Most Helpful Review
UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead.
Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default.
We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us.
Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature.
It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events.
The build is stable and requires little maintenance, even compared to some extremely expensive products.
The daily alerts allow me to quickly find security and operations issues which need to be addressed.
LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts.
The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources.
It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast.
Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable.
We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient.
Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-
Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt.
More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced.
I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason.
I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm.
I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph.
I would probably look for more things to go into the web console that is currently on the fat client.
It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources.
Pricing and Cost Advice
I would recommend talking to the rep. That's the biggest thing because they will know what questions to ask.
If you don't have your staff, absolutely look into the co-pilot and factor that into your cost evaluation.
I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway.
Compared 53% of the time.
Compared 23% of the time.
See more Graylog competitors »
Compared 7% of the time.
Compared 49% of the time.
Compared 14% of the time.
See more LogRhythm competitors »
Compared 12% of the time.
Also Known As
|Also Known As||Graylog2|
LogRhythm, a leader in security intelligence and analytics, empowers organizations with it's Threat Lifecycle Management Platform, which provides a complete, end-to-end workflow for detecting, investigating and responding to cyber threats. The company’s award-winning platform unifies next-generation SIEM, log management, network/endpoint forensics, and advanced security analytics.
In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.
Learn more about Graylog
Learn more about LogRhythm
|Sample Customers||Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur||Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill|
No Data Available
VISITORS READING REVIEWS
No Data Available
VISITORS READING REVIEWS