Elastic Security vs Graylog comparison

Read 18 Graylog reviews

9,650 Views
8,360 Comparison Views

94% willing to recommend

Elastic Security

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

Graylog and Elastic Security are popular solutions in log management and security analytics. Graylog offers a competitive edge in cost and customer support, while Elastic Security stands out with its comprehensive feature set, justifying its higher price.

Features: Graylog is known for straightforward log processing, simplicity in alert configuration, and ease of integration. Elastic Security is recognized for robust analytics, extensive integrations, and advanced threat detection capabilities.

Room for Improvement: Graylog users desire enhancements in scalability and handling large logs. Elastic Security users point to configuration complexity and a steep learning curve.

Ease of Deployment and Customer Service: Deploying Graylog is considered straightforward, with responsive customer support. Elastic Security deployment is more involved but supported well by its team.

Pricing and ROI: Graylog's cost-effective pricing appeals for affordability and quick ROI. Elastic Security has higher initial costs but offers substantial ROI through its comprehensive features.

To learn more, read our detailed Elastic Security vs. Graylog Report (Updated: October 2024).

Elastic Security vs. Graylog

October 2024

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Elastic Security

Ranking in Log Management

5th

Average Rating

7.6

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (5th), Endpoint Detection and Response (EDR) (16th), Security Orchestration Automation and Response (SOAR) (6th), Extended Detection and Response (XDR) (8th)

Graylog

Ranking in Log Management

17th

Average Rating

8.0

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of November 2024, in the Log Management category, the mindshare of Elastic Security is 5.0%, down from 8.1% compared to the previous year. The mindshare of Graylog is 6.4%, up from 5.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

Gajewski Marek

Chief Technology Officer & Co-founder at CS2

Aug 13, 2024

Provides good anomaly detection and connectivity reporting

I use Elastic Security to aggregate all logs from different devices in one place. It works pretty well and provides one overview of everything The solution's most valuable features are anomaly detection and connectivity reporting. Elastic Security also has many automation capabilities, which can…

Read full review

Peter Malaty

Sr. DevOps Engineer at TechStyle Fashion Group

Sep 30, 2022

I can create pipelines, charts, and data maps anyway I like, but the solution needs a better live logging display and improved authentication

Graylog needs to improve their authentication. Their AD integration is really bad. When it comes to ACL's, access control lists, where you want to have different group memberships and control who gets access to what, it really could use major improvements. It seems like a beta authentication version that they came up with in a hurry and said, "Hey guys, we've got something going for you. Use it until we think of something later on." I believe their enterprise version has improved some of these features, but I use the open source version. The second thing would be the way they handle live logging. The fact that Graylog displays logs from the top down is just ridiculous. I've never seen anything that logs this way except for Graylog. I believe this is an issue because they have the selector going in that direction, so it would make sense that they have to implement it that way, but it's definitely not cool. When you're looking at Graylog's live logging, whether it's doing a one-second or five-second pull, you'll notice that new log lines are placed at the top of the screen, not the bottom of the screen. I find this ridiculous because normally when you're looking at logs anywhere, on Linux, even in Windows, you're going to see that the logs are generated at the bottom. That's one thing that Graylog definitely needs to improve. Graylog also needs to invest some time to improve the performance and how they handle the maintenance of Elasticsearch. An added feature I would like to see is the capacity to delegate most of the backend maintenance to the frontend UI. When you have somebody from the service desk working on the solution or somebody who's not a technical person, they could run some of the maintenance stuff directly from the UI. Another thing is something that I saw in LogDNA, where you could have a color based on log regex. For example, it would color the timestamps next to the log lines orange, make the source of the log purple, and then make the actual log content black. That would be very nice to see in Graylog.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution is compatible with the cloud-native environment and they can adapt to it faster."

"The stability of the solution is good."

"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."

"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."

"Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine."

"The most valuable features of Elastic Security are it is open-source and provides a high level of security."

"We've found the initial setup to be quite straightforward."

"It's very customizable, which is quite helpful."

More Elastic Security pros

"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."

"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."

"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."

"I like the correlation and the alerting."

"This had increased productivity for the dev and support teams, because we are directly notifying them."

"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."

"The build is stable and requires little maintenance, even compared to some extremely expensive products."

"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."

More Graylog pros

Cons

"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."

"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."

"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."

"The solution does not have a UI and this is one of the reasons we are looking for another solution."

"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."

"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."

"I would like more ways to manage permissions and restrict access to certain users."

"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."

More Elastic Security cons

"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."

"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."

"Graylog can improve the index rotation as it's quite a complex solution."

"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."

"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."

"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."

"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."

"With technical support, you are on your own without an enterprise license."

More Graylog cons

Pricing and Cost Advice

"The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."

"When compared to other products, the price is average or on the low side."

"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."

"We are using the free, open-source version of this solution."

"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."

"The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."

"The solution is free."

"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."

More Elastic Security pricing and cost advice

"If you want something that works and do not have the money for Splunk or QRadar, take Graylog."

"Having paid official support is wise for projects."

"We are using the free version of the product. However, the paid version is expensive."

"I use the free version of Graylog."

"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."

"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."

"It's an open-source solution that can be used free of charge."

"You get a lot out-of-the-box with the non-enterprise version, so give it a try first."

More Graylog pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

10%

Government

10%

University

Computer Software Company

17%

Comms Service Provider

Government

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?

With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...

What do you like most about Elastic Security?

Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...

What is your experience regarding pricing and costs for Elastic Security?

Compared to other tools, Elastic Security is a cheaper solution.

What do you like most about Graylog?

The product is scalable. The solution is stable.

What is your experience regarding pricing and costs for Graylog?

We are using the free version of the product. However, the paid version is expensive.

What needs improvement with Graylog?

Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, ...

Wazuh vs Elastic Security

Comparisons

Compared 33% of the time

CrowdStrike Falcon vs Elastic Security

Compared 8% of the time

IBM Security QRadar vs Elastic Security

Compared 7% of the time

Microsoft Sentinel vs Elastic Security

Compared 7% of the time

Cortex XDR by Palo Alto Networks vs Elastic Security

Compared 1% of the time

More Elastic Security Competitors

Grafana Loki vs Graylog

Compared 45% of the time

Wazuh vs Graylog

Compared 20% of the time

syslog-ng vs Graylog

Compared 10% of the time

Security Onion vs Graylog

Compared 4% of the time

VMware Aria Operations for Logs vs Graylog

Compared 1% of the time

More Graylog Competitors

Product Reports

Download Elastic Security product report

Elastic Security

November 2024

Download Graylog product report

October 2024

Also Known As

Elastic SIEM, ELK Logstash

Graylog2

Learn More

Elastic

Overview

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.

Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

Additional offerings and benefits:

The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

Considerably faster analysis speeds.
More robust and easier-to-use analysis platform.
Simpler administration and infrastructure management.
Lower cost than alternatives.
Full-scale customer service.
No expensive training or tool experts required.

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur