Try our new research platform with insights from 80,000+ expert users

Devo vs Graylog comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Devo
Ranking in Log Management
27th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
22
Ranking in other categories
Security Information and Event Management (SIEM) (28th), IT Operations Analytics (6th), AIOps (15th)
Graylog
Ranking in Log Management
16th
Average Rating
8.0
Reviews Sentiment
6.7
Number of Reviews
19
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Devo is 0.6%, down from 0.8% compared to the previous year. The mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Michael Wenn - PeerSpot reviewer
Has cloud-first architecture with SIEM technology to run security operations
When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.
Andrey Mostovykh - PeerSpot reviewer
Real-time analysis, easy setup, and open source
We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"I am very proud of how very stable the solution is."
"Real-time UDP/GELF logging and full text-based searching."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Open source and user friendly."
"I like the correlation and the alerting."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
 

Cons

"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"We only use the core functionality and one of the reasons for this is that their security operation center needs improvement."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."
"From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"There should be some user groups and an auto sign-in feature.​"
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"With technical support, you are on your own without an enterprise license."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
 

Pricing and Cost Advice

"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
"It's very competitive. That was also a primary draw for us. Some of the licensing models with solutions like Splunk and Sentinel were attractive upfront, but there were so many micro-charges and services we would've had to add on to make them what we wanted. We had to include things like SOAR and extended capabilities, whereas all those capabilities are completely included with the Devo platform. I haven't seen any additional fee."
"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
"I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
"The way Devo prices things is based on the amount of data, and I wish the tiers had more granularity. Maybe at this point they do, but when we first negotiated with them, there were only three or four tiers."
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less."
"Our licensing fees are billed annually and per terabyte."
"We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"We're using the Community edition."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"It's an open-source solution that can be used free of charge."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"Having paid official support is wise for projects."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
17%
Computer Software Company
15%
University
8%
Government
8%
Computer Software Company
18%
Comms Service Provider
10%
Government
8%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Devo?
Devo has a really good website for creating custom configurations.
What is your experience regarding pricing and costs for Devo?
Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
What needs improvement with Devo?
They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...
What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
We are using the free version of the product. However, the paid version is expensive.
What needs improvement with Graylog?
When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work. P...
 

Comparisons

 

Also Known As

No data available
Graylog2
 

Overview

 

Sample Customers

United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Find out what your peers are saying about Devo vs. Graylog and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.