Blog

Heard Splunk is Expensive? What About $17 / user / year?

uberAgent’s primary backend for data storage, search and visualization is Splunk, the leading big data platform. Some people, especially when they are new to Splunk, are worried about the additional cost. Apparently Splunk is rumored to be expensive. Let me debunk that myth for the uberAgent use case.

No Database Required

Many products use a database for data storage which can incur significant additional costs, especially when clustered. This is not the case with uberAgent. There is no database, nor are there any other required infrastructure components. uberAgent only needs Splunk. This is the first good news.

The second good news is that Splunk is actually very affordable when used with uberAgent. Let’s take a look at an example to find out exactly what the numbers may look like.

Splunk Pricing Example Calculation

Acme Corporation need visibility into user experience and application performance on their laptops. They also want to be prepared for the upcoming migration to Windows 10. They choose uberAgent as their end-user computing monitoring and analytics product. Before they install the agent on all 1,000 of their Windows machines they need to determine which Splunk license is right for them.

Splunk Enterprise annual pricing

They know from our data volume calculation guidelines that the average data volume per client is 15 MB / day. Multiplied by 1,000 machines this amounts to a daily volume of 15 GB to be indexed by Splunk.

Splunk licenses are based on the amount of new data added to the Splunk index per day. A 15 GB license is considered a very small license; customers that are using Splunk for security or log analytics often have licenses in the range of terabytes per day.

Splunk’s website lists a price of $1,150 per GB for a yearly 15 GB license including maintenance. Divided by 1,000 users this amounts to $17.25 per user per year. Compare that number to the price of pretty much any SaaS application (e.g. Salesforce or GoToMeeting) which cost many times that per user per month.

Splunk Cloud

If you do not want to maintain Splunk servers on premises Splunk Cloud might be the right choice. Looking at the 20 GB/day tier, the annual price per user is only $20.7.

Given that Splunk manages the entire backend and even guarantees 100% availability the markup compared to on-premises Splunk Enterprise is surprisingly low (20%), making Splunk Cloud a compelling offer.

Benefits of Splunk

Splunk has a number of features and capabilities that put it far ahead of the competition.

Practically Unlimited Scalability

A single Splunk server can handle between 100 and 250 GB of incoming new data per data. When that is not sufficient just add more machines, the load is balanced automatically. Optionally configure replication if you want to be safe in case individual servers become unavailable.

Data Retention Only Limited by Disk Space

Being a big data platform, Splunk can store and search vast amounts of data. This means visibility is not cut off after a week, a month or any other arbitrary period of time. In fact, you can keep the collected data for as long as you like. Disk space is the only limiting factor.

There is also no averaging of historical data. Other products need to replace the collected data with less detailed averages after a certain time in order to keep the sizes of their databases from ballooning. This is not the case with Splunk. All collected data can be retrieved in full fidelity even years later.

Easy Custom Dashboard Creation

uberAgent comes with a rich set of dashboards that are well suited for many requirements and use cases. Whenever that is not enough, Splunk’s dashboard editor allows for easy creation of custom visualizations which can be arranged into dashboards or used in scheduled reports.

Operational Intelligence

Although uberAgent is our preferred Splunk use case 😉 there is a lot more you can do with it. Splunk’s app store lists hundreds of apps for a wide range of products and technologies. All of these can be used at the same time, and data from multiple sources can be brought together in queries and visualizations. Imagine the possibilities – metrics and events from all your relevant IT components in one place, ranging from networking applicances to end-user computing machines. That is what Splunk calls operational intelligence.

Leave a Reply

Your email address will not be published. Required fields are marked *