We performed a comparison between Elastic Security and Graylog based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Graylog could benefit from additional customization options and an improved rule-creation process.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case.
"The most valuable features of the solution are the prevention methods and the incident alerts."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable feature is the machine learning capability."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"It is scalable."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Real-time UDP/GELF logging and full text-based searching."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The solution's most valuable feature is its new interface."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"The solution could offer better reporting features."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"More customization is always useful."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"I would like to see some kind of visualization included in Graylog."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Its scalability gets complicated when we have to update or edit multiple nodes."
Elastic Security is ranked 5th in Log Management with 59 reviews while Graylog is ranked 11th in Log Management with 18 reviews. Elastic Security is rated 7.6, while Graylog is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and VMware Aria Operations for Logs, whereas Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and LogRhythm SIEM. See our Elastic Security vs. Graylog report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.