We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"It has basic out-of-the-box integrations with multiple log sources."
"The analytic rule is the most valuable feature."
"Log aggregation and data connectors are the most valuable features."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The search function for spam is like a google search. You just enter and it will quickly show you the results."
"The solution has plenty of features that are good."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"The best part of Splunk Enterprise Security is its customizable settings."
"Its integration is most valuable. Its UI is also pretty much easy."
"The most valuable feature is that it's very good for log aggregation."
"The product’s interface is intuitive."
"If they support a solution, it is easy to do an integration."
"Its cost-effectiveness is the most valuable aspect."
"The deployment is easy and they provide very good documentation."
"I like that the solution is on top of the Kubernetes stack."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"It is a stable solution."
"Wazuh is simple to use for PCI compliance."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The product can be improved by reducing the cost to use AI machine learning."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The security can be improved."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"The support that is included with the standard licensing fee is very bad."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"While it is scalable, it can suffer from reduced latencies."
"The tool doesn't detect anomalies or new environments."
"Some features, like alerting, are complex with Wazuh."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"The only challenge we faced with Wazuh was the lack of direct support."
"The deployment is a bit complex."
Splunk Enterprise Security is ranked 1st in Log Management with 221 reviews while Wazuh is ranked 3rd in Log Management with 38 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Splunk Enterprise Security is most compared with Dynatrace, IBM Security QRadar, Elastic Security, Azure Monitor and Datadog, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and USM Anywhere. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.