No more typing reviews! Try our Samantha, our new voice AI agent.

Logstash vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Logstash
Ranking in Log Management
30th
Average Rating
9.0
Reviews Sentiment
5.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Log Management
38th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Security Information and Event Management (SIEM) (36th)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Logstash is 0.8%, up from 0.6% compared to the previous year. The mindshare of NetWitness Platform is 1.1%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Logstash0.8%
NetWitness Platform1.1%
Other98.1%
Log Management
 

Featured Reviews

reviewer2727468 - PeerSpot reviewer
Senior Application Engineer at a comms service provider with 11-50 employees
Transforms logs for real-time insights and seamless reporting
Logstash is used for transforming logs, and you can use many plugins in Logstash. Logstash works with configuration files that contain three main parts: an input part, a filter part, and an output part. In the input part, we can take logs from many sources such as Beats, files, or Kafka. The filter part is used to filter the logs that are shipped from Beats. From my understanding and experience with Logstash, it is usually used for processing logic, meaning I can control what fields should be transferred to Elastic and what fields shouldn't be transferred. This is the main function I use Logstash for. Elastic is a famous open-source searching engine that helps operation teams speed up the investigation process and provides real-time insights for performance reporting.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The functionality of Logstash is quite easy to implement and the plugin ecosystem of Logstash is great, with plugins for shell script monitoring and SQL monitoring working well with the tool."
"I can collect logs from various data sources, including hardware."
"Everything aligns well with improving our organization."
"We have three or four Logstash servers for high availability."
"Logstash has numerous plugins for inputs and outputs, allowing it to work well in environments that do not contain other Elastic components."
"The transformation means we ship the logs in the way that we want them to be presented in Kibana, which is the main function we use Logstash for."
"The most valuable feature is the correlation, as it can report in real-time and monitor the management."
"Offers a good wireless feature."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Overall, it is easy to implement."
"Technically speaking, this is a good product."
"This solution has a very good dashboard with a separate tab for incidents and alerts."
 

Cons

"There can be a UI to implement with Logstash. Currently, I have to work with config files and everything."
"Almost all the research can be very bad. We still have a problem with importing the log system."
"Elastic does not provide proper support for Logstash worldwide, and I rate their technical support as one out of ten."
"An enhancement we could implement is the ability to cluster Logstash to exist in more than one node."
"The product needs to improve its compatibility."
"The log system is a bit complex and has room for improvement."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"I believe they could improve their support, there are often delays."
"More customizability is required, which is something that they need to improve on."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"We have encountered issues with unresolved crashes."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
 

Pricing and Cost Advice

Information not available
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"It is cheap."
"Our license is for one year."
"The licenses are good but the cost is very expensive."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Manufacturing Company
8%
Comms Service Provider
7%
University
7%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What needs improvement with Logstash?
Customization can be automated with Logstash, but it is at the developer's disposal. The developer has to do it, not the tool as such. There is scope for optimization, but that is all outside the t...
What is your primary use case for Logstash?
The purposes for which I am using Logstash largely include log aggregation and application monitoring.
What advice do you have for others considering Logstash?
I am using Logstash for log management and also implement it. Logstash can be deployed both on-cloud and on-premises. On a scale of 1-10, I rate Logstash an 8.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Find out what your peers are saying about Logstash vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.