We performed a comparison between Graylog, IBM Security QRadar, and Stackify based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"I am very proud of how very stable the solution is."
"I like the correlation and the alerting."
"The ability to write custom alerts is key to information security and compliance."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"Message forwarding through the in-built module."
"We've found the solution to be scalable."
"The features that I have found most valuable are that it is very stable, easy to get going, and easy to manage. It is also easy to review all incidents."
"I really like the feature we have with the logs, that if there are any credit card numbers being used, like a PII, you can just use rejects and you can mask it. This is a really good feature in QRadar."
"One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like Scout, Carbon Black, and the rest."
"IBM has everything you need in a cybersecurity solution. If you want to build a cybersecurity operation center version then I think QRadar is a perfect solution."
"The correlation and the parsing are important features, since it is very important for a SIEM to have a good scalability and performance."
"There are other third-party plugins that we can use."
"The flexibility is good in terms of pulling log files."
"The solution is stable and reliable."
"The filter feature on Stackify is one of the features I found valuable. It's awesome. When I want to get the application logs, the solution gives me many filters. For example, if I want to get logs from my test environment, the option is there for me to select the environment from Stackify, and you can also select the particular application, and you'll see the information you need there. The filter feature alone and the fact that Stackify offers a lot of different filters is what I like the most about the solution because I've used other tools with the filter feature, but the filtering was very difficult, versus Stackify that has good filtering. On Stackify, you can filter the information by the last one hour, or the last four hours, and you can also select the date range and specify the timestamp, then the solution will give you the information based on the date range you specified. Another feature I found valuable on Stackify is its rating feature because it tells you how your application is faring. For example, a rating of A means excellent, while a rating of F means very bad, or that your application is not doing well at all. The ratings are from A to F. I also like that Stackify helps you in terms of load management because the solution gives you information on overutilized resources. These are the most valuable features of the solution."
"The performance dashboard and the accurate level of details are beneficial."
"The deployment is very fast."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"More customization is always useful."
"Graylog can improve the index rotation as it's quite a complex solution."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"Technical support really needs to be improved. Right now, they aren't where they need to be at all."
"Pricing model could be more cost-effective."
"The initial setup was complex, and it took six months."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"There are reports that I would like to generate that are either not included, or I cannot find."
"Some of the cloud apps need improvement."
"I'm not sure about the stability just yet. We've observed a few issues and we raised a supporting ticket for it."
"I would like to be able to see metrics about individual running containers on the host machines."
"I've not used Stackify for a while, and I'm currently using a solution now that's not as good as Stackify. Among the solutions I've been using so far, Stackify has been one of the best for me, but there's always room for improvement. For example, I don't know if it's just me, but when I try to get the log from Stackify, sometimes it doesn't appear in real-time. It takes a few minutes before the logs appear. When I redeploy my solution and the application starts, I don't see the logs immediately, and it would take two to three minutes before I see the logs. I don't know if other customers have a similar experience. It's the wait time for the logs to appear that's a concern for me, could be improved, and is what the Stackify team should be looking into. In terms of any additional feature that I'd like added to the solution, I'm not sure if Stackify has a way to export logs out. I've been trying to do it. On the solution, you can click on a spiral-like icon and it shows you the entire error, and I'd prefer an export button that would let me download the error and save that into a text file, for example, so it'll be available on my local machine for me to reference it, especially because the log keeps going and as you're using the solution, the system keeps pushing messages on to Stackify, so if I'm looking at a particular error at 12:05 PM, for example, by the time I go back to my system and would like to revisit the error at 12:25 PM, on Stackify, the logs would have gone past that level and I won't see it again which makes it difficult. When you now go back to that timestamp, you don't tend to see it immediately, but if the solution had an export feature for me to save that particular error information on my local machine for reference at a later time, I won't have to go back to Stackify. I just go to that log, specifically to that particular export that I've received on my local machine. I can get it and review it, and it would be easier that way versus me going back to Stackify to find that particular error and request that particular information."
"It should be easily scalable and configurable in different instances."
"The search feature could be improved."