Splunk Enterprise vs Trend Micro Deep Security Comparison

Best tool for application event trend analysis, Effective report of logs, Useful for new users , support analyst

To generate report need some automation. Has to write query using parameters, For end users it is difficult to configure.

Great visibility, and deep info good reporting.

Setup and configuration, to get onboarded makes me reconsider the software.

Great threat analysis combined wit log analysis and deep search pattern

Hard to configure. You need to be an expert.

Splunk Enterprise is best tool to analyze the data based on different visualization. It help us to lookup distributed logs for micro-services . It enables field based lookup. For complex logging, we can use search query using expression. We can create multiple reports/charts for visualization such as a pie or bar chart for our data. Best feature what i like , We can visualize our search results and share them with others using dashboard panels. If Already have a dashboard, we can add a new panel from a report, clone from another dashboard, or add a prebuilt panel. Fully customization available. Interfaces is very flexible. We export it in different formats, or refresh it to visualize the newest data. Online Support is available through different community.

Search query builder is fully based on technical. for Non technical users, its really difficult to lookup logs. Sometimes, error thrown by query builder is more difficult to understand. Deep Learning is required to use splunk for production data. For Large application installation, it need to manage more.

Splunk makes log aggregation and log search extremely easy for micro service model architecture. UI feels easy to navigate and the query language is quite simply to learn

Sometimes log ingestion takes a lot of time , depending upon the method we use to ingest the data. Enterprise version vs on site is also an interesting choice

We use this tool primarily as a repository for syslog messages for infrastructure. It allows us to quickly analyze the logs and patterns to determine issues based on patterns. In addition it alerts very well from text based trigger alerts. These features are very easy to use and dependable.

I do not have any cons for this software. Mainly as a user it does exactly what I need it to do with no overhead and confusing interfaces.

Block security threats on endpoints. It enhances applications development.

The price is high but the results are remarkable.

All in one solution to collect logs, analysis, diagnose and report. The application has a nice console where it shows all the necessary information with some very nice graphics and information.

Free for 500M/day but a bit expensive if you need to collect more, or have the need to have more users logging in.

Security Information and Event management, log analytics, custom dashboards and workspaces

Auto upgrade management and notifications for Add-ons. Leaning more towards config file based implementation instead of UI based implementation

Enables me to monitor for fraud and cyber security threats and risks

It is great to use but it is expensive. But worth it.

Splunk can give you extreme insights into how your systems and software are functioning. Not only is the search very flexible and powerful, the customizable dashboards give a status report at a glance into trends, problems and performance. You can also set up email alerts when errors occur limiting the need to have Splunk opened on your machine all the time.

Splunk has a learning curve. They have extensive documentation but it isn't intuitive and some features are buried pretty deep. We have an onsite expert who holds bimonthly meetings to answer questions in a group forum.

Splunk gives data analytics on the application usage. And it is great tool to monitor software applications

Users need to learn SPL search processing language

The best part about Splunk is that it is incredibly flexible. Any type of log can be aggregated and its awesome to build correlation. Any thing you want to know from your data can be found with Splunk.

The ability of Splunk comes at a cost, literally. There is a free edition but if you are using it in an enterprise environment, especially if there is more than one department uses it, it will be pricey. However given the functionality its still a good value for many enterprises.

The amount of information and data that you can organize with splunk is it's best feature.

It will take some time getting used to how create dashboards and reports so that can pull the relevant data out of splunk.

The ability to use this software for security operations, data analysis, creating dashboards, generating tickets and everything else

Splunk uses its own SPL, which is not very easy to learn. However, there are lots of documentation that Splunk provides to its customers. There is paid training available which is useful for beginners to learn.

It allows me to bring a lot of information into one friendly view. It's a great security audit tool.

It has limited functionality. It is a very memory intensive system. It does not integrate with Lennox.

Easy to use tool with use in IT as well as security. Further business users can be trained easily as well.

Have not found one yet since I started using 4 years ago.

Advanced security analytics to quickly detect malicious threats within our networks and devices with rapid response and effective alert prioritization to accelerate investigation.

Great integration to collect multiple data easily and in built-threat intelligence that helps to accelerate our investigations. Full of incredible features, there is nothing to dislike.

Splunk Enterprise offers a variety of different functionalities from security to log management. It can be a tool that can do it all.

The learning curve is a bit high and the training resources available do help but can be constantly out of date.

Fast consolidation of disparate logs in an easy to search way for troubleshooting. I can find problems within my organization very quickly. Sales team was very responsive in getting me a trial license to estimate my needs.

Set up takes some time and planning. The Licensing scheme can be pretty expensive and until you've got it up and running it can be hard to estimate how much license you need.

I'm not sure from where to start in this case. We use splunk for many things but mostly to analyze the traffic on the network / firewalls. It provides us with a nice overview of what's going on. It makes it very easy to spot spikes on the network and it will provide you also with deep analyzes. For us it's an indispensable tool, probably the best tool we have.

To search for something is not always easy, however there are a lot of forums online, so finding help is not that difficult.

Splunk is provides a single tool for log aggregation, log analysis, and visualizations. Threat hunting, applying threat intelligence, and incident response are easily repeatable; pushing organizations to proactive security processes.

Splunk is expensive, especially when an organizations is exploring and building new security or data use cases. It also requires a lot of engineering maintenance, making the quality of the data highly-dependent on the skill(s) of those supporting it. Many organizations do not maximize its benefit because it is poorly managed or supported by low-skilled employees.

Its been a while since I started using Splunk Enterprise. I love its ability to cumulate data and logs from multiple sources and correlate them to help find incidents and their root cause. It consolidates logs and manages them form a central place. It is a great tool for log analysis as it segregates data and provides in depth profiling. Splunk enterprise also automates alerts and indexes on logs received.

It has a complex architecture making the learning curve quite steep

Beautiful design, that makes event logs fun. Intuitive design.

Repetitive adjustments, I wish you could save a default time format. Resources.

Through its robust log analysis and ability to collect data from different sources, we can easily perform analysis on various data and predict any future operational hazards. Splunk enterprise efficiently monitors our log activities and and gives results to any queries at faster speed than most SIEM tools.

The searches can be complex at times and the messages on query errors aren't always specific.