Splunk Light Vs. Alternatives: Cost, Functionality Compared - InformationWeek
IoT
IoT
Data Management // Big Data Analytics
Commentary
3/16/2015
01:59 PM
Doug Henschen
Doug Henschen
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
100%
0%

Splunk Light Vs. Alternatives: Cost, Functionality Compared

Splunk Light offers a new option for companies to apply data analytics to IT operations. Here's how it stacks up against Splunk Enterprise, Splunk Cloud, and emerging open-source and commercial rivals.

Splunk introduced Splunk Light last week, billing it as a low-cost option for smaller teams and tactical analysis. But is it also a good way for larger organizations looking to experiment with bringing data analytics and an Internet-of-things mindset to IT operations?

To answer this question, it's best to consider the options already available from Splunk as well as from emerging rivals including open-source products such as Graylog and Elastic's Elastisearch ELK stack, and commercial competitors including SumoLogic and Logentries.

Splunk is the 12-year-old leader in the market for software that uses log-file-analysis for IT system optimization software, risk analysis, fraud and threat detection, and business-trend analysis. Designed first and foremost for machine data generated by IT infrastructure, Splunk Enterprise software includes a proprietary big-data repository, and analysis software powered by Splunk's SPL (Search Processing Language) for searching, filtering, and manipulating data. Splunk also offers drag-and-drop data visualizations and filters for non-technical business users.

[ Want more on this topic? Read Splunk Leads Tiny Big Data Market. ]

Branching out from its core Enterprise software, the company introduced Splunk Cloud (on Amazon Web Services) and Splunk Hunk, software that works in conjunction with Hadoop, in 2013. This brings us to Splunk Light, which is on-premises software designed to fill a gap at the low-end of the market. Not surprisingly, this is where many entry-level threats to Splunk are emerging, with ambitions of scaling up into Splunk's core market.

Splunk Light is designed to be quickly deployed on a single server. It handles up to five named users and maxes out at 20 GB of data captured per day. That volume isn't big by big data standards, but as an option for pilot tests and proof-of-concept projects it might be a good starting point.

The downside is that Splunk has limited Light to what the company describes as "tactical" analysis. It supports manual techniques associated with troubleshooting websites (why are e-commerce transactions lagging?), other forensic analyses, basic security checks (are we being hacked?), and routine searching, reporting, dashboarding, and alerting.

Splunk Light lacks the high-availability, distributed scalability, and advanced features and apps available in Splunk Enterprise. So you can't use Splunk's automation logic or its apps for enterprise security and streaming data, or things like Microsoft Exchange or VMware analysis and optimization. Getting data into Splunk Light shouldn't be a problem, though. Add-ons, including Unix and Windows "listeners," let you pull in performance data from servers as well as from network routers and industry-standard databases.

So it's the age-old question of weighing capabilities, or lack thereof, against costs. You can buy term-licensed Splunk Light starting at 1 GB-per-day capacity at $75 per month (with a one-year commitment and no additional support fees). You can also buy a perpetual license for $1,800, plus 20%-per-year maintenance. A Splunk Enterprise annual-term license starts at $1,800 at the 1 GB-per-day level, while the perpetual license at that capacity is $4,500, plus 20%-per-year maintenance.

A Splunk Light dashboard visualizes a combination of machine data measures, trendlines, and alerts.

A Splunk Light dashboard visualizes a combination of machine data measures, trendlines, and alerts.

A quick tour of published competitive pricing finds Graylog providing enterprise support for its open source software starting at $2,500 per server, per year. Commercial vendor SumoLogic has a free, 1- to 3-user offering that supports up to 500 MB captured per day and a Pro plan for 3-20 users that starts at 1 GB per day for $90.

Logentries has annual plans with monthly terms starting at $29 per month for capturing up to 20 GB per month (with 14-day data retention), but that appears to be a per user cost. A Logentries "Team" License starts at $265 per month at 150 GB captured per month.  

Compared with Splunk Cloud, which starts at $675 per month (based on an annual commitment), Splunk Light is a more-affordable option suited to organizations that want to keep their work on-premises, for whatever reason. Your team will, however, have to configure and run the software on your hardware, and those costs can add up fast. There's talk of a Splunk Light cloud offering later this year, but there's no clear launch date. For now, Splunk says it's working on building out the self-service provisioning portal for that option.

