We performed a comparison between Graylog, IBM SevOne Network Performance Management (NPM), and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"Open source and user friendly."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"One of the solution's biggest strengths is its capacity management performance, with out-of-the-box reports through NMS, as well as its ability to collect NetFlow-related data from devices. The collection of network performance and flow data is important because we have many critical business applications."
"It's given us the ability to create various real-time network performance reports and distribute them to any colleague who can access these reports immediately."
"Its ability to monitor practically any type of network device via SNMP is most valuable. This is the main functionality that we're using. If a network device exposes a metric, such as interface utilization, SevOne will monitor it for us."
"The out of the box reports and workflows are pretty good and they meet our requirements well."
"The feature that I have found most valuable is the scale-up and scale-down. The scale-up is an operation where the CPU boosts-up and then the memory will boost-up. That works awesomely."
"SevOne’s data collection functionality is very good. From a collection point of view, we pull SNMP data, which is simple. It is easy to manipulate the pull in the estate. It is really simple compared to some of the other products that we have used. However, for deferred data, i.e., things that we import or don't pull directly, we tend to have a preplanned integration. So, its Universal Collector is really useful."
"Flexible architecture: You can extend the system and its capacity by attaching another cluster pair."
"Data Insight reporting tool is the most valuable feature. They came up with it a couple of years ago. The most pleasing factor is the dark theme. You don't have a white background. It has templates that you can create for all kinds of reports that you can hit on the fly. It's much better printing of the reports. If you want to send PDFs to people, the reports are actually decent. Whereas for years, the old architecture of the PDFs was rubbish and even our customers said, "We have to manipulate your PDFs because they all have bad margin breaks. SevOne fixed that a couple of years ago with the new Data Insight. It's fantastic."
"From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."
"Splunk Enterprise Security's dashboards are a key asset."
"The ability to ingest any data and display it in a way that anyone can understand."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"With technical support, you are on your own without an enterprise license."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"There should be some user groups and an auto sign-in feature."
"We need to be thinking about streaming telemetry protocols. They already have the port for enhanced visualization, which they already have through Data Insight."
"The GUI: both the dashboard/user view and the admin tool."
"There are a lot of pain points. My main problem is that we don't have a high availability system. There are 20 peers. We're going to lose the end-of-life appliances that are old. If we lose a peer and it doesn't come back, we lose all that data. The reason we don't have high availability is because it's double the charge."
"The method of searching for SIP and the way to create the groups."
"One area that requires a little bit of improvement is the topology of visualization and being able to map out connections, end-to-end. It's able to do that, but it's not as impressive as we would like it to be. We would like to understand the different interface types and the connection points better, through the visualization. Heatmaps also need further development."
"The customizations are very hard. The person doing it has to be very good at analytics and has to be very good in all languages"
"There is no service mode setup in this monitoring tool if you want to snooze alerts for any specific amount of time, to account for any activity change or major incident."
"User-friendly, multi-tenancy."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"The complexity could be worked on so that it's even easier and faster."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"It does not give us permission to implement on-premise so we implement them on the cloud."
"The solution could improve by giving more email details."
"There can be a bit of complexity around some fields during the initial setup."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →