Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Log Management
September 2022
Get our free report covering Wazuh, Fortinet, IBM, and other competitors of Splunk Cloud. Updated: September 2022.
633,184 professionals have used our research since 2012.

Read reviews of Splunk Cloud alternatives and competitors

IT manager at a tech services company with 1,001-5,000 employees
Real User
Top 10
Versatile, scalable, and has a very useful single user interface
Pros and Cons
  • "It's very, very versatile."
  • "Technical support could be better."

What is our primary use case?

We are primarily using the solution as a cloud observability platform.

Most use cases are related to service operations, not security operations. This is due to the fact that in security operations our company uses Splunk and other platforms. In this case, in my team, we are using Devo for service operations requirements. We correlate across metrics and trace on that data to understand root causes. For example, we'll look at metrics in jobs, time processes, root cause investigations where we have fails, job performance, deals, payments, et cetera. 

What is most valuable?

With Devo, you integrate and run as a fully managed service. We are very interested in the total of severability for IT and the organization all in a one user interface. With Devo, all analysis is done in a graphical user interface. That gives our analysts the confidence to investigate a problem and fix it.

For example, we can have a lot of matrices and trace data in a single user interface. We can eliminate swivel chair analysis among tools for a streamlined workflow that gives us the most direct path to the root course. 

Devo provides great structural data. Its business-rich data set means better, smarter machine learning and this leads to a smarter analysis of anomalies and a stronger predictive analysis.

Devo, unlike other vendors, doesn't charge extra for playbooks and automation. 

It's very, very versatile. 

Service Operations is a tool inside the product. It offers a constant standard with advanced machine learning. The Devo machine learning workbench also enables you to bring in your own custom-built machine learning models. This is very interesting for us.

What needs improvement?

I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the operations teams they also need analytics. They also need to report to the senior management or other teams. The reporting needs to be customized. You can build some widgets in terms of analytics and representations, however, I want to export these dashboards or these widgets in a PDF file. While you can explore everything as a PDF, it's not very complete. I am missing some customization capabilities in order to build a robust, meaningful report.

The initial setup is a little complex.

Technical support could be better.

There do seem to be quite a few bugs within the version we are using.

In the next update, I'd like it if they explain more about the Devo framework. The Devo framework is a tool inside the product. It's a prototype. It is a tool that provides to the customer a map of processes or a workflow, for example, with an HTML application with a front end. My understanding is that each component of this front attaches data with the queries. It might be customized. I'd like to generally understand this better.

I'd like to understand DevoFlow. Up to now, usage could send data to the platform, retrieve it and enrich it by generating graphs and analytics. However, it's my understanding that Flow provides users the ability to process the data in real-time by defining complex workflows as soon as data arrives in the platform so that you can make analytics in a sequence. I'd like to better understand these new capabilities.

For how long have I used the solution?

I've been working with the solution for one and a half to two years or so. 

What do I think about the stability of the solution?

At this moment I consider the solution to be stable. However, I find that I perform any little fixes throughout a project. There are bugs here and there that I do contend with. I'd prefer to have these fixed as opposed to having to install a whole new version.

What do I think about the scalability of the solution?

In the beginning, there were not more than 20 to 25 users. However, our objective remains to get 100 people on the product. We add them little by little due to the nature of our projects.

In terms of scalability, it's a product well-focused on expansion. As a SaaS, they provide you more architecture, more machines in terms of performance, et cetera. We're quite happy with its capability to expand.

How are customer service and technical support?

Technical support needs to be more direct. For example, when we submit a ticket, the support team will delegate a task to the operations team, for example, or various other teams. This muddles the transparency. We're unsure as to who is in charge of fixing the problem. I simply want an answer to my problem and I want them to fix it and tell me what is wrong. I don't need to know it was sent here, there, or there. We are not 100% satisfied with the level of service provided to us.

How was the initial setup?

The initial setup was a little bit complex, however, we had great support from the Devo team. We are using the public cloud - not on-premise. They provided us the infrastructure. The complexity was mostly around how to build the VPN securitization, the tunnel, as this tunnel was built by us, not by Devo. We, therefore, had to build a lot of technical tests of communications. This was complex.

