Try our new research platform with insights from 80,000+ expert users

Graylog vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

Graylog
Ranking in Log Management
17th
Average Rating
8.0
Number of Reviews
18
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
1st
Average Rating
8.4
Number of Reviews
301
Ranking in other categories
Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of November 2024, in the Log Management category, the mindshare of Graylog is 6.4%, up from 5.4% compared to the previous year. The mindshare of Splunk Enterprise Security is 9.4%, down from 13.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Peter Malaty - PeerSpot reviewer
Sep 30, 2022
I can create pipelines, charts, and data maps anyway I like, but the solution needs a better live logging display and improved authentication
Graylog needs to improve their authentication. Their AD integration is really bad. When it comes to ACL's, access control lists, where you want to have different group memberships and control who gets access to what, it really could use major improvements. It seems like a beta authentication version that they came up with in a hurry and said, "Hey guys, we've got something going for you. Use it until we think of something later on." I believe their enterprise version has improved some of these features, but I use the open source version. The second thing would be the way they handle live logging. The fact that Graylog displays logs from the top down is just ridiculous. I've never seen anything that logs this way except for Graylog. I believe this is an issue because they have the selector going in that direction, so it would make sense that they have to implement it that way, but it's definitely not cool. When you're looking at Graylog's live logging, whether it's doing a one-second or five-second pull, you'll notice that new log lines are placed at the top of the screen, not the bottom of the screen. I find this ridiculous because normally when you're looking at logs anywhere, on Linux, even in Windows, you're going to see that the logs are generated at the bottom. That's one thing that Graylog definitely needs to improve. Graylog also needs to invest some time to improve the performance and how they handle the maintenance of Elasticsearch. An added feature I would like to see is the capacity to delegate most of the backend maintenance to the frontend UI. When you have somebody from the service desk working on the solution or somebody who's not a technical person, they could run some of the maintenance stuff directly from the UI. Another thing is something that I saw in LogDNA, where you could have a color based on log regex. For example, it would color the timestamps next to the log lines orange, make the source of the log purple, and then make the actual log content black. That would be very nice to see in Graylog.
Sameep Agarwal. - PeerSpot reviewer
Oct 23, 2023
It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query
The ingestion happens quickly, so you can run up the data costs if you use the default settings. It isn't a problem for government agencies in the Saudi market, but many of the corporations in India are small or medium-sized enterprises that cannot afford that kind of ingestion system. Splunk needs to be tweaked in JSON so you can limit what is coming from the endpoints, especially the events. One needs to filter that out so that only certain events are ingested, like login failures, Active Directory changes, password reset requests, privilege modifications, etc. Each Windows machine generates about 310 KB of information per event, but we can tweak that down to about 50 KB.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Message forwarding through the in-built module."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"I like the correlation and the alerting."
"The SIEM is the most valuable feature of the product."
"It's better than IBM, in my opinion, because it's an independent entity."
"The solution allows easy gathering and ingestion of the data."
"We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company."
"The most valuable feature is that it brings all of the components necessary to identify, analyze, and respond together."
"Correlation search, in general, is valuable because it allows us to search multiple data sources easily."
"It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature."
"It has helped us look at modern technology, as well as penetrate our legacy systems, to see where the bottlenecks are."
 

Cons

"There should be some user groups and an auto sign-in feature.​"
"More customization is always useful."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Dashboards, stream alerts and parsing could be improved."
"I would like to see more SIEM functionality and a better ticket tool."
"The user experience could be improved."
"I do not like the pricing model. It is expensive."
"It can be tough to get a hold of somebody in technical support depending on the complexity of the issue."
"The complexity could be worked on so that it's even easier and faster."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"Deployment is not difficult but the lock sources and configurations can take time."
"It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit."
 

Pricing and Cost Advice

"We are using the free version of the product. However, the paid version is expensive."
"Consider Enterprise support if you have atypical needs or setup requirements.​"
"If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
"I am using a community edition. I have not looked at the enterprise offering from Graylog."
"I use the free version of Graylog."
"​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
"We're using the Community edition."
"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."
"Licensing is a yearly, one-time cost."
"It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
"It is pretty straightforward and based on the sizing. If I compare it with other competitors, it makes sense."
"It would be nice if the pricing were cheaper. However, we did purchase it."
"Splunk is expensive based on our current requirements, but it's obviously worth what we pay."
"I believe that Splunk Enterprise Security is worth the price, but it is expensive."
"It's a little bit expensive for a small to medium enterprise."
"The license for Splunk Enterprise Security is expensive."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
9%
Government
8%
Educational Organization
7%
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Graylog?
The product is scalable. The solution is stable.
What is your experience regarding pricing and costs for Graylog?
We are using the free version of the product. However, the paid version is expensive.
What needs improvement with Graylog?
Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, ...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

Graylog2
No data available
 

Learn More

 

Overview

 

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Graylog vs. Splunk Enterprise Security and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.