Try our new research platform with insights from 80,000+ expert users

Graylog vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Ranking in Log Management
15th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
No ranking in other categories
LogRhythm SIEM
Ranking in Log Management
14th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
174
Ranking in other categories
Security Information and Event Management (SIEM) (9th)
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Graylog is 6.5%, up from 5.9% compared to the previous year. The mindshare of LogRhythm SIEM is 2.0%, down from 3.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"It has data adapters and lookup tables that utilize HTTP calls to APIs."
"The ability to write custom alerts is key to information security and compliance."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"Technical support has always been helpful."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"The user interface is good."
 

Cons

"Graylog can improve the index rotation as it's quite a complex solution."
"Lacks sufficient documentation."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"More customization is always useful."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
"It is a product that is very hard to use."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read."
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
"The software needs to work on its pricing."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
 

Pricing and Cost Advice

"It's an open-source solution that can be used free of charge."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"I use the free version of Graylog."
"We're using the Community edition."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"Having paid official support is wise for projects."
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"Everything is expensive with LogRhythm, and you don't get anything for free."
"NextGen SIEM's pricing is moderate."
"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
"The pricing is very reasonable and accessible compared to other products in the market but I am not very sure about the exact licensing cost per year for our company."
"I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."
"I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway."
"The product is inexpensive than other tools."
"We did a five-year agreement. We pay close to a quarter of a million dollars for our solution."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Government
7%
University
7%
Computer Software Company
14%
Financial Services Firm
9%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models ...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
I cannot think of any specific features that LogRhythm SIEM can improve upon since it supports a wide variety of major vendors. However, they need to improve their parsing techniques; the tool shou...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Also Known As

Graylog2
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about Graylog vs. LogRhythm SIEM and other solutions. Updated: June 2025.
861,170 professionals have used our research since 2012.