We performed a comparison between Splunk and Splunk Cloud based on real PeerSpot user reviews.Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"The ability to ingest different log types from many different products in our environment is most valuable."
"The most valuable feature of Splunk is the management and built-in workflows."
"Great platform with user-friendly interface and GUI."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"The logs on the solution are excellent."
"The Splunk search is powerful compared to similar solutions. We get millions of data points within seconds."
"The solution is user friendly and has extensive uses."
"Splunk Cloud's most valuable features are log aggregations, dashboarding, business management, reporting, and business controls. Additionally, it has awesome indexing and the solution is always improving"
"The initial setup was straightforward."
"The solution is stable and reliable."
"It is very scalable."
"I really like the user interface and how it works."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"It needs integration with a configuration management solution."
"Could be more user friendly."
"You do need a lot of training and certification with this product."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"It would be nice if they had a wizard to construct searches, including more complex searches that include math or statistics."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"The Splunk interface is on-premises, so we have limited access to Splunk Cloud. Splunk support is not so good on Splunk Cloud. The Splunk side of the Splunk Cloud should also be more customizable. Integrating Splunk UBA, Splunk Phantom, and Splunk Cloud is also a bit difficult."
"I'd like to see more integration with more antivirus systems."
"The solution should also have more advanced capabilities in comparison with QRadar, which offers Watson."
"Writing queries is a bit complicated sometimes."
"There is sometimes no documentation or updated documentation available."
"Customization could be simplified."
"Splunk Cloud could improve by having pre-defined templates. It has very good design views, but there is no predefined template. You have to define your own. If they could add predefined templates for different use cases."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
Splunk is a tool that provides log management, security information, and event management solutions that help organizations easily make their machine data accessible, usable, and valuable for everybody. Splunk utilizes operational intelligence to turn machine data into valuable information by monitoring and to analyze all activities.
Splunk is ideal for data monitoring and searching, since it correlates and indexes large volumes of data into a searchable container. This enables users to create alerts, reports, and visualizations in real time. Splunk provides an in-depth, real-time view of the health and performance of all layers of your tech stack so you can optimize your system’s performance by proactively detecting errors and quickly fixing them.
These days, it is becoming more and more difficult to maintain a strong security posture. Cyber attacks are becoming more and more sophisticated, and attackers have access to more entrance points. By implementing Splunk’s threat intelligence tools, you can modernize your security operations in any setting or framework, making your corporate growth more effective and flexible. The advanced visibility that Splunk provides, allows security teams to quickly detect and remove malicious threats in their environment.
Some of the benefits of using Splunk include:
Reviews from Real Users
Splunk stands out among its competitors for a number of reasons. Two major ones are its flexible search query tools and its strong AI capabilities.
A Solutions Consultant at a tech services company notes, “It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.”
Splunk Cloud is the industry’s only enterprise-ready cloud service for machine data, offering a 100% uptime SLA and standard plans from 5GB/day to 5TB/day. Watch this video to find out how you can accelerate time-to-value and stay focused on your core business using Splunk Cloud.
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Splunk is ranked 1st in Log Management with 64 reviews while Splunk Cloud is ranked 15th in Log Management with 7 reviews. Splunk is rated 8.2, while Splunk Cloud is rated 7.6. The top reviewer of Splunk writes "Very versatile for many use cases". On the other hand, the top reviewer of Splunk Cloud writes "Easy to set up with good monitoring and security functionality". Splunk is most compared with Microsoft Sentinel, Elastic Security, Wazuh, Dynatrace and AppDynamics, whereas Splunk Cloud is most compared with Wazuh, Fortinet FortiAnalyzer, ArcSight Logger, Amazon Detective and ManageEngine Log360. See our Splunk vs. Splunk Cloud report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.