We performed a comparison between Elastic Security and Graylog based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Graylog could benefit from additional customization options and an improved rule-creation process.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case.
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The solution is quite stable. The performance has been good."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Real-time UDP/GELF logging and full text-based searching."
"The solution's most valuable feature is its new interface."
"The product is scalable. The solution is stable."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"This solution is very hard to implement."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"Sometimes, the solution isn't the easiest to use."
"Their visuals and graphs need to be better."
"It could use maybe a little more on the Linux side."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"Lacks sufficient documentation."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Dashboards, stream alerts and parsing could be improved."
Elastic Security is ranked 5th in Log Management with 58 reviews while Graylog is ranked 11th in Log Management with 18 reviews. Elastic Security is rated 7.6, while Graylog is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and VMware Aria Operations for Logs, whereas Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and LogRhythm SIEM. See our Elastic Security vs. Graylog report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.