From a few reviews I saw that Elastic Stack, which is an open source stack solution is gaining popularity.
Splunk has been in the market for quite some time but is commercial product.
Is it possible to replace Splunk with Elastic Stack?
If so, what are all the benefits we may be losing in this decision?
Does Elastic Stack also have a retention policy?
Is Kibana a form of equivalent to what Splunk provides?
Is it advisable to set Elastic Stack for an enterprise application?
What may be the challenges if we want to setup Elastic Stack for application which runs on two nodes and with a load balancer?
I have started to recently evaluate the same approach for myself and a few clients.
The short answer is that it is definitely possible to replace Splunk with the ELK stack for very many use cases. Splunk is a robust, well-integrated platform that has a vibrant ecosystem of applications, but ELK also has quite a few applications and is starting to hold its own as many more people become disgruntled with the pricing of Splunk and its commercial brethren.
Integration is going to take a bit more work with ELK than with Splunk, and there are not as many easy-to-use 3rd party offerings, but Elastic Search is very powerful and flexible, and the cost savings if you have a lot of data can be super significant. Plus, Elastic Search has a cloud option which, if appropriate for your environment, would reduce the integration and deployment complexities.
Splunk is definitely fast, powerful, and complete, but I think that Elastic Search and the rest of the ELK stack can be used in its place for most installations (small or large), and the cost savings can be applied, in part, to consulting assistance.