Splunk Enterprise Security vs Zabbix comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 5, 2022
 

Categories and Ranking

Splunk Enterprise Security
Average Rating
8.4
Number of Reviews
295
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
Zabbix
Average Rating
8.2
Number of Reviews
101
Ranking in other categories
Application Performance Monitoring (APM) and Observability (10th), Network Monitoring Software (1st), Server Monitoring (1st), IT Infrastructure Monitoring (1st), Cloud Monitoring Software (2nd)
 

Mindshare comparison

As of July 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Splunk Enterprise Security is 10.1%, down from 12.5% compared to the previous year. The mindshare of Zabbix is 0.4%, down from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
Unique Categories:
Log Management
8.1%
IT Operations Analytics
30.3%
Application Performance Monitoring (APM) and Observability
2.5%
Network Monitoring Software
14.7%
 

Featured Reviews

SM
Jun 19, 2024
Improves our ability to handle data from applications
We managed Splunk's large clustered environments, I oversaw data collection from roughly 750 applications via universal deployment clients. This experience, coupled with my nearly six years of Splunk expertise, made monitoring application logs and creating Splunk knowledge bases straightforward tasks. While processing task cut-off tickets from the application team could be time-consuming, the actual monitoring itself was easy to manage. The end-to-end visibility provided by Splunk is important because our company uses applications like K-Connect and Splunk to monitor user activity across different sectors. Having previously worked in both healthcare and finance, I'm familiar with how this process works. We access user information including personal data to track their activity from start to finish within our systems. Splunk allows us to mark specific user data points for further analysis, ensuring we have a full view of user or patient activity within each organization we serve. Splunk helps me find security events across multi-cloud and on-prem platforms. I would identify missing data by checking the last hour's timeframe (span=1h). If on-prem or cloud data was missing, I'd investigate which logs weren't being ingested, whether an indexer was down, or if a forwarder wasn't sending data. Additionally, I'd check if the application or event log volume was overwhelming the universal forwarder, requiring a queue to process the data effectively. Splunk improves our ability to handle data from applications. This data is often unstructured or unavailable in a usable format. To make it usable, we used to normalize the logs manually through back-end commands and edit various Splunk consoles and platforms. This process transformed the data into a structured, human-readable event format, allowing us to extract the information we needed. We can identify potential malicious activity through Splunk by analyzing database logs with SQL queries. For instance, a high number of failed login attempts within a short timeframe could indicate unauthorized access attempts. Additionally, with multi-factor authentication systems like Duo, a user logging in from two geographically distant countries within a short period might be suspicious. To address this, I've developed SQL queries that check for logins within a one-hour timeframe across different countries. These queries trigger alerts on a dashboard, allowing IT to investigate the user's IP address and determine if the login is legitimate. Splunk has significantly improved our business resilience by providing a single pane of view for all our data. This visualization allows us to monitor for anomalies, including unusual application activity, unauthorized executables, and suspicious shell scripts running on both Linux and Windows servers. By triggering alerts for these events, Splunk empowers our organization to proactively identify and address potential threats, ultimately improving overall stability. Splunk allows us to easily check the data for malicious activity. It also helps reduce the alert volume by allowing us to set thresholds for alerts. For example, we only receive an alert when the CPU usage exceeds 90 percent or the number of failed logs is more than 15. Splunk helps us investigate by providing relevant context from system logs. We can search the Splunk logs for specific applications and timeframes, and then examine all the data fields for suspicious activity, failed login attempts, or any other anomalies. It helps security teams investigate threats faster by providing a central platform to collect and analyze data from various security applications. This focus on enterprise security allows teams to identify and respond to threats across the organization, leveraging frameworks like MITRE ATT&CK to match attacker techniques and tactics.
TK
Apr 19, 2024
We know right away when there are problems, offers built-in statistics and allows you to pull up graphs and basically take the parameters you want to check-in
Scalability is good. Zabbix uses proxies to manage incoming data from hosts. Since the system is receiving a lot of data, that could potentially put a real load on the server. The proxies handle some of the load from their respective clients and then feed that to the main server. For checks, Zabbix prefers that you use checks based on the data that's automatically flowing from each host rather than doing explicit checks or things like... don't go on this server and run a command except for a check. Just use the built-in checks, and we mostly do that. Some people when they switch over to Zabbix, they're not used to that. They're used to always adding regular checks, but sometimes it won't work. So, you can change it to be more on the passive check side, where the hosts don't have to do anything, and it's actually displayed on the server.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The Splunk queries are valuable."
"If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best."
"The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems."
"The benefits my company has seen from the use of Splunk Enterprise Security revolve around the speed of detection it offers."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"Splunk Enterprise Security's dashboards are a key asset."
"The solution allows easy gathering and ingestion of the data."
"The implementation process is very straightforward."
"The most valuable features in Zabbix are those that help us overcome bottlenecks in CPU usage, as well as reduce memory delay. I know that we have only reached the tip of the iceberg of what Zabbix's features can do for us, and we have not used all of them yet."
"Simple network monitoring that is easy to install and manage."
"The most valuable feature is service assurance."
"We are able to do problem determination on runaway processes."
"Zabbix helps to save time."
"Our customers also like that they don't have to use multiple modules. Micro Focus and major vendors typically require you to buy several modules and plugins. Our customers do not like that. We offer them a single product for all their monitoring needs."
"The overall functionality of Zabbix is very good. The monitoring of bank applications that Zabbix provides is great. The information is displayed on a dashboard that is easily viewed."
 

