We performed a comparison between Graylog, IBM Security QRadar, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I am very proud of how very stable the solution is."
"Message forwarding through the in-built module."
"The solution's most valuable feature is its new interface."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"I like the correlation and the alerting."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The ability to write custom alerts is key to information security and compliance."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"The most valuable features of IBM Security QRadar are flexibility, IBM support, and scalability."
"It is a very good SIEM."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"This solution has excellent security analytics."
"Customer service is very good and very helpful."
"The solution is easy to use, manage, and review all incidents."
"I like that it's easy to use and the performance is good."
"This is a straightforward solution, easy to configure."
"We are much faster finding and addressing issues with Splunk."
"The scalability is good."
"Its integration is most valuable. Its UI is also pretty much easy."
"The ability to ingest different log types from many different products in our environment is most valuable."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"With technical support, you are on your own without an enterprise license."
"Maybe there should be more custom rules in the exchange. Basically, we are using a lot of threat rules, so maybe they'll develop something like that."
"There is one problem with QRadar in regards to the add-on apps. The apps can be frustrating. For example, when I add a big app like one of the add-ons for resiliency, add-on applications for QRadar, these applications require different hardware to implement and to deploy. The resiliency connector because there's a considerable amount of data scanning, operates for these apps correctly."
"Pricing model could be more cost-effective."
"Integration could be better. They should make it easy to integrate with other solutions."
"It would be better if it were more stable and more secure. The price for maintenance could be better. It's too high. In the next release, I think they should focus on the price and the operation."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"Their technical support is not good. We opened a lot of cases and from my experience, they are not complicated issues but it takes forever to get an answer."
"When it comes to what could be better, it is always what others are trying to do and what is the roadmap. It can have more integration. It should have more flexible RESTful APIs for integration with applications. These are the things that are always in demand for any of the SIEM solutions, not only for QRadar. Integration is ever-evolving. Nowadays, different versions of mobile handsets are there and data is getting scattered. Users are using their personal handsets to keep the data of the organization. So, it should have a more flexible integration, irrespective of the flavor of the firmware and iOS or Android version. It should have an API that can seamlessly get integrated. It should also provide more flexible control and a more advanced or analytical view to see what exactly is happening across the globe or network. From wherever a user is connecting and accessing the enterprise data, it should give real-time visibility and predictive visibility about what exactly is happening. These things are already there, but there should be more advanced control in terms of managing the security."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"Could be more user friendly."
"The search could be improved. Now, it is a bit difficult to write search queries because they become quite long, then maintaining those long search queries is a quite challenging."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"It would be nice if Splunk reduced the cost of training. Their training sessions are way too costly."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.