Graylog vs NetWitness Platform comparison

Graylog and NetWitness are both solutions in the Log Management category. Graylog is ranked #16 with an average rating of 6.5, while NetWitness is ranked #22 with an average rating of 7.6. Graylog holds a 6.7% mindshare in Log Management, compared to NetWitness’s 0.3% mindshare. Additionally, 95% of Graylog users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.

Graylog

Read 20 Graylog reviews

9,555 Views
8,400 Comparison Views

95% willing to recommend

NetWitness Platform

Read 37 NetWitness Platform reviews

768 Views
480 Comparison Views

75% willing to recommend

Graylog

NetWitness Platform

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 9, 2024

NetWitness Platform and Graylog are competing security solutions. NetWitness appears to hold the upper hand with its advanced analytical capabilities and comprehensive threat detection, whereas Graylog offers simplicity in deployment and strong log management efficiency.

Features: NetWitness Platform is known for advanced analytical capabilities, threat detection, and response functions, essential for large-scale environments. Its comprehensive threat intelligence helps in preemptive action against potential threats. Graylog is distinguished for efficient log management, powerful search capabilities, and flexibility due to its open-source nature, allowing for customization to fit user needs.

Room for Improvement: NetWitness could enhance reporting tools, incorporate user feedback more rapidly, and improve usability. Graylog could benefit from better integration with third-party tools, improvements to certain security features, and expanding its integrative capabilities.

Ease of Deployment and Customer Service: NetWitness has a complex deployment process that users find challenging, but it compensates with commendable customer service, which supports smoother transitions. Graylog stands out for its easy installation process, though its customer service does not reach the same level of acclaim.

Pricing and ROI: NetWitness may involve higher setup costs but offers significant ROI owing to extensive features and comprehensive security benefits. Graylog, being moderate in price, provides a good return by enhancing log management efficiency. Users find a quicker ROI with Graylog due to its effective log processing and adaptability.

To learn more, read our detailed Graylog vs. NetWitness Platform Report (Updated: April 2025).

Buyer's Guide

Graylog vs. NetWitness Platform

April 2025

Download the complete report

Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Graylog

Ranking in Log Management

16th

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

No ranking in other categories

NetWitness Platform

Ranking in Log Management

22nd

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (22nd)

Mindshare comparison

As of May 2025, in the Log Management category, the mindshare of Graylog is 6.7%, up from 5.8% compared to the previous year. The mindshare of NetWitness Platform is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

Ivan Kokalovic

DevOps Engineer at Proton Technologies

Facilitates backend service monitoring with efficient log retrieval and API flexibility

Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.

Read full review

MdZaman

IT manager at a agriculture with 10,001+ employees

Really scalable for enterprise customers

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Open source and user friendly."

"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."

"Graylog is very handy."

"The solution's most valuable feature is its new interface."

"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."

"The build is stable and requires little maintenance, even compared to some extremely expensive products."

"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."

"The ability to write custom alerts is key to information security and compliance."

More Graylog pros

"The most valuable feature is the hunting ability to work in a CERT."

"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

"The product's initial setup phase was not at all difficult."

"Performance and reporting are very good."

"The product has a user-friendly interface and a valuable feature for threat intelligence integration."

"The most valuable features are the integration and ease of use."

"The most valuable features are the packet decoder, log decoder, and concentrator."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

More NetWitness Platform pros

Cons

"Lacks sufficient documentation."

"Graylog can improve the index rotation as it's quite a complex solution."

"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."

"Dashboards, stream alerts and parsing could be improved."

"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."

"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."

"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."

"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."

More Graylog cons

"We have encountered issues with unresolved crashes."

"The product's licensing models are complex to understand. This particular area needs improvement."

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."

"An area for improvement would be better automation and more inbuilt use cases."

"The initial setup is very complex and should be simplified."

"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."

"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."

"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

More NetWitness Platform cons

Pricing and Cost Advice

"I am using a community edition. I have not looked at the enterprise offering from Graylog."

"I use the free version of Graylog."

"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."

"It's an open-source solution that can be used free of charge."

"Consider Enterprise support if you have atypical needs or setup requirements."

"You get a lot out-of-the-box with the non-enterprise version, so give it a try first."

"If you want something that works and do not have the money for Splunk or QRadar, take Graylog."

"Having paid official support is wise for projects."

More Graylog pricing and cost advice

"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."

"The product price was reasonable for my region and the market."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"It provides tools to assist in selecting the appropriate license and usage scenarios."

"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."

"It is cheap."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"We are on an annual license for the use of the solution."

More NetWitness Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

850,028 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

18%

Comms Service Provider

10%

Government

Educational Organization

Computer Software Company

19%

Financial Services Firm

18%

Government

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Graylog?

The product is scalable. The solution is stable.

See all answers

What is your experience regarding pricing and costs for Graylog?

We are using the free version of the product. However, the paid version is expensive.

See all answers

What needs improvement with Graylog?

When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work. P...

See all answers

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

Comparisons

Grafana Loki vs Graylog

Compared 39% of the time

Wazuh vs Graylog

Compared 24% of the time

syslog-ng vs Graylog

Compared 11% of the time

Security Onion vs Graylog

Compared 5% of the time

Fortinet FortiAnalyzer vs Graylog

Compared 3% of the time

More Graylog Competitors

Splunk Enterprise Security vs NetWitness Platform

Compared 28% of the time

IBM Security QRadar vs NetWitness Platform

Compared 18% of the time

Elastic Security vs NetWitness Platform

Compared 14% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 11% of the time

RSA enVision vs NetWitness Platform

Compared 10% of the time

More NetWitness Platform Competitors

Product Reports

Buyer's Guide

Graylog

April 2025

Download Graylog product report

Buyer's Guide

NetWitness Platform

April 2025

Download NetWitness Platform product report

Also Known As

Graylog2

RSA Security Analytics

Overview

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

Considerably faster analysis speeds.
More robust and easier-to-use analysis platform.
Simpler administration and infrastructure management.
Lower cost than alternatives.
Full-scale customer service.
No expensive training or tool experts required.

Graylog

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur

Los Angeles World Airports, Reply

Buyer's Guide

Graylog vs. NetWitness Platform

April 2025

Free Report: Graylog vs. NetWitness Platform

Find out what your peers are saying about Graylog vs. NetWitness Platform and other solutions. Updated: April 2025.

DOWNLOAD NOW

850,028 professionals have used our research since 2012.

See our Graylog vs. NetWitness Platform report.

See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.