Alternatives to Splunk?

Posted by MichaelGG on Server Fault See other posts from Server Fault or by MichaelGG
Published on 2009-09-05T11:14:37Z Indexed on 2010/03/09 2:38 UTC
Read the original article Hit count: 538

Filed under:
|
|
|
|

I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product.

However, the cost just way too high to consider for full production use for our company. All we really need is to be able to index different logs in a central place, and have reasonable searching on that. Having alerts based on a saved search is also really nice. We don't really go beyond that.

In fact, our biggest usage has been in deploying new applications. Everything gets logged via log4net to either the Event log on Windows or a text file on Linux. Splunk makes it pretty easy to quickly search across those to make sure all the parts of the app are working ok -- that's saved us tons of time versus hunting down individual logging sources.

What alternatives exist in this market? I have a sinking feeling Splunk's pricing is so high because they have the best product by far, and they know it. We want the server to run on Windows.

I'd be open to a split model, using one product for general logs (collect via syslog/Snare), and a dedicated product for our custom apps (like Log4Net Dashboard).

Would using a simple syslog server such as Kiwi, sent to SQL Server (perhaps with fulltext enabled) work?

I'd hope the cost should be well under 5 figures, USD. (And yes, I know, we're cheap. We're a startup with little money, and BizSpark takes care of all our MS licensing.)

Edit: I should add, we have about 10 physical servers, 20 VMs, and a couple firewalls and switches. 90% is Windows.

© Server Fault or respective owner

Related posts about splunk

  • Running a reverse proxy in front of Splunk 4.x

    as seen on Server Fault - Search for 'Server Fault'
    So, I have previously installed Splunk 3.x behind a reverse proxy and downloaded the latest version (4.0.6 at time of typing) expecting it to be as easy to use as before. Sadly this was not the case. There appears to be some elements which are not being translated correctly through the reverse proxy… >>> More

  • Alternatives to Splunk?

    as seen on Server Fault - Search for 'Server Fault'
    I'm pretty impressed with Splunk, especially version 4. Pretty graphs, alerting (Enterprise only), and fast, accurate, searching. It's a great product. However, the cost just way too high to consider for full production use for our company. All we really need is to be able to index different logs… >>> More

  • Setting up Splunk/IronPort WSA

    as seen on Server Fault - Search for 'Server Fault'
    Hello everyone! I recently stumbled across Splunk 4 (by way of an advert on this very site...) and found that it had an "App" that's designed to work with Cisco IronPort WebSecurity and E-Mail Appliances! That's really awesome, because good IronPort reporting is something our IT-dept. is looking… >>> More

  • Thoughts on Free Splunk

    as seen on Server Fault - Search for 'Server Fault'
    I am considering implementing Splunk at my company but am leery about the financial investment. I noticed there is a free version of Splunk that seem to be good enough. Can anyone tell me if you are using the free version at your company? Do you find the free version to be adequate, or just a springboard… >>> More

  • Nagios vs Splunk

    as seen on Server Fault - Search for 'Server Fault'
    I am looking to implement log tracking at my current company. After some research it seems Nagios and Splunk are the two best options. I was wondering if there is a consensus with which is better. I understand that Splunk can be quite pricey if the non-free version is used. That being said I can… >>> More

Related posts about log-files