Sold by: CrowdStrike
Deployed on AWS
Vendor Insights
Falcon LogScale is a modern, purpose-built log management platform that offers low TCO, industry-leading unlimited plans, and minimal maintenance and training costs to enable customers to log everything and answer anything in real time - at scale.
4
Overview
Falcon LogScale changes the way enterprises relate and interact with their data by making it fast, easy, and cost-effective to log anything and answer anything at scale, in real-time. LogScale enables DevOps, ITOps, and SecOps to understand the IT environment, prepare for the unknown, proactively prevent issues, recover quickly from incidents, and understand the root cause.
LogScale's flexible, modern architecture improves/enhances the log management experience for organizations by enabling complete observability to answer any question, explore threats and vulnerabilities, and gain valuable insights from all logs in real time. LogScale offers low total cost of ownership and unlimited plans (via private offer), with easy deployment at any scale
With industry-leading unlimited plans, minimal maintenance and training costs, and remarkably low compute and storage requirements, LogScale delivers the lowest total cost of ownership with a savings of up to 80% over other solutions.
For unlimited plans please reach out to: cloudmarketplaceoffers@crowdstrike.com
Highlights
- Ingest, aggregate, and analyze massive volumes of streaming log data, from a wide array of sources, at scale. The platform also provides configurable, shared dashboards to visualize data, carry out investigations, and collaborate.
- Improve the quality and reliability of systems in real time and proactively prepare for the unknown to prevent issues, recover quickly from incidents, and understand the root cause. Drive enhanced performance, and encourages alignment across teams.
- Remove the limitations present in traditional logging solutions with unlimited ingest, reduced infrastructure costs and lower costs with a savings of up to 80% over other solutions. For unlimited plans: cloudmarketplaceoffers@crowdstrike.com
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. Request a private offer to receive a custom quote. Sign in to view any offers that have been extended to you.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
You can log a support ticket for any issues directly from the Falcon Portal or by emailing the support team at cloudmarketplaceoffers@crowdstrike.com support@crowdstrike.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By CrowdStrike
By Trellix
By Sophos
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Log Data Ingestion and Aggregation
Ingest, aggregate, and analyze massive volumes of streaming log data from multiple sources at scale with configurable shared dashboards for visualization and investigation.
Real-time Data Analysis and Querying
Enable real-time exploration and analysis of all logs to answer queries, explore threats and vulnerabilities, and gain insights without traditional logging solution limitations.
Incident Response and Root Cause Analysis
Support proactive issue prevention, rapid incident recovery, and root cause identification through complete observability across IT environments.
Flexible Modern Architecture
Provide flexible, modern architecture designed for complete observability with easy deployment capabilities at any scale and minimal infrastructure requirements.
Reduced Infrastructure Requirements
Deliver remarkably low compute and storage requirements compared to traditional logging solutions, enabling cost-effective operations.
Multi-layered Threat Protection
Provides multi-layered prevention, detection, and remediation across ransomware, fileless attacks, and zero-day threats with support for on-premises, cloud, and disconnected environments through a single agent
AI and Machine Learning Analytics
Utilizes artificial intelligence and machine learning-powered analytics to reduce alert noise and analyst workload through intelligent threat correlation and automated response
Endpoint Detection and Response with Forensics
Delivers real-time EDR capabilities combined with forensic investigation, automated correlation, and MITRE ATT&CK framework mapping for threat analysis and containment
Generative AI-Powered Investigation
Incorporates generative AI capabilities for multi-lingual threat hunting, interactive investigation modes, and threat knowledge graph functionality to enhance SOC analyst operational efficiency
Centralized Policy Management and Automation
Enables centralized policy management and automation across large, distributed endpoint fleets spanning cloud, hybrid, and on-premises environments through unified management console
Endpoint Detection and Response
Sophisticated EDR capabilities enabling detection, investigation, and response to multi-stage threats across all key attack vectors
Extended Detection and Response
Unified XDR platform detecting and responding to multi-stage threats across network, cloud, endpoint, identity, and email data sources
Managed Detection and Response
24/7 ransomware and breach prevention services delivered as a managed service with breach warranty and integration capabilities
Threat Prevention Technology
Prevention-first approach using sophisticated technologies to block a broad range of attacks across multiple vectors
Security Posture Management
Deployment capabilities with default-enabled strong protection and drift identification for security posture assessment
Standard contract
No
No
No
Customer reviews
Sydney D'Souza
Improved threat investigations and simplified log management have supported long‑term compliance
Reviewed on Mar 04, 2026
Review provided by PeerSpot
What is our primary use case?
