Try our new research platform with insights from 80,000+ expert users

Graylog vs Netsurion comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
Log Management (15th)
Netsurion
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (5th), Security Information and Event Management (SIEM) (17th), SOC as a Service (3rd), Managed Detection and Response (MDR) (14th), Extended Detection and Response (XDR) (18th)
 

Mindshare comparison

Graylog and Netsurion aren’t in the same category and serve different purposes. Graylog is designed for Log Management and holds a mindshare of 6.5%, up 5.9% compared to last year.
Netsurion, on the other hand, focuses on Managed Security Services Providers (MSSP), holds 0.8% mindshare, up 0.7% since last year.
Log Management
Managed Security Services Providers (MSSP)
 

Featured Reviews

Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
John-Berry - PeerSpot reviewer
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Open source and user friendly."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"I am very proud of how very stable the solution is."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"What I like most about Netsurion is the level of visibility and reporting."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
 

Cons

"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"More customization is always useful."
"Everything that I've wanted has been added in. EDR was added, and MITRE was added. Those were two big ones that we didn't even have to push for."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
"I would like to see a faster response when we see things like 15,000 lockouts. I really wished that I had known that on Friday afternoon rather than waiting until I got the weekly report today. By the same token, they are looking at it from the point of view that this is a system or software malfunction. This is not a bad actor repeating the exact same password three times a second. Therefore, they can tell that this is not a bad thing. However, it's not a security event but it is an operational event for me. Knowing this sort of thing would help my team and me out more because then we would be able to clear out a lot of network traffic that we didn't know was going on. So, we would like quicker updates on non-high security events."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
"The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."
 

Pricing and Cost Advice

"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"It's an open-source solution that can be used free of charge."
"We're using the Community edition."
"We are using the free version of the product. However, the paid version is expensive."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value."
"Netsurion's pricing is extremely fair and flexible. The price of their SIEM product is reasonable, and you can pay for those services you want on top of that. It wasn't cheap, but it's competitive, and we intend to renew our contract."
"EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting."
"It is a bit expensive as compared to some of the other products that have come out in recent years. Expense-wise, the only downside is that it is not cheap."
"We have seen time and cost savings. It prevents us from having to hire specialized people for this type of work. We would need to hire six staff members to accommodate the same service."
"Netsurion's pricing is competitive. At the same time, they're the only ones who do what we want to do the way we want it. I can't say we would've paid more, but we would've had to have come up with our own solution if they weren't providing that."
"The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same."
"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Government
7%
University
7%
Computer Software Company
26%
Government
8%
Manufacturing Company
7%
Performing Arts
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models ...
What is your experience regarding pricing and costs for Netsurion Managed Threat Protection?
Their pricing is high. I don't know if it's a barrier. The quality speaks to the price. The price is the price. They provide what they promise. From a purchasing perspective, I just have to come ba...
What needs improvement with Netsurion Managed Threat Protection?
There is one area that needs improvement and that is with the agents and the server that's on-site. The system requirements are very, very high. So I need a pretty powerful server to run. If they c...
 

Comparisons

 

Also Known As

Graylog2
Netsurion Managed Threat Protection, Netsurion EventTracker
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Find out what your peers are saying about Graylog vs. Netsurion and other solutions. Updated: May 2023.
861,390 professionals have used our research since 2012.