Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Graylog vs LogRhythm SIEM comparison

Elastic and Graylog are both solutions in the Log Management category. Elastic is ranked #7 with an average rating of 7.7, while Graylog is ranked #15 with an average rating of 7.0. Elastic holds a 3.3% mindshare in Log Management, compared to Graylog’s 6.7% mindshare. Additionally, 86% of Elastic users are willing to recommend the solution, compared to 95% of Graylog users who would recommend it.
Elastic Security
Read 64 Elastic Security reviews
  • 7,868 Views
  • 6,668 Comparison Views
86% willing to recommend
Graylog
Read 21 Graylog reviews
  • 9,558 Views
  • 8,433 Comparison Views
95% willing to recommend
LogRhythm SIEM
Read 173 LogRhythm SIEM reviews
  • 5,914 Views
  • 3,675 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Elastic Security, Graylog, and LogRhythm SIEM based on real PeerSpot user reviews.

Find out what your peers are saying about Wazuh, Splunk, Datadog and others in Log Management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Log Management Report (Updated: April 2025).
Buyer's Guide
Log Management
April 2025
Download the complete report
Helped 851,604 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of May 2025, in the Log Management category, the mindshare of Elastic Security is 3.3%, down from 6.6% compared to the previous year. The mindshare of Graylog is 6.7%, up from 5.8% compared to the previous year. The mindshare of LogRhythm SIEM is 2.1%, down from 3.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
Read full review
Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
Read full review
Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The most valuable feature is the speed, as it responds in a very short time."
"Enables monitoring of application performance and the ability to predict behaviors."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"Elastic Security offers advanced features such as machine learning and integration with ChatGPT."
"The most valuable feature is the ability to collect authentication information from service providers."
More Elastic Security pros
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"I am very proud of how very stable the solution is."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The product is scalable. The solution is stable."
"Graylog is very handy."
More Graylog pros
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"NextGen SIEM's most valuable feature is its user-friendliness."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"I like LogRhythm's ease of use. The solution has improved compared to previous versions. It had many issues before, like integration, the console, creating reports, false positives, etc. The AI engine has made it stronger in the latest version."
"Overall, my rating for LogRhythm SIEM is nine out of ten."
"Provides visibility into the network."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"The user interface is good."
More LogRhythm SIEM pros
 

Cons

"Elastic sometimes does not correctly identify threats or anomalies. It might not classify an issue as malicious or critical accurately."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"We'd like better premium support."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"The solution should generate an automatic product that integrates with ELK Stack to use artificial intelligence."
More Elastic Security cons
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"The area in Graylog that needs to be improved or enhanced would be the integrations."
"With technical support, you are on your own without an enterprise license."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"Dashboards, stream alerts and parsing could be improved."
"More customization is always useful."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
More Graylog cons
"I would really like to see some type of group or global management for RIM policies,"
"I would like to see case management become more independent from LogRhythm itself."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"The software needs to work on its pricing."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
More LogRhythm SIEM cons
 

Pricing and Cost Advice

"The solution is free."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
"I can say that the product is cheaply priced."
"Compared to other products such as Dynatrace, this is one of the cheaper options."
"There is no charge for using the open-source version."
"Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
"We use the open-source version, so there is no charge for this solution."
More Elastic Security pricing and cost advice
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"It's an open-source solution that can be used free of charge."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"We are using the free version of the product. However, the paid version is expensive."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"Having paid official support is wise for projects."
More Graylog pricing and cost advice
"Look closely at the cost of licensing of other products. This should include setups and the need for support services. I did a RFQ to 2 other vendors before choosing this product."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
"We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that."
"I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway."
"It is a very cost-effective solution."
"The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them."
"If you don't have your staff, absolutely look into the co-pilot and factor that into your cost evaluation."
"NextGen SIEM's pricing is moderate."
More LogRhythm SIEM pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
See recommendations
851,604 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
10%
Financial Services Firm
9%
Comms Service Provider
7%
Computer Software Company
18%
Comms Service Provider
10%
Educational Organization
7%
Government
7%
Educational Organization
18%
Computer Software Company
13%
Financial Services Firm
9%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several time...
See all answers
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it con...
See all answers
What is your experience regarding pricing and costs for Elastic Security?
Since Elastic Security is community-based, it does not require significant costs. This is beneficial for SMEs as they...
See all answers
What do you like most about Graylog?
The product is scalable. The solution is stable.
See all answers
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined th...
See all answers
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potentia...
See all answers
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon you...
See all answers
What needs improvement with LogRhythm NextGen SIEM?
The SOAR capabilities need improvements as they currently require programming knowledge. A more user-friendly user in...
See all answers
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
See all answers
 

