ArcSight Logger and Cribl both compete in the data analytics space, focusing on security information and event management (SIEM). Based on feature flexibility and cost-effectiveness, Cribl seems to have the upper hand due to its real-time data transformation and cost-efficient pricing structure.
Features: ArcSight Logger is known for its scalability, robust data collection, and seamless integration with other ArcSight products. It provides efficient real-time and historical data analysis and strong compliance adherence. Cribl specializes in real-time data transformation, data reduction, and versatile data routing across various platforms. This flexibility makes Cribl highly cost-efficient for diverse data environments.
Room for Improvement: ArcSight Logger faces challenges with speed, complex maintenance, and an outdated interface. Users also highlight its slower technical support. Cribl could enhance its documentation clarity, advanced logging capabilities, and integration with legacy systems. Improvements in historical data handling and customization could provide additional value for Cribl.
Ease of Deployment and Customer Service: ArcSight Logger mainly supports on-premises deployments with complex setups, often relying on community forums due to inconsistent customer service quality. Cribl offers deployment flexibility across public, private cloud, and hybrid environments. Cribl's technical support receives positive reviews for efficiency, but users suggest better documentation and guidance. Cribl’s flexibility is better aligned with modern infrastructure needs.
Pricing and ROI: ArcSight Logger is viewed as expensive with complex licensing, yet is considered a worthwhile investment for security-focused scenarios. Cribl offers a more favorable pricing model, particularly for organizations with large data volumes. Its strategic cost structure provides a competitive ROI, especially for those seeking operational efficiency and licensing savings.
In the case of optimization, it has helped return on investment to somewhere close to 50%.
we have saved a significant amount of time and resources moving from a manual approach to something that's more automated.
We provide pre-implementation, implementation, and post-implementation support.
They had extensive expertise with the product and were able to facilitate everything we needed.
If they could enhance their internal logging, we won't require Cribl support to engage.
The community, including the engineering and sales teams, is available on Slack and is very supportive.
It's an enterprise version, and we have a good amount of users using this solution.
I don't need to talk to a Cribl engineer to connect a new log source.
Cribl is quite scalable, as we could add worker nodes as our data grows.
I would rate the stability as ten out of ten.
If the pipeline is down and we receive an alert that it's not sending information to the log collection platform for more than one or two hours, if we receive an alert, it would be great.
Cribl is quite stable and doesn't crash; there's no unusual behavior.
Splunk does much more than SIEM, including log analysis, user behavior analysis, threat intelligence, and customer behavior analysis.
If we can have more internal logs and more debug logs to validate the error, that would be beneficial because instead of reaching out to Cribl support, we can troubleshoot and find the root cause ourselves.
In terms of large datasets—whether they originated from network inputs, virtual machines, or cloud instances—ingesting the data into the destination was relatively easy.
Since Cribl is such a large platform with numerous features, having a clear, structured approach would make it easier for me and others to understand and utilize its capabilities.
Over time, the licensing cost has increased.
Cribl is very inexpensive, with enterprise pricing around 30 cents per GB, which is really decent.
ArcSight Logger installs on very minimal resources with very few requirements
The data reduction and preprocessing capabilities make Cribl really unique.
Cribl has a feature called JSON Unroll or Unroll function that allows you to differentiate the events; each event will come ingested as a single log instead of piling it up with multiple events.
The community on Slack is excellent for solving questions and getting ideas.
Product | Market Share (%) |
---|---|
Cribl | 2.5% |
ArcSight Logger | 0.7% |
Other | 96.8% |
Company Size | Count |
---|---|
Small Business | 8 |
Midsize Enterprise | 10 |
Large Enterprise | 16 |
Company Size | Count |
---|---|
Small Business | 9 |
Midsize Enterprise | 4 |
Large Enterprise | 8 |
Cribl offers advanced data transformation and routing with features such as data reduction, plugin configurations, and log collection within a user-friendly framework supporting various deployments, significantly reducing data volumes and costs.
Cribl is designed to streamline data management, offering real-time data transformation and efficient log management. It supports seamless SIEM migration, enabling organizations to optimize costs associated with platforms like Splunk through data trimming. The capability to handle multiple data destinations and compression eases log control. With flexibility across on-prem, cloud, or hybrid environments, Cribl provides an adaptable interface that facilitates quick data model replication. While it significantly reduces data volumes, enhancing overall efficiency, there are areas for improvement, including compatibility with legacy systems and integration with enterprise products. Organizations can enhance their operational capabilities through certification opportunities and explore added functionalities tailored towards specific industry needs.
What are Cribl's most important features?Cribl sees extensive use in industries prioritizing efficient data management and cost optimization. Organizations leverage its capabilities to connect between different data sources, including cloud environments, improving both data handling and storage efficiency. Its customization options appeal to firms needing specific industry compliance and operational enhancements.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.