Graylog vs Splunk Enterprise Security comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 22, 2023

We compared Graylog and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:

  • Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution.
  • Room for Improvement: Graylog could benefit from additional customization options and an improved rule-creation process. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.

  • Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.

  • Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.

  • Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.

  • ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.

Conclusion: Users highly value Splunk's search function, session reports, and event management functionality, but the solution could be more intuitive and offer more AI-enhanced features. Graylog is recognized for its search capabilities and integration with Elasticsearc, but it lacks customization options and has higher infrastructure costs. 
To learn more, read our detailed Graylog vs. Splunk Enterprise Security Report (Updated: September 2023).
734,678 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The solution's most valuable feature is its new interface.""Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps.""One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview.""We're using the Community edition, but I know that it has really good dashboarding and alerts.""What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc.""The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."

More Graylog Pros →

"Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs.""The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.""The ability to ingest different log types from many different products in our environment is most valuable.""Being able to track impossible travel logins and things of that nature is valuable. We can track user logins from various IPs, various countries, and at various times to see if everything adds up.""Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize.""Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate.""The correlation searches are most valuable just because we are able to do things like RBA.""The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."

More Splunk Enterprise Security Pros →

"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic.""It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community.""More customization is always useful.""Its scalability gets complicated when we have to update or edit multiple nodes.""Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous.""Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."

More Graylog Cons →

"Splunk could add more ways to manage archiving and storage. There isn't a web interface. You can do this on the SaaS version, but the on-premise platform doesn't have this option. It has other things but no option for remote NAS. I would like to have a personal web interface where I can specify how long logs should be stored. To have this readily available on the web, you need to adjust some settings on the backend. That is tricky.""The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it.""The product could be cheaper.""The UI can be improved. Dashboards and reports can be better in terms of graphics.""Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine.""The glass table feature does not perform as expected.""The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use.""Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."

More Splunk Enterprise Security Cons →

Pricing and Cost Advice
  • "We're using the Community edition."
  • "Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
  • "There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
  • "It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
  • More Graylog Pricing and Cost Advice →

  • "The price of Splunk is reasonable."
  • "The subscription is monthly."
  • "It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
  • "It's a yearly subscription."
  • "This product could use better pricing in general."
  • "The pricing modules could be improved."
  • "This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement."
  • "It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."
  • More Splunk Enterprise Security Pricing and Cost Advice →

    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    734,678 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The solution's most valuable feature is its new interface.
    Top Answer:Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license.
    Top Answer:They depleted the legacy alarm callback feature from the current version. They should make it available in the newest version as well. Also, they should include SSO integration in Graylog 5.0's… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also,… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we… more »
    out of 73 in Log Management
    Average Words per Review
    out of 73 in Log Management
    Average Words per Review
    Also Known As
    Learn More

    Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

    • Considerably faster analysis speeds.
    • More robust and easier-to-use analysis platform.
    • Simpler administration and infrastructure management.
    • Lower cost than alternatives.
    • Full-scale customer service.
    • No expensive training or tool experts required.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Learn more about Graylog
    Learn more about Splunk Enterprise Security
    Sample Customers
    Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP,, Twilio, Deutsche Presse-Agentur
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    Computer Software Company17%
    Comms Service Provider10%
    Educational Organization7%
    Financial Services Firm16%
    Computer Software Company15%
    Energy/Utilities Company8%
    Financial Services Firm15%
    Computer Software Company15%
    Manufacturing Company7%
    Company Size
    Small Business54%
    Large Enterprise46%
    Small Business29%
    Midsize Enterprise17%
    Large Enterprise54%
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Buyer's Guide
    Graylog vs. Splunk Enterprise Security
    September 2023
    Find out what your peers are saying about Graylog vs. Splunk Enterprise Security and other solutions. Updated: September 2023.
    734,678 professionals have used our research since 2012.

    Graylog is ranked 11th in Log Management with 6 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 71 reviews. Graylog is rated 7.6, while Splunk Enterprise Security is rated 8.4. The top reviewer of Graylog writes "Real-time analysis, easy setup, and open source". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Graylog is most compared with Wazuh, syslog-ng, Elastic Security, Fortinet FortiAnalyzer and Grafana Loki, whereas Splunk Enterprise Security is most compared with Wazuh, Microsoft Sentinel, Dynatrace, Elastic Security and New Relic. See our Graylog vs. Splunk Enterprise Security report.

    See our list of best Log Management vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.