Try our new research platform with insights from 80,000+ expert users

Graylog vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog
Ranking in Log Management
16th
Average Rating
8.0
Reviews Sentiment
6.7
Number of Reviews
19
Ranking in other categories
No ranking in other categories
LogRhythm SIEM
Ranking in Log Management
11th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
173
Ranking in other categories
Security Information and Event Management (SIEM) (7th)
 

Mindshare comparison

As of April 2025, in the Log Management category, the mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. The mindshare of LogRhythm SIEM is 2.2%, down from 3.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Andrey Mostovykh - PeerSpot reviewer
Real-time analysis, easy setup, and open source
We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.
Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The ability to write custom alerts is key to information security and compliance."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Graylog is very handy."
"Real-time UDP/GELF logging and full text-based searching."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"The security operation center is excellent."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"The ability to investigate a particular period of time where you can analyze logs is its most valuable feature."
 

Cons

"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"More customization is always useful."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
"The initial setup is not so easy because it is quite a process."
"It's not easy for someone new to the solution."
"The responses provided by the cloud team are inefficient."
"The product's stability needs improvement."
 

Pricing and Cost Advice

"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"We are using the free version of the product. However, the paid version is expensive."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"We're using the Community edition."
"It's an open-source solution that can be used free of charge."
"Having paid official support is wise for projects."
"I use the free version of Graylog."
"I think the tool is reasonably priced. There is a need to pay per year towards the licensing costs of the tool."
"If you don't have your staff, absolutely look into the co-pilot and factor that into your cost evaluation."
"It is a very cost-effective solution."
"In the context of our country, the price of this solution is too high."
"I would rate the tool's pricing around eight out of ten."
"The license cost is around $10 per MPS."
"Everything is expensive with LogRhythm, and you don't get anything for free."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Government
8%
University
7%
Educational Organization
45%
Computer Software Company
9%
Financial Services Firm
6%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
We are using the free version of the product. However, the paid version is expensive.
What needs improvement with Graylog?
When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work. P...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
The SOAR capabilities need improvements as they currently require programming knowledge. A more user-friendly user interface with drag-and-drop features, similar to key competitors like Splunk, wou...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Comparisons

 

Also Known As

Graylog2
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about Graylog vs. LogRhythm SIEM and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.