CrowdStrike is ahead of the game. If I may say anything about Falcon LogScale to improve the services, I would talk about the way you develop parsers. The documentation should be more straightforward. It is not easy to quickly find the documentation, especially if you are using CrowdStrike. Most customers use Falcon LogScale because of CrowdStrike. The documentation of Falcon LogScale is not on the CrowdStrike portal just like the rest of Falcon documentation. I usually find that the main Falcon LogScale documentation is found on the Falcon LogScale website itself. I think there should be a link or direct documentation within the CrowdStrike pages. It is not necessarily a fault. If you find where the documentation resides, you can trace it to what they are doing. However, for the ease of use for Falcon administrators, the same documentation on the Falcon LogScale portal should be on the CrowdStrike dashboard.
Security Consultant at a tech vendor with 10,001+ employees
MSP
Top 5
Mar 4, 2026
I have not worked on that particular part, but regarding improvement, KQL seems to be quite complicated and we have to brush up on that if we want to become an expert on it. KQL is a bit challenging for us. When we talk about Microsoft, KQL is simpler when compared to SQL. However, SQL is faster and quite efficient, but the language is a bit tough, maybe because it is new. I have just been working with it for the past two years. If I have more exposure in the coming years, it will become an easier option for me. KQL should be simplified, which would be a better thing. The documentation should not only be private but should be made public. Though we are partners and have access to those documents, sometimes I conduct testing on my own and have to log into a partner account or customer account to access those documents. That has to be improved. SQL has to be improved as well. When it comes to the overall Falcon LogScale console, it could be easier if it were made more attractive. For example, if something is shown on the dashboard with simplified icons and text, it would be a great option if there were some colors or larger icons. One drawback I have seen with Falcon LogScale is that there is something that cannot be customized. There is an account detection that seems to be a systematic account, and if we want to change it from a systematic account to a user account when it is detecting a system account, that seems to be a problem for us.
Lead Engg. Information Assurance at ACPL Systems Pvt Ltd
Real User
Top 5
Oct 16, 2024
The integration could improve. Easy parser writing should be an option to ingest log in a human-readable format for unsupported devices. For visibility perspective, the dashboard should be more user-friendly. It should visualize what is happening in the complete ingestion, showing how many log sources there are, data volumes, and use cases or correlation rules triggered based on AI and ML analytics.
Falcon LogScale is a modern log management tool that offers robust features for organizations seeking efficient log analysis. It provides high-speed log ingestion and query capabilities, enabling detailed insights into system performance and security events.
Falcon LogScale provides an efficient way for IT teams to handle massive volumes of log data. Its architecture supports rapid ingestion and real-time querying, making it ideal for security and operational analytics. With customizable...
CrowdStrike is ahead of the game. If I may say anything about Falcon LogScale to improve the services, I would talk about the way you develop parsers. The documentation should be more straightforward. It is not easy to quickly find the documentation, especially if you are using CrowdStrike. Most customers use Falcon LogScale because of CrowdStrike. The documentation of Falcon LogScale is not on the CrowdStrike portal just like the rest of Falcon documentation. I usually find that the main Falcon LogScale documentation is found on the Falcon LogScale website itself. I think there should be a link or direct documentation within the CrowdStrike pages. It is not necessarily a fault. If you find where the documentation resides, you can trace it to what they are doing. However, for the ease of use for Falcon administrators, the same documentation on the Falcon LogScale portal should be on the CrowdStrike dashboard.
I have not worked on that particular part, but regarding improvement, KQL seems to be quite complicated and we have to brush up on that if we want to become an expert on it. KQL is a bit challenging for us. When we talk about Microsoft, KQL is simpler when compared to SQL. However, SQL is faster and quite efficient, but the language is a bit tough, maybe because it is new. I have just been working with it for the past two years. If I have more exposure in the coming years, it will become an easier option for me. KQL should be simplified, which would be a better thing. The documentation should not only be private but should be made public. Though we are partners and have access to those documents, sometimes I conduct testing on my own and have to log into a partner account or customer account to access those documents. That has to be improved. SQL has to be improved as well. When it comes to the overall Falcon LogScale console, it could be easier if it were made more attractive. For example, if something is shown on the dashboard with simplified icons and text, it would be a great option if there were some colors or larger icons. One drawback I have seen with Falcon LogScale is that there is something that cannot be customized. There is an account detection that seems to be a systematic account, and if we want to change it from a systematic account to a user account when it is detecting a system account, that seems to be a problem for us.
I do not see any improvements needed for Falcon LogScale at this time.
The integration could improve. Easy parser writing should be an option to ingest log in a human-readable format for unsupported devices. For visibility perspective, the dashboard should be more user-friendly. It should visualize what is happening in the complete ingestion, showing how many log sources there are, data volumes, and use cases or correlation rules triggered based on AI and ML analytics.
So far, there are no features in need of improvement. The price could be lower.
There are some overlapping features found in multiple tools.