We compared Graylog and IBM Security QRadar based on our users' reviews in five categories. We reviewed all of the data, and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. QRadar users say the solution provides extensive information and helpful leads for locating pertinent data. Reviews praised QRadar for its comprehensive network visibility and strong SIEM capabilities. Graylog could benefit from additional customization options and an improved rule-creation process. QRadar could improve its rule deployment and lower its false positive rate. Users would also like expanded storage capacity, streamlined user management, and a more mature architecture.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some QRadar customers have had trouble connecting with knowledgeable support staff and experienced delayed responses.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. QRadar's initial setup can be complex for users without expertise, and the difficulty may vary depending on the size of the data set.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. QRadar can be costly because users need to buy new hardware to upgrade.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. QRadar delivers a high return on investment, improving security through its advanced user behavior analytics.
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"I like the correlation and the alerting."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"It is a very good SIEM."
"It helps us discover any threats with their alerts and tracking."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"The UBA feature is the most valuable because you can see everything about users' activities."
"Technical support is good overall."
"The solution is easy to use, manage, and review all incidents."
"It is suitable for large companies with critical infrastructure. For our clients, robustness, availability at a high level, and the level of references and experiences connected to the solution are important."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"More customization is always useful."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"There should be an extension where we can get the reports. This could be an extension to the dashboard with the Guardian or another product with limited technology, for example IPS. Now, we only have IBM. Basically, it needs more and more integration models."
"The tool is very complicated. One place for improvement would be to have a more user-friendly interface. Having better support in Spanish would be cool."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"The advanced planning management (APM) features should be included."
"The pricing of the solution is a bit high. If they could lower it, that would be ideal."
"I would like to see more integration in place after the security lock."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"The solution is difficult to understand in the beginning and has complex management configurations that can be improved."
Graylog is ranked 11th in Log Management with 18 reviews while IBM Security QRadar is ranked 6th in Log Management with 198 reviews. Graylog is rated 8.0, while IBM Security QRadar is rated 8.0. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Datadog, whereas IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security. See our Graylog vs. IBM Security QRadar report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.