We performed a comparison between Elastic Security and Graylog based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Graylog could benefit from additional customization options and an improved rule-creation process.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case.
"The product has huge integration varieties available."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"The visualization is very good."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"The product is scalable. The solution is stable."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Open source and user friendly."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"The solution's most valuable feature is its new interface."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Dashboards, stream alerts and parsing could be improved."
"Lacks sufficient documentation."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
Elastic Security is ranked 5th in Log Management with 58 reviews while Graylog is ranked 11th in Log Management with 18 reviews. Elastic Security is rated 7.6, while Graylog is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and VMware Aria Operations for Logs, whereas Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and LogRhythm SIEM. See our Elastic Security vs. Graylog report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