With Devo, we have to connect by LLDP protocol. For example, Devo at the beginning shows the users as an email and a password. In our company, we needed to connect this mechanism of access to our own mechanism of the corporation. We had to deal with the protocol of connectivity of users, FSAA, for example. Sometimes this was difficult and we had to make a lot of test connections, et cetera.

There isn't too much maintenance required. Devo provides the product. I have to ensure that the mechanism of communication is stable and in continuous service. Our VPN with the tunnel is the responsibility of us while the persistence of data and the performance of searching data representation is the responsibility of Devo.

What about the implementation team?

Devo assisted us with the implementation process.

What's my experience with pricing, setup cost, and licensing?

Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side on the data ingestion. If you sign a contract, you are able to process as much as 500 gigabytes per day. With this price, you can connect 10 people, 20 people, 18 people, 80 people - it's very good. It's very efficient in terms of the cost of the license. 

Depending on if you are ingesting more than you sign up for, you have to pay more. There is potential for extra costs only in this one aspect, and not in the other services, or in other people who connect to the product. 

Devo provides you professional services. Professional services is a manner to give service to the clients in terms of consultants. Expert consultants help the customer to design the business case and can show them how to build it. This is an extra option, for people who want to take advantage of their insights.

Which other solutions did I evaluate?

I have done a lot of assessments with Devo against other products such as Elasticsearch, Kibana, Splunk, and Datadog, among others.

What other advice do I have?

We're just customers and end-users.

We are using the most recent version of the product.

We are using Devo in a public cloud with some other web service we have secured with a VPN built in the company so that it's tunnel secured.

I would rate the solution at an eight out of ten. If the solution required fewer fixes and was a bit more flexible, I would rate it higher.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Director Of Engineering at a financial services firm with 51-200 employees
Real User
Top 20
Good capabilities, has a helpful interface and is straightforward to set up
Pros and Cons
  • "The initial setup is straightforward."
  • "We want it to work at what it is expected to work at and not really based on the updated configuration which one developer has decided to change."

What is our primary use case?

It's a login solution. We have a bunch of applications running in our cloud and all the logs with stalled applications and rates. We put those logs in Coralogix. Then we analyze those logs for various things, including alerts, data analysis, investigations, et cetera.

What is most valuable?

The overall capability of the platform and the kind of interface they have is excellent. The way I can query the data and pinpoint the issues, the kind of alerts they have, is so advantageous. The functionality is the most essential part for me.

The initial setup is straightforward.

What needs improvement?

We have asked for a couple of features from the company already. What typically happens is a lot of people - and developers are one of the biggest consumers of this product - go to this product to optimize their investigation process and specific configurations. That increases our data flow at times, so the cost changes. And a lot of changes happen due to that. We have asked the company to auto-revert the changes after a while so that the system works typically. We want it to work at what it is expected to work at and not really based on the updated configuration which one developer has decided to change.

For how long have I used the solution?

I’ve been using the solution for over a year.

What do I think about the stability of the solution?

The solution is stable and the performance is good. It’s reliable. There are no bugs or glitches, and it doesn’t crash or freeze.

What do I think about the scalability of the solution?

The scalability is pretty good.

We have about 60 to 70 people using this product. The majority of the backend and seniors use it regularly.

How are customer service and support?

Technical support is above average. They have been pretty fast and pretty supportive on issues.

Which solution did I use previously and why did I switch?

In this company, this I the first solution used. Before this, we were using an in-house solution. However, I've previously used some solutions such as Splunk and Datadog, if I remember correctly. Functionality-wise, this product is more mature compared to them. Plus, there are additional capabilities For example, I can keep my cost in check. Certain functionality in these terms of cost control is better. Overall product, it is slightly better than other products which are used.

How was the initial setup?

The solution is acceptably easy to set up. That said, of course, you need enough technical understanding to set it up.

The deployment took a while for us, almost a month, I would say. The majority of the things were not ready on our side, however. The product was ready from almost day one, yet it took us quite a while to collect all the logs, redirect them to Coralogix, and create the logs in a format which were possible to ingest in Coralogix. A lot of work on our side was needed initially. Any new company which is onboarding has to go through the same cycle. It’s a sizeable investment in terms of time if they the company is not ready to onboard. If they have already been a customer or have done similar work, at least it should be pretty straightforward and only take a few days.

What about the implementation team?

We did the initial setup ourselves. It's a pretty straightforward process.

