We performed a comparison between Graylog, NNT Log Tracker Enterprise, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"The product is scalable. The solution is stable."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"File integrity monitoring is a very important function."
"This is a very easy-to-use interface with a quick ramp-up time."
"The most valuable feature is the predefined reports for PCI compliance."
"The SIEM is the most valuable feature of the product."
"Its compatibility with other SIEMS is very useful."
"Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization."
"The completeness of the solution is what we like the most."
"You can check up on security from the dashboards."
"The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable."
"More customization is always useful."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Dashboards, stream alerts and parsing could be improved."
"I would like to see some kind of visualization included in Graylog."
"Graylog can improve the index rotation as it's quite a complex solution."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"The correlation suite needs to be improved."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"The configuration could be better."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"Features related to content management must be improved."
"If it could be made available as a service, this would be much better than as a product."
"We usually have to follow up with technical support on our open cases."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"The product must improve insider threat detection."