Splunk log analytics available in lower-cost, light version

Splunk Light, aimed at midsized enterprises, may face continued competition from open source alternatives

Data and analytics

Splunk has grown into a full-blown analysis ecosystem. But the log analytics system, which has a cost-by-usage price tag, is feeling pressure from low- and no-cost alternatives

To broaden Splunk's appeal, the company is now unveiling Splunk Light, with a much lower price tag. But its low-to-no starting cost has a catch: It only allows a limited amount of data to be processed per day through Splunk.

splunk search Splunk

Splunk Light's search functions behaves the same as its more upscale enterprise cousins, although enterprise features like apps and distributed processing aren't included.

The full-blown Enterprise edition of Splunk carries a four-figure price tag, with volume discounts available for those indexing large amounts of data. Anything more than 100GB per day requires a custom quote. Splunk Light, however, indexes up to 500MB per day for free, and will index anywhere from 1GB to 20GB per day for a sliding scale fee starting at $75/month.

Shay Mowlem, vice president of product marketing at Splunk, said most of the features not included in the light version are unlikely to be of interest to the midmarket customer targeted with this release. The prepackaged Splunk apps, enterprise-grade distributed processing, and security options are not included in Spunk Light, but Splunk's core features -- ingestion, analysis, reporting, alerting, dashboards, and so on -- are all present.

"Many companies may stay with Splunk Light," Mowlem said, "but some will want to expand." The transition between the Light and Enterprise versions is "seamless," involving nothing more than buying an upgrade license key, installing it, and restarting, with all existing data and settings preserved, he said.

Mowlem didn't seem concerned about competition from open source alternatives to Splunk. "Small IT teams," meaning the folks likely to want a product like Splunk, "are dealing with putting out fires," he said. "They want to get up and running quickly, and they're not into building their own tools." The open source options out there, Mowlem claimed, don't seem well-aligned with the midmarket customers that Splunk spoke to.

One of those competitors, Graylog, is now offering a professionally supported version of its open source product; support contracts begin at some $2,500 per year, with no intake limits. That's around what a Splunk customer would pay for a perpetual license with a 10GB-per-day intake limit. But where Graylog falls short is in offering a whole array of complementary products, like Splunk with its apps that plug into a range of infrastructures and third-party services.

Graylog might not need to copy that functionality to appeal to the midmarket customers Splunk hopes to capture, but it's an example of how Splunk has a multifaceted command of the market.

[This article was edited to clarify the pricing of the Light version, which is free up to the first 500MB of data indexed per day.]

Copyright © 2015 IDG Communications, Inc.

How to choose a low-code development platform