ArcSight Logger and Elastic Observability are two prominent solutions in the data monitoring and analysis category. Elastic Observability is often seen as superior due to its feature-rich offerings and flexibility, despite ArcSight Logger's notable security strengths.
Features: ArcSight Logger is known for strong security, compliance features, and seamless integration within large enterprises. Elastic Observability stands out with scalability, advanced search capabilities, and real-time analytics, offering agility across various situations. ArcSight focuses on security, whereas Elastic emphasizes flexibility and analytical depth.
Room for Improvement: ArcSight Logger could enhance integration with modern data sources and increase flexibility. Elastic Observability users mention the need for improved performance in large data environments and more user customization options. ArcSight's adaptation to new technologies and Elastic’s data performance optimization are key focus areas.
Ease of Deployment and Customer Service: ArcSight Logger has a structured deployment model, which some find complex but is backed by reliable customer service. Elastic Observability offers straightforward deployment with effective support, emphasizing ease over structure.
Pricing and ROI: ArcSight Logger has higher setup costs, with users reporting strong long-term ROI aligned with security benefits. Elastic Observability provides competitive pricing, offering robust ROI via data processing efficiency. ArcSight’s security benefits justify its costs, while Elastic offers cost-effective data management.
We provide pre-implementation, implementation, and post-implementation support.
Elastic support really struggles in complex situations to resolve issues.
Elastic Observability seems to have a good scale-out capability.
Elastic Observability is easy in deployment in general for small scale, but when you deploy it at a really large scale, the complexity comes with the customizations.
What is not scalable for us is not on Elastic's side.
There are some bugs that come with each release, but they are keen always to build major versions and minor versions on time, including the CVE vulnerabilities to fix it.
It is very stable, and I would rate it ten out of ten based on my interaction with it.
Elastic Observability is really stable.
Splunk does much more than SIEM, including log analysis, user behavior analysis, threat intelligence, and customer behavior analysis.
For instance, if you have many error logs and want to create a rule with a custom query, such as triggering an alert for five errors in the last hour, all you need to do is open the AI bot, type this question, and it generates an Elastic query for you to use in your alert rules.
It lacked some capabilities when handling on-prem devices, like network observability, package flow analysis, and device performance data on the infrastructure side.
Some areas such as AI Ops still require data scientists to understand machine learning and AI, and it doesn't have a quick win with no-brainer use cases.
The license is reasonably priced, however, the VMs where we host the solution are extremely expensive, making the overall cost in the public cloud high.
Elastic Observability is cost-efficient and provides all features in the enterprise license without asset-based licensing.
Observability is actually cheaper compared to logs because you're not indexing huge blobs of text and trying to parse those.
ArcSight Logger installs on very minimal resources with very few requirements
The most valuable feature is the integrated platform that allows customers to start from observability and expand into other areas like security, EDR solutions, etc.
the most valued feature of Elastic is its log analytics capabilities.
All the features that we use, such as monitoring, dashboarding, reporting, the possibility of alerting, and the way we index the data, are important.
| Product | Market Share (%) |
|---|---|
| Elastic Observability | 1.3% |
| ArcSight Logger | 0.7% |
| Other | 98.0% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 10 |
| Large Enterprise | 16 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 16 |
Elastic Observability offers a comprehensive suite for log analytics, application performance monitoring, and machine learning. It integrates seamlessly with platforms like Teams and Slack, enhancing data visualization and scalability for real-time insights.
Elastic Observability is designed to support production environments with features like logging, data collection, and infrastructure tracking. Centralized logging and powerful search functionalities make incident response and performance tracking efficient. Elastic APM and Kibana facilitate detailed data visualization, promoting rapid troubleshooting and effective system performance analysis. Integrated services and extensive connectivity options enhance its role in business and technical decision-making by providing actionable data insights.
What are the most important features of Elastic Observability?Elastic Observability is employed across industries for critical operations, such as in finance for transaction monitoring, in healthcare for secure data management, and in technology for optimizing application performance. Its data-driven approach aids efficient event tracing, supporting diverse industry requirements.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
