Hacker News new | ask | show | jobs
by pfarrell 1731 days ago
Not advocating for this decision, but did you investigate Splunk? In my experience, that’s the paid logging service that competes with ELK. It will be expensive, so you have to consider the total cost of ownership (e.g., ELK requires some experienced people to run it at your volumes) but it works AFAIK.
2 comments
baq 1731 days ago
there's expensive and then there's splunk.

but you get what you pay for. splunk will handle your load unless you're google.

link
sethammons 1731 days ago
I love splunk. Our clusters process 10s of billions of structured log events daily. We have search, reports, PagerDuty integration, dashboards, etc. It is crazy expensive but is the best system I've used in this space. We are having to save costs with so much data, so we are lowering retention time and moving the data to snowflake for data older than a week. More and more, we are leveraging Looker for reporting out of Snowflake and relying more on Prometheus monitoring for alerting. But Splunk would still be my ideal service if we had less total data.
link
fn1 1731 days ago
I second that. I love splunk as well.

Costs can also be reduced by spending some development-effort into abbreviating logs and being smart about deciding what to log and where.

link
VectorLock 1728 days ago
> Our clusters process 10s of billions of structured log events daily.

Whats that run you?

link
piaste 1729 days ago
> there's expensive and then there's splunk.

This got me curious, so OK, Splunk's pricing pages are very obtuse and they are really pushy about getting you to contact sales directly to get bleeded, but I managed to get to this "actually has a number in it" page for their Log Observer services[0], and... it looks cheaper than NewRelic, especially at scale?

NR charges $0.25 per ingested GB after the first 100 free GB; Splunk apparently only charges a flat $0.10, if you choose ingest pricing.

I guess that NR includes (a free tier of) a bunch of alerts, monitoring etc. features in their package, while they're separate packages for Splunk. Still, that doesn't seem wildly expensive at a glance. Where's the catch?

[0] https://www.splunk.com/en_us/software/pricing/faqs/devops.ht...

link
mrweasel 1731 days ago
Primary issue with using Splunk is that pretty much all other solution will seem inferiour. Great product, terrible business partner.
link
therealdrag0 1731 days ago
Yep. We’re using a Splunk with TBs of logs a day and it’s been great.
link