We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The automation feature is valuable."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The connectivity and analytics are great."
"There are lots of free learning materials on their website."
"It helps us uncover bottlenecks in the network."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"I like Splunk's data aggregation and search capabilities."
"Splunk works based on parsing log files."
"The best part of Splunk Enterprise Security is its customizable settings."
"Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined."
"Zabbix is both stable and scalable."
"The initial setup was very quick. The first time it was long because I didn't know it yet. I was only using Windows. The first time was very difficult because of the operating system."
"The integration capabilities and APIs are the best part."
"The most valuable feature is the support for monitoring Cisco switches."
"The integration with third-party tools and the alerts are most valuable."
"During my testing, the features that I like the most are that it can be integrated with my system, and it provides me with reports of all of my servers."
"I'm supervising all the IT departments, and Zabbix seems quite good for them. It provides graphics and information in real time. We get alerts about crashes on the system, enabling us to quickly repair issues. We can easily find devices with problems."
"They've already added extra features, such as noise-canceling and facial recognition, which is great."
"The only thing is sometimes you can have a false positive."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"Writing queries is a bit complicated sometimes."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"The analytics of Splunk could be improved."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"Zabbix is powerful, but it is difficult to understand initially. There are many things that can be improved, but we might not be using Zabbix to its fullest extent. The software has more features than we need."
"The user web interface is a little bit too basic, we need to link Zabbix to Grafana to have more options, such as graphs and charts. The interface needs to be improved. Additionally, there could be better integration with Grafana API."
"An area for improvement would be the ease of doing aggregation from the value or different devices."
"I think the reporting part of Zabbix can be improved in terms of more user-friendly graphics to display the collected data. Many simple users who don't know how to use Zabbix properly might get confused by the reporting, although at the same time it is very versatile for my company."
"Zabbix claims that there is an auto-discovery process but my team member was facing difficulty and was told that it's not really automatic, and there are some manual steps."
"I had problems using Zabbix when working with SUSE Enterprise; many companies use SUSE."
"Sometimes, the documentation is a little bit written in Estonia – a country in Europe. The language barrier and translation to English can sometimes make it difficult to understand what they're trying to get at. It's just a language thing."
"Zabbix does not draw automatic mapping of the network, this is something they should add in the future. There is a lot of effort that is involved in tailoring some of the settings which could be made easier."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 227 reviews while Zabbix is ranked 1st in Network Monitoring Software with 98 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and New Relic, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and Lenovo XClarity Controller.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.