← SIEMSplunk Enterprise Security

StrongAdequateStrongStrong

4.5

Vendors › SIEM › Splunk Enterprise Security

Splunk Enterprise Security

Name: Splunk Enterprise Security
Rating: 4.45 (2130 reviews)
Author: Cisco (acquired 2024)

Cisco (acquired 2024)

Founded 2003·US·Public

4.5

Combined score

4.3580

Gartner

4.51,200

⚠

Security incident on record — Acquired by Cisco March 2024 for $28B.

▪ Editorial verdict

Splunk is the SIEM that every other SIEM is measured against. The 2,400 plus apps on Splunkbase, 11 consecutive years as a Gartner Magic Quadrant Leader, and the richest detection content library in the category through ESCU make it the default choice for organisations that need the most powerful, most customisable, most integrated SIEM available.

The trade-off is cost and complexity. Splunk per-GB pricing is the most frequently cited negative across all review platforms, with organisations regularly reporting 5 to 10 times cost overruns versus initial estimates. It also requires dedicated Splunk engineering expertise to operate effectively. For organisations without the budget and the internal capability, it delivers far less than its potential.

The verdict: Splunk Enterprise Security is right for large enterprises with the budget, the engineering resources, and the data volume to justify the investment. Organisations with tighter budgets should evaluate Microsoft Sentinel or Elastic Security, which offer far more predictable cost models.

Last reviewed: May 2026

4.3580 reviews

Gartner

4.51,200 reviews

PeerSpot

8.4350 reviews

Gartner MQ: Leader (11 consecutive years)

SIEM assessment

PROTECTIONStrong

Log source coverage

5 / 5

Widest data ingestion of any SIEM — any data source via SPL (Search Processing Language). 2,400+ apps and integrations on Splunkbase. No other SIEM approaches this breadth.

Sources: Splunkbase marketplace, Gartner MQ SIEM 2025

Detection content

5 / 5

Richest built-in detection content library — ESCU (Enterprise Security Content Updates) provides hundreds of pre-built detections mapped to MITRE ATT&CK. 11 consecutive years as Gartner MQ Leader.

Sources: Splunk ESCU documentation, Gartner MQ SIEM 2025

OPERATIONSAdequate

SOAR & automation

5 / 5

Splunk SOAR (formerly Phantom) is one of the most mature SOAR platforms in the market. Deep native integration between ES and SOAR.

Sources: Splunk SOAR documentation

Cost model

1 / 5

Most frequently cited negative in G2 and Gartner reviews — per-GB pricing becomes extremely expensive at scale. Organisations frequently report 5-10x cost overruns versus initial estimates. This is the single most documented pain point for Splunk customers.

Sources: G2 review sentiment, Gartner Peer Insights review sentiment

ANALYTICSStrong

Compliance reporting

5 / 5

Most comprehensive compliance reporting library — templates for PCI-DSS, HIPAA, SOX, ISO 27001, NIST, GDPR, and more. Industry standard for compliance-driven SIEM deployments.

Sources: Splunk documentation

TRUST & ECOSYSTEMStrong

Ecosystem support

5 / 5

Splunkbase with 2,400+ apps is the largest SIEM ecosystem by far. Active community, extensive partner network.

Sources: Splunkbase marketplace

Strongest: Log source coverage

Watch out for: Cost model

Strengths & limitations

Strengths

●Most flexible data ingestion via SPL

●Gartner MQ Leader 11 years; #1 all use cases 2025

●Unmatched ecosystem — 2,400+ apps on Splunkbase

Watch out for

●Steep SPL learning curve

●Per-GB pricing becomes extremely expensive at scale

●Cisco acquisition (2024) introduced roadmap uncertainty

Best for

Large enterprises with dedicated security teams needing maximum flexibility and the most mature SOC analytics platform.

Not suitable for: SMBs — per-GB pricing prohibitive; requires dedicated Splunk admin expertise

Compliance coverage

●Essential Eight

●AU Privacy Act

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●CMMC

●GDPR

●NIS2

●DORA

●ISO 27001

●CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Also considering

Vendors typically shortlisted alongside

← Back to SIEM Compare with other SIEM vendors →

Quick facts

Pricing modelper GB data ingested/day

Pricing range$150-$200/GB/day est.

Free trialYes — 60 days

Min seatsNo minimum

Deployment time2-8 weeks

Complexity4 / 5

Pricing transparency2 / 5

AU presenceYes

IRAP assessedYes

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportWindows, macOS, Linux

CloudAWS, Azure, GCP

Support24/7 Phone, Email, Dedicated CSM, Professional Services

Data residencyUS, EU, AU, Global

Company

Cisco (acquired 2024)

Founded 2003 · 8,000+ employees · Public

HQ: US

$3.7B revenue FY2024

Certifications

FedRAMP Moderate, SOC 2 Type II, ISO 27001, PCI-DSS, IRAP

Integrations

OktaPalo AltoCrowdStrikeMicrosoft DefenderAWSServiceNowJira