We performed a comparison between Graylog, Snare, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."I am very proud of how very stable the solution is."
"The product is scalable. The solution is stable."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The best thing about Snare is its format and consistency."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Snare has good agents, especially for Windows."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"Positive features include replication capabilities, software development kits, and the architecture."
"There are a lot of third-party applications that can be installed."
"It gives me notifications of notable events."
"We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"Lacks sufficient documentation."
"I would like to see some kind of visualization included in Graylog."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"Snare should modernize its GUI a little bit."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."
"Their technical support sucks."
"An improved user interface along with multi-tenancy support would be beneficial."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"I would like to see more SIEM functionality and a better ticket tool."
"Better directions on search head clusters."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"The analytics of Splunk could be improved."