Log management software helps IT managers understand and act on the flood of log data spewing from IT systems \u2014 to investigate security problems, prevent outages and improve the online customer experience. In essence, logs are a specialized source of business intelligence, while also providing an audit trail for regulatory compliance.Five of the top log management software products are Splunk, LogRhythm, AlienVault, HPE ArcSight Logger and SevOne, according to online reviews by enterprise users in the IT Central Station community. Those users say that the most important criteria to consider when choosing log management software are speed, stability, ease of use, and robust search capabilities.Here, users give a shout-out for some of their favorite features, but also give the vendors a little tough love.Editor\u2019s note: These reviews of select log management software vendors come from the IT Central Station community. They are the opinions of the users and are based on their own experiences.SplunkValuable Features\u201cGreat log management capabilities with flexible and comprehensive search capabilities. It\u2019s scalable and easy to use.\u201d\u2014 Vinod S., Manager, Enterprise Risk Consulting at a consultancy\u201cFast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.\u201d\u2014 Enrico M., Integration Architect at a manufacturing company\u201cIts performance, scalability and most importantly the innovative way of collecting and presenting data.\u201d\u2014 Hristo D., Systems\/Applications Specialist at an energy\/utilities companyRoom for Improvement\u201cOperational workflow, use case framework, and ticketing systems to make it suitable for security operations center (SOC) environments.\u201d\u2014 Vinod S., Manager, Enterprise Risk Consulting at a consultancy\u201cIt could be easier to set up and add new sources \u2013 [operations that] Splunk is improving with every new version.\u201d\u2014 Hristo D,Systems\/Applications Specialist at a energy\/utilities company\u201cNo aggregation: The logs being sent to Splunk are received as-is and sent to the data store. It is not aggregated. This is a good thing for log collection and search performance, but it is not good for underlying storage sizing.\u201d\u2014 Vinod S., Manager, Enterprise Risk Consulting at a consultancyYou can read more Splunk reviews on IT Central Station.LogRhythmValuable Features\u201cThe speed at which I can get into forensic data is the most useful thing.\u201d\u2014 Matthew M., Lead Specialist for Information Security at a hospitality company\u201cThe product was easy to deploy and easy to learn how to use. The web console is the best I\u2019ve seen, when compared to other SIEMs.\u201d\u2014 SrInfoSysSpec477., Senior Information Systems Specialist at a manufacturing company\u201cThe advanced intelligence engine -- in fact, the whole suite -- is very powerful. It depends on how you use it. Security management is what it's best at.\u201d\u2014 Ghias M., IT Security Specialist at a manufacturing companyRoom for Improvement\u201cI'd like to see a real-time dashboard of events. I know it's available, but it needs work. I haven't been able to put in the 20 or 30 hours that it would take to really become an expert with it.\u201d\u2014 ITDirector685., Director of Information Technology at a university\u201cThe reporting aspect is difficult to use. We had a recent update which fixed a lot of bugs and added a lot of great features. But the reporting is lackluster.\u201d\u2014 Ryan C., Information Security Analyst at a financial services firm\u201cAdding an entity (you should be able to create a template and\/or eliminate locations) could be much faster, streamlined.\u201d\u2014 VPInfoSec751., VP, Information Security Officer, at a financial services firmYou can read more LogRhythm reviews on IT Central Station.AlienVaultValuable Features\u201cAlienVault provides excellent visibility into your network by combining centralized logging, host-based intrusion detection (IDS) and network IDS.\u201d\u2014 Jan W., Security Consultant at a tech consulting company\u201cFlexibility. It is possible to implement fully customized plug-ins, scripts, etc. We haven't yet found any limitations.\u201d\u2014 David R., Chief Information Security Officer at a tech services company\u201cI work across many diverse networks, AlienVault offers by far the most critical information when analyzing a client\u2019s environment for issues that need to be addressed.\u201d\u2014 Jacques T., Security Consultant at a tech consulting companyRoom for Improvement\u201cThe reporting could do with some improvements; for example, the vulnerability report only tells you what vulnerabilities are open and lists them, but there is no indication of how old they are at a glance, and what vulnerabilities have been closed since the previous scans.\u201d\u2014 InfoSecOfficer506., Group Information Security Officer at a consumer goods company\u201cThe alarms section is very robust, yet I still find myself having to look back through the events to find more details. It would be nice if I could navigate straight to the event from the alarm.\u201d\u2014 Trevor S., Information Systems Network Technician at a local government\u201cThe configuration is somewhat complex and the interface a bit non-intuitive. Interpretation of the results can be difficult.\u201d\u2014 Alan O., Senior Infrastructure Analyst at a pharma\/biotech companyYou can read more AlienVault reviews on IT Central Station.HPE ArcSight LoggerValuable Features\u201cIt has excellent query syntax and response. Complex queries of large volumes of data generally take [only] seconds [or] minutes.\u201d\u2014 Lance A.,Senior Security and Compliance Engineer at a retailer.\u201cThe server has the ability to provide in-depth, real-time awareness of all activities on the network.\u201d\u2014 NwkSpecialist534.,Network Specialist at a government agency\u201cThe most valuable features for us are the out-of-the-box device support and multi-tenancy maturity, compared to other SIEMs.\u201d\u2014 Mayur M., SIEM Administrator at a tech services companyRoom for Improvement\u201cWith the connectors, there were some legacy devices that had some problems since support was dropped for those.\u201d\u2014 QAConsultant390.,QA Consultant \/ Security Testing Professional at a tech company\u201cI wouldn\u2019t mind adding a few features such as grouping of events (based on the name, source address, etc.) in real-time rather than requiring the running of reports every time.\u201d\u2014 Zulfikhar N., Security Solutions Delivery Engineer at a tech services companyYou can read more HPE ArcSight Logger reviews on IT Central Station.SevOneValuable Features\u201cThe most valuable feature for us is its flexibility to handle different systems and different functions. We use it for networking, service systems, power distribution units\u2026.\u201d\u2014 Tools&AutomationMngr916., Manager of Tools and Automation at a tech company\u201cThe features we are seeing the greatest benefit from are the enhanced reporting, net-flow data collection, and the data retention.\u201d\u2014 Jonas S.,SaaS Engineer at a tech vendor\u201cThe most valuable features for us are the huge number of network devices it can monitor. It has a lot of useful features; not only the basic things like measurements of CPU, disk, and memory, but it also has the ability to measure net flow.\u201d\u2014 InfoMngmtSrEng609., Information Management Senior Engineer at a tech services companyRoom for Improvement\u201cI think that the downstream suppression could be improved. Suppression [now] must all be done manually, but improvement is on SevOne's roadmap, I believe.\u201d\u2014 Eric S., Chief Technology Officer at an aerospace\/defense firm\u201cIt needs a platform to add portals. Some of the low-level features and how they work could use some improvements.\u201d\u2014 Abdul-Bari K., Senior Software Engineer at a communications service provider\u201cThe initial setup must be planned well to fit your environment. The product is perpetually evolving with a number of complementary products in the pipeline.\u201d\u2014 Ken O., Network Management Development and Support at a tech services companyYou can read more SevOne reviews on IT Central Station.