Splunk Light offers a new option for companies to apply data analytics to IT operations. Here’s how it stacks up against Splunk Enterprise, Splunk Cloud, and emerging open-source and commercial rivals.
Splunk introduced Splunk Light last week, billing it as a low-cost option for smaller teams and tactical analysis. But is it also a good way for larger organizations looking to experiment with bringing data analytics and an Internet-of-things mindset to IT operations?
To answer this question, it’s best to consider the options already available from Splunk as well as from emerging rivals including open-source products such as Graylog and Elastic’s Elastisearch ELK stack, and commercial competitors including SumoLogic and Logentries.
Splunk is the 12-year-old leader in the market for software that uses log-file-analysis for IT system optimization software, risk analysis, fraud and threat detection, and business-trend analysis. Designed first and foremost for machine data generated by IT infrastructure, Splunk Enterprise software includes a proprietary big-data repository, and analysis software powered by Splunk’s SPL (Search Processing Language) for searching, filtering, and manipulating data. Splunk also offers drag-and-drop data visualizations and filters for non-technical business users.
Branching out from its core Enterprise software, the company introducedSplunk Cloud (on Amazon Web Services) and Splunk Hunk, software that works in conjunction with Hadoop, in 2013. This brings us to Splunk Light, which is on-premises software designed to fill a gap at the low-end of the market. Not surprisingly, this is where many entry-level threats to Splunk are emerging, with ambitions of scaling up into Splunk’s core market.
Splunk Light is designed to be quickly deployed on a single server. It handles up to five named users and maxes out at 20 GB of data captured per day. That volume isn’t big by big data standards, but as an option for pilot tests and proof-of-concept projects it might be a good starting point.
The downside is that Splunk has limited Light to what the company describes as “tactical” analysis. It supports manual techniques associated with troubleshooting websites (why are e-commerce transactions lagging?), other forensic analyses, basic security checks (are we being hacked?), and routine searching, reporting, dashboarding, and alerting.
Splunk Light lacks the high-availability, distributed scalability, and advanced features and apps available in Splunk Enterprise. So you can’t use Splunk’s automation logic or its apps for enterprise security and streaming data, or things like Microsoft Exchange or VMware analysis and optimization. Getting data into Splunk Light shouldn’t be a problem, though. Add-ons, including Unix and Windows “listeners,” let you pull in performance data from servers as well as from network routers and industry-standard databases.
So it’s the age-old question of weighing capabilities, or lack thereof, against costs. You can buy term-licensed Splunk Light starting at 1 GB-per-day capacity at $75 per month (with a one-year commitment and no additional support fees). You can also buy a perpetual license for $1,800, plus 20%-per-year maintenance. A Splunk Enterprise annual-term license starts at $1,800 at the 1 GB-per-day level, while the perpetual license at that capacity is $4,500, plus 20%-per-year maintenance.
A quick tour of published competitive pricing finds Graylog providing enterprise support for its open source software starting at $2,500 per server, per year. Commercial vendor SumoLogic has a free, 1- to 3-user offering that supports up to 500 MB captured per day and a Pro plan for 3-20 users that starts at 1 GB per day for $90.
Logentries has annual plans with monthly terms starting at $29 per month for capturing up to 20 GB per month (with 14-day data retention), but that appears to be a per user cost. A Logentries “Team” License starts at $265 per month at 150 GB captured per month.
Compared with Splunk Cloud, which starts at $675 per month (based on an annual commitment), Splunk Light is a more-affordable option suited to organizations that want to keep their work on-premises, for whatever reason. Your team will, however, have to configure and run the software on your hardware, and those costs can add up fast. There’s talk of a Splunk Light cloud offering later this year, but there’s no clear launch date. For now, Splunk says it’s working on building out the self-service provisioning portal for that option.
You’ll obviously want to take a closer look at the user numbers, data capacities, and available functionality to come up with comparisons that fit your needs. But Splunk’s success has sparked competition that is giving you more options, and that’s surely the reason you’re seeing this Splunk Light offering.