Related · tier-1 reading. For what a portable artifact actually is, see Portable Artifact.
Splunk solves audit log collection, search, and retention at enterprise scale. H33-74 solves cryptographic integrity of audit events that survive the SIEM, the log retention contract, and the systems that produced them.
Splunk (and similar SIEM tools — Datadog, Sumo Logic, Elastic SIEM, Microsoft Sentinel) centralize audit logs from across the enterprise for search, alerting, dashboarding, and retention. The design center is operational visibility and security analytics over log streams. Audit integrity rests on the SIEM's log ingestion and storage controls.
Both produce records of operational events. Both target audit, compliance, and security teams. Both have retention obligations driven by regulatory requirements.
Splunk and similar SIEM tools are great when the operational concern is real-time security analytics, search, alerting, and dashboarding over high-volume log streams. SIEM is the right layer for operational visibility.
H33-74 is great when the operational concern is cryptographic integrity of specific high-value events (approvals, decisions, transfers, compliance determinations) that need to survive the SIEM vendor, the retention contract, and the system that produced them. H33-74 can run alongside a SIEM, attesting to the events the SIEM also logs.
Scope of this comparison. This page compares integrity and survival properties of individual audit events, not log-search performance, alerting quality, or analytics breadth — areas where Splunk and comparable SIEMs are genuinely strong and not being disparaged.
Evidence source. Splunk's role is described from its public product documentation at docs.splunk.com (ingestion, indexing, retention model). H33-74 attributes are drawn from the receipt schema v1.0, the attestation receipt spec, and published benchmarks. Version and date: comparison prepared July 2026 against public Splunk docs; H33-74 receipt schema v1.0.
What is not being claimed. This is not a claim that H33-74 replaces a SIEM or that SIEM logs are untrustworthy in normal operation. It is not a claim of absolute or "unbreakable" security: H33-74 rests on the stated hardness of its signature families (ML-DSA / FIPS 204 and SLH-DSA / FIPS 205 finalized; FALCON / FN-DSA is FIPS 206 draft).
Canonical flagship. H33-74 produces and anchors the portable 74-byte post-quantum evidence primitive referenced here; this page reinforces that primitive rather than redefining it.
Verification path. An H33-74 receipt is verified offline by an independent verifier that recomputes the 32-byte commitment and checks the signatures with H33 out of the loop — see how verification works.
Cryptographic integrity and portability separate the evidence from the vendor and infrastructure that produced it — a difference in design center, not a verdict on either system.
Chain Portability What Gets Preserved