We performed a comparison between ArcSight Logger, Splunk Enterprise Security, and Sumo Logic Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."It's a robust, mature product and you can do some really complex operations and analytics."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
"We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"It provides in-depth information on business activities once we log into the system."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"It has a rapid response search environment in the event of an incident."
"The SIEM is the most valuable feature of the product."
"What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"The solution is quite stable."
"I would like to see better scheduling in the next release of this solution."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"The product's connectors should work better and the user manuals need an update."
"ArcSight has been sold two or three times, and the quality has decreased."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"The integration with other systems could be improved."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"The console in older versions is not user-friendly."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"Configuring a few apps is complex, not straightforward."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"The support that is included with the standard licensing fee is very bad."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"Sumo Logic needs to make sure integrating solutions are seamless."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"The solution should improve its UI."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"The integration with multiple sources could be better."