No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Log Management
37th
Ranking in Security Information and Event Management (SIEM)
37th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
1st
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
403
Ranking in other categories
IT Operations Analytics (1st)
 

Mindshare comparison

As of June 2026, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 1.0%, up from 0.6% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.3%, down from 9.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Splunk Enterprise Security7.3%
NetWitness Platform1.0%
Other91.7%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
Sathis-Kumar - PeerSpot reviewer
Senior Manager at Bank of America
Helps us detect cyber threats quickly and integrate multiple feeds effectively
Overall, the product is good, but when it comes to some infrastructure issues, we have to dig into more logs. There is no straightforward indication of an issue. Health check kind of dashboards are not available. More AI would help us, and more optimization, since security products run more queries. The AI module could suggest solutions, optimizing queries or workload balancing. If the product itself advises on running queries during peak times, it would be similar to what ChatGPT currently offers. We see quite a few issues on stability. Even last week, we faced something, and identifying bottlenecks is not easy. We need more SMEs, and there is no mechanism to tell us about indexer or search head issues. Self-monitoring dashboards could be beneficial. The technical support still requires more improvement. Often, primary support takes a lot of time and forwards most solutions to the engineering side. The primary support team has very limited knowledge to provide.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Integration is exceedingly minimal, since its project development is much easier than that of LogRythm or IBM."
"The most valuable features are the threat prediction and network forensics."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The detection of ransomware in the internal network has benefited my organization."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"This solution has a very good dashboard with a separate tab for incidents and alerts."
"Since the solution has been under way we have seen a large decrease of threats and proactive reactions to incidents."
"Overall, this is a good solution with suitable features and it very well fits our needs."
"Scalability-wise, the tool is awesome since you can add or reduce your resources in an easy way."
"Splunk has significantly helped with aggregation and correlation of critical logs, and not having to grep on each individual server has made everyone more efficient."
"The tool helps with advanced reports and keeps the system scalable and flexible. It provides a clear picture of the current status of any incidents. As a CISO, I see a lot of potential for future innovation, which is interesting. I've noticed better performance, especially with the reports."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"I am enjoying our implementation of risk-based alerting. That has helped very much with cutting out a lot of the noise that we have. It has reduced our alert volume significantly. There is about an 80% reduction."
"The level of robustness on offer is very good."
"Previously, it would take us days to properly analyze, triage, and respond to insider threats; now with risk-based alerting, we are able to reduce that to 10 minutes."
"With Splunk, we can do things we want and things we have not even dreamed of yet."
 

Cons

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"RSA NetWitness Logs and Packets is far behind the competition."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"Advance monitoring and alerting feature is not stable (Event Stream Analysis)."
"Cross Platform Integration could be improved."
"An area for improvement would be better automation and more inbuilt use cases."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"Splunk Enterprise Security could be improved in the dashboards that provide KPIs about environmental behavior."
"The AWS add-on is particularly problematic, with most inputs requiring manual writing due to lack of out-of-box functionality."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"I'd like a dashboard that allows me to connect elements through drag-and-drop functionality."
"The correlation of events is the most significant challenge I face when using Splunk Enterprise Security for advanced threat detection."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
 

Pricing and Cost Advice

"The product is expensive."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"We are on an annual license for the use of the solution."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"Compared to the competition, the is price is not that high."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"My customers have found the price of the solution to be high."
"Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products."
"Regarding the product's pricing, I think it has always been difficult to have a conversation with Splunk."
"The price of Splunk Enterprise Security is reasonable, falling somewhere in the middle range."
"I assume that the pricing is reasonable, because if it was too costly, there are other alternatives."
"The price can always be lower, but it is fair at the moment. The cost efficiencies depend on the licensing and how much data we are bringing in. We have a fairly large footprint, so it is cost-effective."
"It is a bit costly."
"It is expensive, but it is a good tool. It is worth the cost."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
Financial Services Firm
14%
Manufacturing Company
9%
Computer Software Company
8%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business125
Midsize Enterprise60
Large Enterprise278
 

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

RSA Security Analytics
No data available
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about NetWitness Platform vs. Splunk Enterprise Security and other solutions. Updated: June 2026.
900,747 professionals have used our research since 2012.