Scribd
Upload
121 views26 pages

Switch From Splunk

This document discusses why businesses are switching from Splunk to Elastic. It provides an overview of the key differences between the two platforms, including that Elastic was designed for search and ingest while Splunk was designed for search and scalability. The document also compares their pricing models, security features, and platforms. It then discusses strategies for migrating from Splunk to Elastic, highlighting that Elastic offers consulting, training and documentation to help with the transition.

Uploaded by

Mathias Moin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
121 views26 pages

Switch From Splunk

This document discusses why businesses are switching from Splunk to Elastic. It provides an overview of the key differences between the two platforms, including that Elastic was designed for search and ingest while Splunk was designed for search and scalability. The document also compares their pricing models, security features, and platforms. It then discusses strategies for migrating from Splunk to Elastic, highlighting that Elastic offers consulting, training and documentation to help with the transition.

Uploaded by

Mathias Moin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Why Are Businesses Switching

from Splunk to Elastic?

Ken Westin, Director of Competitive Intelligence


Elastic is a search company.
Searching for
Splunk vs Elastic

Founded 2003
Founded 2012

● Designed for search ● Designed for ingest


● Speed and scalability ● High compression
● Schema on write ● Schema on read
● Any unstructured data ● Unstructured time-series data
● Index, doc, and field security ● Index level security
● Single platform ● Multiple platforms and tech
● Elastic Common Schema ● Common Information Model
Splunk vs Elastic: Pricing

Resource based pricing Ingest based pricing

● Free unlimited OSS and Basic ● Free for up to 500mb a day


● Subscription based on data ● Subscription based on data ingest
searchable ● Dropped perpetual licensing
● Gold, Platinum and Enterprise ● Additional cost for premium apps
subscriptions ● Different pricing for other apps
● More use cases = more value ● Most use cases = more cost

Blog: The advantages of resource-based pricing in security


https://www.elastic.co/blog/advantages-of-resource-based-pricing-in-security
elastic.co/subscriptions
Schema on Read vs Schema on Write

Schema on write vs. schema on read


https://www.elastic.co/blog/schema-on-write-vs-schema-on-read
7
Splunk Platform Splunk Technology
Acquisitions
(separate platforms)

Microsoft Exchange VictorOps SignalFX


PCI
VMWare

Enterprise Security ITSI Other Paid Apps 3rd Party Apps

Splunk Enterprise
Phantom
UBA
Splunk Under the Hood
What’s in the box?
Elastic Technology

3 solutions
Elastic Enterprise Search Elastic Observability Elastic Security

Kibana
Powered by the
Elastic Stack Elasticsearch

Beats Logstash

Deployed
Elastic Cloud Elastic Cloud Elastic Cloud
anywhere Enterprise on Kubernetes

SaaS Orchestration
Managed Cloud Services
Elastic and Splunk Solution Coverage
Feature Splunk Elastic
Logs Yes Yes

Metrics Yes Yes

SIEM Yes Yes

Limited/
Machine Learning Separate platform
Yes

APM Separate platform Yes

Endpoint Security (EDR) No Yes

Enterprise Search No Yes


(App, Workplace and Site Search)
More Data More Problems...to Solve

Source: Source: Data Age 2025, sponsored by Seagate with data from IDC Global DataSphere, May 2020
The Data Flood is Coming

Source: Source: Data Age 2025, sponsored by Seagate with data from IDC Global DataSphere, May 2020
Increased Demand for Real-Time Processing

Source: Source: Data Age 2025, sponsored by Seagate with data from IDC Global DataSphere, May 2020
COVID-19, Recession, Open Source & Cloud
• Adoption of open-source
accelerated in the last two
recessions¹

• Budgets get tighter, however need


for solutions persist

• Innovation actually increased ²

• Biggest drivers to open-source


and Cloud were cost savings,
licensing control and
predictability, development
flexibility and active global
support communities ³

• Tools consolidation a key driver


1. Is the downturn good for open source? https://www.infoworld.com/article/2634657/is-the-downturn-good-for-open-source-.html
2. Recession-Proof Open Source https://www.forbes.com/2009/07/14/open-source-software-technology-breakthroughs-software.html#279873c54752
3. Recession Buster: Open Source's Moment https://www.cioinsight.com/c/a/Linux-and-Open-Source/Recession-Buster-Open-Sources-Moment/1
How Could a COVID-19 Recession Be Different?
• Employees working from home
and increased demand for Cloud
services puts strain on
applications and infrastructure
increasing demand for
Observability

• Increased supply chain disruption

• Potentially larger unemployment


numbers and financial impact

• Analysts are saying it could last


longer than the “Great Recession”
which was 18 months

• A lot of unknowns….
Migration Strategies

18
Customers across various industries, segments, and geographies
AUTOMOTIVE /
TECHNOLOGY FINANCE TELCO CONSUMER HEALTHCARE PUBLIC SECTOR RETAIL
TRANSPORTATION
Why Is Migrating Data Platforms Difficult?

• Leaders have bet their


career on the platform

• Organizations have invested


heavily in infrastructure,
deploying agents, data
pipelines, field extractions,
saved searches and
dashboards

• An organization has also


invested heavily in training
the employees on a specific
platform
Migration Path

1 2 3 4

Identify data sources Prioritize data Identify Redirect/bifurcate


not in Splunk due to source migration dashboards and data to the Elastic
licensing or technical searches to Stack
constraints migrate to Elastic
(Elastic Consulting has
a SKU to help)
elastic.co/campaigns/migrating-to-the-elastic-stack

elastic.co/blog/migrating-from-splunk-to-the-elastic-elk-stack-data-migration

amazon.com/dp/B075Z386F6
elastic.co/training/kibana-for-splunk-spl-users
elastic.co/training/free
Elastic Stack Key Differentiators Summary
• Flexible deployment options • Free and open
– No PO or credit card required to get
– On-prem, Multi-cloud , Hybrid started with Elastic
– Multi-tenancy – Can customize code as needed
• Speed & Scalability • Passionate community
– Customers choose Elastic for faster – Vibrant open community for support
speed and scalability to decrease MTTR – Open standards and best practices
• Context on ingest • Resource-based pricing
– Enrich data on ingest – No nickel-and-diming for every
• Security controls dimension of use
– Better control of security down to the • Machine learning
field level for sensitive data and – Machine learning out of the box,
compliance without having to create data models
– Elastic Endpoint Security and additional re-work

25
Thank You

Elastic is a Search Company.


www.elastic.co

You might also like