What's my experience with pricing, setup cost, and licensing?

We are paying roughly $5,000 a month.

It is not a pay-as-you-go model and suddenly you pump in a lot of data and your cost blows up. I can have a monthly billing which is in my control. I can tweak around costs to reduce my cost and all that.

What other advice do I have?

I’m just an end-user.

Since we are using the cloud, we’re always using the latest solution version.

For any company getting onboarded to Coralogix or an equivalent solution for the first time, they need to do their in-house streamlining before they start working on this. It took us almost a month to streamline our systems and our processes to get onboarded. And during that time, we were just waiting to get onboarded. It's better to sort out internal things before you start looking at for a solution.

I’d rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Principal DevOps Engineer at a tech vendor with 11-50 employees
Real User
It gives you robust protection and value without the need for a dedicated SOC team
Pros and Cons
  • "AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
  • "I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."

What is our primary use case?

AlienVault USM is an SaaS solution offered through the cloud. It's a security incident event management solution that scans logs to look for various security patterns that are shipped to it. Then it alerts us so we can identify trends.

How has it helped my organization?

AlienVault gives us greater visibility into our security and tells us what we need to address. We haven't had any breaches, but if we were to have some, we would get alerts.

What is most valuable?

AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources.

What needs improvement?

I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins.

We often have application logs that are unique to us, so it's silly to have to open a ticket, have them do the work, and then release the plugin. It would be nice if they had a self-service portal where we could define the parameters within the product for the plugin and have a custom plugin for our logs. 

For how long have I used the solution?

I've been using AlienVault USM for about two or three years.

What do I think about the stability of the solution?

AlienVault USM has been quite stable so far. We might've had one or two hiccups over the past couple of years, but nothing major.

What do I think about the scalability of the solution?

We have had no issues with scalability at all. It's been seamless. We have only three or four users on our DevOps team, but we're getting information from all over. Of course, many downstream people benefit from the work that we do, but only about four people actually log in and use it. 

How are customer service and support?

Technical support has been okay. It hasn't been great. On a scale of one to 10 scale, I'd say maybe a six. It took them a long time to respond to some of our questions, and we didn't get the complete responses we were expecting. In some cases, the process took so long that the question's urgency diminished by the time we could get to an answer.

How was the initial setup?

Setting up AlienVault USM was relatively straightforward. Of course, all software is complex, but this wasn't overly complex. We did do some professional service hours with the vendor during the deployment, but that was more about best practices. We asked how to configure it to get the most out of the solution. 

It's not an admin-heavy product in terms of maintenance and management. There's certainly a lot you can do to customize and configure it, but it doesn't require much administration. Someone is logging in most days to check in and review alerts.

Which other solutions did I evaluate?

We looked at Splunk Enterprise with the added security module, and that worked great, but it also had a lot of overhead to get value out of it. We just didn't have the capacity for it.

What other advice do I have?

I would give AlienVault USM a solid eight out of 10. There are certainly products out there that can do more. For a smaller company, I'd say it's a solid nine or a 10, but if we compare all the offerings on the market, I would say it's a solid eight. It doesn't have some of the features of the other ones, but it offers a lot of benefits to us because we can get the value that we need out of it without having a dedicated team.

It's been good overall, so I would give it a thumbs up. It's suitable for small organizations that don't have the capacity for a dedicated SOC that could handle something like Splunk Enterprise. Splunk is great for businesses with a dedicated team to do full-time analysis. But I think this is a nice solution for smaller companies where the IT staff has to wear multiple hats.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Vikrant Puranik - PeerSpot reviewer
Manager Cloud Security Operations at TraceLink, Inc.
Real User
Top 20
It integrates seamlessly with AWS cloud-native services
Pros and Cons
  • "Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
  • "Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."

What is our primary use case?

Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized logging solution.

The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable. Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us, and Wazuh is a top open source solution. 

What is most valuable?

Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring. 

What needs improvement?

Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates.

I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or Azure-managed Kubernetes solutions. 

For how long have I used the solution?

We've used Wazuh for two years.

What do I think about the stability of the solution?

Wazuh is pretty stable. There are no major issues, but sometimes we face minor glitches. It's open source, so we can't expect every bug to be documented. We discover some new issues from time to time, but that's part of using an open-source solution. You pay for a licensed product or you deal with minor problems in open source. 

