We performed a comparison between Graylog, LogRhythm SIEM, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"I am very proud of how very stable the solution is."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"It seems like it will scale easily with the way our environment is set up."
"It allows us to automate a lot of things with a smaller team."
"Technical support is very helpful and responsive."
"The Web Console is my favorite. It enables me, at a glance, to see the health of the environments."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"The artificial intelligence engine."
"The user interface is pretty good compared to other SIEM tools."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"It is very scalable."
"This is a straightforward solution, easy to configure."
"Splunk Enterprise Security helped us with faster detection of threats."
"Its compatibility with other SIEMS is very useful."
"Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning."
"Visualizations helped the organisation with a better understanding of its KPIs."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"I would like to see some kind of visualization included in Graylog."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Dashboards, stream alerts and parsing could be improved."
"The installation was a bit complex because we are running a virtual infrastructure."
"Scalability-wise, it's not that great."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"Writing queries is a bit complicated sometimes."
"We usually have to follow up with technical support on our open cases."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"Its interface could be improved."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"The administration of the cluster and app deployment to indexers or search heads can be done only using ssh access and command line, there is no GUI tools for that."