Comparisons

Wazuh vs Elastic Security Logo
Wazuh vs Elastic Security
Compared 20% of the time
CrowdStrike Falcon vs Elastic Security Logo
CrowdStrike Falcon vs Elastic Security
Compared 8% of the time
IBM Security QRadar vs Elastic Security Logo
IBM Security QRadar vs Elastic Security
Compared 7% of the time
Splunk Enterprise Security vs Elastic Security Logo
Splunk Enterprise Security vs Elastic Security
Compared 7% of the time
SentinelOne Singularity Complete vs Elastic Security Logo
SentinelOne Singularity Complete vs Elastic Security
Compared 2% of the time
More Elastic Security Competitors
Grafana Loki vs Graylog Logo
Grafana Loki vs Graylog
Compared 39% of the time
Wazuh vs Graylog Logo
Wazuh vs Graylog
Compared 24% of the time
syslog-ng vs Graylog Logo
syslog-ng vs Graylog
Compared 11% of the time
Security Onion vs Graylog Logo
Security Onion vs Graylog
Compared 5% of the time
Dynatrace vs Graylog Logo
Dynatrace vs Graylog
Compared 1% of the time
More Graylog Competitors
IBM Security QRadar vs LogRhythm SIEM Logo
IBM Security QRadar vs LogRhythm SIEM
Compared 13% of the time
Splunk Enterprise Security vs LogRhythm SIEM Logo
Splunk Enterprise Security vs LogRhythm SIEM
Compared 12% of the time
Fortinet FortiSIEM vs LogRhythm SIEM Logo
Fortinet FortiSIEM vs LogRhythm SIEM
Compared 7% of the time
Wazuh vs LogRhythm SIEM Logo
Wazuh vs LogRhythm SIEM
Compared 5% of the time
Fortinet FortiAnalyzer vs LogRhythm SIEM Logo
Fortinet FortiAnalyzer vs LogRhythm SIEM
Compared 2% of the time
More LogRhythm SIEM Competitors
 

Product Reports

Buyer's Guide
Elastic Security
May 2025
Elastic Security reportDownload Elastic Security product report
Buyer's Guide
Graylog
May 2025
Graylog reportDownload Graylog product report
Buyer's Guide
LogRhythm SIEM
May 2025
LogRhythm SIEM reportDownload LogRhythm SIEM product report
 

Also Known As

Elastic SIEM, ELK Logstash
Graylog2
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.


Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

Additional offerings and benefits:

  • The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
  • It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
  • With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

Elastic

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

  • Considerably faster analysis speeds.
  • More robust and easier-to-use analysis platform.
  • Simpler administration and infrastructure management.
  • Lower cost than alternatives.
  • Full-scale customer service.
  • No expensive training or tool experts required.
Graylog

LogRhythm SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, LogRhythm SIEM is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyberthreats. Ultimately, LogRhythm SIEM is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. LogRhythm SIEM is for organizations that require an on-premises solution and offers:

● Streamlined workflow

● Secure data access

● Real-time visibility

● A unified user experience

● Management customization

Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology addresses threats before they become significant financial risks while simultaneously helping better manage an organization’s assets.

LogRhythm SIEM has many key features and capabilities, including:

High-Performance Log Management: LogRhythm SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.

Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.

SmartResponse™ Automation: LogRhythm SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.

Automated Machine Analytics: LogRhythm SIEM's AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.

Case and Security Incident Management: LogRhythm SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.

User and entity behavior analytics (UEBA): Embedded deterministic UEBA monitoring helps protect against insider threats.

Security orchestration, automation, and response (SOAR): LogRhythm SIEM includes our embedded SOAR solution to increase efficiency and higher-quality incident response with low mean time to response (MTTR).

Benefits to Using LogRhythm SIEM

The platform offers great value to security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.

● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.

● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.

Reviews from Real Users

LogRhythm SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.

Jason G., a senior cybersecurity engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."

Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”

LogRhythm
 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Buyer's Guide
Log Management
April 2025
Download Free Report
Find out what your peers are saying about Wazuh, Splunk, Datadog and others in Log Management. Updated: April 2025.
DOWNLOAD NOW
851,604 professionals have used our research since 2012.