You'll obviously want to take a closer look at the user numbers, data capacities, and available functionality to come up with comparisons that fit your needs. But Splunk's success has sparked competition that is giving you more options, and that's surely the reason you're seeing this Splunk Light offering.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Doug Henschen is Executive Editor of InformationWeek, where he covers the intersection of enterprise applications with information management, business intelligence, big data and analytics. He previously served as editor in chief of Intelligent Enterprise, editor in chief of ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
neilson9
50%
50%
neilson9,
User Rank: Apprentice
6/30/2015 | 1:26:46 PM
Re: Lots of competition emerging in the world of log file analysis
In the last 18months this market has become heavily contended. The number of products has qudrupled in the on-prem and saas space. The older on-prem alternatives like Logscape (plug) continue to evolve and try to differentiate through plugins/apps into different verticals. Splunk is now prolofic and I agree that this is largely a defensive move against ELK, their recent amazon launch and obvious grasp onto BI are all acts of a publicly traded company that need to compete on all fronts. While the market matures I still belelive that Splunk and Logcape provide the most compelling solution for On-Prem Enterprise ready operational analytics platform. Logscape now builds on user-workflows by creating contextual (web-link) links between dashboard that act to guide the analyst in their function. 
JPender
50%
50%
JPender,
User Rank: Apprentice
3/23/2015 | 3:01:20 PM
Moving beyond the SIEM to analyze data

As noted in the article, it's become an imperative for organizations to move beyond their SIEMs to efficiently analyze their data. The shear volume and amount of data can quickly become expensive when appropriately integrating not only internal data from a SIEM, but external data such as OSINT and threat feeds. However, without that integration and correlation, all of that data becomes useless. By using an application like IKANOW's, which is based on open source technologies such as Hadoop, elasticsearch, and MongoDB, and without a cost based on amount of data, we provide information security teams the flexibility and scalability needed to meet their toughest data and analytic challenges such as mapping threats  to known vulnerabilities within an organization's cyber security infrastructure, helping prioritize IT spending and bolstering the organizations overall security posture.  - Jason Pender, SVP Field Operations, IKANOW.

wgroth2
50%
50%
wgroth2,
User Rank: Apprentice
3/18/2015 | 6:54:35 PM
Log Insight: One more competitor to consider.
There is another significant product in the market that was left out of the article. VMware's vRealize Log Insight has most of the UI functionality, and some impressive Machine Learning technology, all backed by a pricing model that does not penalize you for exceeding some per-day threshold.

For more information, see the Log Insight product page at vmware.com.

Full Disclosure: I work for VMware, and do product marketing for Log Insight.
txyates
50%
50%
txyates,
User Rank: Apprentice
3/17/2015 | 8:32:47 PM
Re: Determining data volumes to collect
Have to agree, the ingest & data store functionality is rapidly becoming a commodity. This is likely to be a problem for Splunk, whose cost and complexity are well accepted issues as data volumes grow. N-tier architectures will become the norm as next-gen products are built on a premise of being data store agnostic and focusing on the user-facing analytics.  As for data sizes, in the Fortune 500 10-20 TB/day is going to be mainstream in a few years. Right now, maybe 100GB/day or so defines the mid-market.
michaelsklar
50%
50%
michaelsklar,
User Rank: Apprentice
3/17/2015 | 12:00:35 PM
Determining data volumes to collect
Doug, as you suggest, organizations need low-cost and low-risk options to tap the intelligence contained in their IT log data. One of biggest hurdles for companies is determining how much data they ultimately need to collect each day. Most first-time users start with a specific area of interest, for example, firewall logs. By the end of the first day they might have collected 5 GB of data. By midweek, they could be collecting 20 GB per day from 50% of their domain controllers. By Friday, they could be collecting 75 GB per day of logs from operating systems, databases, and all the major components of their data center. Organizations with deep budgets can choose any tool they like. For others, open source is a great alternative. There's even a hybrid model we've seen where organizations put Graylog on the front end of all log ingestions, and then use our user-defined streams to send subsets of real-time data to Splunk, a SIEM, or other commercial system for analysis. -Michael Sklar, CEO, Graylog
D. Henschen
50%
50%
D. Henschen,
User Rank: Author
3/16/2015 | 7:50:49 PM
Re: Lots of competition emerging in the world of log file analysis
I'd encourage competitors to chime in here with comparisons and contrasts on usability, user counts, capture capacties and costs.
Curt Franklin
50%
50%
Curt Franklin,
User Rank: Strategist
3/16/2015 | 3:16:05 PM
Re: Lots of competition emerging in the world of log file analysis
Splunk Light might well be a huge asset for Splunk, especially given the body of user knowledge that exists for the Splunk platform. I've used Splunk for a number of different projects and it does have ease of use on its side -- it will be very interesting to see whether its competition feels the need to change licensing or pricing strategies to keep up.
D. Henschen
50%
50%
D. Henschen,
User Rank: Author
3/16/2015 | 2:26:27 PM
Lots of competition emerging in the world of log file analysis
A head start doesn't guarantee continued leadership. I see Splunk Light as a defensive move as more and more competitors are emerging trying to get in early and cheap and spread across IT and business use cases over time. It's the old "land and expland" idea, which is what so many aggressive upstarts try to do. Splunk Light looks like an aggressive response, both in terms of low costs and a generous, five-named-user count.
News
Don't Collect Biometric Data Without Providing Notice
Lisa Morgan, Freelance Writer,  2/1/2019
Commentary
AI and the Next Recession
Guest Commentary, Guest Commentary,  1/24/2019
Commentary
The Title Machine Learning Engineer Will Start to Disappear
Guest Commentary, Guest Commentary,  2/7/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
Slideshows
Flash Poll