Elasticsearch vs. Splunk Enterprise

Elasticsearch

Splunk Enterprise

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Elasticsearch	Score 8.7 out of 10	N/A	Elasticsearch is an enterprise search tool from Elastic in Mountain View, California.	$16 per month
Splunk Enterprise	Score 8.4 out of 10	N/A	Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.	N/A

Pricing

Elasticsearch

Splunk Enterprise

Editions & Modules

Standard: $16.00
per month
Gold: $19.00
per month
Platinum: $22.00
per month
Enterprise: Contact Sales

No answers on this topic

Offerings

Pricing Offerings
Elasticsearch	Splunk Enterprise
Free Trial
No	Yes
Free/Freemium Version
No	Yes
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Pricing Info

Community Pulse
	Elasticsearch	Splunk Enterprise
Considered Both Products	Elasticsearch Ivan Portugal Manager Chose Elasticsearch Cassandra and Solr are other products that I haven't used but might be considered "competitors". Splunk is very, very good in terms of search but it seemed limited to logging. It is also quite pricey compared to ElasticSearch which is free. Incentivized Helpful? Jose Adan Ortiz Sales Engineer Chose Elasticsearch With Elasticsearch you can integrate a lot of data sources. It can act as a small DataLake where you can put different kinds of data and extract important insights. With Splunk, additional to elevated costs of licensing and hardware, you need to have expert engineers to address … Incentivized Helpful? Verified User Consultant Chose Elasticsearch I think Elasticseach works less great compared to Splunk. Mainly the way the Splunk search head works is vastly superior to the way the Elasticsearch query language works. Furthermore, the Splunk architecture is in my opinion easier to roll out and scale-up. Splunk also has a … Incentivized Helpful? Keith Lubell Chief Technology Officer Chose Elasticsearch Elasticsearch and Solr are both based on Lucene, but the user community for Elasticsearch is much stronger, and setting up a cluster is easier. Splunk is very well suited for Log indexing and searching but is not nearly as flexible as Elasticsearch. Couchbase is a great NoSQL … Incentivized Helpful? Julie Zhong Data analytics Chose Elasticsearch Elasticsearch is relatedly cheaper the splunk. OpenSearch is good and we migrated some data into it but the critical data stays in elasticsearch as it has formal support. Helpful? John Anderson Lead Application Engineer IV Chose Elasticsearch They all have their specific pros and cons. Elastic was actually initially brought in to provide less expensive functionality to Splunk, and Splunk use cases. Grafana was brought in to provide less expensive visualizations compared to Splunk and Elastic...I would recommend … Incentivized Helpful? Oscar Narváez Del Rio Tools & Analytic Monitoring Leader Chose Elasticsearch Elasticsearch brings the capacity to grow data ingest and provides 24/7 visibility into critical services across IT and Business teams. With Elasticsarch, specialized support teams can easily view all the relevant information by using real-time dashboards, and can immediately … Incentivized Helpful? Verified User Technician Chose Elasticsearch Elasticsearch is the most powerful and easy to use platform in this market. It's open source which makes enhancements very possible and also makes customization something that is commonplace. We're able to create custom modules to pull data from both log and config files, which … Incentivized Helpful? Manish Rajkarnikar Lead Engineer Chose Elasticsearch Elasticsearch is widely popular and it's mostly free. Its ecosystem, ability to scale, ease to set up, integration with other systems, highly usable API make it really great compared to its competition. Incentivized Helpful? Colby Shores DevOps Engineer Chose Elasticsearch Apache Solr is the closest competitor to ElasticSearch from a search engine perspective. ElasticSearch is simple and streamlined in it's configuration. When taken as a whole, Apache Solr is more robust as a storage engine from a developer perspective, ElasticSearch has the … Incentivized Helpful?	Splunk Enterprise Verified User Employee Chose Splunk Enterprise Haven't evaluated any other tools. Of course there are many other vendors in the space but Splunk continues to be the market leader and to maintain its position in Gartner's magic quadrant. Haven't used Elasticsearch but hear very highly of it, offering a better licensing model … Incentivized Helpful? Verified User Engineer Chose Splunk Enterprise Okay for dashboards but very limited for ad-hoc searches, no deep dive Incentivized Helpful? Verified User Analyst Chose Splunk Enterprise We used this first but are considering moving away due to log space limitations because of cost. Helpful? Verified User Engineer Chose Splunk Enterprise Splunk is all inclusive, you don't need 3 products to do what Splunk did 4 previous major versions. Incentivized Helpful? ShuYun Du Technical Specialist Chose Splunk Enterprise Splunk is easier to setup compare to ELK. It has better support, well-documented information plus the Splunk database which has an addon that built by them or the other users to help to improve the experience with Splunk. However, ELK is open-source and it is free. At the end … Incentivized Helpful? Verified User Engineer Chose Splunk Enterprise I didn't get to fully evaluate Logstash as our corporation was already using Logstash, but both seemed like viable solutions to the problem that we were having. I wanted to evaluate Logstash some more, both did seem like they would work for the business needs that we had, we … Incentivized Helpful?

