We performed a comparison between Splunk Enterprise Security and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The machine learning and artificial intelligence on offer are great."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The Log analytics are useful."
"Free ingestion for Azure logs (with E5 licence)"
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns."
"We are much faster finding and addressing issues with Splunk."
"It is very scalable."
"The product has a good security posture."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"The reporting aspect is good and it does what I need it to do."
"Easy to deploy and simple to use."
"We solve issues that we previously could not since we now have the data."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"Technical support is always great."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The troubleshooting has room for improvement."
"The product can be improved by reducing the cost to use AI machine learning."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"We'd like Splunk to reduce false positives."
"The solution could improve by making it more business analysis oriented. The way it is now is designed more for developers."
"The solution could improve by giving more email details."
"Cybersecurity and infrastructure monitoring have room for improvement."
"In the next releases, I would like to see more pricing flexibility."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
"The solution could use a different licensing model."
"Sumo Logic Security is expensive, and its pricing could be improved."
"The solution should improve its UI."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"The integration with multiple sources could be better."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
Splunk Enterprise Security is ranked 1st in Log Management with 227 reviews while Sumo Logic Security is ranked 22nd in Log Management with 18 reviews. Splunk Enterprise Security is rated 8.4, while Sumo Logic Security is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, VMware Aria Operations for Logs, IBM Security QRadar and Grafana Loki. See our Splunk Enterprise Security vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.