Compare ArcSight Logger vs. ELK Logstash

Cancel
You must select at least 2 products to compare!
Devo Logo
Devo
Read 5 Devo reviews.
6,393 views|3,198 comparisons
ArcSight Logger Logo
ArcSight Logger
Read 9 ArcSight Logger reviews.
2,613 views|1,998 comparisons
ELK Logstash Logo
ELK Logstash
Read 11 ELK Logstash reviews.
21,355 views|18,562 comparisons
Most Helpful Review
JerryH
Researched ELK Logstash but chose Devo: Enables us to bring all our data sources into a central hub for quick analysis, helping us focus on priorities in our threat landscape
We're very early in the process so it's hard to say what the improvements are. The main reason that we bought this tool is that we were a... Read more »
Use ArcSight Logger? Share your opinion.
AmirJalilzadeh
Researched ArcSight Logger but chose ELK Logstash: Helps us with application behavioral analysis and tuning
This solution assists in tuning our applications.
Free Report: ArcSight Logger vs. ELK Logstash
Find out what your peers are saying about ArcSight Logger vs. ELK Logstash and other solutions. Updated: January 2021.
Download now
454,950 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo.""Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of the user interface. The UI has a graphically interface with the raw data in a table. The table can be as big as you want it, depending on your use case. You can easily get a report combining your data, along with calculations and graphical dashboards. You don't need a lot of training, because the UI is relatively very intuitive.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events.""The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."

More Devo Pros »

"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution.""In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating.""The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console.""The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive.""We haven't had any crashes or bugs. It is stable.""It's an efficient solution.""In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer.""It's a robust, mature product and you can do some really complex operations and analytics."

More ArcSight Logger Pros »

"It is the best open-source product for people working in SO, managing and analyzing logs.""The visualization is very good.""The feature that helps us to create a report for the login testing of Logstash is the most valuable aspect of the solution.""The most valuable feature is the ability to collect authentication information from service providers.""ELK Logstash is easy and fast, at least for the initial setup with the out of box uses.""It's simple and easy to use.""I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash.""The most valuable feature for me is Discover."

More ELK Logstash Pros »

Cons
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented.""There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler.""There is room for improvement in the ability to parse different log types. The breadth of overall log parsers that exists right now is an area that they could improve. Natively, there's more that could be done by Devo then what it can and can't understand from a parsing perspective.""Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs.""The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."

More Devo Cons »

"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved.""I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this.""I would like to see better scheduling in the next release of this solution.""The solution should make it possible to integrate network analysis features.""In the next release, I want to see more intelligence.""The console in older versions is not user-friendly.""I would rate the technical support only 5 out of 10. The technical support is not satisfactory.""You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."

More ArcSight Logger Cons »

"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.""There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.""The machine learning is not included in the free version. It is only included in the Platinum or Gold versions. It would be helpful if the machine learning features were available even on the free version of the solution. RSA and IBM are other solutions that also offer machine learning, which is interesting for us, but they cost money.""Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution.""In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts.""This solution cannot do predictive maintenance, so we have to build our own modules for doing it.""One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty.""I would like the process of retrieving archived data and viewing it in Kibana to be simplified."

More ELK Logstash Cons »

Pricing and Cost Advice
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less.""We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom.""We have seen ROI. We have seen cost savings in maintenance, upkeep, and support.""I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."

More Devo Pricing and Cost Advice »

"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."

More ArcSight Logger Pricing and Cost Advice »

"We use the open-source version, so there is no charge for this solution.""We are using the free, open-source version of this solution.""Elastic Stack is an open-source tool. You don't have to pay anything for the components.""This is an open-source product, so there are no costs.""It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."

