What is your experience regarding pricing and costs for Splunk Enterprise Security?

Splunk is expensive. It's based on the data inside the log. If you produce bigger logs, the cost goes up. We pay a license up to a set size, let's say 100 gigabytes, and if we have 101, they charge us for the overage. We pay about a billion Indonesian rupiah. There are many cheaper solutions. Microsoft Sentinel is also a little expensive, but there are cheaper ones like Wazuh, Graylog, and Rapid7.

The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele. Furthermore, to access the full range of features, it's exceedingly expensive to have comprehensive log data. When evaluating SIM tools and considering the cheapest option, Splunk Enterprise Security might be worth considering, especially for larger organizations. While cost is a factor, Splunk offers significant value, and I recommend it over focusing solely on price.

I was deeply distressed when they went away from their perpetual license.

Splunk can improve the pricing. People like certain features, and sales use the features that they provide, the automated features, to hook customers into paying for the big-price license. Everyone does it, like Microsoft and Cisco. Initially, you try out the free version, but once you get it in your shop and turn it into production, you start relying on it and don't want to get out. You start paying a lot more for it.

The price of Splunk Enterprise Security is reasonable, falling somewhere in the middle range.

I think that the price can be too high sometimes, especially for the cloud. We get a lot of logs that are meaningless. For example, if we are using a firewall, we get a message for every session or packet. A lot of those connections are the same. We pay a lot of money on the license and on logs that are the same. If there was a way to aggregate them, the cost of the license would be reduced.

Splunk Enterprise Security is not a cheap product, but I think it is worth every dollar that you pay.

Most of Splunk's customers are trying to find ways to keep the pricing from the ingest licensing model of Splunk down. What that comes down to is that we have to manage the platform. For our company, being a security enterprise and using it for security-relevant data allows us to streamline and control the ingest licensing model because we don't put in a lot of stuff in the tool. We have other things that we output to different data lakes. Splunk has always been on the expensive side.

It is quite expensive.

The pricing is always going to be different because it depends on the project you are working on and how much data you are going to ingest. But it's definitely worth it.

The pricing model is great. You can choose between workloads or volume. I am not part of the conversation about pricing in my organization. I just know what I know about the tool from learning about Splunk.

While Splunk offers generous developer licenses and obtaining annual licenses is straightforward, the cost is a major consideration. As open-source competitors become more sophisticated, Splunk will need to address this pricing issue in the future.

I'm not the person that deals with pricing. I have heard there is sticker shock.

Pricing is a bit costly. It always is.

I rate Splunk three out of 10 for affordability.

Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price.

The pricing can be better. We are already considering Elastic because Splunk is too expensive. You have to pay based on per-day ingestion. There should be a more flexible model for the use cases where one day you have a huge amount, and on other days, it is quite less.

The cost is very high. It's got a fairly high price point in terms of price range.

Splunk Enterprise Security's pricing is based on data volume, which generally suits large enterprises.

Splunk is a good value for the features it provides. The license is costly, but it's better than the other tools.

It is expensive. I work for multiple clients. I am working for more than 5 clients, but most of the clients are switching from Splunk to Sentinel because of the cost. Even though Sentinel is very limited, clients are moving to Sentinel.

Splunk Enterprise Security is expensive.

In terms of pricing, I believe Splunk is unreasonably costly for the majority of mid and small-sized companies. Its real advantages, or what sets it apart, seem to be more suitable for large enterprises.

I find Splunk Enterprise Security to be overly expensive, and their pricing model lacks flexibility. There is no consumption-based pricing, and dealing with Splunk can be challenging. They seem rigid, less accommodating, and often don't listen to customer needs. A more flexible and customer-friendly pricing approach, aligning with industry trends, would be appreciated.

It's mostly for EDR. You can cover servers as well; however, that requires additional licenses. Pricing is based on usage. As an EDR specialist, I interact with the tools and perform investigations. I don't deal with licensing directly. This is quite new to me. I've only recently started working with Splunk. I used to work in EDR. It took me two to three months to understand the internal architecture of the organization, and based on that, I can use Splunk for all kinds of searches. So, how long it takes to realize the benefits of Splunk depends on the person and the complexity of the environment.

Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs.

The pricing is on the high side. It's not a solution for SMEs.

