We compared Graylog and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Room for Improvement: Graylog could benefit from additional customization options and an improved rule-creation process. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"I like the correlation and the alerting."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"I am very proud of how very stable the solution is."
"Real-time UDP/GELF logging and full text-based searching."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"The ability to ingest any data and display it in a way that anyone can understand."
"The flexibility of the solution is quite good."
"We can quickly search for almost anything across many log sources in seconds."
"The initial setup is really straightforward. It's one of the easiest installations."
"The visibility is amazing with easy dashboard creation."
"The product provides visibility and enables us to correlate data and generate alerts."
"The most valuable feature is that it's very good for log aggregation."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"More customization is always useful."
"With technical support, you are on your own without an enterprise license."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Graylog can improve the index rotation as it's quite a complex solution."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."
"Splunk Enterprise Security has not helped reduce our alert volume."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"Professional support is great, but too expensive."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"The support that is included with the standard licensing fee is very bad."
"If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well."
"Considering the contract thing and the whole legal area, it takes forever to get the contracts signed and to be able to agree to the terms and conditions for my company as well as for Splunk's team."
Graylog is ranked 11th in Log Management with 18 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 246 reviews. Graylog is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel. See our Graylog vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.