I work as a security consultant for customers. I am currently working on multiple solutions including Trend Micro, CrowdStrike, and Microsoft. I have over 14 years of overall experience, but I would reduce around four years from that period since I was working in a BPO. After those four years, I have been working with a different company as a consultant, so I would say I have 10 plus years of experience in this field.
What is most valuable?
From Falcon LogScale , NG SIM is very useful. Apart from that, exposure management is very useful. I have been working a lot with identity protection, which is also very useful. SQL is also very efficient and fast as a query language. The dashboard is customizable, which is a very good feature they have provided, and we have a single portal that gives all the features together.
What needs improvement?
I have not worked on that particular part, but regarding improvement, KQL seems to be quite complicated and we have to brush up on that if we want to become an expert on it. KQL is a bit challenging for us. When we talk about Microsoft, KQL is simpler when compared to SQL. However, SQL is faster and quite efficient, but the language is a bit tough, maybe because it is new. I have just been working with it for the past two years. If I have more exposure in the coming years, it will become an easier option for me.
KQL should be simplified, which would be a better thing. The documentation should not only be private but should be made public. Though we are partners and have access to those documents, sometimes I conduct testing on my own and have to log into a partner account or customer account to access those documents. That has to be improved. SQL has to be improved as well. When it comes to the overall Falcon LogScale console, it could be easier if it were made more attractive. For example, if something is shown on the dashboard with simplified icons and text, it would be a great option if there were some colors or larger icons. One drawback I have seen with Falcon LogScale is that there is something that cannot be customized. There is an account detection that seems to be a systematic account, and if we want to change it from a systematic account to a user account when it is detecting a system account, that seems to be a problem for us.
For how long have I used the solution?
I have been using this solution for two years.
What do I think about the scalability of the solution?
Falcon LogScale gives a clear view of what exactly has happened from the beginning. When we compare those with different log sources, we conclude that we know exactly what has to be done and what has happened. That is a bright option that Falcon LogScale has granted us.
The plus point with Falcon LogScale is that we do not have to decide what exactly we need since all has been decided and defined in Falcon LogScale. It picks up everything and all the aggregates from different sources. If there is a critical incident with an associated IP, associated user, endpoints, or whatever factor it is supposed to associate, it associates it by default and makes our life easier, making the SOC life easier.
How are customer service and support?
We have an email system and a support link in Falcon LogScale console itself. This is the same as it goes with other solutions like Microsoft, Trend Micro, and Splunk. It is easier and the same for all the services. I have raised multiple queries, and we have been using Falcon Complete and Falcon Admin as well. In both cases, I have not seen any delay or any issues when it comes to supporting us. Recently I came across a particular log source that was not getting ingested using the event hub for Microsoft. We had three to four calls, and finally we got it sorted. We have been getting updates on a regular basis. There was no such day that we have not seen an update. We got into two or three sessions and we were able to fix it. I would rate customer service as 8.5 out of 10.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is quite good. I have compared multiple solutions like Microsoft and Trend Micro. Falcon LogScale seems to be a better option with better visibility when it comes to the dashboard and the kill chain process, including the attack surface. I would not say it is quite easier, but we have complete documentation available. If we follow that documentation quite carefully, it is very straightforward. They have clearly explained how to proceed and deploy it, so I would not say it is easier, but it is very well-defined.
What's my experience with pricing, setup cost, and licensing?
Pricing is good because we have everything. When we talk about the logs that we are ingesting in Falcon LogScale, it is ingesting only the logs that are required, not the unnecessary logs. The index feature is inbuilt, the parser is inbuilt, and everything is inbuilt. I believe when it comes to log ingestion, it is comparatively low compared to any other services like Microsoft, Trend Micro, or Splunk.
Which other solutions did I evaluate?
