Try our new research platform with insights from 80,000+ expert users

ArcSight Logger vs Elastic Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
31st
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
31
Ranking in other categories
No ranking in other categories
Elastic Security
Ranking in Log Management
7th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
64
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Endpoint Detection and Response (EDR) (16th), Security Orchestration Automation and Response (SOAR) (6th), Extended Detection and Response (XDR) (8th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of ArcSight Logger is 0.8%, down from 1.2% compared to the previous year. The mindshare of Elastic Security is 3.5%, down from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Geraldo Freitas - PeerSpot reviewer
Enhances our security incident investigation but not good for correlation
Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.
Gajewski Marek - PeerSpot reviewer
Provides good anomaly detection and connectivity reporting
We previously used Splunk but switched to Elastic Security because Splunk was more expensive. Feature-wise, both tools are pretty much the same. They have almost the same functions. Elastic Security has a much better AI assistant that allows you to ask questions like a normal person. With Elastic Security, I can also predict the price and how much it will cost. Splunks's pricing depends on how much data we use and the different add-ons I have to add. The pricing is much better with Elastic Security.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"The technical support team is good...It is a scalable solution."
"It provides in-depth information on business activities once we log into the system."
"It is one of the best products available in the market."
"ArcSight's robustness is its most valuable feature."
"ArcSight provides the basic information that we want."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"It's a robust, mature product and you can do some really complex operations and analytics."
"Elastic is straightforward, easy to integrate, and highly customizable."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"It's open-source and free to use."
"Elastic Security offers advanced features such as machine learning and integration with ChatGPT."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
 

Cons

"The solution must provide readymade connectors for different applications."
"The solution could be improved in maintenance settings."
"I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"The platform is quite expensive. They should reduce its cost."
"We find that the search and access functionality is quite slow."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"Better integration with third-party APMs would be really good."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"Email notification should be done the same way as Logentries does it."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"There isn't really a very good user experience. You need a lot of training."
"The initial configuration and setup are complicated and not straightforward."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
 

Pricing and Cost Advice

"ArcSight is an expensive solution."
"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."
"The pricing is quite harsh."
"It's not cheap at all as it's a big product and has been in the market for quite some time now."
"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."
"We have a lifetime license, so we don't pay a monthly fee."
"I would rate the product a seven out of ten since it's an enterprise product."
"We use the open-source version, so there is no charge for this solution."
"I can say that the product is cheaply priced."
"The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"This is an open-source product, so there are no costs."
"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
"When compared to other products, the price is average or on the low side."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
16%
Government
8%
Manufacturing Company
6%
Computer Software Company
17%
Government
10%
Financial Services Firm
9%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ArcSight Logger?
We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.
What is your experience regarding pricing and costs for ArcSight Logger?
The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.
What needs improvement with ArcSight Logger?
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...
Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Elastic Security is considered cost-effective, especially at lower EPS levels. However, a direct comparison was not made due to different pricing structures.
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
Elastic SIEM, ELK Logstash
 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Find out what your peers are saying about ArcSight Logger vs. Elastic Security and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.