The biggest use case is visibility. Because we have a lot of flaws, if you don't have a tool that can bring it all in and give you that visibility, then all that log information is useless. Thus, LogRhythm helps us keep that visibility.
Manager of Information Security at a real estate/law firm with 51-200 employees
It has given us visibility into log information that we did not have before
Pros and Cons
- "The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
- "We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
What is our primary use case?
How has it helped my organization?
It has definitely improved our security program's maturity, because we have visibility that we didn't have before. We came from another SIEM platform that we had used for over ten years and we completely outgrew that platform. LogRhythm has given us more visibility. It has created more actionable items for us on a day-to-day basis, which gives us more work. At the same time, it has given us more tools than we had before, so that is definitely nice.
What is most valuable?
I wish I could just name one feature! There are so many:
- The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market.
- LogRhythm differentiates itself through its usability.
- Its simplicity. It can do more than just basic simplicity.
For how long have I used the solution?
Three to five years.
Buyer's Guide
LogRhythm SIEM
June 2025

Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
857,028 professionals have used our research since 2012.
What do I think about the stability of the solution?
We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services. The version that we are currently on is a lot more stable than what we have experienced in the past. So, it is progressively getting better day-by-day. However, we have had some instability in the past.
What do I think about the scalability of the solution?
There are a lot of things that are on our wishlist which I found out about on day one.
As far as scalability is concerned, it is good.
How are customer service and support?
I would rate the technical support as a nine out of ten. We have had some issues. Though overall, support has been great. The portal and their interaction with us along with their full support has been fantastic.
How was the initial setup?
The initial setup is complex, because it's a huge product. LogRhythm is a beast. It can do so much more than just the analytic software, so it is not your typical installation. It's more of a three to four month installation process because you are gradually bringing in logs and fine tuning them. It is not a difficult process, just a lengthy one.
What was our ROI?
We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that.
What other advice do I have?
I just found out about the playbooks at the conference. I plan on using them as soon as I get back.
We have about 2500 messages per second coming in.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees
The dashboard puts things at our fingertips, but it's a challenge to pull out all the info we need
Pros and Cons
- "Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
- "Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
What is our primary use case?
The primary use is monitoring logs, to see what's going on.
How has it helped my organization?
It's head and shoulders above what we were using, which was SolarWinds LEM.
What is most valuable?
Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing.
What needs improvement?
My installation has some unique problems, apparently, because of our network architecture, and that's why we're looking at other solutions, and possibly a replacement.
We're looking at user-based analysis. Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing. So we know the logs are making it to LogRhythm, but we still can't pull them out. If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that.
What do I think about the stability of the solution?
As long as you don't overfeed it, it's fairly stable.
What do I think about the scalability of the solution?
The scalability has been fairly decent so far, as long as you don't overfeed it.
How is customer service and technical support?
Tech support is hit-or-miss. Some of the tech support agents are just wonderful and I've learned a lot from interfacing with them. Some of the tech support agents seem like they are metrics-based: How many tickets they can close in a short amount of time? I usually express my feelings in the ticket notes, so these are not unheard-of comments.
How was the initial setup?
The initial setup was fairly straightforward.
What other advice do I have?
My advice would be to definitely look into it. I've used other SIEMs that were a whole lot easier to program and I've used other SIEMs that were vastly oversold and cost way too much money. LogRhythm is a good product for what it is.
We have more than 500 and less than 1,000 log sources. In terms of messages per second, therein lies the rub. We bounce anywhere from 2,500 to, on certain days, a peak of over 12,000.
We are not using the full-spectrum analytics features. We don't use any automated playbooks. In terms of the number of staff for deployment and maintenance, the latter is me. I've got two other analysts that work with me.
Regarding our security program maturity, we've grown a whole lot in the last three years. LogRhythm, fortunately, was a part of that. Our previous SIEM had to be rebooted two or three times a day. Unfortunately, now that we're trying to leverage it to get more data out of it, we don't seem to to be able to do that.
I can't say I have seen any measurable decrease in the meantime to detect and respond to threats because I can't watch it all the time.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
LogRhythm SIEM
June 2025

Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
857,028 professionals have used our research since 2012.
Information Security Analyst at Endicott College
We now have a central point of monitoring for all potential threats
Pros and Cons
- "When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
- "We now have a central point of monitoring for all potential threats."
- "I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
What is our primary use case?
It monitors any potential security threats within any of our important network security appliances, like our firewall, or any of our important databases. The idea being that you can't look at all the logs at once, so we now have a central point of monitoring for all potential threats.
