We performed a comparison between Splunk Enterprise Security and syslog-ng based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"The scalability is good."
"The initial setup is pretty straightforward."
"It has the ability to correlate data, analyze and review it."
"The solution is very fast and succinct."
"The solution is stable and reliable."
"The correlation searches are most valuable just because we are able to do things like RBA."
"Syslog-ng provides easy access to all my logs. It helps me show managers and other clients precisely where an incident occurred. I also like it because you can integrate syslog-ng with multiple solutions to allow real-time monitoring."
"Syslog-ng has a separate config file in addition to the core configuration."
"The ability to extract and store the logs is the most valuable feature of syslog-ng."
"For us, the most valuable feature is the use of compound search for searching logs at a specific time, by a specific user, or specific behavior."
"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"Endpoint access is the only issue I can think to mention, even though the endpoint access we have with Cisco is fine."
"Certain sections of the developer documentation could use some updating and clarification."
"Its setup is a little bit complex for a distributed environment. Their support can also be better. If we miss the response for more than a week, they usually close the case. Sometimes, it can take us more than a week to reply."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"The solution has a high learning curve for users. It's a little complicated when you're trying to figure out all the features and what they do."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"Syslog-ng has built-in features that we can use to create alerts for a SIEM solution. It isn't a true SIEM solution, but it's sufficient for the time being."
"The filtering has room for improvement."
"There is always the potential for additional integration and protocol extensions."
"It's hard to find people who know how to use syslog-ng. I often find problems with configurations, and solutions aren't integrated correctly with syslog-ng. For example, there might be data with extra decimals, or the collector agents are incorrectly named. It isn't a problem with the solution; it's a lack of professionals."
"There is room for improvement in terms of observability."
Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews while syslog-ng is ranked 18th in Log Management with 5 reviews. Splunk Enterprise Security is rated 8.4, while syslog-ng is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of syslog-ng writes "It's a user-friendly open-source solution that can replace or augment a commercial product in some cases". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel, whereas syslog-ng is most compared with SolarWinds Kiwi Syslog Server, Graylog, Grafana Loki, Logstash and Datadog. See our Splunk Enterprise Security vs. syslog-ng report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.