We performed a comparison between Splunk and Zabbix based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: In this comparison, Zabbix comes out on top. When compared to Splunk, it is easier to deploy and is open-source.
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The connectivity and analytics are great."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The main benefit is the ease of integration."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Visualizations are the best way to understand deviation techniques from the norm."
"The initial setup isn't overly complex."
"Splunk has helped improve our company's resilience level."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"UBA, User Behavior Analytics, is a key feature."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"The features I found most valuable are the user interface and a wide range of network devices that are easy to configure."
"I'm supervising all the IT departments, and Zabbix seems quite good for them. It provides graphics and information in real time. We get alerts about crashes on the system, enabling us to quickly repair issues. We can easily find devices with problems."
"The most valuable features are the monitoring and the ease with which we can set it up at customer sites with our custom Zabbix proxy and tools."
"The implementation process is very straightforward."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"There are lots of great features and functionality within the solution."
"The product is very stable."
"The best thing about Zabbix is the integration and the APIs that are included are very fast"
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"One key area that can be improved is by building a strong integration with our XDR platform."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"I think the tech support response time could be a bit better. Sometimes I need to wait more than 24 hours for a response to my tickets."
"Its interface could be improved."
"I would like to see ability to master management. In terms of clustering, how it manages clustering needs improvement."
"There is a definite learning curve to starting out."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"Technical support needs to be more responsive."
"More control with Splunk Cloud as it seems a bit limited. I used to manage an on-premise instance of Splunk Enterprise and really liked having more control over it."
"Certain sections of the developer documentation could use some updating and clarification."
"The solution needs to add features for finding loopholes or problems and their root causes."
"I am having difficulties connecting it to Grafana, as well as some of the other plugins like Kibana."
"In terms of user-friendliness, large maps could be more interactive. We should be able to click on some areas and move some objects. It would make it simpler to see things while analyzing some dedicated parameters."
"Outside of the normal standard monitoring, I would like to extend patching, importing patching, and supporting patching for Windows Servers."
"Implementation is always tailored to the customer and the kind of information we need from the client to carry it out can make them very uncomfortable. Sometimes the clients are not ready to share it."
"I would like to see a more flexible mobile client, and better HA out of the box."
"Documentation terminology could be improved."
"They should open an SSH session from the web interface."
Splunk Enterprise Security is ranked 2nd in Security Information and Event Management (SIEM) with 221 reviews while Zabbix is ranked 1st in Network Monitoring Software with 96 reviews. Splunk Enterprise Security is rated 8.4, while Zabbix is rated 8.2. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Google Chronicle Suite, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and PRTG Network Monitor.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.