We performed a comparison between Graylog, IBM Security QRadar, and IBM SevOne Network Performance Management (NPM) based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."Real-time UDP/GELF logging and full text-based searching."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"I am very proud of how very stable the solution is."
"The solution's most valuable feature is its new interface."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"I like the correlation and the alerting."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The solution is relatively easy to use."
"IBM QRadar Advisor with Watson is a stable solution."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"It is very stable. We have not faced interruptions in the past four and a half years."
"The most valuable feature is user behavior analytics (UBA)."
"Search capabilities are sufficient for most tasks."
"Due to the skills shortage, we are able to use it from the standpoint of bringing in a lower level employee or a person who may not have security knowledge."
"What we like about QRadar and the models that IBM has, is it can go from a small-to-medium enterprise to a larger organization, and it gives you the same value."
"The out of the box reports and workflows are pretty good and they meet our requirements well."
"The feature that I have found most valuable is the scale-up and scale-down. The scale-up is an operation where the CPU boosts-up and then the memory will boost-up. That works awesomely."
"It also gives us the closest thing to real-time insight into network performance that we have, with just a 10-second delay. It's very important for us to know the health of the infrastructure very quickly."
"SevOne’s data collection functionality is very good. From a collection point of view, we pull SNMP data, which is simple. It is easy to manipulate the pull in the estate. It is really simple compared to some of the other products that we have used. However, for deferred data, i.e., things that we import or don't pull directly, we tend to have a preplanned integration. So, its Universal Collector is really useful."
"In 90% of the cases, new devices are plug-and-play, so when a new version comes out then SevOne has support for it out of the box."
"One of the solution's biggest strengths is its capacity management performance, with out-of-the-box reports through NMS, as well as its ability to collect NetFlow-related data from devices. The collection of network performance and flow data is important because we have many critical business applications."
"I like the tool’s scalability and real-time reports. Earlier, we struggled to give real-time reports to clients. I also like the tool’s deployment model where we can deploy it either on-premises or in-house. We don’t have to carry the data all over the globe. Also, I am impressed with the tool's flow reporting and Wi-Fi."
"It's a great solution for highlighting and discovering useful information regarding our network's elements."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I would like to see some kind of visualization included in Graylog."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"There should be some user groups and an auto sign-in feature."
"Graylog can improve the index rotation as it's quite a complex solution."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"The solution should enhance its capabilities of UEBA and AI/ML tech modeling."
"The solution is highly used here in Pakistan and in many sectors, they could improve it by having more SIEM connectors."
"The solution lacks some maturity."
"The IBM support can be better."
"AI is superb but need improvements."
"Ideally we would like a mobile version so that any alert that comes in will notify us in a mobile app, or by using SMS integration."
"While the interface is easy to use, it could be a little more responsive."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"The reporting of NMS is good, but it could be better."
"User-friendly, multi-tenancy."
"High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular."
"Would benefit with the addition of AI modules for proactive data insights."
"The tool needs improvement in non-Cisco SD-WAN."
"Telemetry is hot these days, and IBM can improve SevOne's support for telemetry correction. Reporting is another feature that could be better. It provides the bare minimum functionality, which is good enough for most engineers, but the management isn't advanced. The new portal provides a much lighter view and better visualization, but the management is not so good."
"We need to be thinking about streaming telemetry protocols. They already have the port for enhanced visualization, which they already have through Data Insight."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →
IBM Security QRadar is a security and analytics platform designed to defend against threats and scale security operations.