The project we are working on with Splunk is short as the customer has given us two months to implement. My company is a Splunk partner.
Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.
I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.
I have been working with Splunk for three months.
Splunk is quite good if you want to scale it.
My client has some pain points with QRadar and does not feel the kilogram function is accurate. Other features do not match with the customer behavior as well. They want to replace QRadar with Splunk because they are familiar with this solution.
The initial setup of Splunk is complex. It requires a lot of equipment and uploads.
My company provides the implementation and maintenance services to our customers.
Splunk licensing requires you to purchase licenses for any feature per user. For example, if you need UEBA, it is difficult to propose in the project. QRadar has a free upcharge for UEBA. Customers cannot calculate the additional costs based on gigabytes per day because they can not forecast the future.
Due to the cost of Splunk, I recommend it for larger companies. Splunk is powerful when sorting huge amounts of data.
Implementation of Splunk takes preparation. It requires a lot of resources and needs the infrastructure to support the project.
I would rate the solution an 8 out of 10.
