Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Graylog comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Elastic Security
Ranking in Log Management
11th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
65
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Endpoint Detection and Response (EDR) (17th), Security Orchestration Automation and Response (SOAR) (8th), Extended Detection and Response (XDR) (10th)
Graylog
Ranking in Log Management
15th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Elastic Security is 3.0%, down from 6.0% compared to the previous year. The mindshare of Graylog is 6.5%, up from 5.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"Elastic is straightforward, easy to integrate, and highly customizable."
"The most valuable feature is the speed, as it responds in a very short time."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"It's very customizable, which is quite helpful."
"The stability of the solution is good."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"Open source and user friendly."
"Real-time UDP/GELF logging and full text-based searching."
"I am very proud of how very stable the solution is."
 

Cons

"We'd like to see some more artificial intelligence capabilities."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"I would like more ways to manage permissions and restrict access to certain users."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"The solution's query building is not that intuitive compared to other solutions."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"The area in Graylog that needs to be improved or enhanced would be the integrations."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
 

Pricing and Cost Advice

"Affordable but with additional costs"
"I can say that the product is cheaply priced."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"Compared to other products such as Dynatrace, this is one of the cheaper options."
"We are using the free, open-source version of this solution."
"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
"There is no charge for using the open-source version."
"This is an open-source product, so there are no costs."
"Having paid official support is wise for projects."
"I use the free version of Graylog."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"We're using the Community edition."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
863,429 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
10%
Comms Service Provider
8%
Financial Services Firm
7%
Computer Software Company
17%
Comms Service Provider
10%
Government
7%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.
What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models ...
 

Also Known As

Elastic SIEM, ELK Logstash
Graylog2
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Find out what your peers are saying about Elastic Security vs. Graylog and other solutions. Updated: July 2025.
863,429 professionals have used our research since 2012.