Try our new research platform with insights from 80,000+ expert users

Graylog vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Ranking in Log Management
16th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
20
Ranking in other categories
No ranking in other categories
LogRhythm SIEM
Ranking in Log Management
11th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
173
Ranking in other categories
Security Information and Event Management (SIEM) (7th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. The mindshare of LogRhythm SIEM is 2.2%, down from 3.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Andrey Mostovykh - PeerSpot reviewer
Real-time analysis, easy setup, and open source
We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.
Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I am very proud of how very stable the solution is."
"Graylog is very handy."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"I like the correlation and the alerting."
"It has data adapters and lookup tables that utilize HTTP calls to APIs."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The product is scalable. The solution is stable."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"It's positively affected our overall rate of efficiency."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts."
"I like LogRhythm's ease of use. The solution has improved compared to previous versions. It had many issues before, like integration, the console, creating reports, false positives, etc. The AI engine has made it stronger in the latest version."
"We now have a central point of monitoring for all potential threats."
 

Cons

"I would like to see some kind of visualization included in Graylog."
"Lacks sufficient documentation."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"I would really like to see some type of group or global management for RIM policies,"
"I would like to suggest that they should improve their usage of third party tools for making dashboards and reports. If they would create their own tools for dashboard and report, it would be much better in terms of security purposes."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"I don't think the cloud model in LogRhythm is developed enough."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
 

Pricing and Cost Advice

"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"We're using the Community edition."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"It's an open-source solution that can be used free of charge."
"We are using the free version of the product. However, the paid version is expensive."
"Having paid official support is wise for projects."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"In the context of our country, the price of this solution is too high."
"LogRhythm's licensing is based on MPS. There are some add-on features like advanced UEBA, the cloud component for advanced UEBA, and SIEM."
"I would recommend talking to the rep. That's the biggest thing because they will know what questions to ask."
"On a scale of one to ten, I'd rate the pricing of this solution as a seven - not too expensive but not cheap either. Regarding licensing costs, it varies depending on factors like being a partner or an end user, but there are no additional costs aside from standard licensing fees for the basic SIEM solution."
"NextGen SIEM's pricing is moderate."
"It is a very cost-effective solution."
"I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway."
"LogRhythm's pricing and licensing is extremely competitive and it's one of the top three reasons we continue to invest in the platform."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Comms Service Provider
10%
Government
7%
Educational Organization
7%
Educational Organization
40%
Computer Software Company
9%
Financial Services Firm
7%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
We are using the free version of the product. However, the paid version is expensive.
What needs improvement with Graylog?
When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work. P...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
The SOAR capabilities need improvements as they currently require programming knowledge. A more user-friendly user interface with drag-and-drop features, similar to key competitors like Splunk, wou...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Comparisons

 

Also Known As

Graylog2
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about Graylog vs. LogRhythm SIEM and other solutions. Updated: April 2025.
848,989 professionals have used our research since 2012.