Graylog vs Logstash comparison

Graylog and Elastic are both solutions in the Log Management category. Graylog is ranked #18 with an average rating of 6.5, while Elastic is ranked #30 with an average rating of 10.0. Graylog holds a 6.6% mindshare in Log Management, compared to Elastic’s 0.5% mindshare. Additionally, 94% of Graylog users are willing to recommend the solution, compared to 50% of Elastic users who would recommend it.

Graylog

Read 19 Graylog reviews

9,387 Views
8,255 Comparison Views

94% willing to recommend

Logstash

Read 2 Logstash reviews

495 Views
461 Comparison Views

50% willing to recommend

Graylog

Logstash

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Graylog and Logstash based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management.

To learn more, read our detailed Log Management Report (Updated: January 2025).

Buyer's Guide

Log Management

January 2025

Download the complete report

Helped 831,997 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Graylog

Ranking in Log Management

18th

Average Rating

8.0

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Logstash

Ranking in Log Management

30th

Average Rating

9.0

Reviews Sentiment

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of January 2025, in the Log Management category, the mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. The mindshare of Logstash is 0.5%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

Andrey Mostovykh

Senior Data Architect at a comms service provider with 51-200 employees

Real-time analysis, easy setup, and open source

We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.

Read full review

Mustafa Husny

Senior System Engineer at Techline-eg

Helps to collect logs from various data sources, including hardware

I use Logstash primarily for connecting logs from hardware. This is the main use case. The second use case involves making correlations between logs from various sources. I can collect logs from various data sources, including hardware. The product needs to improve its compatibility. I rate…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"This had increased productivity for the dev and support teams, because we are directly notifying them."

"Open source and user friendly."

"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."

"I like the correlation and the alerting."

"The ability to write custom alerts is key to information security and compliance."

"I am very proud of how very stable the solution is."

"The product is scalable. The solution is stable."

"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."

More Graylog pros

"We have three or four Logstash servers for high availability."

"I can collect logs from various data sources, including hardware."

"Everything aligns well with improving our organization."

Cons

"More customization is always useful."

"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."

"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."

"Lacks sufficient documentation."

"I would like to see some kind of visualization included in Graylog."

"Its scalability gets complicated when we have to update or edit multiple nodes."

"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."

"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."

More Graylog cons

"We still have a problem with importing the log system."

"The product needs to improve its compatibility."

"Almost all the research can be very bad. We still have a problem with importing the log system."

Pricing and Cost Advice

"You get a lot out-of-the-box with the non-enterprise version, so give it a try first."

"Consider Enterprise support if you have atypical needs or setup requirements."

"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."

"We are using the free version of the product. However, the paid version is expensive."

"We're using the Community edition."

"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."

"It's an open-source solution that can be used free of charge."

"I use the free version of Graylog."

More Graylog pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

831,997 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Comms Service Provider

10%

Government

Educational Organization

Financial Services Firm

20%

Computer Software Company

12%

Government

10%

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Graylog?

The product is scalable. The solution is stable.

See all answers

What is your experience regarding pricing and costs for Graylog?

We are using the free version of the product. However, the paid version is expensive.

See all answers

What needs improvement with Graylog?

Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, ...

See all answers

What do you like most about Logstash?

I can collect logs from various data sources, including hardware.

See all answers

What needs improvement with Logstash?

The product needs to improve its compatibility.

See all answers

What is your primary use case for Logstash?

I use Logstash primarily for connecting logs from hardware. This is the main use case. The second use case involves making correlations between logs from various sources.

See all answers

Comparisons

Grafana Loki vs Graylog

Compared 44% of the time

Wazuh vs Graylog

Compared 21% of the time

syslog-ng vs Graylog

Compared 11% of the time

Security Onion vs Graylog

Compared 4% of the time

Fortinet FortiAnalyzer vs Graylog

Compared 3% of the time

More Graylog Competitors

Cribl vs Logstash

Compared 47% of the time

syslog-ng vs Logstash

Compared 22% of the time

Grafana Loki vs Logstash

Compared 19% of the time

Wazuh vs Logstash

Compared 12% of the time

More Logstash Competitors

Product Reports

Buyer's Guide

Graylog

January 2025

Download Graylog product report

Buyer's Guide

Log Management

January 2025

Download Logstash product report

Also Known As

Graylog2

No data available

Overview

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

Considerably faster analysis speeds.
More robust and easier-to-use analysis platform.
Simpler administration and infrastructure management.
Lower cost than alternatives.
Full-scale customer service.
No expensive training or tool experts required.

Graylog

Logstash is a versatile data processing pipeline that ingests data from multiple sources, transforms it, and sends it to preferred destinations, enabling seamless data utilization across systems.

Logstash provides an efficient and flexible way to manage data flow, supporting diverse input sources and offering a rich set of plugins. Its real-time processing capability and ease of integration with Elasticsearch make it advantageous for businesses looking to enhance data analytics. While valuable, Logstash can benefit from improvements like scalability enhancements and more robust error-handling mechanisms.

What are the key features of Logstash?

Input Plugin Support: Connects to a wide range of data sources for seamless ingestion.
Filter Plugin: Processes and enriches logs before output.
Output Plugin Flexibility: Delivers data to various endpoints efficiently.
Real-Time Pipeline: Processes data in real-time for immediate insights.

What benefits does Logstash provide?

Enhanced Data Processing: Streamlines data ingestion and transformation workflows.
Improved Analytics: Facilitates deeper insights through seamless Elasticsearch integration.
Cost Efficiency: Reduces total expenses by optimizing data handling processes.
Scalability: Adapts to diverse data volumes and use cases.

Industries like finance and e-commerce leverage Logstash for managing extensive log data and improving decision-making by feeding enriched data into analytics platforms. Its ability to handle diverse formats and integrate with Elastic Stack has proven crucial in implementing comprehensive data strategies.

Elastic

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur

Information Not Available

Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management. Updated: January 2025.

DOWNLOAD NOW

831,997 professionals have used our research since 2012.

See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.