We compared Graylog and IBM Security QRadar based on our users' reviews in five categories. We reviewed all of the data, and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Reviews praised QRadar for its comprehensive network visibility and strong SIEM capabilities. Graylog could benefit from additional customization options and an improved rule-creation process. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. QRadar can be costly because users need to buy new hardware to upgrade.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. QRadar delivers a high return on investment, improving security through its advanced user behavior analytics.
"Real-time UDP/GELF logging and full text-based searching."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"I like the correlation and the alerting."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"Message forwarding through the in-built module."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Open source and user friendly."
"We've found the technical support to be very good."
"Customer service is very good and very helpful."
"This solution has allowed us to correlate logs from multiple sources."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"The most valuable features are the versatility of this solution and the variety of things you can do with it."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"The feature that I have found most valuable is its artificial intelligence component, Watson. Its contribution is pretty good from a machine-learning artificial intelligence perspective. This compliments the orchestration automation component, as well."
"Graylog can improve the index rotation as it's quite a complex solution."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Dashboards, stream alerts and parsing could be improved."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The solution lacks vendor support."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"The quoting and the dashboard session could be improved. It should be more user-friendly."
"While the interface is easy to use, it could be a little more responsive."
"The product does not have a team for investigating malware."
"There could be better integration with the solution."
"I would like to see more integration in place after the security lock."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
Graylog is ranked 11th in Log Management with 18 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Graylog is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Datadog, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our Graylog vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.