We performed a comparison between Elastic Security and Logz.io based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have no complaints about the features or functionality."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The initial setup is very simple and straightforward."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The most valuable feature is the ability to collect authentication information from service providers."
"The product has huge integration varieties available."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"It's open-source and free to use."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks."
"InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general."
"It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want."
"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues."
"We use the product for log collection and monitoring."
"We use the tool to track the dev and production environment."
"The query mechanism for response codes and application health is valuable."
"The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The product can be improved by reducing the cost to use AI machine learning."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The only thing is sometimes you can have a false positive."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The troubleshooting has room for improvement."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"Their visuals and graphs need to be better."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"We'd like better premium support."
"I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back."
"The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well."
"Capacity planning could be a little bit of a struggle."
"When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more."
"The solution needs to expand its access control and make it accessible through API."
"The product needs improvement from a filtering perspective."
"The price can be cheaper and they should have better monitoring."
"I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two."
Elastic Security is ranked 5th in Log Management with 59 reviews while Logz.io is ranked 24th in Log Management with 8 reviews. Elastic Security is rated 7.6, while Logz.io is rated 8.2. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Logz.io is most compared with Datadog, Wazuh, Coralogix, Splunk Enterprise Security and Grafana Loki. See our Elastic Security vs. Logz.io report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.