Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.

Splunk

Heard Splunk is Expensive? What About $17/user/year?

  • by Helge Klein
  • May 31, 2017

uberAgent’s primary backend for data storage, search, and visualization is Splunk, the leading big data platform. Some people, especially when they are new to Splunk, are worried about the additional cost. Apparently, Splunk is rumored to be expensive. Let me debunk that myth for the uberAgent use case.

No Database Required

Many products use a database for data storage, which can incur significant additional costs, especially when clustered. This is not the case with uberAgent. There is no database, nor are there any other required infrastructure components. uberAgent only needs Splunk. This is the first good news.

The other good news is that Splunk is actually very affordable when used with uberAgent. Let’s take a look at an example to find out precisely what the numbers may look like.

Splunk Pricing Example Calculation

Acme Corporation needs visibility into user experience and application performance on their laptops. They also want to be prepared for the upcoming migration to Windows 10. They choose uberAgent as their end-user computing monitoring and analytics product. Before they install the agent on all 1,000 of their Windows machines, they need to determine which Splunk license is right for them.

Splunk Enterprise annual pricing

They know from our data volume calculation guidelines that the average data volume per client is 15 MB/day. Multiplied by 1,000 machines this amounts to a daily volume of 15 GB to be indexed by Splunk.

Splunk licenses are based on the amount of new data added to the Splunk index per day. A 15 GB license is considered a small license; customers that are using Splunk for security or log analytics often have licenses in the range of terabytes per day.

Splunk’s website lists a price of $1,150 per GB for a yearly 15 GB license including maintenance. Divided by 1,000 users this amounts to $17.25 per user per year. Compare that number to the price of pretty much any SaaS application (e.g. Salesforce or GoToMeeting) which cost many times that per user per month.

Splunk Cloud

If you do not want to maintain Splunk servers, on-premises Splunk Cloud might be the right choice. Looking at the 20 GB/day tier, the annual price per user is only $20.7.

Given that Splunk manages the entire backend and even guarantees 100% availability, the markup compared to on-premises Splunk Enterprise is surprisingly low (20%), making Splunk Cloud a compelling offer.

Benefits of Splunk

Splunk has several features and capabilities that put it far ahead of the competition.

Practically Unlimited Scalability

A single Splunk server can handle between 100 and 250 GB of incoming new data per data. When that is not sufficient, just add more machines, the load is balanced automatically. Optionally configure replication if you want to be safe in case individual servers become unavailable.

Data Retention Only Limited by Disk Space

Being a big data platform, Splunk can store and search vast amounts of data. This means visibility is not cut off after a week, a month, or any other arbitrary time. In fact, you can keep the collected data for as long as you like. Disk space is the only limiting factor.

There is also no averaging of historical data. Other products need to replace the collected data with less detailed averages after a certain time to keep the sizes of their databases from ballooning. This is not the case with Splunk. All collected data can be retrieved in full fidelity even years later.

Easy Custom Dashboard Creation

uberAgent comes with a rich set of dashboards that are well suited for many requirements and use cases. Whenever that is not enough, Splunk’s dashboard editor allows for easy creation of custom visualizations that can be arranged into dashboards or used in scheduled reports.

Operational Intelligence

Although uberAgent is our preferred Splunk use case 😉 there is a lot more you can do with it. Splunk’s app store lists hundreds of apps for a wide range of products and technologies. All of these can be used at the same time, and data from multiple sources can be brought together in queries and visualizations. Imagine the possibilities – metrics and events from all your relevant IT components in one place, ranging from networking appliances to end-user computing machines. That is what Splunk calls operational intelligence.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.

Comments

Your email address will not be published. Required fields are marked *

Comments

Apologises if I am misunderstanding the pricing calculation above:

1000 x 15MB a day = agree this is 15GB of data going into Splunk

But this is just one day, do you not need to multiple by 365 days to get the yearly cost? 15GB x 365 = 5475GB

Splunk charge $1150 per GB so £££££££

Splunk pricing is based on daily indexed data volume. A 100 GB Splunk license, for example, allows you to send 100 GB to Splunk - every single day. How long you store that data is entirely up to you (retention is configurable).

but isn't daily index volume going to go up ? so after 30 days it would be 30 * 15 = 450 GB. how will that be charged ?

Hi Michael,

Splunk licenses are based on the amount of new data added to the Splunk index per day.