2016-11-07T06:27:00Z

Splunk vs. Elastic Stack

From a few reviews I saw that Elastic Stack, which is an open source stack solution is gaining popularity. 

Splunk has been in the market for quite some time but is commercial product. 

Is it possible to replace Splunk with Elastic Stack? 

If so, what are all the benefits we may be losing in this decision? 

Does Elastic Stack also have a retention policy? 

Is Kibana a form of equivalent to what Splunk provides? 

Is it advisable to set Elastic Stack for an enterprise application? 

What may be the challenges if we want to setup Elastic Stack for application which runs on two nodes and with a load balancer?

it_user544149 - PeerSpot reviewer
User at a tech services company with 10,001+ employees
  • 2
  • 36
1
PeerSpot user
1 Answer
AB
Cybersecurity & IT Operations Professional (VirtualCxO) at BrainWave Consulting Company, LLC
Consultant
2017-11-01T14:45:25Z
Nov 1, 2017

I have started to recently evaluate the same approach for myself and a few clients.

The short answer is that it is definitely possible to replace Splunk with the ELK stack for very many use cases. Splunk is a robust, well-integrated platform that has a vibrant ecosystem of applications, but ELK also has quite a few applications and is starting to hold its own as many more people become disgruntled with the pricing of Splunk and its commercial brethren.

Integration is going to take a bit more work with ELK than with Splunk, and there are not as many easy-to-use 3rd party offerings, but Elastic Search is very powerful and flexible, and the cost savings if you have a lot of data can be super significant. Plus, Elastic Search has a cloud option which, if appropriate for your environment, would reduce the integration and deployment complexities.

Splunk is definitely fast, powerful, and complete, but I think that Elastic Search and the rest of the ELK stack can be used in its place for most installations (small or large), and the cost savings can be applied, in part, to consulting assistance.

Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: September 2023.
734,678 professionals have used our research since 2012.
Product comparison that may be of interest to you
Related Questions
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Jan 20, 2022
Hi dear professionals, How would you compare Securonix and Splunk as a SIEM enterprise solution? 
See 1 answer
Manoj Gautam - PeerSpot reviewer
Practice Lead- Network & Info Security at Inknowtech
Jan 20, 2022
I believe when we built a solution for any customer SOC environment, we need to take a survey of running equipment, their IoS and our product should compatible with their resources , APIs , third party integration, log management and the reporting mechanism should be good enough to understand each and every security aspects.  There are multiple tools are available for the comparison of different SIEM enterprise solution. As per my experience, splunk and arcsight is compatible for most of the customer environment, even though devices are not updated.
NC
Content Manager at PeerSpot (formerly IT Central Station)
Nov 17, 2021
Which is better and why?
See 2 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Oct 22, 2021
Hi @Netanya Carmi​, Below are some comparisons on features and Integrations.  Azure Monitor Splunk Full observability into your applications, infrastructure, and network. It provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications; Search, monitor, analyze and visualize machine data. Splunk Inc. provides the leading platform for Operational Intelligence. Customers use Splunk to search, monitor, analyze and visualize machine data.                                    IT Infrastructure Monitoring Features Application Monitoring √ √ Bandwidth Monitoring √ X Capacity Planning √ X Configuration Change Management √ √ Data Movement Monitoring √ √ Health Monitoring √ X Multi-Platform Support √ X Performance Monitoring √ √ Point-in-Time Visibility √ X Reporting / Analytics √ √ Virtual Machine Monitoring √ X                                                 Integrations Squadcast √ √ Amazon EKS X √ Amazon Redshift X √ Amazon Web Services (AWS) X √ Azure DevOps Services √ X Azure Logic Apps √ X Azure Stack √ X Beats √ X CMS Hub X √ CyberOne X √
Nov 17, 2021
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we have problems somewhere or if we are not getting the flow we expect. It is very easy to search for queries and events and then do analysis. The flexibility of the search capability is extremely valuable. Splunk works well with other solutions. It is very easy to set up and very straightforward to deploy. The more data you process with Splunk, the more expensive it gets; an improved pricing model is needed. It would be great if Splunk had more SIEM functionality with better customization and a better ticket tool. The on-premises scaling is a bit more limited than on the cloud. Splunk currently has some limited default rules and customizations. If they could concentrate more on compliance and security information, that would be an added bonus. Azure Monitor has made it significantly easier for us to monitor applications and infrastructure for possible problems. This solution offers a survey of surveillance in real time and a very helpful dashboard. Azure Monitor, which is integrated with Azure DevOps, has good load gathering and very good analytics. We get useful alerts with Azure Monitor that make recommendations about the security and the platform. There should be more specific detail about where problems lie. Azure Monitor is lacking somewhat in vulnerability assessment; this aspect could be better. Their automation also needs some improvement. From gathering metrics from more applications to getting processes quickly started when something goes down, automation should be better. Conclusion: For us, Splunk is the better solution. We use Splunk to search, monitor, analyze, and visualize machine data, which it does very well. The dashboard is very intuitive. The log collection and log management tools are very good. We find Splunk’s search capability to be very powerful and flexible. Splunk can access any kind of data and there is no limitation to the kind of structured or unstructured data you can extract. Our team also liked that Splunk offers better integration with more solutions.
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Log Management Tools to help you d...
LW
Content Editor at PeerSpot
Aug 20, 2023
Managing system logs effectively is paramount to maximizing smooth operations and security, as well as helping IT teams make informed decisions. Log management encompasses a range of practices that involve collecting, analyzing, and storing log data generated by various applications, servers, and network devices. This data, often referred to as the "digital breadcrumbs" of an organization, offe...
LW
Content Editor at PeerSpot
Aug 1, 2023
In technology-driven, enterprise-scale IT environments, the management of log data from varied sources has become indispensable. Log management tools help ensure secure and efficient operations through five key components: log collection, storage, analysis, correlation, and reporting. In what follows, we look at these key components, explain the processes involved in each, and explain why they ...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out! Also, please share with us your feedback and suggestions by commenting below! Trending See what is trending at the moment and chime in to discuss! ...
Product Comparisons
Related Categories
Related Articles
NC
Content Manager at PeerSpot (formerly IT Central Station)
May 2, 2022
Top 8 Log Management Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
LW
Content Editor at PeerSpot
Aug 20, 2023
Log Management Best Practices
Managing system logs effectively is paramount to maximizing smooth operations and security, as we...
Download Free Report
Download our free Log Management Report and find out what your peers are saying about Splunk, IBM, LogRhythm, and more! Updated: September 2023.
DOWNLOAD NOW
734,678 professionals have used our research since 2012.