More ELK Logstash Pricing and Cost Advice »

report
See Which Vendors Are Best For You
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
See Recommendations
454,950 professionals have used our research since 2012.
Questions from the Community
What do you like most about Devo?
Top Answer: Even if it's a relatively technical tool or platform, it's very intuitive and graphical. It's very appealing in terms of… more »
Read all 3 answers
What is your experience regarding pricing and costs for Devo?
Top Answer: We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the… more »
Read all 3 answers
What needs improvement with Devo?
Top Answer: There's always room to reduce the learning curve over how to deal with events and machine data. They could make the… more »
Read all 3 answers
What do you like most about ArcSight Logger?
Top Answer: It's a robust, mature product and you can do some really complex operations and analytics.
Read all 9 answers
What is your experience regarding pricing and costs for ArcSight Logger?
Top Answer: We have an annual subscription license. I'd say the pricing is okay.
Read all 3 answers
What needs improvement with ArcSight Logger?
Top Answer: ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that… more »
Read all 9 answers
What do you like most about ELK Logstash?
Top Answer: I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using… more »
Read all 7 answers
What is your experience regarding pricing and costs for ELK Logstash?
Top Answer: Elastic Stack is an open-source tool. You don't have to pay anything for the components.
Read all 4 answers
What needs improvement with ELK Logstash?
Top Answer: Our system architect has noticed a slowdown of the solution, but I don't see a slowdown. One thing they could add is a… more »
Read all 7 answers
Popular Comparisons
Splunk vs. Devo
Compared 54% of the time.
LogRhythm NextGen SIEM vs. Devo
Compared 18% of the time.
IBM QRadar vs. Devo
Compared 5% of the time.
Sumo Logic vs. Devo
Compared 4% of the time.
Exabeam vs. Devo
Compared 3% of the time.
+ Add more products to compare
Splunk vs. ArcSight Logger
Compared 17% of the time.
Graylog vs. ArcSight Logger
Compared 5% of the time.
IBM QRadar vs. ArcSight Logger
Compared 5% of the time.
+ Add more products to compare
Graylog vs. ELK Logstash
Compared 14% of the time.
Splunk vs. ELK Logstash
Compared 11% of the time.
IBM QRadar vs. ELK Logstash
Compared 10% of the time.
vRealize Log Insight vs. ELK Logstash
Compared 10% of the time.
syslog-ng vs. ELK Logstash
Compared 2% of the time.
+ Add more products to compare
Also Known As
LogtrustMicro Focus Arcsight Logger, HPE Arcsight LoggerElastic Stack, ELK Stack
Learn
Devo
Micro Focus
Elastic
Overview

Devo, the cloud-native logging and security analytics company, empowers security and operations teams to maximize the value of all their data. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.”

Offer
See Devo in Action
Watch a Demo

See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

Learn more about ArcSight Logger
Learn More
Learn more about ELK Logstash
Learn More
Sample Customers
United States Air Force, Rubrik, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenTextChina Merchants Bank, Bank AlJazira, Banca IntesaSprint, Grab, Autopilot, Just Eat, Verizon Wireless, Green Man Gaming, Compare Group, Tango, Perceivant, Quizlet
Top Industries
VISITORS READING REVIEWS
Computer Software Company27%
Comms Service Provider24%
Financial Services Firm6%
Government5%
REVIEWERS
Financial Services Firm22%
Government22%
Comms Service Provider11%
Retailer11%
VISITORS READING REVIEWS
Computer Software Company27%
Comms Service Provider16%
Government13%
University11%
VISITORS READING REVIEWS
Computer Software Company32%
Comms Service Provider24%
Manufacturing Company6%
Media Company5%
Company Size
VISITORS READING REVIEWS
Small Business42%
Midsize Enterprise15%
Large Enterprise42%
REVIEWERS
Small Business21%
Midsize Enterprise37%
Large Enterprise42%
REVIEWERS
Small Business36%
Midsize Enterprise27%
Large Enterprise36%
Free Report: ArcSight Logger vs. ELK Logstash
Find out what your peers are saying about ArcSight Logger vs. ELK Logstash and other solutions. Updated: January 2021.
Download now
454,950 professionals have used our research since 2012.

ArcSight Logger is ranked 11th in Log Management with 9 reviews while ELK Logstash is ranked 4th in Log Management with 11 reviews. ArcSight Logger is rated 8.4, while ELK Logstash is rated 8.0. The top reviewer of ArcSight Logger writes "Passes compliance thresholds and standard requirements and has good performance ". On the other hand, the top reviewer of ELK Logstash writes "It is quite comprehensive and you're able to do a lot of tasks". ArcSight Logger is most compared with Splunk, LogRhythm NextGen SIEM, Graylog, IBM QRadar and vRealize Log Insight, whereas ELK Logstash is most compared with Graylog, Splunk, IBM QRadar, vRealize Log Insight and syslog-ng. See our ArcSight Logger vs. ELK Logstash report.

See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.