We compared Graylog and IBM Security QRadar based on our users' reviews in five categories. We reviewed all of the data, and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Reviews praised QRadar for its comprehensive network visibility and strong SIEM capabilities. Graylog could benefit from additional customization options and an improved rule-creation process. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. QRadar can be costly because users need to buy new hardware to upgrade.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. QRadar delivers a high return on investment, improving security through its advanced user behavior analytics.
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"I like the correlation and the alerting."
"Real-time UDP/GELF logging and full text-based searching."
"We have the abilities to monitor each instance which originates on the process along with the performance of each department."
"It's built around Red Hat Linux, which is highly robust."
"The pre-canned rules and reports in this product are a huge plus."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"There are other third-party plugins that we can use."
"The tool helps with infrastructure, application, and network monitoring."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"There should be some user groups and an auto sign-in feature."
"Lacks sufficient documentation."
"Graylog can improve the index rotation as it's quite a complex solution."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Dashboards, stream alerts and parsing could be improved."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"The solution should include remote action capabilities."
"The solution could improve by having more out-of-the-box use cases."
"The AQL queries could be better."
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more automatic."
"We have had problems with networking."
"The user interface is a bit difficult to get used to."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"The Indian tech support is not helpful."
Graylog is ranked 11th in Log Management with 18 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Graylog is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Datadog, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our Graylog vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.