We performed a comparison between Splunk and Splunk IT Service Intelligence (ITSI) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Those 400 days of hot data mean that people can look for trends and at what happened in the past. And they can not only do so from a security point of view, but even for operational use cases. In the past, our operational norm was to keep live data for only 30 days. Our users were constantly asking us for at least 90 days, and we really couldn't even do that. That's one reason that having 400 days of live data is pretty huge. As our users start to use it and adopt this system, we expect people to be able to do those long-term analytics."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"It's very, very versatile."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"The completeness of the solution is what we like the most."
"We can easily configure things as required in relation to our use cases."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"The indexing and data collection are valuable."
"Great platform with user-friendly interface and GUI."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"The initial setup is pretty straightforward."
"The observability is great and valuable."
"In my opinion, Splunk IT Service Intelligence (ITSI) is better than QRadar. With the help of Splunk, we can get results."
"It's scalable and expands well."
"The flexibility to develop and consolidate many solutions into one platform is great."
"We liked the built-in calculation of health scores."
"ITSI's most valuable feature is that it's easy to integrate DLP."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
"Their technical support sucks."
"This is a costly solution."
"The prices are complicated as we operate in a small third-world country."
"Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
"The UI can be improved. Dashboards and reports can be better in terms of graphics."
"You do need a lot of training and certification with this product."
"It would be good if an interface was included in the next release."
"We'd like them to show more inputs on the dashboard."
"Some of our customers occasionally require the development of the connectors when there are no native connectors so that we can develop in Python or for customer slash comments as well. If they could adjust that, it would be ideal."
"The dashboard queries should be improved. More queries should be suggested in order to produce better dashboards."
"The cost of the license could be lower."
"We also faced challenges relating to UI development."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.
Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.
Splunk IT Service Intelligence (ITSI) enables IT and service leaders to prevent issues before they impact customers. Unlike traditional monitoring and analytics solutions that aggravate IT complexity, ITSI correlates and applies machine learning to all metric, event and trace data for 360 service monitoring, predictive alerting, and streamlined event management.
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Splunk is ranked 1st in Security Information and Event Management (SIEM) with 69 reviews while Splunk IT Service Intelligence (ITSI) is ranked 12th in Application Performance Management (APM) with 6 reviews. Splunk is rated 8.2, while Splunk IT Service Intelligence (ITSI) is rated 8.6. The top reviewer of Splunk writes "Very versatile for many use cases". On the other hand, the top reviewer of Splunk IT Service Intelligence (ITSI) writes "Can predict incidents before they impact your customers". Splunk is most compared with Microsoft Sentinel, Elastic Security, Dynatrace, Azure Monitor and LogRhythm NextGen SIEM, whereas Splunk IT Service Intelligence (ITSI) is most compared with Dynatrace, AppDynamics, ServiceNow IT Operations Management, Loom Systems and Zabbix. See our Splunk vs. Splunk IT Service Intelligence (ITSI) report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.