Features

Elasticsearch

Splunk Enterprise

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	Elasticsearch - Ratings	Splunk Enterprise 8.0 80 Ratings 1% above category average
Centralized event and log data collection	00 Ratings	8.976 Ratings
Correlation	00 Ratings	8.078 Ratings
Event and log normalization/management	00 Ratings	8.977 Ratings
Deployment flexibility	00 Ratings	7.970 Ratings
Integration with Identity and Access Management Tools	00 Ratings	7.871 Ratings
Custom dashboards and workspaces	00 Ratings	8.177 Ratings
Host and network-based intrusion detection	00 Ratings	7.757 Ratings
Data integration/API management	00 Ratings	7.726 Ratings
Behavioral analytics and baselining	00 Ratings	7.323 Ratings
Rules-based and algorithmic detection thresholds	00 Ratings	8.024 Ratings
Response orchestration and automation	00 Ratings	7.522 Ratings
Reporting and compliance management	00 Ratings	8.125 Ratings
Incident indexing/searching	00 Ratings	8.328 Ratings

Best Alternatives
	Elasticsearch	Splunk Enterprise
Small Businesses	Yext Score 8.9 out of 10	LevelBlue USM Anywhere Score 7.5 out of 10
Medium-sized Companies	Guru Score 9.6 out of 10	Sumo Logic Score 8.8 out of 10
Enterprises	Guru Score 9.6 out of 10	Sumo Logic Score 8.8 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Elasticsearch	Splunk Enterprise
Likelihood to Recommend	9.0 (48 ratings)	8.2 (86 ratings)
Likelihood to Renew	10.0 (1 ratings)	7.0 (18 ratings)
Usability	10.0 (1 ratings)	7.9 (19 ratings)
Availability	- (0 ratings)	10.0 (1 ratings)
Support Rating	7.8 (9 ratings)	8.0 (18 ratings)
Online Training	- (0 ratings)	8.0 (1 ratings)
Implementation Rating	9.0 (1 ratings)	7.0 (3 ratings)
Product Scalability	- (0 ratings)	9.1 (1 ratings)

