Try our new research platform with insights from 80,000+ expert users

Graylog vs Splunk Enterprise Security vs VMware Aria Operations for Logs comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Graylog is 6.5%, up from 5.9% compared to the previous year. The mindshare of Splunk Enterprise Security is 7.3%, down from 10.1% compared to the previous year. The mindshare of VMware Aria Operations for Logs is 1.3%, up from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
LarsChristensen - PeerSpot reviewer
Efficient troubleshooting with precise log filtering and an easy setup
The tool could benefit from improved filter settings and dashboarding. While there are dashboards available, they are often created by community members and may not work after updates. It would be beneficial to have a roadmap for these dashboards to ensure consistent functionality. It would also be advantageous if the tool could process even large amounts of data faster, though this may be more related to data movement challenges rather than the software itself.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Message forwarding through the in-built module."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Graylog is very handy."
"Real-time UDP/GELF logging and full text-based searching."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The solution's most valuable feature is the incident review, which gives a good overview of our security incidents."
"The speed of the search engine"
"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"
"The scalability is good."
"The solution's most valuable feature is threat intelligence correlations."
"The risk-based alerting is excellent."
"It gives me notifications of notable events."
"Splunk has significantly helped with aggregation and correlation of critical logs. Not having to grep on each individual server has made everyone more efficient."
"We are using it because we have a VMware product. It has its own built in dashboards for VMware products, and that's a good thing."
"It is a very useful tool if you have a VMware environment."
"The virtualization solution supports data center virtualization, network and security."
"Log Insight correlates with the VMware product log. It can assemble the logs you want, making it easier to find the output, incident, or keyword you want to search."
"The solution's simplicity, flexibility, and extensibility are valuable features as we can integrate everything in vRealize."
"It gives the customer a quick overview, so they don't have to dig. There's a clear dashboard with many sensors in a single space. He gets a helicopter view of his environment, but he can investigate further if there are serious issues. It's pretty user-friendly."
"Overall, I would recommend VMware Aria Operations for Logs because it is a good tool with many valuable features."
"The ability to narrow into a specific time to filter heavy hitters and anomalies is extremely valuable."
 

Cons

"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"With technical support, you are on your own without an enterprise license."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"I would like to see some kind of visualization included in Graylog."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
"Splunk can be an expensive solution. Technical support could be improved as well."
"It needs more formatting control without having to be an admin."
"It's costly."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"The response time and quality need improvement. It takes too long to prove a problem and get a solution."
"Customer service and support have declined. Six months ago, I would have rated it as an eight or nine. Currently, it feels more like a four, five, or six."
"Technical support should be improved."
"In vRealize login files, we have limitations regarding log partitions."
"It's great for VMware, but it would be good if they had third-party logins."
"From an improvement perspective, the tool needs to be made more user-friendly."
"The solution isn't user-friendly for admins."
"What I'd like to improve in vRealize Log Insight is the licensing model. VMware provides vRealize Log Insight along with the VMware Cloud Foundation, but customers who would like to go for the native VMware would have to procure vRealize Log Insight separately. Today, vRealize Log Insight is offered on two different licenses, one is based on the number of VMs, and the other is based on the number of physical codes on the machine. If VMware can provide a bundle offer for customers who procure more than ten licenses, where you can have an option to run, for example, three hundred machines on vRealize Log Insight with no extra cost, this would encourage more people to adopt the solution. What I'd like to see in the next release of vRealize Log Insight is for a cloud option to be available, which would be a pay-as-you-go licensing model that would allow me to pick and choose what I'll monitor. For example, I have one thousand and three hundred critical servers, and the seven hundred servers for basic development, I don't want to monitor on vRealize Log Insight today, so I should be able to pick what I need to monitor on the solution and only pay for that specific instance. If VMware can apply these changes, it would help VMware customers to procure more or adopt more of vRealize Log Insight even in smaller projects."
 

Pricing and Cost Advice

"We are using the free version of the product. However, the paid version is expensive."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"We're using the Community edition."
"It's an open-source solution that can be used free of charge."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"My customers have found the price of the solution to be high."
"It's a little bit expensive for a small to medium enterprise."
"The licensing costs are high for Splunk Enterprise Security."
"We had a yearly subscription."
"Its pricing model can be improved."
"Splunk Enterprise Security is cheaper than competitors, but I do not know whether it is just our contract."
"Splunk is definitely not a cheap solution. It is an expensive product."
"Splunk Enterprise Security is a worthwhile investment given the comprehensive range of features it offers."
"I am not sure what the exact cost is. However, I believe the vRealize suite costs $2,500.00 per year."
"The pricing has been updated recently."
"Pricing is good because it is part of the suite package. It comes in a bundle for us."
"The product's price is reasonable, but when it comes to SQL licensing, it's a bit expensive."
"The licensing cost for vRealize Log Insight is a little higher, so in terms of cost, it all depends upon what kind of environment you have. If you have a complete virtualized environment, or at least you're using a ninety-five percent virtualized environment, then vRealize Log Insight will play a very good role because it is a VMware component, so it has very tight integration with other VMware components and systems. This means you don't have to procure any other monitoring and management tool, and you don't need a separate automation tool. vRealize Log Insight will have an upper hand if your environment is purely virtualized on VMware. If you're using a mix of physical and virtual components, for example, a 50:50 ratio, then you need to have a third-party component to manage overall monitoring."
"Pricing could always be lower. If it were free, I would be more satisfied."
"I think it is a reasonably priced product."
"It is not cheap. But it is worth it."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
862,624 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Government
7%
University
7%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
8%
Government
7%
Computer Software Company
14%
Government
12%
Financial Services Firm
11%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined th...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potentia...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitor...
What do you like most about vRealize Log Insight?
The events are notably more descriptive, aiding in security and event analysis. We've also integrated Sky Collector, ...
What is your experience regarding pricing and costs for vRealize Log Insight?
The cost of using VMware Aria Operations for Logs was very high, around two to three million dollars, although the ex...
What needs improvement with vRealize Log Insight?
VMware Aria Operations for Logs is not a cost-effective tool. Changing any telemetry requires creating a new template...
 

Also Known As

Graylog2
No data available
vRealize Log Insight
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Wildlands Adventure Zoo, Medic Mobile, IBM, Seventy Seven Energy, Baystate Health, Osis, Oxford University, Columbia University, Siemens, Cardinal Health, Ashdod Port, Vasakronan, Sydney Adventist Hospital, University of Derby
Find out what your peers are saying about Wazuh, Splunk, Datadog and others in Log Management. Updated: July 2025.
862,624 professionals have used our research since 2012.