Compare ELK Logstash vs. Splunk

ELK Logstash is ranked 13th in Log Management with 4 reviews while Splunk is ranked 1st in Log Management with 57 reviews. ELK Logstash is rated 7.2, while Splunk is rated 8.8. The top reviewer of ELK Logstash writes "Easy to update and maintain with a simple query language". On the other hand, the top reviewer of Splunk writes "Its AMIs make it easy to spin up a Splunk cluster or add a new node to it". ELK Logstash is most compared with Graylog, IBM QRadar and Splunk, whereas Splunk is most compared with IBM QRadar, Dynatrace and Graylog. See our ELK Logstash vs. Splunk report.
Cancel
You must select at least 2 products to compare!
ELK Logstash Logo
20,597 views|18,634 comparisons
Splunk Logo
99,914 views|81,088 comparisons
Most Helpful Review
Find out what your peers are saying about ELK Logstash vs. Splunk and other solutions. Updated: January 2020.
397,717 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The feature that helps us to create a report for the login testing of Logstash is the most valuable aspect of the solution.The visualization is very good.It is the best open-source product for people working in SO, managing and analyzing logs.ELK documentation is very good, so never needed to contact technical support.

Read more »

With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEMOur clients are easily able to modify and evolve their implementations.The initial setup is really straightforward. It's one of the easiest installations.It helps us uncover bottlenecks in the network.it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware.The most valuable feature of Splunk is the log monitoring.It can log more logs than other solutions. It's a good way to troubleshoot problems.We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

Read more »

Cons
The machine learning is not included in the free version. It is only included in the Platinum or Gold versions. It would be helpful if the machine learning features were available even on the free version of the solution. RSA and IBM are other solutions that also offer machine learning, which is interesting for us, but they cost money.There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated.If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution.Email notification should be done the same way as Logentries does it.We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there).They don't provide user authentication and authorisation features (Shield) as a part of their open-source version.

Read more »

It needs a better way to export dynamic views without requiring a ton of code and user/pw.It needs integration with a configuration management solution.It needs integration with a configuration management solution.They should make data onboarding easier.The product was difficult to back up the first time.Splunk needs local technical support.If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.Cybersecurity and infrastructure monitoring have room for improvement.

Read more »

Pricing and Cost Advice
We are using the free, open-source version of this solution.We use the open-source version, so there is no charge for this solution.

Read more »

Splunk is really expensive.Splunk should be able to integrate with other product using the free version.The pricing and licensing of the product are quite high.Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market.It's a little bit expensive for a small to medium enterprise.I think the price could be improved.I am not personally involved with the pricing of the solution.Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products.

Read more »

report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
397,717 professionals have used our research since 2012.
Answers from the Community
Vivek Vijayan
author avatar
User

First of all, we need to understand what those two softwares are; Splunk is a finished SIEM that is mainly used to analyze data, such as logs, net flows, etc. Splunk comes in different flavors, below I will include a link of all the products they have.

https://www.splunk.com/en_us/software.html

Some of them can be even downloaded or you can try them in the cloud, below I will give you a link of Splunk enterprise, in the link you can see that you can download it, as a trial.

https://www.splunk.com/en_us/software/splunk-enterprise/features.html

ELK can be used for the requirements that you included, such as log analysis, the difference is that you will have to write the normalizers (this is a configuration file based on regex that reads the raw log and devices the log in small pieces), you will have to write the configuration file of the different widgets in the dashboard, alerts will have to be also written, etc.

Elastic.co has already made an app that works as a SIEM, from all the products I think this will be the one that will make the most sense, as a log storage/analyzer, below is the link and you can try it as a cloud deployment.

https://www.elastic.co/products/siem

Also, this is a more complete list of all the features that are included in the enterprise version, here you can check them out and decide if this is something that will work for you.

https://www.elastic.co/subscriptions

Those two softwares are very good, but it will be better if you give them a try by yourself and try to compare them to see which one is the best for your network environment.

author avatar
Vendor

Generally Elastic is very strong in datasearch, and Splunk has a strong security solution. However Elastic has partnered with SIEM provider empow and together this integration provides a very strong platform both in datasearch and next generation SIEM.

Here's a thorough article on ELK vs. Splunk<https://devops.com/splunk-elk-stack-side-side-comparison/> and here's a description from Elastic<https://www.elastic.co/subscriptions> on what's included in the different versions.

author avatar
Alex Boz (Logrhythm)
Vendor

Splunk: hard to use, expensive with predatory pricing, few OOTB rules, SOAR is a premium, good luck training analyst on their platform in under six months. SPLUNK SEARCH.

ELK Stack: easy to use, open-source, no predatory pricing, more robust use cases OOTB, loved and used by millions all over the globe, open ecosystem that can integrate with almost any major IT stack out of the box. LUCENE.

author avatar
User

We use ELK or other freeware stacks in isolated small scenarios.

Think of a small or medium company with a „midsized“ webshop. You can easily do your Log management with an ELK-Stack, let's say size 5 up to 10 GB, no Problem. Please keep in mind to order Hardware. The best thing on ELK is that you can start immediately you don't have to wait for licensing and it's easy to build the first small things.

Another Example:
Your Marketing Dep. wants to do some singular evaluations and very specialized marketing stuff. It is temporary and they don't have the budget for licensing. The results are not for permanent use. Just use ELK.

In my opinion, ELK is only cost-effective if you don't need to buy their professional service. You must leave the cases small.

If you are looking for bigger scenarios or you want to build-up a SIEM, SOC or even doing elevated things like SOAR it is a very different kind of thing.
There can be account issues that a developer usually won't mind at the first glance but a Controller will.
You have to look at the Total Cost of Ownership, Scalability, Time to Market, Secureness of future development, maintenance e.g.

If you want to build up a complex scenario with the secureness of scalability you should go with SPLUNK. If tomorrow there is a better tool with lower costs and less need for input of manpower I will refer to this.

Ranking
13th
out of 47 in Log Management
Views
20,597
Comparisons
18,634
Reviews
3
Average Words per Review
415
Avg. Rating
7.0
1st
out of 47 in Log Management
Views
99,914
Comparisons
81,088
Reviews
55
Average Words per Review
322
Avg. Rating
8.8
Top Comparisons
Compared 23% of the time.
Compared 13% of the time.
Compared 11% of the time.
Compared 9% of the time.
Compared 9% of the time.
Compared 8% of the time.
Also Known As
Elastic Stack, ELK Stack
Learn
Elastic
Splunk
Overview

Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite “stash.”

Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

Offer
Learn more about ELK Logstash
Learn more about Splunk
Sample Customers
Sprint, Grab, Autopilot, Just Eat, Verizon Wireless, Green Man Gaming, Compare Group, Tango, Perceivant, QuizletSplunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Top Industries
VISITORS READING REVIEWS
Software R&D Company42%
Manufacturing Company12%
Comms Service Provider10%
Government5%
REVIEWERS
Financial Services Firm19%
Energy/Utilities Company17%
Retailer11%
Insurance Company7%
VISITORS READING REVIEWS
Software R&D Company30%
Comms Service Provider13%
Financial Services Firm9%
Media Company6%
Company Size
No Data Available
REVIEWERS
Small Business26%
Midsize Enterprise15%
Large Enterprise59%
VISITORS READING REVIEWS
Small Business12%
Midsize Enterprise21%
Large Enterprise67%
Find out what your peers are saying about ELK Logstash vs. Splunk and other solutions. Updated: January 2020.
397,717 professionals have used our research since 2012.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.