What do I think about the scalability of the solution?

Wazuh's scalability has room for improvement.

How are customer service and support?

We paid for technical support, but they do have a robust community and Slack channels and all that stuff. You can find most of the answers you need in the community groups or forums. I rate Wazuh support eight out of 10. 

Which solution did I use previously and why did I switch?

I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a commercial product or rely on our skills to deploy an open-source solution. 

The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.

How was the initial setup?

I rate the Wazuh setup experience nine out of 10. The basic setup was straightforward, but our deployment was slightly complex because we did a lot of customization. It took us a week to deploy and fine-tune the initial setups. After deployment, the only maintenance task is rotating particular logs. If we don't rotate it correctly, the log storage runs out and services stop.

What about the implementation team?

Wazuh is open-source, so we didn't have a support person or any professional services to help us. Fortunately, the documentation is excellent, and they have good community support as well.

What's my experience with pricing, setup cost, and licensing?

Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no more than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend anything except for resources. 

What other advice do I have?

I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight budget, but you need to have an enterprise-level SIEM deployment.

If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Information Security Specialist at a comms service provider with 501-1,000 employees
Real User
Not user friendly, doesn't integrate well, and has terrible technical support
Pros and Cons
  • "The solution can scale."
  • "The solution is clunky."

What is our primary use case?

We use the solution for a variety of tasks. We use it, for example, for authentication, network-related authentication, user-related tasks, and Windows UNIX servers. It's a lot. There's a ton of use cases. I really can't sync right now about every single use case, however, the main things are authentication and network-related systems and all flavors of UNIX Windows. 

How has it helped my organization?

It helped our organization in the sense that having it was better than nothing. However, I did not enjoy the product overall and I advised we switch to something else.

What is most valuable?

The user behavior analytics as part of our deployment was okay, even though it was clunky.

The solution can scale.

What needs improvement?

I really didn't like QRadar to be honest. I inherited it. I was part of the reason that we moved over to LogRhythm. The solution just isn't user friendly.

The solution is clunky. 

The interface could be much better.

The integration capabilities within the product are not that great.

For how long have I used the solution?

I've been using the solution for about two years at this point. My team has been using it for two to three years, so we have a total of about five years of experience in all.

What do I think about the stability of the solution?

I wouldn't describe the solution as stable. 

It was really buggy. Like other app integrations, it wasn't straightforward. It was pretty clunky. We tried to integrate Qualys with it and it wasn't effective. To integrate anything took quite a bit of time and energy. It wasn't easy. When it did, it didn't work properly. It wasn't really pulling in the data correctly.

What do I think about the scalability of the solution?

Scalability was hard as it was on-prem. We needed to add more modules, and had to add more of the servers to stack it. It wasn't that a simple task at all. I wouldn't say that it scales well, although technically, you can scale it.

When we were using the solution, we had ten to 15 users on it. They were anyone from Information Security Engineers to regular IT admins.

How are customer service and technical support?

Technical support was awful. We often didn't even have any assistance available to us. On a scale from one to ten, I'd rate them at a three. We were very unsatisfied with the level of support we received. They just simply weren't helpful when it came down to it.

Which solution did I use previously and why did I switch?

The organization didn't previously use a different solution before choosing QRadar.

We actually switched to LogRhythm as I didn't like how the solution was working for the organization.

How was the initial setup?

I didn't handle the initial setup. It was handled before I arrived at the organization.

What other advice do I have?

I'm not sure of which version of the solution we're using.

I wouldn't recommend the solution. I'd probably tell others to shy away and look at other products like possibly Splunk, however, it's a pricey option. LogRhythm is pretty good. We're having some issues with it. That said, for the most part, it's okay. 

Exabeam also seems like it might be a good option. I haven't worked with it personally, however, I've had some experience with a POC.

Overall, I would rate the solution at a three out of ten. We didn't have a good experience with it. If it offered, for example, easier behavior analytics, easier integrations, better interface, supported model integration, and a good user interface to perform analysis I might rate it higher. Basically, it just needs to be much more user-friendly.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Log Management
September 2022
Get our free report covering Wazuh, Fortinet, IBM, and other competitors of Splunk Cloud. Updated: September 2022.
633,184 professionals have used our research since 2012.