How has it helped my organization?
I have been using LogRhythm for just a few months, but the college has had it for over a year. Until I worked with it, there was no monitoring it and the solution just sat there. The solution is just picking up speed now.
What is most valuable?
- The threat analytics
- Seeing what potentially could be happening; what are the riskiest things going on.
What needs improvement?
I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me, so I can focus my attention on my other job responsibilities, because there are a lot of them.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
The only issues that we have had with it were Windows-based. The actual appliance has been up and continuously logging everything that we have, and CIS logging through it. There have been no signs of any problems nor instability.
How is customer service and technical support?
When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet. That's not something that I typically encounter. Usually, I wind up being the person finding the weird thing where people have to get back to me and it is left up to the developers.The few issues that I have had while doing upgrades, LogRhythm's support answered them incredibly quickly.
When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet. That's not something that I typically encounter. Usually, I wind up being the person finding the weird thing where people have to get back to me and it is left up to the developers.
How was the initial setup?
The few issues that I have had while doing upgrades, LogRhythm's support answered them incredibly quickly.
Which other solutions did I evaluate?
I have never used a competing product.
What other advice do I have?
I love the potential of this solution. It sounds like a "set it and forget" type of solution. Let it deal with all the problems. It is good at doing that.
On the day-to-day, I haven't had a huge amount of time to work with the full-spectrum analytics. I have been focusing on getting it updated and up-and-running.
Currently, we have a Windows agent. Therefore, we technically have just two log sources, because the Windows agent is picking up all the domain logs onto one box and forwarding them on. It is taking all the Windows Servers and single-sourcing them. Then, currently, the only other thing that we have actively logging is our Sonic logs and CIS logs. We only have two individual sources listed, but it is more logs than that.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT Specialist at a healthcare company with 51-200 employees
It should scale easily with the way our environment is set up
Pros and Cons
- "It seems like it will scale easily with the way our environment is set up."
- "We should be able to response to threats and gain visibility into our environment that we don't currently have."
- "The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
- "I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
What is our primary use case?
We have a lot of distributed offices and no visibility into any of them. The use case for this product is to collect and integrate logs from all the machines at all the different sites and get better insight into the security areas that we need to tighten up.
How has it helped my organization?
I am hoping that we will be able to response to threats and gain visibility into our environment that we don't currently have.
What is most valuable?
The AI Engine.
What needs improvement?
I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now.
For how long have I used the solution?
Still implementing.
What do I think about the scalability of the solution?
It seems like it will scale easily with the way our environment is set up.
How are customer service and technical support?
We have not used LogRhythm's tech support yet.
Which solution did I use previously and why did I switch?
We were using an MSP and were dissatisfied with its performance. What we started to do was figure out what we could bring in-house and what we needed from a security standpoint, and this SIEM kept coming up as something we should look at.
How was the initial setup?
The initial setup is complex.
What about the implementation team?
We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now.
We require one person for deployment and maintenance.
What other advice do I have?
I would recommend LogRhythm. I am really impressed with it, though we haven't start using it yet.
We are just in the middle of deployment of the full-spectrum analytics capabilities. We haven't finished the configuration of the product yet.
We do plan to use the built-in playbooks.
We have approximately 931 log sources at this point.
Most important criteria when selecting a vendor:
- The reputation of the vendor.
- The quality of the product.
- The integration into the environment that we have right now.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Security Engineer at Managed Technology Services, LLC fka LexisNexis
The customer support is friendly, attentive, and willing to help
Pros and Cons
- "We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
- "Their customer support is friendly and willing to help."
- "The installation was a bit complex because we are running a virtual infrastructure."
What is our primary use case?
We primarily use the LogRhythm SIEM for the law collection aggregation for all of our Windows machines. We have all our firewalls sending logs to it. We have it hooked into Office 365 with the API to manage our cloud environment, and it's performed phenomenally.
What is most valuable?
The most valuable features are the reporting tools. A lot of times as security, we are tasked with explaining to management and the executives how the security program is going, what our concerns are, and if we want to get anything out of them as far as budget to fix some issues. We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It has been completely stable. We have had it in for a little over a year now, fully in production, and it has never gone down once.
The only thing we had an issue with was when I tweaked the AI roles to basically fire on everything, which then caused a lot of accelerated rollover in our events. This was simply user configuration, and not anything on the LogRhythm side. It has been a very stable solution the whole time that we've had it in.
What do I think about the scalability of the solution?
