We performed a comparison between ArcSight Logger, Graylog, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"ArcSight provides the basic information that we want."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"It is one of the best products available in the market."
"The most valuable feature is the search capability, which is simple to use."
"ArcSight's robustness is its most valuable feature."
"The solution's most valuable feature is its new interface."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"I am very proud of how very stable the solution is."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The log aggregation is great."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"The product is adept at log mining."
"It helps us uncover bottlenecks in the network."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"There are lots of free learning materials on their website."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"The next release should have AI capabilities."
"ArcSight has been sold two or three times, and the quality has decreased."
"The platform is quite expensive. They should reduce its cost."
"In the next release, I want to see more intelligence."
"The solution could be improved in maintenance settings."
"The product's connectors should work better and the user manuals need an update."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"We have had problems with archiving."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"More customization is always useful."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"There should be some user groups and an auto sign-in feature."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"It needs integration with a configuration management solution."
"The product was difficult to back up the first time."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"Features related to content management must be improved."