Cons

"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"It is a hugely complicated product."
"Make it easier to include roles and user controls, as it is horrible now."
"Missing capability for audio/video and image processing."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"I would like to see more SIEM functionality and a better ticket tool."
"I feel the solution to be too slow."
"For us, the initial setup was complex"
"Even though it’s such a powerful monitoring system, it would be more helpful if it had a flexible UI."
"Zabbix can use better documentation and support for troubleshooting."
"The GUI could be more intuitive. Also, we'd like streaming telemetry. Zabbix might have this feature, but I haven't seen it yet. It took us a long time to get started because the documentation isn't very descriptive. We had to go through various sources like YouTube and forums to get this solution working."
"Look and feel."
"We had some scalability issues with a large number of nodes."
"It would be helpful if they translated the documentation to Cyrillic languages."
"The event correlation could be better."
 

Pricing and Cost Advice

"I am not personally involved with the pricing of the solution."
"Licensing is a yearly, one-time cost."
"It would be nice if the pricing were cheaper. However, we did purchase it."
"Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license."
"There is an annual license required to use this solution."
"The price of Splunk is reasonable."
"Be upfront about your needs and expectations. Splunk is great to work with."
"Pricing is probably its weakest spot. As compared to some competitors, Splunk is really expensive."
"Zabbix is free but if you use it in production then you have to pay for it."
"There is no license but we need to pay for support."
"The tool's licensing costs are yearly."
"For pricing, it's free. We don't pay anything for it. They open-source the code, and people pay for support."
"This is an open-source solution that can be used free of charge."
"The tool's licensing is good."
"I was using the free, Community Edition."
"Its licensing is fair. It seems to be much cheaper than others."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
792,905 professionals have used our research since 2012.
 

Comparison Review

it_user174738 - PeerSpot reviewer
May 31, 2015
Nagios vs. Zabbix vs. PRTG vs. Spiceworks vs. Solarwinds Network Performance Monitor
I have researched a quite a few network monitoring tools which can be used for various monitoring purposes of not only the servers, but the intermediate routers as well. There are majorly three types of these softwares. Ones which are completely open-source, you can do almost anything you want…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
15%
Government
10%
Manufacturing Company
8%
Educational Organization
37%
Computer Software Company
12%
Manufacturing Company
6%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
What do you like most about Zabbix?
The template system in Zabbix is very beneficial as it saves time in configuration.
What is your experience regarding pricing and costs for Zabbix?
Zabbix's licensing and pricing are good for our needs.
What needs improvement with Zabbix?
To improve Zabbix, adding more features to support the monitoring of modern workloads like containers would be beneficial. Many environments are shifting away from traditional setups to remote and ...
 

Learn More

 

Overview

 

Sample Customers

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
1. IBM 2. Dell 3. Cisco 4. HP 5. Oracle 6. Microsoft 7. Amazon 8. Google 9. Facebook 10. Twitter 11. LinkedIn 12. Netflix 13. Adobe 14. VMware 15. Salesforce 16. SAP 17. Intel 18. AT&T 19. Verizon 20. T-Mobile 21. Vodafone 22. Ericsson 23. Nokia 24. Siemens 25. General Electric 26. Honeywell 27. Philips 28. Sony 29. Samsung 30. LG 31. Panasonic 32. Toshiba
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM). Updated: July 2024.
792,905 professionals have used our research since 2012.