ELK Logstash Alternatives and Competitors
Read reviews of ELK Logstash alternatives and competitors
Director at a computer software company with 1,001-5,000 employees
Real UserTop 5
Nov 10, 2020
Enables us to bring all our data sources into a central hub for quick analysis, helping us focus on priorities in our threat landscape
What is our primary use case?Our initial use case is to use Devo as a SIEM. We're using it for security and event logging, aggregation and correlation for security incidents, triage and response. That's our goal out of the gate. Their solution is cloud-based and we're deploying some relays on-premise to handle anything that can't send it up there directly. But it's pretty straightforward. We're in a hybrid ecosystem, meaning we're running in both public and private cloud.
Pros and Cons
- "The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events."
- "Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs."
What other advice do I have?Take a look at it. They're really going after Splunk hard. Splunk has a very diverse deployment base, but Splunk really missed the mark with its licensing model, especially when it relates to the cloud. There are options out there, effective alternatives to Splunk and some of the other big tools. But from a SaaS standpoint, if not best-in-breed, Devo is certainly in the top-two or top-three. It's definitely a strong up-and-comer. Devo is already taking market share away from Splunk and I think that's going to continue over the next 24 to 36 months. Devo's speed when querying across our data is…
President and Founder at STILLWATER SUPERCOMPUTING INC
Real UserTop 5
Sep 19, 2020
It consolidates all logs into one place and provides required features and functionalities
What is our primary use case?It is our sole cross-correlation logging backend for some IBM services. We have a combination of LogDNA and Sysdig for root cause analysis and customer events. LogDNA is related to the operations of the service. Sysdig is somewhat nice in the sense that it also gives us some backdrop when there are any issues with respect to resources and other types of metrics-based constraints.
Pros and Cons
- "LogDNA consolidates all logs into one place, which is super valuable."
- "Every once in a while, our IBM cloud operational implementation gets behind. Sometimes, when we have a customer event, we do not get access to the latest logs for about 30 minutes, particularly for the sites that are heavily utilized. This is clearly not good. It is impossible to RCA when you can't look at the logs that pertain to the time period in which the event occurred. It could be more of an operational problem than a feature problem. I don't have visibility about whether it is a LogDNA issue or just an operational issue."
What other advice do I have?We haven't had anything yet that we couldn't do through LogDNA. Feature-wise, it is solid for us. From a functionality point of view, that is, finding stuff and doing RCA and other things, we're able to find what we're looking for. We don't have any constraints at this point. I would rate LogDNA an eight out of ten.
Infrastructure Engineer at a tech vendor with 201-500 employees
Sep 10, 2019
A scalable solution that works well with VM products, but has limitations in terms of usability
What is our primary use case?Our primary use case for the solution is for log management.
Pros and Cons
- "We are using it because we have a VMware product. It has its own built in dashboards for VMware products, and that's a good thing."
- "The solution is a very good tool, but it has a lot of limitations. One of the main issues is around how you define your retention policy, for instance, in Log Insight. It doesn't have it. You can't define a log retention policy. You also can't define the destination or location for your logs. All of the logs are in one index or one bucket."
What other advice do I have?I would rate the solution six or seven out of ten. It's very easy to use, but at the same time it has some limitations. You have to consider that if you decide to try out the solution.
Practice Head at a tech services company with 51-200 employees
Jul 18, 2021
Flexible correlation, easy to use, and stable
What is our primary use case?We have a POC environment but have not onboard it to any of our clients.
Pros and Cons
- "It is a bit easier to use than other products, such as Splunk or ELK Elasticsearch."
- "The technical support can be improved a little bit, and the price could be cheaper."
What other advice do I have?I would recommend this solution to others who are looking for an on-premises solution. For a SIEM solution, it is the best one to go with. If they are interested in using the cloud, I would not recommend it. The cloud version of QRadar is QRoC and it is a bit complicated. I would rate this solution an eight out of ten.
Director of DevOps at Digital Media Solutions Group
Real UserTop 20
Jan 5, 2021
Provides good visibility across applications, good integration, and helpful support