We performed a comparison between Graylog, Snare, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Open source and user friendly."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"The product is good, it satisfies our customers."
"The flexibility of the solution is quite good."
"The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for."
"Splunk UBA is useful for fraud detection and for detection of APTs, advanced persistent threats."
"The most valuable feature is the custom dashboard feature."
"We can automatically suspend or terminate suspicious sessions."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"I would like to see some kind of visualization included in Graylog."
"With technical support, you are on your own without an enterprise license."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
"Its interface could be improved."
"Some of the queries are difficult to run and have room for improvement."
"There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices."
"This solution could be improved by better pricing in general and by easier installation."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"I'd like to see more integration with more antivirus systems."
"The solution could use a different licensing model."