Graylog vs Splunk Enterprise Security vs USM Anywhere comparison

Cancel
You must select at least 2 products to compare!
Graylog Logo
10,699 views|9,032 comparisons
Splunk Logo
29,244 views|23,633 comparisons
AT&T Logo
4,683 views|3,148 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Graylog, Splunk Enterprise Security, and USM Anywhere based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management.
To learn more, read our detailed Log Management Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We're using the Community edition, but I know that it has really good dashboarding and alerts.""Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps.""The ability to write custom alerts is key to information security and compliance.""One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview.""I like the correlation and the alerting.""This had increased productivity for the dev and support teams, because we are directly notifying them.""I am very proud of how very stable the solution is.""UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."

More Graylog Pros →

"Easy to deploy and simple to use.""The initial setup isn't overly complex.""The solution is stable and reliable.""We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.""The correlation capabilities are the first value that our clients say they like with Splunk.""The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports.""We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing.""Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."

More Splunk Enterprise Security Pros →

"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour.""Using the communication within the security device, it is easier to create plugins.""Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats.""We are able to get alerts perfectly with FIM and VA features.""The most valuable feature in AT&T AlienVault USM is the reporting.""It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS.""Every activity on the firewall is recorded, and notifications are sent with this solution.""AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."

More USM Anywhere Pros →

Cons
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient.""More customization is always useful.""There should be some user groups and an auto sign-in feature.​""Graylog can improve the index rotation as it's quite a complex solution.""Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest.""Lacks sufficient documentation.""Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable.""It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."

More Graylog Cons →

"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model.""This is a costly solution.""The implementation and the scanning of the logs can be difficult.""It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away.""From the commercial point of view, they have to bring down their costs.""The configuration had a bit of a learning curve.""I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part.""The price has room for improvement."

More Splunk Enterprise Security Cons →

"Different functions to customize reports should be added.""There are many reports included but would be nice to have better access to the data.""AT&T AlienVault USM can improve searchable data. It should be available for more than 90 days. If you need more than 90 days of data, you have to put a request and they give you raw data, which is not easy to search. A good addition would be to allow users to search data older than 90 days.""The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on.""Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved.""I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity.""One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help.""The solution is a bit complicated. It could be simplified quite a bit."

More USM Anywhere Cons →

Pricing and Cost Advice
  • "Having paid official support is wise for projects."
  • "I am using a community edition. I have not looked at the enterprise offering from Graylog."
  • "If you want something that works and do not have the money for Splunk or QRadar, take Graylog.​​"
  • "​You get a lot out-of-the-box with the non-enterprise version, so give it a try first."
  • "Consider Enterprise support if you have atypical needs or setup requirements.​"
  • "I use the free version of Graylog."
  • "It's an open-source solution that can be used free of charge."
  • "We're using the Community edition."
  • More Graylog Pricing and Cost Advice →

  • "Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market."
  • "Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
  • "It is not cheap."
  • "Splunk Enterprise becomes extremely expensive after the 20GB/month license."
  • "You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
  • "Splunk licensing model might seem expensive but with all the gain in functionalities you will have compared to traditional SIEM solutions I think it’s worth the price."
  • "Pricing is pretty fair."
  • "While licensing can be a concern, there are ways to reduce the licensing costs including filtering some events."
  • More Splunk Enterprise Security Pricing and Cost Advice →

  • "AlienVault is flexible on their pricing for unlimited licenses."
  • "Pricing is very competitive with other products and you get much more functionality from AlienVault."
  • "QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative."
  • "Do the one month trial and try to work out the kinks during it, as it has free support and service hours."
  • "We checked out several competitors. For what it can do and the cost, it was the best option!"
  • "Use the AlienVault team. They are helpful and the documentation that they provide is second to none."
  • "​The price point is good.​"
  • "It has good pricing."
  • More USM Anywhere Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    Questions from the Community
    Top Answer:The product is scalable. The solution is stable.
    Top Answer:We are using the free version of the product. However, the paid version is expensive.
    Top Answer:Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I… more »
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Top Answer:The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the… more »
    Top Answer:It is a product that is priced in a medium range, making it neither a cheap nor a costly product.
    Top Answer:The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve… more »
    Ranking
    11th
    out of 94 in Log Management
    Views
    10,699
    Comparisons
    9,032
    Reviews
    6
    Average Words per Review
    802
    Rating
    7.3
    1st
    out of 94 in Log Management
    Views
    29,244
    Comparisons
    23,633
    Reviews
    64
    Average Words per Review
    947
    Rating
    8.4
    14th
    out of 94 in Log Management
    Views
    4,683
    Comparisons
    3,148
    Reviews
    10
    Average Words per Review
    551
    Rating
    7.7
    Comparisons
    Also Known As
    Graylog2
    AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
    Learn More
    Overview

    Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

    • Considerably faster analysis speeds.
    • More robust and easier-to-use analysis platform.
    • Simpler administration and infrastructure management.
    • Lower cost than alternatives.
    • Full-scale customer service.
    • No expensive training or tool experts required.

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

    Discover

    • Network asset discovery
    • Software & services discovery
    • AWS asset discovery
    • Azure asset discovery
    • Google Cloud Platform asset discovery

    Analyze

    • SIEM event correlation, auto-prioritized alarms
    • User activity monitoring
    • Up to 90-days of online, searchable events

    Detect

    • Cloud intrusion detection (AWS, Azure, GCP)
    • Network intrusion detection (NIDS)
    • Host intrusion detection (HIDS)
    • Endpoint Detection and Response (EDR)

    Respond

    • Forensics querying
    • Automate & orchestrate response
    • Notifications and ticketing

    Assess

    • Vulnerability scanning
    • Cloud infrastructure assessment
    • User & asset configuration
    • Dark web monitoring

    Report

    • Pre-built compliance reporting templates
    • Pre-built event reporting templates
    • Customizable views and dashboards
    • Log storage
    Sample Customers
    Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
    Top Industries
    VISITORS READING REVIEWS
    Computer Software Company16%
    Comms Service Provider11%
    Government8%
    Educational Organization8%
    REVIEWERS
    Computer Software Company18%
    Financial Services Firm15%
    Government10%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm20%
    Healthcare Company17%
    Computer Software Company9%
    Comms Service Provider7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Comms Service Provider8%
    Government8%
    Educational Organization7%
    Company Size
    REVIEWERS
    Small Business50%
    Midsize Enterprise7%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business32%
    Midsize Enterprise18%
    Large Enterprise50%
    REVIEWERS
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    REVIEWERS
    Small Business54%
    Midsize Enterprise25%
    Large Enterprise21%
    VISITORS READING REVIEWS
    Small Business35%
    Midsize Enterprise18%
    Large Enterprise47%
    Buyer's Guide
    Log Management
    March 2024
    Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: March 2024.
    765,234 professionals have used our research since 2012.