ArcSight Logger and Cribl are key players in log management and data processing, respectively. ArcSight Logger leads in scalability and robust log management, while Cribl offers superior flexibility in real-time data processing and integration.
Features: ArcSight Logger offers scalability and real-time correlation, effective for managing large data volumes. It supports big data analytics, provides comprehensive device support, and features multi-tenancy capabilities with quick querying. Cribl specializes in real-time data processing within pipelines, excelling in data transformation and routing. It offers flexible data reduction and masking, with seamless integration into diverse destinations.
Room for Improvement: ArcSight Logger could enhance its threat analytics and complex query capabilities without requiring additional modules. Its interface and speed are areas needing updates, along with addressing limited reporting and integration issues after the Micro Focus merger. Cribl needs improvements in documentation and integration with legacy systems. It also requires better advanced customization and faces challenges with legacy infrastructure and comprehensive alerting for real-time data.
Ease of Deployment and Customer Service: ArcSight Logger is primarily on-premises with no hybrid or cloud options, which may create operational constraints. Its technical support receives mixed reviews regarding response times and expertise, though it is praised for community and training resources. Cribl supports a wider range of deployment scenarios, including hybrid cloud, offering greater flexibility. It is often seen as more cost-effective and easier to deploy, with supportive service enabling rapid data processing.
Pricing and ROI: ArcSight Logger's pricing is high, with complex licensing, but it offers significant value for those needing comprehensive log management. Cribl is noted for cost-effectiveness, especially as data scales, providing competitive pricing compared to tools like Splunk. Both solutions deliver operational efficiencies and improvements in fraud detection, with Cribl often highlighted for its flexible pricing structure.
We provide pre-implementation, implementation, and post-implementation support.
The community, including the engineering and sales teams, is available on Slack and is very supportive.
Splunk does much more than SIEM, including log analysis, user behavior analysis, threat intelligence, and customer behavior analysis.
Perhaps more flexibility in terms of metrics would be helpful.
ArcSight Logger installs on very minimal resources with very few requirements
The community on Slack is excellent for solving questions and getting ideas.
Cribl optimizes log collection, data processing, and migration to Splunk Cloud, ensuring efficient data ingestion and management for improved operational efficiency.
Cribl offers seamless log collection directly from cloud sources, allowing users to visually extract necessary data and replay specific events for in-depth analysis. It provides robust management of events, parsing, and enrichment of data, along with effective log size reduction. Cribl is particularly beneficial for migrating enterprise logs, optimizing usage, and reducing costs while streamlining the transition between different log management tools.
What are Cribl's most important features?
What benefits and ROI should users look for?
Cribl is widely implemented in industries requiring extensive data management, such as technology and finance. Users leverage Cribl to handle log collection, processing, and migration efficiently, ensuring smooth operation and effective data analysis. It aids in managing temporary data storage during downtimes and better handling historical data, preventing data loss and allowing extended periods for viewing statistics and monitoring trends.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
