We compared Graylog and Splunk Enterprise Security across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Room for Improvement: Graylog could benefit from additional customization options and an improved rule-creation process. Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations.
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The ability to write custom alerts is key to information security and compliance."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."
"The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization."
"It helps us uncover bottlenecks in the network."
"Splunk gives my clients the ability to bring multiple, disparate types of data together, then correlate and report on them."
"The solution allows easy gathering and ingestion of the data."
"It has a rapid response search environment in the event of an incident."
"The initial setup is pretty straightforward."
"Splunk has helped improve our company's resilience level."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"There should be some user groups and an auto sign-in feature."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"With technical support, you are on your own without an enterprise license."
"I would like to see some kind of visualization included in Graylog."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"Sometimes, there is latency in the logs."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"The initial setup is complex, but this is necessary. We needed to take into consideration how to direct log files from thousands of machines to Splunk, and how to ingest those files."
". Having a trial version or more training on Splunk would be helpful."
"I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier."
"Deployment is not difficult but the lock sources and configurations can take time."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
Graylog is ranked 11th in Log Management with 18 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. Graylog is rated 8.0, while Splunk Enterprise Security is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Elastic Security, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Graylog vs. Splunk Enterprise Security report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.