We performed a comparison between Graylog, Splunk Enterprise Security, and USM Anywhere based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Real-time UDP/GELF logging and full text-based searching."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The solution's most valuable feature is its new interface."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders."
"The integration is seamless with many devices and operating systems."
"It helps streamline troubleshooting and log analysis."
"You can use it to gather syslog messages from anything."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"The ease of implementation is the most valuable feature."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."
"There are multiple tools for information security. The solution includes all the latest advances on the network and host intrusion detection systems."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The most valuable feature is threat intelligence."
"More customization is always useful."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"Lacks sufficient documentation."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"There should be some user groups and an auto sign-in feature."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management part."
"Configuring a few apps is complex, not straightforward."
"There can be a bit of complexity around some fields during the initial setup."
"The only thing which can be improved is that they are too subjective on whom their Splunk4Good initiative can be applied. They market it as you only need to be a nonprofit, but there is more to it."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"The solution could improve by giving more email details."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"It would be hard for any legitimate MSSP to use it."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"The dashboard could be improved as well as the level of customization."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
"The solution is a bit complicated. It could be simplified quite a bit."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."