We compared Graylog and IBM Security QRadar based on our users' reviews in five categories. We reviewed all of the data, and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Reviews praised QRadar for its comprehensive network visibility and strong SIEM capabilities. Graylog could benefit from additional customization options and an improved rule-creation process. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. QRadar can be costly because users need to buy new hardware to upgrade.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. QRadar delivers a high return on investment, improving security through its advanced user behavior analytics.
"The product is scalable. The solution is stable."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"I am very proud of how very stable the solution is."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The ability to write custom alerts is key to information security and compliance."
"The solution's most valuable feature is its new interface."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"We can easily monitor many things using this tool."
"The tool's most valuable feature is log source management. It enables us to connect to various log sources, including content, authentications, or other customized integrations. These integrations can be tailored for use with other platforms that don’t already have built-in IBM add-ons."
"The simplicity of the solution is the best feature."
"The initial setup is not complex or difficult."
"This solution has excellent security analytics."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"The ability to transition from microscopic to macroscopic view, instantly, is very good."
"The best part of this solution is having a third-party SOC."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"I would like to see some kind of visualization included in Graylog."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"There should be some user groups and an auto sign-in feature."
"Lacks sufficient documentation."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Whenever we are upgrading or installing any type of patch, at that time we have some delays."
"I would like the rule creation interface to be much more user-friendly in the next release."
"Technical support could be improved by a bit."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"IBM Qradar could improve the reporting. The tool is not designed to report. It's a great operational monitoring tool. You put it on a screen and you watch it. If you want to have analytics out of it, that's a whole different story. You're going to need more people and tools. What should be added is reporting and integration into Power BI, into some capability that produces analytical reports from the source data. IBM does not seem to care to add these features."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules."
"I would also like to see more integration with other vendors. IBM doesn't integrate well with products from China, like Huawei. Many Middle Eastern customers are switching to Huawei from American vendors like Cisco because of the price. In most RFPs, Huawei wins because it costs less."
Graylog is ranked 11th in Log Management with 18 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Graylog is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Datadog, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security. See our Graylog vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.