We performed a comparison between Graylog, IBM Security QRadar, and IBM SevOne Network Performance Management (NPM) based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"Real-time UDP/GELF logging and full text-based searching."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Open source and user friendly."
"I am very proud of how very stable the solution is."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The monitoring and dashboards are great."
"This console gives you the entire view, which makes life easier and allows you to take precautionary measures."
"The scalability is good."
"This is a good tool to have because it gives you the ability to track what is currently happening in your environment."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"The UBA feature is the most valuable because you can see everything about users' activities."
"The most valuable features are the AI assistant, which is good at detecting known types of behavior."
"The most valuable aspect of the solution is the integration capabilities on offer."
"Data Insight reporting tool is the most valuable feature. They came up with it a couple of years ago. The most pleasing factor is the dark theme. You don't have a white background. It has templates that you can create for all kinds of reports that you can hit on the fly. It's much better printing of the reports. If you want to send PDFs to people, the reports are actually decent. Whereas for years, the old architecture of the PDFs was rubbish and even our customers said, "We have to manipulate your PDFs because they all have bad margin breaks. SevOne fixed that a couple of years ago with the new Data Insight. It's fantastic."
"The comprehensiveness of this solution's collection of network performance and flow data is one of the basics in the field for what it does. It meets all of our needs. So for all those areas, for the most straightforward collection capabilities, right up to NetFlow and even telemetry, it meets all those demands. Not only just basic or fundamental SNMP collection capability, but the product also supports what we need for the future with telemetry streaming. So it's very comprehensive."
"The network data collection has been very flexible for us. It's been thorough in areas that were lacking. They have a team that I've worked with to add other pieces to it. So if it's missing something out of the box, they work with me to add it. I was able to collect that data. It's not perfect, but it's pretty thorough."
"SevOne provides support for all universal connectors. They internally work with other data sources to get features implemented. We have an SD-WAN implementation and use other app data to monitor performance. If you pull that data into one centralized location, that is very useful for management."
"The modules and the performance management reports that come with data insights are two of the most valuable features. I also find the reports for Wi-Fi, Netflow, LAN, and WAN for monitoring to be very good."
"The out of the box reports and workflows are pretty good and they meet our requirements well."
"Another useful feature is that SevOne gives you real-time insights into your network performance. It polls every five minutes. That is important for our customers because there are some network teams that are always monitoring their networks."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Lacks sufficient documentation."
"With technical support, you are on your own without an enterprise license."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"I think that the search speed of this solution could be improved."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"The Indian tech support is not helpful."
"The implementation and configuration are not easy."
"The AQL queries could be better."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"We need to be thinking about streaming telemetry protocols. They already have the port for enhanced visualization, which they already have through Data Insight."
"When I started using it, I tried adding one of the BroadWorks application servers into SevOne... it created thousands and thousands of objects from that one application server and we immediately ran out of license... It would help, when new objects are discovered, if there were a way to categorize those objects and to pick the part of the object you need..."
"Some similar solutions offer end-to-end visibility."
"There is no service mode setup in this monitoring tool if you want to snooze alerts for any specific amount of time, to account for any activity change or major incident."
"Their virtualization solution is not compatible with our Kubernetes environment, which is one of the reasons we are ending our relationship with them."
"The GUI: both the dashboard/user view and the admin tool."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"You need to plan integrations. That has been the biggest bug with SevOne so far. For the things that SevOne pulls directly, those are easy to understand, modify, and put into the database. For things that need to use the Universal Collector or xStats, you need to plan that stuff well in advance."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