User Testimonials
	Elasticsearch	Splunk Enterprise
Likelihood to Recommend	Elastic Elasticsearch is a really scalable solution that can fit a lot of needs, but the bigger and/or those needs become, the more understanding & infrastructure you will need for your instance to be running correctly. Elasticsearch is not problem-free - you can get yourself in a lot of trouble if you are not following good practices and/or if are not managing the cluster correctly. Licensing is a big decision point here as Elasticsearch is a middleware component - be sure to read the licensing agreement of the version you want to try before you commit to it. Same goes for long-term support - be sure to keep yourself in the know for this aspect you may end up stuck with an unpatched version for years. Incentivized Borislav Traykov DevOps Team Leader Read full review	Cisco It's well suited for what I do, which is network security operations. And that's for anything from troubleshooting incidents, troubleshooting performance, troubleshooting for the purpose of a compliance and auditing. It's not best suited for users who are new in terms of they're new to the product and they have expectations that probably Splunk cannot meet. Incentivized Verified User Anonymous Read full review
Pros	Elastic As I mentioned before, Elasticsearch's flexible data model is unparalleled. You can nest fields as deeply as you want, have as many fields as you want, but whatever you want in those fields (as long as it stays the same type), and all of it will be searchable and you don't need to even declare a schema beforehand! Elastic, the company behind Elasticsearch, is super strong financially and they have a great team of devs and product managers working on Elasticsearch. When I first started using ES 3 years ago, I was 90% impressed and knew it would be a good fit. 3 years later, I am 200% impressed and blown away by how far it has come and gotten even better. If there are features that are missing or you don't think it's fast enough right now, I bet it'll be suitable next year because the team behind it is so dang fast! Elasticsearch is really, really stable. It takes a lot to bring down a cluster. It's self-balancing algorithms, leader-election system, self-healing properties are state of the art. We've never seen network failures or hard-drive corruption or CPU bugs bring down an ES cluster. Incentivized Verified User Anonymous Read full review	Cisco It is very useful in creating custom rules for analyzing system logs and display relevant information. The query language is very easy to learn. We can create custom UI to visualize the output of our data. The interface is very flexible. It also allows the sharing of rules among users. There is an open online community to help others. Stackoverflow also has a splunk community. These resources make it more convenient to learn. Incentivized Kuntal Das Security Analyst Read full review
Cons	Elastic Joining data requires duplicate de-normalized documents that make parent child relationships. It is hard and requires a lot of synchronizations Tracking errors in the data in the logs can be hard, and sometimes recurring errors blow up the error logs Schema changes require complete reindexing of an index Incentivized Keith Lubell Chief Technology Officer Read full review	Cisco Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users. Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted. Better insight into daily ingestion values Incentivized Pooja Gada Engineering Tech Lead Read full review
Likelihood to Renew	Elastic We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision. Incentivized Aaron Gussman Senior Technologist Read full review	Cisco We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks. Verified User Anonymous Read full review
Usability	Elastic To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching. If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers. Incentivized Verified User Anonymous Read full review	Cisco You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all. Incentivized Kenneth Taitingfong Splunk Architect / Engineer Read full review
Reliability and Availability	Elastic No answers on this topic	Cisco When properly setup and configured, Splunk is extremely reliable. Incentivized Verified User Anonymous Read full review
Support Rating	Elastic We've only used it as an opensource tooling. We did not purchase any additional support to roll out the elasticsearch software. When rolling out the application on our platform we've used the documentation which was available online. During our test phases we did not experience any bugs or issues so we did not rely on support at all. Incentivized Verified User Anonymous Read full review	Cisco Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method. Incentivized Verified User Anonymous Read full review
Online Training	Elastic No answers on this topic	Cisco The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself. Verified User Anonymous Read full review
Implementation Rating	Elastic Do not mix data and master roles. Dedicate at least 3 nodes just for Master Incentivized Verified User Anonymous Read full review	Cisco Smooth without too many major issues. Incentivized Verified User Anonymous Read full review
Alternatives Considered	Elastic As far as we are concerned, Elasticsearch is the gold standard and we have barely evaluated any alternatives. You could consider it an alternative to a relational or NoSQL database, so in cases where those suffice, you don't need Elasticsearch. But if you want powerful text-based search capabilities across large data sets, Elasticsearch is the way to go. Incentivized Verified User Anonymous Read full review	Cisco I didn't get to fully evaluate Logstash as our corporation was already using Logstash, but both seemed like viable solutions to the problem that we were having. I wanted to evaluate Logstash some more, both did seem like they would work for the business needs that we had, we went with splunk as many teams were already using it. Incentivized Verified User Anonymous Read full review
Scalability	Elastic No answers on this topic	Cisco Splunk can scale in to the petabyte per day range which of course is awesome Rick Yetter Regional Director Read full review
Return on Investment	Elastic We have had great luck with implementing Elasticsearch for our search and analytics use cases. While the operational burden is not minimal, operating a cluster of servers, using a custom query language, writing Elasticsearch-specific bulk insert code, the performance and the relative operational ease of Elasticsearch are unparalleled. We've easily saved hundreds of thousands of dollars implementing Elasticsearch vs. RDBMS vs. other no-SQL solutions for our specific set of problems. Incentivized Anatoly Geyfman Founder & CEO Read full review	Cisco I don't have any numbers to share but Splunk has positively served as a 24/7 monitoring tool that has saved hours of work by self-detecting, saving statistics and alerting problems in the system or from external interfaces as soon as they happen. Splunk dashboards does a solid job in collecting, analyzing data and creating reports that contain an entire day's activity and then automatically sent out to the business. Splunk is very easy to learn and very useful to any program or business application. Incentivized Verified User Anonymous Read full review
ScreenShots