While Splunk is more expensive than other solutions, we would still choose it because of its capabilities. Splunk is a leader in the field and provides a wider range of data and security features than other SIEM solutions. I would recommend Splunk over any of the less expensive SIEM products. I recommend the license-based solution over the user-based solution that Splunk offers. If I had to recommend any other SIEM other than Splunk, it would be Microsoft Sentinel.

It is expensive. That is why many customers have moved to IBM QRadar. The price is definitely a challenge for customers.

I'm not sure how much the solution costs, or how much my company pays for it. If a company needs something cheaper than Splunk, there are some open-source solutions available to them.

I can't comment on pricing. I don't take care of that aspect.

Splunk Enterprise Security's pricing is high. Larger companies may afford it, but I believe that in the current market situation, where everyone is facing challenges, financial resources are tight. Even stock market tech companies are embracing cost-saving measures. Expenses are now more constrained compared to a few years ago when companies had greater spending capacity. Companies are reluctant to make hefty payments. While Splunk is cheaper than Microsoft Sentinel, QRadar is priced at half the cost of Splunk. Splunk Enterprise Security's licensing is typically determined by the data throughput we handle. Additionally, they offer an alternative pricing model which involves payment based on CPU usage. This newer model was introduced as a response to Elastic Security. However, Splunk enforces licensing in either scenario.

The licensing is good, but the pricing absolutely needs some work. It is very high. One thing that they put in a contract, but they do not emphasize it enough is true-ups on usage based on the quarterly consumption. They do not follow that methodology. They let a customer use, use, and use, and then at some point, a true-up occurs, and it is a large cost. There is an opportunity to do a quarterly track type of true-ups as per the agreements out there. That would put them in a position where customers are able to plan on, forecast around, and work through volume adjustments that may occur in their environment. The other place where Splunk could spend time is the scale-up and scale-down model. Scale-up is easy where you get more business, and it is easy to add more capacity, whether it is storage or SVUs, but when you need to scale down because of a change in a business, it does put customers in a position where they are locked in, and there is no way to maneuver around that.

Luckily, we come under a large federal agency, and before the pandemic, they signed a large enterprise license agreement. It worked out great and to our advantage because we are a small organization. We got a 300 gig license, and we just did not have the buying power to be able to get products cheaply. Because we all partnered together under the agency umbrella, we were able to get Splunk Enterprise Security, UBA, and ITSI for cheap. This was good considering the fact that some of these premium apps require a minimum number of users, and we do not have the number of people needed to even justify buying it.

It's more expensive than the other tools but it's worth it. Every penny is worth it. They do analytics better. They do security investigations better. They do everything better.

Splunk Enterprise Security is hardly affordable for most of our clients, causing many of them to resort to using open source solutions instead. In addition to the licensing fee, there is also a support and maintenance charge.

Splunk is definitely not a cheap solution. It is an expensive product. If a customer is evaluating SIEM solutions and is considering cheaper products, it depends on the customer's budget and use cases. For a large, enterprise customer with critical infrastructure that needs to be monitored 24/7, obviously, the cheaper solutions may not have the capacity to handle the huge volume of data. Splunk has the SIEM and the scalability as well as visibility features. When you want to monitor your applications and how they are performing, that is where Splunk is very strong.

Most of the companies we work with are keen on budgeting. They can't spend much on security. Their problem is with the cost. They would like to have it but the problem is the budget. If they got a taste of Splunk Enterprise Security and its benefits, they might be able to cope better. A 15-day trial doesn't give them much hands-on or benefit from the tool. From a security perspective, they would need to have it for six months or a year to get a sense of it. We try to explain, to someone who is concerned about the cost, the functionality and how powerful the application is. Security people know it's better to have a better solution, but management has to look at the budget.

I believe that Splunk Enterprise Security is worth the price, but it is expensive. I am always trying to balance the need for security with the need to be cost-conscious.

Splunk is more expensive than most solutions, but it offers lots of value. If a customer wants the cheapest solution, we'll use that.

Splunk is costly but it’s worth it due to the high-end features.

We have an unlimited one, and we pay yearly, but I don't know how much it costs. Previously, I worked for a startup, and when they started building it up, it was complicated for them because they didn't have the budget for that many licenses. It was very costly for them. So, startups might find it a little bit problematic because of the licensing, but for bigger companies, there is no issue.

