IT Central Station is now PeerSpot: Here's why

Which would you recommend, SolarWinds LEM or Splunk?

Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)

One of the most popular comparisons on IT Central Station is SolarWinds LEM vs Splunk.

One user says about SolarWinds LEM, "It allows us to monitor access and pull cyber reports quickly. No more searching through logs on each server. There was not much customization, which we had to do with Splunk."

Another user says about Splunk, "Splunk has helped our organization mainly on our increased use of the security side. We use Splunk to monitor all machine logins (both successful and unsuccessful) and actions taken on those machines under each user."

In your experience, which is better and why?

PeerSpot user
1818 Answers

Chingiz Abdukarimov - PeerSpot reviewer
Top 20User

I would prefer SolarWinds LEM for environments with high log volumes (e.g. network equipment at local providers, because with LEM you pay for nodes). And I would choose Splunk for wide network of any connected devices, if I need to dig logs later (because with Splunk you pay for GBs per day)

Johney Shade - PeerSpot reviewer

Comparing SolarWinds to Splunk is unwise. One responds to active monitoring where as the other uses stored data to analyze trends and can alert on events stored in the Log Files.

KedarKulkarni - PeerSpot reviewer

Like the name says SolarWinds LEM is broadly a "Log and Event Monitoring Solution". It is fantastically doing that for ages till today however, when it come to "Security Information and Event Monitoring", that solution must be able to work with all types of logs in raw / structured format, it must be able to provide a correlation between the logs and then must be able to provide the clear view on the incident that took place. Additionally, some of the vendors do provide vulnerability assessment module to help you having tight grip on your infrastructure items such as desktops, laptops, servers, manageable network devices etc. On top of these features the SIEM must provide the ready templates of reports which you may use to comply with specific needs of your industry standards or regulatory needs. Splunk has all these qualities and it also provides vulnerability assessment as one of the add on module, Unlike Solarwinds, you can also use splunk to pull specific parameters from system and then build a custom report on Infrastructure monitoring. There for I would suggest the following:

If you are looking forward to buy an SIEM solution go with Splunk

If you just need to maintain the logs in human readable format and want to be able to pull the reports based on point in time needs such as internal audit, regulators etc. and you are ok with this reactive approach then you should go with Solarwinds.

I have specifically not considered the cost in this discussion since that parameter will change according to the business needs.

Sadiq Panjwani (CISSP, ITIL, ISMS-LA, CCNP) - PeerSpot reviewer
Real User

It all depends on your specific requirement and preference, the convenience of use. In a small business environment like up to 1000 users, SolarWinds will suffice but when we go from medium to large environments, Splunk is a perfect choice. However one must look at their licensing costs for each.

Hope this helps.

Colin Jackson, CISSP, MMIS, GMON - PeerSpot reviewer
Real User

Splunk. Go with Splunk. Even Splunk light is better than LEM.

At a prior company, we got the SolarWinds suite and that included LEM. I set it up, onboarded data feeds. It could barely handle maybe 500MB/minute of data. It was flash-based, I had to restart the service a couple times a day and didn't provide value for us. That same company has since dumped LEM for Splunk Enterprise.

Splunk is scalable, very very fast, storage compression rates are around 97%, extensible, integrations off the charts, etc. I'll go with Splunk every time. Splunk vs LEM, I'd go with Wireshark 24/7 watching than LEM.

Ayodeji Abimbola - PeerSpot reviewer
Real User

Splunk is a more robust and analytically sound tool for Log monitoring. My view is that Solarwinds will be suitable for SMEs with less network security heterogeneity while Splunk can perfectly serve a Large Enterprise with wide Log Analysis needs.

MS Alam - PeerSpot reviewer
Real User

SolarWinds is good for network monitoring but analyzing for critical logs splunk is best. As my opinion splunk is best.

Jeffrey Robinette - PeerSpot reviewer

I've been able to correlate across devices and logs using nDepth in SolarWinds LEM. Many people don't realize SolarWinds has a Log analyzer, ie LEM. Most know about NPM and SAM, which should be part of your Security Tool box as well. You can see denial attacks in NPM, my old Cyber team used it for that. Is SolarWinds LEM a SIEM? appears to be. I agree with several people, Splunk for large enterprises(Large), SolarWinds LEM for Medium to small. We did very little dashboard work in LEM but the long term archiving and retrieval of old logs is clunky. Splunk is my better with its aging of logs. Costing goes to LEM.

Gangikunta Somanath - PeerSpot reviewer
Real User

Depends on Requirement. But my vote goes to Splunk due to different types of solutions they have to fit the requirement!!

John Lam - PeerSpot reviewer
Real User

Based on description, both are very good. If I have to select one, I may pick SolarWinds as it is easy to retrieve logs. But Splunk is also useful as well as it detects unauthorized usage.

Jim Wand - PeerSpot reviewer
Real User

I would use FortiSiem. It brings security from the NOC SOC together in one panel. The dashboards are great.

MS Alam - PeerSpot reviewer
Real User

I recommend for Splunk for any type of organization.

it_user822135 - PeerSpot reviewer

If we need cyber report, and to analyze information related to the event that we already collected from environment, go with Splunk.

Shunleung Chan - PeerSpot reviewer

I have no experience on SolarWinds LEM but I know that Solarwinds can keep track of the status of our servers and systems. Solarwinds is good for network monitoring while splunk is good for analysing logs. In my opinion, Splunk is not difficult to use and if your company use it, you can keep using it to analyse log. It can provide all features that Solarwinds has.

GregKiker - PeerSpot reviewer

Splunk is not truly a SIEM. SolarWinds... Eh. JASK is what people should be looking at for this type of solution.

David Esko - PeerSpot reviewer

Well in the context of a DevOps strategy, in the toolchain it would be Splunk. It’s a very good choice as long-term strategy & commitment.

I’m sorry, but I don’t know enough about Solarwind to comment.

Julian C. - PeerSpot reviewer

If I need a SIEM I would definitely go with Splunk, but only if it has the Security Essentials enabled, else it is only a Log Management platform and not a SIEM.

Kent Gladstone-USA - PeerSpot reviewer

They are different. Figure what your requirements are first. What are you going to integrate it with? Talk to the vendor are get evaluation copies.

Buyer's Guide
SolarWinds Security Event Manager vs. Splunk
July 2022
Find out what your peers are saying about SolarWinds Security Event Manager vs. Splunk and other solutions. Updated: July 2022.
620,987 professionals have used our research since 2012.