We performed a comparison between Grafana Loki and IBM Security QRadar based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I appreciate the capability to process logs from microservices and seamlessly integrate them into Grafana."
"The tool can be used in multi-cluster environments."
"The most valuable features of the solution stem from the fact that it is an open-source tool that is stable and flexible."
"The log collection feature is good and the solution is easily understandable. v"
"We are using Grafana Loki as a database for real-time metrics."
"The solution's stability has never been a problem. Stability-wise, I rate the solution a nine to ten out of ten."
"The best feature of Grafana Loki is that it integrates well with our other tool."
"The most valuable feature of Grafana Loki is the dashboards which are really simple to create."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"This solution has excellent security analytics."
"The product can scale."
"The solution is easy to use, manage, and review all incidents."
"The monitoring and dashboards are great."
"The solution is relatively easy to use."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
"The solution's scalability depends on the team managing the Grafana instance."
"We encountered certain limitations when it came to alerting, particularly when dealing with specific data sources."
"My main concern is the recommended production-grade setup. They suggest using tools like Tanka or Jsonnet. They should simplify the process to increase adoption."
"The solution has shortcomings regarding security monitoring-oriented features that need improvement."
"There is a need for some change in the alerting types of the product. In short, a few changes in the alert area are needed due to minor shortcomings."
"The correlation of requests is not simple in Grafana Loki and can be improved."
"The Docker container partition feature needs improvement as they do not reuse the space and goes into a pending state."
"We had a well-structured dashboard with a functional query. However, an issue arose when the Kubernetes pod restarted. The statistics from our Grafana query would reset, dropping to zero and starting anew. This was particularly noticeable with linear graphs, which are expected to show consistent growth."
"I'd like them to improve the offense. When QRadar detects something, it creates what it calls offenses. So, it has a rudimentary ticketing system inside of it. This is the same interface that was there when I started using it 12 years ago. It just has not been improved. They do allow integration with IBM Resilient, but IBM Resilient is grotesquely expensive. The most effective integration that IBM offers today is with IBM Resilient, which is an instant response platform. It is a very good platform, but it is very expensive. They really should do something with the offense handling because it is very difficult to scale, and it has limitations. The maximum number of offenses that it can carry is 16K. After 16K, you have to flush your offenses out. So, it is all or nothing. You lose all your offenses up until that point in time, and you don't have any history within the offense list of older events. If you're dealing with multiple customers, this becomes problematic. That's why you need to use another product to do the actual ticketing. If you wanted the ticket existence, you would normally interface with ServiceNow, SolarWinds, or some other product like that."
"The price of IBM Security QRadar is an area of concern where improvements are required."
"The solution can be improved by lowering the cost and bettering their technical support."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
"This solution is on-premise and many customers are moving to the cloud base solution."
"We need more features in order to create rules to detect or to meet some requirements for other areas, for example, catching the event from other authentication tools."
"It needs more resilience and functionality."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
Grafana Loki is ranked 13th in Log Management with 12 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Grafana Loki is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Grafana Loki writes "Effective for Logging, recovery from node failures is fast and single UI supports metrics, logs, and even tracing". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Grafana Loki is most compared with Graylog, Wazuh, syslog-ng, Splunk Enterprise Security and Fortinet FortiAnalyzer, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security. See our Grafana Loki vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.