We performed a comparison between ArcSight Logger, Graylog, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."The solution provides information about the risk factors."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
"The machine learning is a good feature."
"It's a robust, mature product and you can do some really complex operations and analytics."
"The technical support team is good...It is a scalable solution."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Open source and user friendly."
"The product is scalable. The solution is stable."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort"
"I have found the installation can be of medium difficulty to very complex depending on the use case."
"I am satisfied with the support."
"Splunk has a wide range of features that customers use to find and analyze all kinds of logs."
"The indexing and data collection are valuable."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"It is really difficult to work in ArcSight Logger, as it is very slow."
"In the next release, I want to see more intelligence."
"The platform is quite expensive. They should reduce its cost."
"The product's connectors should work better and the user manuals need an update."
"I would like to see better scheduling in the next release of this solution."
"The console in older versions is not user-friendly."
"More customization is always useful."
"There should be some user groups and an auto sign-in feature."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"The presence of multiple layers creates a significant challenge for monitoring across cloud environments."
"Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it."
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"It's difficult to set up initially, and their billing model is also a bit complicated."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"It needs a better way to export dynamic views without requiring a ton of code and user/pw."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"Splunk needs to be able to hold more days of data. At the moment it only holds three months of data."