ELK Stack vs Splunk for Your Advise?

Henry_Pan · September 5, 2015, 2:13pm

Would you please share your take on Splunk vs ELK Stack?

Thanks in advance + Happy Labor Day w/e

– Henry

warkolm · September 5, 2015, 11:28pm

They're both great tools that can happily exist side-by-side.

What do you want to know exactly?

Henry_Pan · September 5, 2015, 11:48pm

Tks Mark for your kindly replay,

I wish to know for a huge hospital group, which solution will be a better
fit?

Cheers + Happy Labor Day w/e

Henry

warkolm · September 5, 2015, 11:55pm

That's not really something anyone can answer without understanding more about your requirements.

Henry_Pan · September 6, 2015, 12:09am

Ha-ha Mark,

Whom should I reach out to discuss in more detail?

Tks by Henry

warkolm · September 6, 2015, 12:11am

You can ask for community opinions here, or I can put you in touch with our Solution Architect team if you'd like.

Henry_Pan · September 6, 2015, 12:42am

Sure Mark,

Please put me in touch with your Solution Architect team.

Tks by Henry

otisg · September 6, 2015, 3:15pm

Hi Henry,

You'll find there are lots and lots of factors involved in deciding here.
For example:

Which one are you after: Cloud or On Premises solution
Are you going to index/search only things like app and server logs or also other business information
Do you need user management, access control, etc.
Do you want to manage the underlying infrastructure and ELK on it, or do you want to just call somebody when things break
How much data are you dealing with (think volume discounts)
...

Some options:

Splunk - very powerful, mainly on premises solution, expensive and, if all you want is "supergrep" really too expensive for that use case
DIY ELK - no license fees, but you'll end up spending $ on building various features, either right away if you already know you need N features or incrementally and over time as users start demanding features that ELK doesn't have.
DIY ELK v2 - same as above + consulting/support from Elastic or Sematext to avoid mistakes, help with scaling, provide production support, etc.
Hosted/Cloud ELK (e.g. our Logsene - http://sematext.com/logsene ) - this means you don't need to buy/maintain the hardware or manage Elasticsearch part of ELK.
On Premises ELK (but a version comes with a number of enterprise features, not the bare-bones DIY ELK - see Logsene again)
Other hosted solutions - Logentries, Loggly, etc.

I hope this helps.

Otis

Monitoring * Alerting * Anomaly Detection * Centralized Log Management
Solr & Elasticsearch Support * http://sematext.com/
tel: +1 347 480 1610 fax: +1 718 679 9190

Henry_Pan · March 11, 2016, 4:19pm

Saluting Otis for your sound advice!

Henry

Topic		Replies	Views
Is it good to implement ELK Stack without Elastic Search? Elastic Community and Ecosystem	3	4566	March 23, 2018
Elasticsearch in the competitive landscape for your Advise? Elasticsearch	1	365	July 6, 2017
Log management with Elasticsearch? Elasticsearch	5	347	July 6, 2017
Splunk vs. Elastic search performance? Elasticsearch	27	9864	July 6, 2017
Splunk Elasticsearch integration Elasticsearch	1	3608	July 6, 2017

ELK Stack vs Splunk for Your Advise?

Otis

Related topics