Has to be cost. With how much they charge I'm still surprised that there's no startups offering comparable (particularly on-prem) products. May be it's a harder product to make than it seems.
> I'm still surprised that there's no startups offering comparable (particularly on-prem) products
Please consider giving EventQL [0] a try some time! It's completely open-source and self-hostable. Still a new project though, just released this summer and still in beta.
"EventQL is a distributed, analytical database. It allows you to store massive amounts of structured data and explore it using SQL and other programmatic query facilities."
So it's a completely different class of application than splunk or elasticsearch, and one that you have a commercial interest in. Please don't spam HN.
>> So it's a completely different class of application than splunk or elasticsearch
Sure it takes a somewhat different approach (i.e. it requires an explicit schema), but for the use case discussed in this thread it _is_ completely relevant and a comparable open-source/on-premise alternative which parent was asking about.
>> one that you have a commercial interest in
Yes, I'm involved in the EventQL project but I thought that it was obvious from the way I phrased my posting. Usually I always include a disclaimer to prevent misunderstandings but I didn't consider it necessary in this case.