We compared Graylog and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Room for Improvement: Graylog could benefit from additional customization options and an improved rule-creation process. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"Open source and user friendly."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"The solution's most valuable feature is its new interface."
"Message forwarding through the in-built module."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"Splunk's visualizations make it easy for users to understand the data."
"Deployment server for deploying changes in one go."
"The Splunk user community and forum are most valuable."
"We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job."
"The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization."
"To get visibility from your network devices, servers, and security devices is a great feature."
"We can easily configure things as required in relation to our use cases."
"The solution is the market leader."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Lacks sufficient documentation."
"There should be some user groups and an auto sign-in feature."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"With technical support, you are on your own without an enterprise license."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
"It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"Splunk can be an expensive solution. Technical support could be improved as well."
"An improved user interface along with multi-tenancy support would be beneficial."
"While scheduled reports can be embedded, Splunk dashboard can not be embedded directly without enabling cross origin."
Graylog is ranked 11th in Log Management with 18 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews. Graylog is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Microsoft Sentinel and Sentinel. See our Graylog vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.