We had a yearly subscription.

They could improve their discounts. I think it's a good solution, and it's gaining a lot of traction, maybe they are recouping their R&D costs, Further reductions would be fantastic, and I believe that more and more people would flock to it.

I'm only using the free version for the time being. The cost is reasonable. Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult. When compared to QRadar, QRadar, it's simple to pay.

We pay a yearly license. You do need to set up a contract for technical support. While I don't have details about the exact pricing, my understanding is that it can be a bit expensive.

There is an annual license required to use this solution.

Splunk is not a cheap solution and the license is billed annually. The licensing model should be improved and the price should be lower, in general. You can purchase additional technical support, which is much better than the support that is included.

The price of this solution is expensive. However, it has great features. If you want a great solution you need to pay a price matching the features.

Splunk charges on the basis of gigabytes of incoming log messages per day. Also I would recommend that funds be set aside for Splunk training and certification.

The prices are complicated as we operate in a small third-world country.

It's a little bit more expensive than some of the other tools. It's not as expensive as QRadar. That said, it's more expensive than LogRhythm or Sentinel. There aren't really other fees beyond the standard costs of licensing.

I remember Splunk being relatively affordable. Kibana was more reasonable, but you get more with Splunk. If I was suggesting something, I would probably suggest Splunk because it is better to pay a little bit more and get a lot more.

Splunk licensing requires you to purchase licenses for any feature per user. For example, if you need UEBA, it is difficult to propose in the project. QRadar has a free upcharge for UEBA. Customers cannot calculate the additional costs based on gigabytes per day because they can not forecast the future.

I can comment on price in this way - in education in Ohio, we're part of the Ohio supercomputer consortium, and they act as a collective bargaining agent. So we get our licensing as a piece of the State of Ohio's Splunk license. So my pricing is very much not list or even reduced list because of the volume that the state buys. We generally spend about $20,000 a year in third party integrator costs to get us past some of the rough edges that we get with Splunk support.

Splunk solutions are much more expensive than others. Especially when it comes to megaprojects or deals, there's a lot of competition when it comes to financials.

It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all.

Splunk requires a paid license. There's no free option. Customers have to pay for the license, implementation, support - everything.

This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement.

Splunk has a subscription and a perpetual license. This product could use better pricing.

The pricing modules could be improved. The licensing fees are paid on a yearly basis. There is a standard license with provisions for more. As we are still exploring the functionality, there may be other departments that want to use it.

The licensing fees and pricing models could be reduced. It's a yearly subscription. They don't sell professionally because it's a subscription service. As a result, it is only a subscription service that is dependent on the customer's IT infrastructure.

Everything we do is either yearly or multi-year. I don't know if there is any additional cost to standard license fees.

It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back. They're kind of pushing everybody away from perpetual licensing into subscription-based models, which a lot of companies are doing too, but in most environments that I've been in, they prefer to go the perpetual license and then just pay maintenance on top of it. That's because it's easier for them to forecast the big expense up front.

The solution could be more cost-effective, as we charge our customers the cheapest price. The subscription is monthly.

The price of Splunk is reasonable.

The solution can be expensive. It's not cheap.

Filter the noise out.

My customers have found the price of the solution to be high.

We also use QRadar, and we make more money with QRadar than with Splunk as we can make bigger projects happen. However, we find that with Splunk, while we don't make as much money on each project, we can do more of them.

I think Splunk is expensive compared to other tools at the purchase stage. It's possible that if we can keep control of the costs involved down the track, it won't be so bad.

The problem with the product is that the price of Splunk is very high. It is an industry leader and therefore it's high in terms of price. That is the issue in our country. Sometimes people want to buy Splunk, however, due to the budget, they are not able to.

The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution.

Its pricing model can be improved.

Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive.

It is economical than other solutions.

When you compare the services and features, the pricing is reasonable. That said, if you compare Splunk to other options on the market, it is more expensive.

The solution is a little expensive.

The pricing model is expensive and could lead into a budget nightmare based on the amount of data. A better pricing plan would be an improvement.

While I do understand that it is a premium tool, they could work to make it a bit less in terms of cost. It's a bit expensive.

