We performed a comparison between Graylog, IBM SevOne Network Performance Management (NPM), and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The ability to write custom alerts is key to information security and compliance."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Open source and user friendly."
"One of the solution's biggest strengths is its capacity management performance, with out-of-the-box reports through NMS, as well as its ability to collect NetFlow-related data from devices. The collection of network performance and flow data is important because we have many critical business applications."
"SevOne’s data collection functionality is very good. From a collection point of view, we pull SNMP data, which is simple. It is easy to manipulate the pull in the estate. It is really simple compared to some of the other products that we have used. However, for deferred data, i.e., things that we import or don't pull directly, we tend to have a preplanned integration. So, its Universal Collector is really useful."
"The automation feature is good because if your CMDB is OK and it is already in sync, then the automation part is good to go."
"The feature that I have found most valuable is the scale-up and scale-down. The scale-up is an operation where the CPU boosts-up and then the memory will boost-up. That works awesomely."
"We find that the reporting is particularly valuable in terms of not only communicating with our peer teams but also with the executives."
"Another useful feature is that SevOne gives you real-time insights into your network performance. It polls every five minutes. That is important for our customers because there are some network teams that are always monitoring their networks."
"In 90% of the cases, new devices are plug-and-play, so when a new version comes out then SevOne has support for it out of the box."
"It's a great solution for highlighting and discovering useful information regarding our network's elements."
"It helps us uncover bottlenecks in the network."
"The solution is the market leader."
"It allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar."
"You can run reports against multiple devices at the same time. You are able to troubleshoot a single application on a thousand servers. You can do this with a single query, since it is very easy to do."
"The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk."
"The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me."
"The speed of the search engine"
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"There should be some user groups and an auto sign-in feature."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"I would like to see some kind of visualization included in Graylog."
"More customization is always useful."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"The reports are easy to configure but they are a bit outdated in terms of appearance and visualization."
"High-frequency polling is data-intensive because you're pulling more. If SevOne could figure out a way to manage the impact of high-frequency polling on the system, that would be very popular."
"There are a lot of pain points. My main problem is that we don't have a high availability system. There are 20 peers. We're going to lose the end-of-life appliances that are old. If we lose a peer and it doesn't come back, we lose all that data. The reason we don't have high availability is because it's double the charge."
"With the administrative management of the appliance, if some object appears from SevOne because something changed in the network or whatever, then as an administrator you will not be aware. If you are using this object in a report, this object will disappear from the report and you will not be aware of it. So, if you have 1,000 reports, you cannot always check these reports everyday to see if objects are missing or information has disappeared. We don't have any information on alerts, saying that something is happening there and maybe we need to take action. If an object was replaced by another one, or if a link was replaced by another one, then the graph needs to be changed because it doesn't exist in the graph anymore. However, we don't have this information."
"We need to be thinking about streaming telemetry protocols. They already have the port for enhanced visualization, which they already have through Data Insight."
"The user management features need to be improved. It would be nice if we had more granular control, or layers of control, out of the box."
"SevOne should work with the graphs legend functionality."
"NMS has several areas for improvement. It should be more user-friendly inside of NMS for some of the functionality in there. It's been getting better the last version or two, but the there have been bugs in there whenever I've gone to new versions."
"There is a definite learning curve to starting out."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"It does not give us permission to implement on-premise so we implement them on the cloud."
"Could be more user friendly."
"We'd like Splunk to reduce false positives."
"Free-floating panels in the dashboards are like a glass table."
More IBM SevOne Network Performance Management (NPM) Pricing and Cost Advice →