We performed a comparison between Elastic Security and Graylog based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Graylog could benefit from additional customization options and an improved rule-creation process.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case.
"It's not very complicated to install Elastic."
"It's very stable and reliable."
"ELK documentation is very good, so never needed to contact technical support."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"The most valuable feature is the ability to collect authentication information from service providers."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"The scalability is good. It can be scaled easily in the production environment."
"The cost is reasonable. It's not overly pricey."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"I am very proud of how very stable the solution is."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The product is scalable. The solution is stable."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"Their visuals and graphs need to be better."
"The solution's query building is not that intuitive compared to other solutions."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"There isn't really a very good user experience. You need a lot of training."
"There should be some user groups and an auto sign-in feature."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Graylog can improve the index rotation as it's quite a complex solution."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"With technical support, you are on your own without an enterprise license."
"I would like to see some kind of visualization included in Graylog."
"Lacks sufficient documentation."
Elastic Security is ranked 5th in Log Management with 58 reviews while Graylog is ranked 11th in Log Management with 18 reviews. Elastic Security is rated 7.6, while Graylog is rated 8.0. The top reviewer of Elastic Security writes "Customizable with great dashboards but the premium support is poor". On the other hand, the top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and VMware Aria Operations for Logs, whereas Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Security Onion. See our Elastic Security vs. Graylog report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.