We performed a comparison between Graylog, ManageEngine EventLog Analyzer, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"Message forwarding through the in-built module."
"Real-time UDP/GELF logging and full text-based searching."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The product is scalable. The solution is stable."
"The ability to write custom alerts is key to information security and compliance."
"It's one of the easiest products. It's very simple to use."
"I have made use of technical support and am certainly very satisfied with them."
"It is stable."
"The user interface is very good."
"The tool's reports show activities."
"What I found most useful in ManageEngine EventLog Analyzer is its integration with other ManageEngine applications. It seamlessly integrates throughout the ManageEngine suite, and that's beneficial. I also like that the solution has chain management capabilities, it has a modular approach, and it's easy to reach the support team."
"ManageEngine EventLog Analyzer is easy to gather reports to give to management. My supervisor has access to the solution and he enjoys the graphs."
"The log management has helped to improve my organization."
"It follows MITRE ATT&CK and Cyber Kill Chain frameworks. There are certain notable events for which we can configure our security posture."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"We can do things in minutes instead of days."
"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"There should be some user groups and an auto sign-in feature."
"Dashboards, stream alerts and parsing could be improved."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"The first tier of customer service and support is not great."
"There isn't good security integration when it comes to cybersecurity. The correlation of logs isn't so simple."
"It may not be as easy to use as Splunk."
"Support could improve to make the solution better."
"There's a lot to improve in terms of connectivity. Currently, we're utilizing it across various infrastructures and environments, including others' cloud. However, connecting it to our infrastructure and integrating it with some of our SMAX solutions poses difficulties."
"The solution should improve on its log capturing capabilities."
"The solution is stable. However, there are limits. For example, we can do 2,500 Syslog events per second, but if we want to do more we have to install the distributor structure, and then we can expand how many events we can do. They could improve the stability."
"What I'd like to see as an improvement to ManageEngine EventLog Analyzer is for it to be more AI-driven. Having more automation would also make the solution better."
"There is a learning curve in order to start using machine learning. We have been trying to do it for three years, and we have not managed anything. It is too complex."
"My biggest struggle with Splunk in general is memorizing all the commands. If I want to know which users have logged in between certain hours, I cannot write that query out. It would be helpful to have AI so that I can explain in simple terms what I want and then the search gives that back to me. I am waiting for that."
"Splunk's ability to analyze malicious activities scores an 8 out of 10, but there's room for improvement. By analyzing emerging patterns, Splunk could identify and predict potential threats more effectively."
"The UI can be difficult to understand for non-technical people."
"This is not really a monitoring solution."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."
"There is improvement needed when importing from some types of data sources."
More ManageEngine EventLog Analyzer Pricing and Cost Advice →