMs globally. The map screen is also really useful because this is something that was missing. I don't know every other tool in the market. So, I don't know if this is a good point of only Zabbix, or other tools are also doing it, but from my point of view, this is the most useful page that I use, along with the problems page that efficiently lists the problem, recovery time, ending hours, starting hours, and so on.""The initial setup, while not simple, is easier than other products.""Zabbix is good for discovery.""The features I found most valuable are the user interface and a wide range of network devices that are easy to configure.""We have found that Zabbix is more easy to use than other applications."

More Zabbix Pros →

Cons
"We are invoiced according to the amount of data generated within each log.""The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft.""If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome.""Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex.""Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."

More Microsoft Sentinel Cons →

"The analytics of Splunk could be improved.""The UI can be improved. Dashboards and reports can be better in terms of graphics.""Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky.""Writing queries is a bit complicated sometimes.""The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training.""The CIM model is the method Splunk uses to normalize data and categorize its important parts, but it is quite complex.""I have concerns about the architecture as well since I can see it is not very well defined.""Its interface could be improved."

More Splunk Enterprise Security Cons →

"The user web interface is a little bit too basic, we need to link Zabbix to Grafana to have more options, such as graphs and charts. The interface needs to be improved. Additionally, there could be better integration with Grafana API.""Zabbix is not easy to configure, and upgrading is also an issue.""The product could be more secure and more stable.""The solution needs to add features for finding loopholes or problems and their root causes.""Zabbix isn't a great tool for cloud-specific monitoring - its connection to public clouds needs to be improved. Other areas for improvement would be the lack of dashboards and integrations.""As far as improvements, sometimes I get a bit frustrated when I move from a previous version to a new one because some configuration has changed—I need to investigate the documentation to deal with some configuration. But it doesn't take much time, so it's okay.""The event correlation could be better.""Zabbix does not draw automatic mapping of the network, this is something they should add in the future. There is a lot of effort that is involved in tailoring some of the settings which could be made easier."

More Zabbix Cons →

Pricing and Cost Advice
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • "Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
  • "I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "The price of Splunk is reasonable."
  • "The subscription is monthly."
  • "It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
  • "It's a yearly subscription."
  • "This product could use better pricing in general."
  • "The pricing modules could be improved."
  • "This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement."
  • "It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."

    • More Splunk Enterprise Security Pricing and Cost Advice →

  • "The solution is free to use but they offer support as a paid service. If you can go read the manuals and do the fine-tuning based on your needs, you do not need to pay anything and you will have a full solution."
  • "Zabbix and Grafana are both open source products, we only needed to go to their website and download the application and we began to use them. The solutions are free."
  • "This is an open-source solution that can be used free of charge."
  • "We pay the subscription for support by year."
  • "Zabbix is a free solution but the support contact costs money."
  • "The solution is open source so is free."
  • "It is worth every cent to pay or even study to do your own installation."
  • "This solution is open-source and free to use."

    • More Zabbix Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    734,156 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What SOC product do you recommend?
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Read all 12 answers   →
    How does Splunk compare with Azure Monitor?
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Read all 2 answers   →
    What do you like most about Splunk?
    Top Answer:The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items… more »
    Read all 112 answers   →
    What do you like most about Zabbix?
    Top Answer:Zabbix helps to save time.
    Read all 51 answers   →
    What is your experience regarding pricing and costs for Zabbix?
    Top Answer:The tool's licensing costs are yearly.
    Read all 49 answers   →
    What needs improvement with Zabbix?
    Top Answer:The solution needs to add remote features.
    Read all 53 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Learn More
    Microsoft
    Splunk
    Zabbix
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Zabbix is a free software tool traditionally used for monitoring your organization’s IT infrastructure, including networks, servers, virtual machines, and cloud services. Zabbix makes it possible for you to maintain control of your infrastructure by collecting any metric from any source. The solution also offers agentless monitoring, synthetic monitoring, custom collection methods, and data transformation.

