We performed a comparison between ArcSight Logger, Splunk Enterprise Security, and Sumo Logic Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."It's an efficient solution."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"It is one of the best products available in the market."
"It's a robust, mature product and you can do some really complex operations and analytics."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"The data representation options in the dashboards are excellent."
"The solution has made us more secure."
"To get visibility from your network devices, servers, and security devices is a great feature."
"The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed."
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"The flexibility of the solution is quite good."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"The solution is quite stable."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"We find that the search and access functionality is quite slow."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."
"The solution must provide readymade connectors for different applications."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"The product's connectors should work better and the user manuals need an update."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"The integration with other systems could be improved."
"Splunk Enterprise Security has not helped reduce our alert volume."
"It could be more user friendly, in terms of the end-user experience."
"If you monitor too much, you can lose performance on your systems."
"Previously, they developed custom connectors or add-ons for a lot of applications. But that number can be upgraded still. There are a lot of applications in the world that are not supported."
"If it could be made available as a service, this would be much better than as a product."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
"Splunk needs local technical support."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"The solution should improve its UI."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
