We compared Graylog and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Room for Improvement: Graylog could benefit from additional customization options and an improved rule-creation process. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Open source and user friendly."
"I am very proud of how very stable the solution is."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"The solution's most valuable feature is its new interface."
"This solution helps us increase our productivity."
"The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data."
"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"The search lookups are useful."
"I like the search feature and the indexing. It's very fast and comprehensive."
"Its integration is most valuable. Its UI is also pretty much easy."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"I would like to see some kind of visualization included in Graylog."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"A lot of people are averse to using new tools so if they make it even more user-friendly than it already is, I think that could go a long way."
"For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."
"Sometimes, there is latency in the logs."
"There is a definite learning curve to starting out."
"If you have to do your own stuff, such as customized charts, it is a little bit more work, but once you're familiar with the Splunk query language, you can pretty much do whatever you want. In terms of features, it should probably have the features that other competitors provide."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"It needs more formatting control without having to be an admin."
"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
Graylog is ranked 11th in Log Management with 18 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 227 reviews. Graylog is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Fortinet FortiAnalyzer. See our Graylog vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
