We compared Graylog and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Room for Improvement: Graylog could benefit from additional customization options and an improved rule-creation process. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"The solution's most valuable feature is its new interface."
"Real-time UDP/GELF logging and full text-based searching."
"I am very proud of how very stable the solution is."
"I like the correlation and the alerting."
"The ability to write custom alerts is key to information security and compliance."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."
"Visualizations helped the organisation with a better understanding of its KPIs."
"Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful."
"It has a rapid response search environment in the event of an incident."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"The initial setup isn't overly complex."
"The solution has proven to be quite stable."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"There should be some user groups and an auto sign-in feature."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Graylog can improve the index rotation as it's quite a complex solution."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Dashboards, stream alerts and parsing could be improved."
"I feel the solution to be too slow."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"Splunk could have more built-in use case presets that customers can build on and customize."
"There is a definite learning curve to starting out."
"You do need a lot of training and certification with this product."
"Licensing costs can be a barrier for those with limited budgets."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"Many of my clients want to get better at Splunk, but they're afraid of using the tool because they feel it's too complex for them."
Graylog is ranked 11th in Log Management with 18 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. Graylog is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Graylog vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.