    Zabbix offers:

    • Network monitoring
    • Server monitoring
    • Cloud monitoring
    • Application monitoring
    • Service monitoring

    Zabbix Features

    Zabbix has many valuable key features, including:

    Action Log, Anomaly Detection, Auditing, Automated Actions, Availability Reports, Capacity Planning, Custom Scripts, Custom Templates, Data Retrieval, Drill-Down Reports, Encryption, Event Correlation, History Data Analysis, Metric Collection, Multiple Authentication Methods, Multiple Severity Levels, Native WMI Support for Windows Agent, Network Discovery, Notifications, Root Cause Analysis, Trend Prediction, WMI Support, Web Services Widget-based Dashboards, Zero-Maintenance

    Zabbix Benefits

    There are several benefits to implementing Zabbix. Some of the biggest advantages the solution offers include:

    • Flexible deployment options: Zabbix can be deployed on-premises or in the cloud to help you stay fully in control of your data.

    • Unlimited scalability: Zabbix is scalable to any infrastructure. It can easily scale for your personal home, or can scale for a large enterprise environment.

    • Ready-to-use templates: Zabbix comes with ready-to-use templates which makes it easy to integrate with systems you already use.

    • External vault: Zabbix enables you to keep your data secure and safe by providing an external vault storage option.

    • High availability: By using Zabbix’s high availability solution, you can negate the risk of data loss and gain 24/7 uptime.

    • Partner and vendor-backed: The solution is backed by 250+ global partners and multiple external vendors, giving you confidence in the solution.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Zabbix users.

    PeerSpot user Shibu B., Regional Manager/ Service Delivery at ASPL Info Services, says, "The solution is quite mature and very stable. The monitoring capabilities of the product are excellent.” He also adds, “The solution is very easy to scale and the product is open-source, meaning there aren't any licensing costs associated with it.”

    Julian L., Senior Specialist Critical Infrastructure at an educational organization, comments that the solution is “A complete solution that doesn't cost anything, does what I need it to do, and has easy-to-use templates and very good scalability.” He also mentions “The agents are pretty cool. They're easy to roll out. The standard out-of-the-box templates are also pretty easy to use. The integration with other learning products is also good.”

    Faycal N., CEO/Founder at Zen Networks, praises the product, mentioning, “Its overall flexibility is most valuable. When our customers have some custom applications that are not necessarily covered by the community or a standard monitoring tool, we use Zabbix to build our own modules with our own templates. This feature has been useful in using Zabbix for infrastructure and IT monitoring. It has also been useful for industrial equipment monitoring. Zabbix is very lightweight. It is efficient in terms of performance because it doesn't use a lot of resources."

    Offer
    Learn more about Microsoft Sentinel
    Learn More
    Learn more about Splunk Enterprise Security
    Learn More
    Learn more about Zabbix
    Learn More
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Bodybuilding.com, LLC., ITtelligent Consulting Services,Eltele AS, Total Server Solutions, LLC., ChinaNetCloud
    Top Industries
    REVIEWERS
    Financial Services Firm23%
    Manufacturing Company7%
    Healthcare Company7%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Government10%
    Financial Services Firm9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm16%
    Computer Software Company15%
    Government11%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government10%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company23%
    Comms Service Provider10%
    Aerospace/Defense Firm8%
    Financial Services Firm8%
    VISITORS READING REVIEWS
    Educational Organization30%
    Computer Software Company13%
    Government7%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business32%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise15%
    Large Enterprise61%
    REVIEWERS
    Small Business32%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business49%
    Midsize Enterprise20%
    Large Enterprise31%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise39%
    Large Enterprise43%
    Buyer's Guide
    Security Information and Event Management (SIEM)
    September 2023
    Download Free Report
    Find out what your peers are saying about Splunk, Microsoft, IBM and others in Security Information and Event Management (SIEM). Updated: September 2023.
    DOWNLOAD NOW
    734,156 professionals have used our research since 2012.

    Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 71 reviews while Zabbix is ranked 1st in Network Monitoring Software with 35 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.6. The top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". On the other hand, the top reviewer of Zabbix writes "Very mature, easy to scale, and free to use". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, Elastic Security, IBM Security QRadar and Datadog, whereas Zabbix is most compared with Checkmk, Nagios XI, Centreon, Nagios Core and SolarWinds NPM.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.