As far as I know, I have been working only with Falcon LogScale and I have not had the opportunity to explore some other log scales. But currently, in the market and in the business, Falcon LogScale seems to be a better option than any other workspace or any other log source for log management.
What other advice do I have?
When it comes to Falcon LogScale, it is better compared to Microsoft. When we talk about scaling it from one to ten, I would give it somewhere around nine, especially in terms of retention. It is completely aligned with compliance and audit, so I do not see any trouble there. I would note that not only Falcon LogScale but also Microsoft and Trend Micro are okay with compliance and audit. I would rate everyone on the same scale for compliance. Overall, I would rate this solution an 8 out of 10.
reviewer2783883
Improved log visibility has simplified troubleshooting across firewall and directory events
Reviewed on Dec 02, 2025
Review from a verified AWS customer
What is our primary use case?
My main use case for Falcon LogScale is using it as a SIEM to collect logs. I collect all firewall logs and Active Directory logs through Falcon LogScale as a SIEM for collecting logs.
What is most valuable?
Falcon LogScale offers excellent features, with scalability being the most notable. The search speed stands out to me as particularly good. Falcon LogScale has positively impacted my organization by providing visibility of the logs, making it easier for us to troubleshoot any issues. The visibility makes troubleshooting easier overall because you can see the logs.
What needs improvement?
I do not see any improvements needed for Falcon LogScale at this time.
For how long have I used the solution?
I have been using Falcon LogScale for one year.
What do I think about the stability of the solution?
Falcon LogScale is stable.
What do I think about the scalability of the solution?
Falcon LogScale's scalability is straightforward; you simply connect it to different log resources and that is all that is required.
How are customer service and support?
Falcon LogScale's customer support is great. I would describe my experience with their customer support as responsive and helpful. I would rate the customer support a 10 on a scale of one to 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution before Falcon LogScale.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is straightforward, and the cost is quite low.
Which other solutions did I evaluate?
Before choosing Falcon LogScale, I did not evaluate other options.
What other advice do I have?
My advice to others looking into using Falcon LogScale is that it is easy to use and very efficient. I would rate this review a 9 out of 10.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Anil Kishore
AI-powered fast search and data retention boosts efficiency and reduces storage costs
Reviewed on Oct 16, 2024
Review provided by PeerSpot
What is our primary use case?
Initially, the log was for log management. We store our logs for achieving compliance and log retention for longer periods. This function, LogScale, is now a platform where we can do correlation as well. It has become a next-generation SIM.
How has it helped my organization?
The solution definitely saves us time because it has a Google-like search. We can pull out log information in seconds, whereas traditional solutions would take hours or days. Additionally, the compression ratio is very high, which means our storage costs are minimal.
What is most valuable?
The fast search and index-free data retention are very valuable. The platform now works on an AI and ML-based engine, and we can analyze anything that is stored.
What needs improvement?
The integration could improve. Easy parser writing should be an option to ingest log in a human-readable format for unsupported devices. For visibility perspective, the dashboard should be more user-friendly. It should visualize what is happening in the complete ingestion, showing how many log sources there are, data volumes, and use cases or correlation rules triggered based on AI and ML analytics.
For how long have I used the solution?
We have used LogScale for approximately one and a half years.
What do I think about the stability of the solution?
Stability is good. I would rate it nine out of ten.
What do I think about the scalability of the solution?
Currently, scalability needs improvement in the visualization and representation of LogScale. The integration needs to be dimensioned.
How are customer service and support?
CrowdStrike support is good, but in some cases, it takes time to resolve on-premises solutions. I would rate the support seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
There are no previous solutions mentioned.
How was the initial setup?
If the user wants to install it in their infrastructure on-premises, it's complex. If they are using a cloud as a SaaS service, it is easy.
What's my experience with pricing, setup cost, and licensing?
The pricing is average. I would rate it six or seven out of ten.
Which other solutions did I evaluate?
What other advice do I have?
LogScale can be used across all company segments.
I'd rate the solution eight out of ten.
reviewer2343936
Fast search results, transformative data analysis, and easy to set up
Reviewed on Sep 25, 2024
Review provided by PeerSpot
What is our primary use case?
How has it helped my organization?
The traditional SIEM could not cope with the indexing algorithm, but with Falcon LogScale , we can get the result within a few seconds when we search for a keyword.