We are currently in the process of upscaling our current LogRhythm instead of buying a new one, which is really beneficial.
I don't know what they do on the back-end as far as the algorithm for crunching logs and keeping everything small and compact, but we haven't had any problems with the sizing. With some of the other systems the we have used, we quickly run into the problem where everything gets overblown and you have to go in and filter stuff out. What LogRhythm does that I like is they have all these knowledge base add-ons and modules out-of-the-box. It comes with all these features that you can use and get up off the ground running.
How are customer service and technical support?
Their customer support is friendly and willing to help. I can't compliment their support staff enough. They've been nothing but helpful. Any questions that we have, they come out and help us, or they email us. It's great to have such an attentive support staff.
Using the LogRhythm Community, you can find the answers to any of the problems that you have. Everyone out there is just trying to help each other get better. So, it's really nice.
How was the initial setup?
The installation was a bit complex because we are running a virtual infrastructure. Some of the stuff that we dealt with on the virtual machine and the discs was a little complex. However, the engineers at LogRhythm were more than willing to help. I had a little trouble because I was unfamiliar with the way vSphere works in the way that disk sizing stuff goes to get it setup.
What about the implementation team?
Everything is running on one large virtual machine instance that we have because we have a lot of virtual infrastructure. We help other companies and host their solutions. We are really versed in that. So, we have one huge deployment, and it works really well.
What's my experience with pricing, setup cost, and licensing?
The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them. So, we have used the CIS Log for a lot of ours because it was easy to put into LogRhythm and change the destination of our CIS log solution. Now, our CIS Logs go into LogRhythm, and it's easy. You see them pop up there, then you just accept them as new log sources, and bingo you're in. Now, you're working. So, it is really good.
Which other solutions did I evaluate?
Where some other engines have been touted as SIEMs, you actually have to do a whole lot of actual engineering work of your own to even get the basic functionality out of them. This is one thing LogRhythm knocks out-of-the-box.
What other advice do I have?
It helps that the product is fully realized and ready to go as soon as you get it installed. You can immediately see results and immediately see the data coming in. You're able to collate and correlate it, obtaining your data in a quick and easy manner.
Do a demo. See what they're offering. Just know that their support is the best.
I haven't used any of the automated playbooks yet. Our engineers are leery about having the automatic stuff go off, which I can understand. We also have separation of duties. I don't have a lot of their credentials to work with it on my own, so we would have to go back and forth with the engineers, and that is something that they don't really want to do. However, we do have our own playbooks and security team, but it's more manual. I am interested in the playbooks feature, so I will attend one of the events here to learn more about it and figure it out, then take it back to the team to get buy in on it, so we can then use it.
We have about 2500 log sources sending logs to LogRhythm right now. We have about 20 firewalls, with a lot of Windows PCs.
It's the best solution that I've ever used. We're expanding its use, not only in our corporate network, but out to the cloud environment where we host customer data stuff, too.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Security Analyst at a leisure / travel company with 10,001+ employees
Enabled us to build alarms that allow us to react to issues quickly
What is our primary use case?
Our primary use case is incident response and alerting. In terms of performance, it's pretty awesome.
How has it helped my organization?
It has saved us a lot of time. We've built some pretty cool custom alarms to alert us on stuff that we know is bad so we can respond to issues pretty quickly.
What is most valuable?
The AI Engine is the most valuable feature.
What do I think about the stability of the solution?
We've had no issues with it regarding stability. It's been pretty rock solid.
What do I think about the scalability of the solution?
Scalability has been a little tougher for us. We're definitely looking to scale up. We've got a few log sources that we don't have in there that we need to get in there, but it's going to take a little additional effort.
How is customer service and technical support?
Technical support is fantastic.
What other advice do I have?
It's been pretty great. For us, the use case is all about generating actionable alerts and alarms and seeing how much we can reduce manual operations, so that's what I would compare: time saved.
We don't use the full-spectrum analytics capabilities. In terms of playbooks, we're still on 7.26 so we don't have the playbooks yet, but we're upgrading as a high priority right now. For deployment and maintenance of the solution, we use two staff members.
In terms of log sources, we have a couple of thousand and our MPS is 3,800.
When selecting a vendor, what's important for us is support. Support is huge.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IT Security Administrator at a energy/utilities company with 1,001-5,000 employees
We integrated Azure logs with it, allowing us to compare that with our Windows and host logs
Pros and Cons
- "We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
- "We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
What is our primary use case?
We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm.
It's a general SIEM system for us, gathering the logs into one area.