We have a 100 gig annual license. I'm not sure of the cost. Their licensing is based on the amount of data you collect. There is an additional cost for Enterprise Security. If there are any other kind of applications, the APIs that we created that we want to add, there are costs for most of those as well. Their pricing structure really could use a revamp. They really need to review and look at that and see if there's a better way that they can do it. Elasticsearch is a little cheaper and a better product in my view.

The price is comparable.

Its cost model is dependent upon the amount of data used — how many GBs we extract in a day determines our price. The price is not dependent upon how many instances we installed in Splunk. I can install thousands of instances, but it will only charge me according to how many GBs I extract per day. Overall, our customers complain that the price is too high.

Licencing occurs yearly. We now have a three-yearly support contract as of now. Licensing is a yearly, one-time cost.

Get free PS if you can (ask) or USE THE DOCS. The documentation will get you to success. If you are not getting more value out of Splunk than the license you are paying, then you are doing something wrong and should spend a tiny bit more to get a consultant like Splunxter.com to help you.

Cost versus volume in the medium/long term are heavy. It is a great tool but you have to be careful in storing a lot of data (without any criteria). Use it as an "smart-data/small-data repository", not as a "raw centralizer, stage-area or pure-SIEM". Before choose any tool and define your BSOC (Business/Sec Operation Center), read about datamart/datawarehouse concepts and models (design and archicture too) defended by Inmon & Kimball. You'll saving a lot of $ in future.

Too expensive. There are much more cost-effective and good solutions out there like ELK stack SIEM, etc

We find the solution to be quite expensive. Therefore, we're looking for other options. I don't know of the exact costs, as licensing is handled by another department.

I think that most of the log analytics solutions are expensive and I'm not sure if it's worth it. However, I wish that they were less expensive. I am not talking about a single product but rather, all of the ones that are in the domain of log analytics.

In terms of a comparison with the rest of the competition, the licensing cost would be, I would say, 30% higher than most.

The licensing cost model is complicated. I think that most of the monitoring solutions are expensive. I wish they were less expensive, for all types of products for monitoring.

Splunk is on expensive side. There are some premium add-ons like Splunk Enterprise Security or ITSI which makes it more expensive.

The pricing and licensing of the product are quite high.

Pricing is one factor that hurts everybody on the market; the client, the reseller, everybody that touches it. Only Splunk makes money. It is hard to have it for the long term if it's a stretch for your budget. Pricing becomes a problem and people are just focused on numbers rather than creating a vision for the entire product. That is the biggest factor I found with Splunk, that they just want to make money and they don't care about anything else. They lost national, country-level projects because of this attitude.

It's a little bit expensive for a small to medium enterprise.

The price could be improved.

It would be nice if the pricing were cheaper. However, we did purchase it.

The pricing seems good relative to the other vendors that we have had here. However, they need to find ways to be more flexible with the licensing and be able to deal with situations where we start generating more logs. Maybe having some controls in the Splunk interface to turn it off, so we don't have to change anything in our application. We have an existing contract with Splunk, so it makes sense to stay with them for now. Our license is for a 100 GB/logs a day.

I assume that the pricing is reasonable, because if it was too costly, there are other alternatives. However, with some of the other solutions, you have to spend time on them and manage them yourself. It might also take you three times to get it right. So, Splunk may be more costly upfront, but in the long run, it saves on time and man-hours.

Splunk is not free.

I am not personally involved with the pricing of the solution.

I have no opinion on the pricing of the product.

It is possible to use a developer's license, which is up to 10GB per day of volume traffic, which is usually enough for most use cases.

It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation.

Splunk is a bit pricier, but the benefits and ROI are huge.

It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits.

Truly evaluate the data you want to ingest and go slow. Pulling in data that can provide no use to your mission only wastes data against your license.

Be upfront about your needs and expectations. Splunk is one of the top SIEM solutions to work with.

The licensing model can be expensive, but the value it provides is significant.

Pricing can be a limiting factor. You have to continuously tune what you are bringing in and make sure what you bring in is of value.

Make it cheaper to help small organisations implement it easier.

Setup cost is cheap: It is free, it is user-friendly, and it is fast. I would highly recommend anyone evaluating this option to download the free trial which allows for the ingestion of 500MB of data per day in order to get a feel for what Splunk does at its core. It will get pricey once your ingestion rates start to sky rocket, but I would consider it expensive given the amount of information that it allows you to analyze and react on straight out-of-the-box.