Try our new research platform with insights from 80,000+ expert users

Graylog vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Ranking in Log Management
15th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
No ranking in other categories
LogRhythm SIEM
Ranking in Log Management
14th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
174
Ranking in other categories
Security Information and Event Management (SIEM) (9th)
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Graylog is 6.5%, up from 5.9% compared to the previous year. The mindshare of LogRhythm SIEM is 2.0%, down from 3.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"Open source and user friendly."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"I like the correlation and the alerting."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"The initial setup is pretty easy."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"AXON has the ability to add and compare use cases."
"In general, the visibility of events and advanced analysis of events are good."
 

Cons

"Graylog can improve the index rotation as it's quite a complex solution."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Dashboards, stream alerts and parsing could be improved."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"There should be some user groups and an auto sign-in feature.​"
"I would like to see case management become more independent from LogRhythm itself."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
"I would probably look for more things to go into the web console that is currently on the fat client."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"LogRhythm NextGen SIEM is currently based only on the Windows platform. This means that some of our customers have to purchase a Windows license elsewhere. If LogRhythm can move to a Linux platform or a proprietary platform, it would be very helpful."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read."
 

Pricing and Cost Advice

"Consider Enterprise support if you have atypical needs or setup requirements.​"
"We're using the Community edition."
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"We are using the free version of the product. However, the paid version is expensive."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"Having paid official support is wise for projects."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
"NextGen SIEM's pricing is moderate."
"I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."
"LogRhythm's licensing is based on MPS. There are some add-on features like advanced UEBA, the cloud component for advanced UEBA, and SIEM."
"Look for whatever will give you the most value. That's the main point. It is not one size fits all."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
"I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway."
"The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Government
7%
University
7%
Computer Software Company
14%
Financial Services Firm
9%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models ...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
I cannot think of any specific features that LogRhythm SIEM can improve upon since it supports a wide variety of major vendors. However, they need to improve their parsing techniques; the tool shou...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Also Known As

Graylog2
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about Graylog vs. LogRhythm SIEM and other solutions. Updated: June 2025.
861,390 professionals have used our research since 2012.