We performed a comparison between LogRhythm SIEM, Splunk Enterprise Security, and Stackify based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"The user interface is pretty good compared to other SIEM tools."
"It supports most standard log sources."
"The GUI is very intuitive and the solution has good integration."
"The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"The product is great for medium to large-scale organizations."
"The log analysis feature is valuable."
"The most valuable features are how stable and easy to use Splunk is."
"It has quite extensive support in terms of integration. If you want to do anything, there are tools for that."
"It's the completeness of the solution that we like the most."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"Its compatibility with other SIEMS is very useful."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"The most valuable aspect of the solution is the dashboard. It's very intuitive."
"I really like the user interface and how it works."
"The filter feature on Stackify is one of the features I found valuable. It's awesome. When I want to get the application logs, the solution gives me many filters. For example, if I want to get logs from my test environment, the option is there for me to select the environment from Stackify, and you can also select the particular application, and you'll see the information you need there. The filter feature alone and the fact that Stackify offers a lot of different filters is what I like the most about the solution because I've used other tools with the filter feature, but the filtering was very difficult, versus Stackify that has good filtering. On Stackify, you can filter the information by the last one hour, or the last four hours, and you can also select the date range and specify the timestamp, then the solution will give you the information based on the date range you specified. Another feature I found valuable on Stackify is its rating feature because it tells you how your application is faring. For example, a rating of A means excellent, while a rating of F means very bad, or that your application is not doing well at all. The ratings are from A to F. I also like that Stackify helps you in terms of load management because the solution gives you information on overutilized resources. These are the most valuable features of the solution."
"The deployment is very fast."
"The performance dashboard and the accurate level of details are beneficial."
"The solution is stable and reliable."
"We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"We had a little bit of difficulty implementing a disaster recovery situation because it was leveraging only Microsoft native DNS and it wouldn't work with our Infoblox DNS deployment that we use in our environment. They've been working on that behind the scenes."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"I would like to see APIs well-documented and public facing, so we can get to them all."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
"Sometimes the Platform Manager crashes because it's built around Windows."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"It will be helpful for customers if they can create some real-world cases, and we can find a case study to align with. I know that Splunk has tremendous potential. We only include a tiny piece of it. There is a lot of stuff that we need to learn. If Splunk can provide more real-time examples, that will be helpful for customers."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"The price has room for improvement."
"The glass table feature does not perform as expected."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"This is a costly solution."
"The search feature could be improved."
"I've not used Stackify for a while, and I'm currently using a solution now that's not as good as Stackify. Among the solutions I've been using so far, Stackify has been one of the best for me, but there's always room for improvement. For example, I don't know if it's just me, but when I try to get the log from Stackify, sometimes it doesn't appear in real-time. It takes a few minutes before the logs appear. When I redeploy my solution and the application starts, I don't see the logs immediately, and it would take two to three minutes before I see the logs. I don't know if other customers have a similar experience. It's the wait time for the logs to appear that's a concern for me, could be improved, and is what the Stackify team should be looking into. In terms of any additional feature that I'd like added to the solution, I'm not sure if Stackify has a way to export logs out. I've been trying to do it. On the solution, you can click on a spiral-like icon and it shows you the entire error, and I'd prefer an export button that would let me download the error and save that into a text file, for example, so it'll be available on my local machine for me to reference it, especially because the log keeps going and as you're using the solution, the system keeps pushing messages on to Stackify, so if I'm looking at a particular error at 12:05 PM, for example, by the time I go back to my system and would like to revisit the error at 12:25 PM, on Stackify, the logs would have gone past that level and I won't see it again which makes it difficult. When you now go back to that timestamp, you don't tend to see it immediately, but if the solution had an export feature for me to save that particular error information on my local machine for reference at a later time, I won't have to go back to Stackify. I just go to that log, specifically to that particular export that I've received on my local machine. I can get it and review it, and it would be easier that way versus me going back to Stackify to find that particular error and request that particular information."
"It should be easily scalable and configurable in different instances."
"I would like to be able to see metrics about individual running containers on the host machines."
