Try our new research platform with insights from 80,000+ expert users

Graylog vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Ranking in Log Management
15th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
21
Ranking in other categories
No ranking in other categories
Wazuh
Ranking in Log Management
1st
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Extended Detection and Response (XDR) (5th)
 

Mindshare comparison

As of July 2025, in the Log Management category, the mindshare of Graylog is 6.5%, up from 5.9% compared to the previous year. The mindshare of Wazuh is 13.7%, down from 15.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Ivan Kokalovic - PeerSpot reviewer
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The solution's most valuable feature is its new interface."
"It has data adapters and lookup tables that utilize HTTP calls to APIs."
"Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"I would recommend Wazuh to others."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The tool is stable."
"The MITRE ATT&CK correlation is most valuable."
"The solution is easy to maintain."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"It has efficient SCA capabilities."
 

Cons

"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"With technical support, you are on your own without an enterprise license."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"There should be some user groups and an auto sign-in feature.​"
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"It would be great if there could be customization for the decoder portion."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"So far, the recent updates have addressed most challenges we previously faced."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"Wazuh is missing many things that a typical SIEM should have."
"Its configuration process is time-consuming."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
 

Pricing and Cost Advice

"Consider Enterprise support if you have atypical needs or setup requirements.​"
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"We're using the Community edition."
"Having paid official support is wise for projects."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"I use the free version of Graylog."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"We are using the free version of the product. However, the paid version is expensive."
"The current pricing is open source."
"Wazuh is a cheaply priced product."
"My client uses the open-source version of Wazuh."
"Wazuh is not an expensive solution."
"It is an open-source product."
"It is a free-of-cost solution."
"Wazuh is an open-source tool, which means it is freely available for use."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
860,825 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
University
7%
Government
7%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less...
What needs improvement with Graylog?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models ...
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
 

Comparisons

 

Also Known As

Graylog2
No data available
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Information Not Available
Find out what your peers are saying about Graylog vs. Wazuh and other solutions. Updated: June 2025.
860,825 professionals have used our research since 2012.