Try our new research platform with insights from 80,000+ expert users

Graylog vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Ranking in Log Management
15th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
No ranking in other categories
LogRhythm SIEM
Ranking in Log Management
14th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
174
Ranking in other categories
Security Information and Event Management (SIEM) (9th)
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Graylog is 6.5%, up from 5.9% compared to the previous year. The mindshare of LogRhythm SIEM is 2.0%, down from 3.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"I like the correlation and the alerting."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"I am very proud of how very stable the solution is."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The solution's most valuable feature is its new interface."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"The Web Console is my favorite. It enables me, at a glance, to see the health of the environments."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"In general, the visibility of events and advanced analysis of events are good."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
"It seems like it will scale easily with the way our environment is set up."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
 

Cons

"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"Graylog can improve the index rotation as it's quite a complex solution."
"More customization is always useful."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"Dashboards, stream alerts and parsing could be improved."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
"The customer support system is time-consuming."
"I would really like to see some type of group or global management for RIM policies,"
"We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."
"We've had issues with scaling and local support."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"The product's initial setup phase is pretty complex."
"It's not easy for someone new to the solution."
 

Pricing and Cost Advice

"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"Having paid official support is wise for projects."
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"It's an open-source solution that can be used free of charge."
"I use the free version of Graylog."
"NextGen SIEM's pricing is moderate."
"Look for whatever will give you the most value. That's the main point. It is not one size fits all."
"I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now."
"I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."
"I give the price a six out of ten."
"It is a very cost-effective solution."
"The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them."
"In the context of our country, the price of this solution is too high."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
862,499 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Educational Organization
7%
Government
7%
Computer Software Company
14%
Government
9%
Financial Services Firm
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models ...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
I cannot think of any specific features that LogRhythm SIEM can improve upon since it supports a wide variety of major vendors. However, they need to improve their parsing techniques; the tool shou...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Comparisons

 

Also Known As

Graylog2
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about Graylog vs. LogRhythm SIEM and other solutions. Updated: July 2025.
862,499 professionals have used our research since 2012.