How has it helped my organization?
We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them.
It just makes it simpler for analysts to find everything in one place. We don't have to give everyone access to ten different things, it's just one area where we can see everything.
What is most valuable?
We like the alerting features. They seem a little more hands-on and easier to set up.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It seems like a stable product. We haven't had any downtime yet. All the network monitoring seems to be going smoothly.
What do I think about the scalability of the solution?
We have about 20,000 logs per second as our ceiling and we're at about 6,000 to 8,000 now, so we're okay. It looks like it's going to meet our needs for many years.
How are customer service and technical support?
They're hard to get a hold of. We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back.
Which solution did I use previously and why did I switch?
We moved away from Splunk because we were not happy with it. Workstation monitoring seemed a little more complex than it is with LogRhythm. It's much simpler to search for issues and get alerts through it.
What's my experience with pricing, setup cost, and licensing?
The setup was pretty straightforward. They sent us the appliance, we tailored it to our needs, made sure our network met everything it was looking for. We worked with their support a little bit on what they recommend for setting everything up.
We had a kick-off meeting before they sent the appliance to us and they handed all the documentation to us. That aspect's good. But working with the engineering support has lacked.
Which other solutions did I evaluate?
We looked at AlienVault, that was one we demo'ed. LogRhythm does seem better.
What other advice do I have?
I'm not sure that we're hands-on yet with the full-spectrum analytics capabilities and we don't use any of the built-in playbooks. We have plans to use them in the future. We want to integrate everything into it and make it more automated.
We're at about 6,000 logs per second. In terms of a measurable decrease in the meantime to detect and respond to threats, we haven't gotten there yet. We are still implementing, still learning. We have to get to all our logs correlated.
So far we're pretty happy with the overall functionality of the system. It's going to meet everything we're looking for.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Security Engineer at U.S. Acute Care Solutions
We can now pick up what is anomalous in our network
Pros and Cons
- "Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."
- "I would like to see APIs well-documented and public facing, so we can get to them all."
What is our primary use case?
Primary use case for the SIEM would be for log collection and threat identification.
We're still in the beginning stages of our security solution, as far as maturity. Two years ago, this security program didn't exist.
How has it helped my organization?
Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job.
What is most valuable?
The analytics that it does.
Full-spectrum analytics capabilities, which we use for:
- User behavior.
- Watching and monitoring for login events or any anomalies.
- Going through and watching trends.
- Knowing what activities endpoints are doing, where they're going, what websites they visit, then making sure that they're in the normal or making sure they pick up on any outliers.
What needs improvement?
I would like to see APIs well-documented and public facing, so we can get to them all.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
When it comes to a single version, it is rock solid. We haven't had any major bugs or flaws that haven't been involved with upgrading or going to another version. As long as you're on the same version, it is rock solid.
What do I think about the scalability of the solution?
It works. The biggest thing with scalability is looking at how much data you have to ingest, so if you have to build the DX to be a specific size then you have to plan out how big its going to be. Therefore, it doesn't necessarily scale easily, but you can add additional data indexers at any point.
How is customer service and technical support?
The technical support is very good. They are in the top two to three companies that we work with.
How was the initial setup?
Its very complex. As with anything, it takes time to get it working and know all the different nomenclature with it.
I do the deployment and maintenance of the solution myself.
What was our ROI?
I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now.
The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent.
Which other solutions did I evaluate?
Our top choices were LogRhythm and Splunk.
Splunk is a data lake that doesn't necessarily do any analytics. Whereas, with this solution, we're looking at all the analytics. We can quantify data, we can drop data, and we can do what we need to, plus the pricing model is better.
What other advice do I have?
Know what you want it to do. If you buy a SIEM because its called a SIEM or someone says it's a SIEM, you're gonna end up with what someone else believes they need. Figure out what you need beforehand and make sure that those bullet points are covered because there are a lot of options.
We're currently using the built-in manual playbooks. So far, the features are very good. They are growing. I am looking forward to seeing how they expand upon it.
The automation is coming. The API access and everything else we're looking for to be able to deeply automate a lot of common tasks is still being built-in. Right now, we can do automation on simple tasks. E.g., if it sees something bad, it can take it off the network and put it in our remediation subnet. However, it does not have the capability for complex investigative actions yet.
Right now, we have about 3000 log sources and 3000 messages per second.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Dynatrace
Datadog
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Grafana Loki
Graylog
Security Onion
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
syslog-ng
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- Does LogRhythm NextGen SIEM offer good security?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?