IT Central Station is now PeerSpot: Here's why

Graylog vs Splunk comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews.
12,958 views|5,175 comparisons
Graylog Logo
12,596 views|10,266 comparisons
Splunk Logo
84,966 views|71,090 comparisons
Featured Review
Buyer's Guide
Graylog vs. Splunk
May 2022
Find out what your peers are saying about Graylog vs. Splunk and other solutions. Updated: May 2022.
609,272 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them.""Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive.""In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time.""It's very, very versatile.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.""One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."

More Devo Pros →

"We're using the Community edition, but I know that it has really good dashboarding and alerts.""Graylog's search functionality, alerting functionality, user management, and dashboards are useful.""I like the correlation and the alerting."

More Graylog Pros →

"The most valuable aspect of the solution is the dashboard. It's very intuitive.""The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard.""It's basically one of the best SIEM products on the market.""With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM""The solution allows easy gathering and ingestion of the data.""The solution is very fast and succinct.""Splunk is a user-friendly solution.""Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."

More Splunk Pros →

Cons
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space.""Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data.""Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution.""Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs.""There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler.""The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts.""The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."

More Devo Cons →

"I would like to see some kind of visualization included in Graylog.""Graylog can improve the index rotation as it's quite a complex solution.""More customization is always useful."

More Graylog Cons →

"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed.""There is improvement needed when importing from some types of data sources.""Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better.""The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.""Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply.""I would like Splunk to add more integration. QRadar has many indications with more products than Splunk.""From the commercial point of view, they have to bring down their costs.""This solution could be improved by better pricing in general and by easier installation."

More Splunk Cons →

Pricing and Cost Advice
  • "We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • More Devo Pricing and Cost Advice →

  • "It's an open-source solution that can be used free of charge."
  • "We're using the Community edition."
  • More Graylog Pricing and Cost Advice →

  • "I think that most of the monitoring solutions are expensive."
  • "I think that most of the log analytics solutions are expensive and I'm not sure if it's worth it."
  • "Our customers often complain that the price of Splunk is too high."
  • "Licensing is a yearly, one-time cost."
  • "The price is comparable."
  • "The pricing model is expensive and a nightmare based on the amount of data."
  • "The solution is a little expensive."
  • "It is economical than other solutions."
  • More Splunk Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    609,272 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.
    Top Answer:The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this… more »
    Top Answer:Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support… more »
    Top Answer:We're using the Community edition, but I know that it has really good dashboarding and alerts.
    Top Answer:More customization is always useful.
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR)… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Comparisons
    Also Known As
    Graylog2
    Splunk Enterprise Security
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

    • Considerably faster analysis speeds.
    • More robust and easier-to-use analysis platform.
    • Simpler administration and infrastructure management.
    • Lower cost than alternatives.
    • Full-scale customer service.
    • No expensive training or tool experts required.

    Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

    Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about Graylog
    Learn more about Splunk
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    REVIEWERS
    Computer Software Company63%
    Comms Service Provider13%
    Retailer13%
    Insurance Company13%
    VISITORS READING REVIEWS
    Computer Software Company27%
    Comms Service Provider17%
    Government8%
    Financial Services Firm7%
    VISITORS READING REVIEWS
    Comms Service Provider27%
    Computer Software Company20%
    Government11%
    Financial Services Firm5%
    REVIEWERS
    Financial Services Firm19%
    Energy/Utilities Company11%
    Computer Software Company11%
    Government7%
    VISITORS READING REVIEWS
    Computer Software Company25%
    Comms Service Provider16%
    Financial Services Firm11%
    Government7%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise18%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise17%
    Large Enterprise62%
    REVIEWERS
    Small Business50%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise57%
    REVIEWERS
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise15%
    Large Enterprise68%
    Buyer's Guide
    Graylog vs. Splunk
    May 2022
    Find out what your peers are saying about Graylog vs. Splunk and other solutions. Updated: May 2022.
    609,272 professionals have used our research since 2012.

    Graylog is ranked 14th in Log Management with 3 reviews while Splunk is ranked 1st in Log Management with 69 reviews. Graylog is rated 8.4, while Splunk is rated 8.2. The top reviewer of Graylog writes "Stable, scalable, easy to install and maintain". On the other hand, the top reviewer of Splunk writes "Very versatile for many use cases". Graylog is most compared with Elastic Security, Wazuh, Fortinet FortiAnalyzer and syslog-ng, whereas Splunk is most compared with Microsoft Sentinel, Elastic Security, Dynatrace, IBM QRadar and AppDynamics. See our Graylog vs. Splunk report.

    See our list of best Log Management vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.