We performed a comparison between Elastic Security and Graylog based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Graylog could benefit from additional customization options and an improved rule-creation process.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case.
"The feature that we have found the most valuable is scalability."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"We've found the initial setup to be quite straightforward."
"The cost is reasonable. It's not overly pricey."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"I like the indexing of the logs."
"It is scalable."
"The ability to write custom alerts is key to information security and compliance."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The product is scalable. The solution is stable."
"We're using the Community edition, but I know that it has really good dashboarding and alerts."
"I am very proud of how very stable the solution is."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The solution's most valuable feature is its new interface."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The interface could be more user friendly because it is sometimes hard to deal with."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"The biggest challenge has been related to the implementation."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"I would like to see some kind of visualization included in Graylog."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Graylog can improve the index rotation as it's quite a complex solution."
Elastic Security is ranked 5th in Log Management with 59 reviews while Graylog is ranked 11th in Log Management with 18 reviews. Elastic Security is rated 7.6, while Graylog is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and VMware Aria Operations for Logs, whereas Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and LogRhythm SIEM. See our Elastic Security vs. Graylog report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.