We compared Graylog and IBM Security QRadar based on our users' reviews in five categories. We reviewed all of the data, and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Reviews praised QRadar for its comprehensive network visibility and strong SIEM capabilities. Graylog could benefit from additional customization options and an improved rule-creation process. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. QRadar can be costly because users need to buy new hardware to upgrade.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. QRadar delivers a high return on investment, improving security through its advanced user behavior analytics.
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"I am very proud of how very stable the solution is."
"Open source and user friendly."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The solution's most valuable feature is its new interface."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The ability to write custom alerts is key to information security and compliance."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"I have found its network traffic log, network bit log, and QBI most valuable."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"The features that I have found most valuable in QRadar are its data enrichment, use case creations, and adding references - those kinds of features are very good. Also QRadar's event filtration and device integration are perfect."
"What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools."
"The solution is flexible and easy to use."
"I have found the most important features to be the flexibility, tech framework, and disk manager."
"The initial setup is not complex or difficult."
"Blocks of predefined conditions can be used to configure detection rules without having to write complicated script."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Dashboards, stream alerts and parsing could be improved."
"More customization is always useful."
"Lacks sufficient documentation."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"The product does not have a team for investigating malware."
"The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool."
"QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs."
"The solution can be improved by lowering the cost and bettering their technical support."
"The product is good, but one feature they should have is an Elasticsearch. Currently, in QRadar, there are no Elasticsearch criteria."
"The API integration for AD is a problem when it comes to vulnerability management. If you want to incorporate multiple factor authentication it becomes a problem with the AD. It doesn't integrate well. That needs to be improved."
"The user interface needs improvement."
Graylog is ranked 11th in Log Management with 18 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Graylog is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Datadog, whereas IBM Security QRadar is most compared with Splunk Enterprise Security, Microsoft Sentinel, Wazuh, LogRhythm SIEM and Elastic Security. See our Graylog vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.