What is most valuable?
One of the key features is the fast search functionality, enabling us to get results within a few seconds.
What needs improvement?
So far, there are no features in need of improvement. The price could be lower.
For how long have I used the solution?
I've been working with LogScale for about half a year.
What do I think about the stability of the solution?
There don't appear to be any complexities with stability. The rating for stability is nine out of ten.
What do I think about the scalability of the solution?
I rated scalability as eight. It has the ability to scale well.
How are customer service and support?
Customer service is rated nine out of ten. So far, so good.
How would you rate customer service and support?
Positive
How was the initial setup?
The setup process was simple. We managed to get it done within a day.
What's my experience with pricing, setup cost, and licensing?
The pricing could be lower.
Which other solutions did I evaluate?
The main competitor on the market is Splunk.
What other advice do I have?
I'd rate the solution eight out of ten.
Shaik Shaheer
A highly commendable and robust solution offering powerful features and comprehensive log data management
Reviewed on Oct 11, 2023
Review provided by PeerSpot
What is our primary use case?
As an MSSP company, we work with various products and tools, including Falcon EDR and Falcon LogScale by CrowdStrike. We handle the configurations, integrations, and other tasks related to these tools on our tenant. We also create dashboards, perform quarantines, and use it for log management and fast data access.
How has it helped my organization?
It allows us to efficiently manage and store our data. Its compression and archiving features not only reduce storage costs but also minimize the infrastructure resources needed for data backup. Since we have multiple security solutions in place, it allows us to streamline data handling. We can selectively send security-related events to the SIEM while directing other non-security events from various tools to Falcon LogScale. This flexibility ensures that we have access to all the data we need when required, and we can easily export this data from it as necessary, optimizing our data management and making it readily available for analysis or other purposes.
What is most valuable?
It has an impressive data retention capability, allowing you to collect and store data for up to a year. Also, its data retrieval speed is remarkable, taking just a fraction of a second to access the information you need. This combination of extensive data retention and quick data retrieval sets it apart from other log management tools I've worked with in the past. It offers the capability to view live log ingestion directly from the console which means you can seamlessly manage live log data ingestion alongside accessing and analyzing older data from the past.
What needs improvement?
There are some overlapping features found in multiple tools.
For how long have I used the solution?
We have been using it for a year now.
What do I think about the stability of the solution?
The solution remains stable without any notable issues. It performs exceptionally well when dealing with substantial data ingestion. Retrieving data from one or two months ago is virtually instantaneous.
What do I think about the scalability of the solution?
As a relatively small organization, we haven't had the chance to deploy and scale it yet. Our daily data ingestion is relatively modest, typically around fifteen to twenty GB and we don't have subsidiary branches where we can replicate the same LogScale environment for further scaling. However, we are open to exploring potential opportunities for expansion in the future.
How are customer service and support?
Around six months ago, we engaged in a workshop with one of CrowdStrike's Subject Matter Experts. During this session, they provided us with an overview of their products, explaining how they function, their capabilities, and the new features that had been added.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've had experience working with Global Chronicle, Sumo Logic, and Splunk, including an Indian tool. In comparison to these solutions, Falcon LogScale appears to be a well-rounded and efficient solution. It excels in certain areas where others fall short, making it a strong choice for log management in my experience.
How was the initial setup?
The initial set up is straightforward, and its operation is easily comprehensible. You can swiftly deploy it on your own without much complexity.
What about the implementation team?
For on-premises deployment, you'll require a dedicated server with specific backend requirements and you'll need to obtain the OVFA from CrowdStrike LogScale. While we haven't had the chance to perform an on-premises deployment, based on my knowledge and the available documentation, the process is estimated to take around thirty to forty-five minutes to complete.
What other advice do I have?
I would suggest that, based on your organization's log management needs, if you're already using an SIEM solution, you can complement it with Falcon LogScale for extended data ingestion and storage. It provides flexibility, allowing you to customize data retention based on your specific requirements and organizational compliance standards. You can tailor data ingestion to send security-related alerts to the SIEM while storing other logs for future use. Its capacity to handle vast amounts of data ingestion and provide lightning-fast query capabilities is a significant advantage. I would rate it nine out of ten.