"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
"Good for log collection and log management."
"It's basically one of the best SIEM products on the market."
"The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
"We can easily configure things as required in relation to our use cases."
"It's better than IBM, in my opinion, because it's an independent entity."
"The reporting aspect is good and it does what I need it to do."
"It is very easy to use and integrate. There are connectors for every technology."
"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."
"Zabbix is scalable."
"The overall functionality of Zabbix is very good. The monitoring of bank applications that Zabbix provides is great. The information is displayed on a dashboard that is easily viewed."
"We have found that Zabbix is more easy to use than other applications."
"Setup was straightforward. Initial deployment took two or three months."
"The best thing about Zabbix is the integration and the APIs that are included are very fast"
"It has an intuitive UI with beautiful graphs and customizable maps."
"Zabbix has a roadmap and they are continuously and frequently adding new features."
"We are able to monitor our virtual infrastructure, virtual machines, windows servers, databases, and the network using a simple network management protocol. We are able to pull almost all the metrics that we want, receive notifications, and have them integrate with telegrams for certain devices that are critical, such as UPSs."
"Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"If you monitor too much, you can lose performance on your systems."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"We had some connections issues with the solution at the beginning."
"The graphical user interface could be customized a little bit more, and also the dashboard could be more friendly."
"Zabbix claims that there is an auto-discovery process but my team member was facing difficulty and was told that it's not really automatic, and there are some manual steps."
"Zabbix isn't very good at automation just yet."
"The only improvement I would suggest, revolves around its AI and ML capabilities."
"As far as improvements, sometimes I get a bit frustrated when I move from a previous version to a new one because some configuration has changed—I need to investigate the documentation to deal with some configuration. But it doesn't take much time, so it's okay."
"Zabbix does not draw automatic mapping of the network, this is something they should add in the future. There is a lot of effort that is involved in tailoring some of the settings which could be made easier."
"I would like to see a more flexible mobile client, and better HA out of the box."
"It could be more stable."
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Splunk is ranked 1st in Security Information and Event Management (SIEM) with 69 reviews while Zabbix is ranked 1st in Network Monitoring Software with 50 reviews. Splunk is rated 8.2, while Zabbix is rated 8.2. The top reviewer of Splunk writes "Very versatile for many use cases". On the other hand, the top reviewer of Zabbix writes "Very mature, easy to scale, and free to use". Splunk is most compared with Microsoft Sentinel, Elastic Security, Dynatrace, IBM QRadar and AppDynamics, whereas Zabbix is most compared with Nagios XI, Centreon, Nagios Core, PRTG Network Monitor and SolarWinds NPM.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.