To add on to your Q & A, I have worked as a ArcSight engineer for two years and have been working with Splunk for the last two years.
One of the biggest down falls with ArcSight is getting timely technical support. Secondly the content that is out of the box, if not turned off, can cause issues with the ESM in a very short period of time because it's not data specific. Also HP also does not provide a free ready-to-use downloadable version of the ESM and connectors where you can began learning more about building rules,use cases,dashboards,active list...etc.
Splunk does provide this as well as apps along with developer license so you can build upon your skill and get hands on experience.
... View more