| Features | Tripwire | Splunk |
| Agent-based log collection | yes | |
| Logs deliverd over encrypted connection with compression | yes | |
| Resiliency when disconnected from management console | yes | |
| Offline data collection when disconnected from console | yes | |
| Extensive platform support | yes | |
| Remote log collection | yes | |
| Support for multi-line log file collection | yes | |
| Preservation of original log content | yes | |
| High compression ratio for storage | yes | |
| Ability to store logs centrally | yes | |
| Ability to store logs locally | yes | |
| Ability to encrypt stored log data | yes | |
| Separation of logs by location | yes | |
| Role-based access to log data | yes | |
| Scheduled archiving of logs | yes | |
| Search functionality available via REST API | yes | |
| Indexed logs für fast searching | yes | |
| Industry standard classification of events for fast searching | yes | |
| Simultaneous, multiple results windows for comparing query output | yes | |
| Scheduled reports | yes | |
| lain text and REGEX searches | yes | |
| Visual custom rule builder | yes | |
| Extensive fields available for correlation | yes | |
| Pre-built correlation rules to detect events of interest or sequences of events | yes | |
| Pre-built correlation rules for compliance requirements | yes | |
| Correlation with non-log data sources | yes | |
| Integration with security configuration management tools like Tripwire Enterprise for asset tag data | yes | |
| Dynamic correlation lists | yes | |
| Integration with Active Directory for dynamic user lists | yes | |
| Correlation Engine rules can execute custom scripts as an action | yes | |
| Correlation Engine can store events in an accessible database | yes | |
| Log forwarding to multiple destinations | yes | |
| Event forwarding from correlation rules | yes | |
| Scheduled reporting tasks | yes | |
| Pre-built and customizable dashboards | yes | |
| Correlation Engine rules can generate E-mails | yes | |
| Correlation Engine rules can generate syslog events | yes | |
| Correlation Engine rules can generate console notifications | yes | |
