ELK Stack v5 : The open source solution – composed of the full-text search engine Elasticsearch, associated with the data shippers platform Beats to prepare data, Logstash for information collection, Kibana for visualization of data and Watcher for alert generation – is arguably one of Splunk’s most serious competitors today. Especially since Kibana offers a user interface very close to that of Splunk.
Graylog : Another open source solution, available as a commercial version, Graylog v2 uses Elasticsearch to offer a solution entirely dedicated to log collection and analysis. Graylog exploits a different stack of Elasticsearch since MongoDB is used here in “data store” and Apache Kafka to centralize the collection. The solution is often presented as easier to maintain than ELK (hence their tagline “open source log management that actually works”).
Sumo Logic offers probably one of the richest Log Management SaaS solutions on the market and is a very serious alternative to Splunk Cloud. The solution is based on a licensing scheme for the volume of data injected, similar to that of Splunk, but is much more accessible for small businesses and SMEs. The solution does not have a community as active as Splunk and its universe of Apps and Collectors is much smaller. But we find original functions such as anomaly detection, LogReduce, or multidimensional performance indicators associated with an alert mechanism.
Rocana Ops is a relatively new entrant in the SaaS solution market for “Big Data for IT”. The service became famous in front Splunk attacker in a ticket controversial which led to heated exchanges between the two competitors through lawyers. Anyway, Rocana Ops is more of a Splunk ITSI competitor than Splunk itself.
Logentries is another lesser known SaaS solution but has some famous customers like Macy’s or LogMeIn. Recently acquired by Rapid7 to expand its portfolio of security solutions, Logentries is a simple and economical solution to collect and analyze your logs in real time.
Loggly is another cloud-based SaaS cloud management solution with more limited scalability. Its purpose is not so much to oversee an infrastructure or conduct security investigations, but rather to fit into DevOps procedures to find and debug operational issues.
Logscape 3 is an ‘On Premises’ alternative to Splunk Light with a fairly similar user interface. There is a Splunk Enterprise-style Apps mechanism. The catalog is today limited to about fifteen apps. There is one free version limited to 5 GB of data per day.
To this non-exhaustive list are added other purely IT tools such as those of BMC, IBM, TIBCO or HP but also new operational intelligence solutions in the Cloud as the new Microsoft Operations Management Suite .
In addition to all the tools specialized in the analysis of logs and machine data mentioned above, Splunk through its Splunk ES and Splunk UBA modules also confronts all the SIEM “new generation” solutions on the market, starting with HP ArcSight , IBM Security QRadar or LogRythm .