We compared Graylog and LogRhythm SIEM based on our users' reviews in five categories. We reviewed all of the data, and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Graylog could benefit from additional customization options and an improved rule-creation process. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"Real-time UDP/GELF logging and full text-based searching."
"I am very proud of how very stable the solution is."
"The product is scalable. The solution is stable."
"Open source and user friendly."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"Message forwarding through the in-built module."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"NextGen SIEM's best feature is how it presents logs."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"It's positively affected our overall rate of efficiency."
"Provides visibility into the network."
"It's reliable and the performance is good."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"The ability to investigate a particular period of time where you can analyze logs is its most valuable feature."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"There should be some user groups and an auto sign-in feature."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"I would really like to see some type of group or global management for RIM policies,"
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
Graylog is ranked 11th in Log Management with 18 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. Graylog is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Nagios Log Server, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and VMware Aria Operations for Logs. See our Graylog vs. LogRhythm SIEM report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.