We performed a comparison between Graylog, NNT Log Tracker Enterprise, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The product is scalable. The solution is stable."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"I am very proud of how very stable the solution is."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Message forwarding through the in-built module."
"The most valuable feature is the predefined reports for PCI compliance."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"File integrity monitoring is a very important function."
"This is a very easy-to-use interface with a quick ramp-up time."
"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."
"It is very stable. We have not had any problems."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"The correlation searches are most valuable just because we are able to do things like RBA."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"Positive features include replication capabilities, software development kits, and the architecture."
"It's basically one of the best SIEM products on the market."
"More customization is always useful."
"Lacks sufficient documentation."
"With technical support, you are on your own without an enterprise license."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"The correlation suite needs to be improved."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"Splunk is more expensive than other solutions."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"We find that the maintenance process could be a lot better."
"While Splunk Enterprise Security offers valuable features, its cost is high and could be more competitive."
"When you get into large amounts of data, Splunk can get pretty slow. This is the same on-premise or AWS, it doesn't matter. The way that they handle large data sets could be improved."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"If you monitor too much, you can lose performance on your systems."
