Humio – Logging at scale at a fraction of the price of Splunk and ELK – The Cost

By on February 9th, 2021 in AIOps, Humio, Log Management

This is Part 2 of a 2 part blog. The 2 parts are:

01

The Technology
An overview of why Humio is different from other products. Part 1 can be read here.

02

The Cost
An analysis of why the technology makes the Total Cost of Ownership cheaper than Splunk or ELK.

Humio Community Edition

Log everything and answer anything in real-time at zero cost.

Click here to try Humio for yourself

The Cost

One thing I’ve heard quite a lot over recent years is that companies would like to collect and analyse more log information, but as data volumes grow exponentially, traditional log management and security information and event management (SIEM) solutions make it cost prohibitive to collect all the required data.

According to Gartner, “Licensing models for many SIEM tools often dissuade customers from collecting all relevant events and logs…Organizations that lack sufficient budgets to expand their existing SIEM solutions must then choose between deprioritizing existing use cases, not adding new use cases or decreasing the scope of monitoring.”

However, there is now an alternative to high-cost products like Splunk and ELK. Humio has been designed from the ground up to leverage technologies that make it cost-effective and highly efficient to collect and search all log data and do so at scale, and in real time.  This blog will look at what makes Humio different and why this also makes it cheaper than the alternatives.

I started this blog by stating that Humio is cheaper than Splunk and ELK and in part 1 of this blog I (hopefully) have explained how it works you can start to understand why this is. In this last section I will give some example figures and go through the 3 reasons that make Humio cheaper than the opposition.  All of the data I use in this section is available on the Humio website under the pricing section. This allows you to put your own parameters in an get an estimated Total Cost of Ownership (TCO) and potential savings over Splunk and ELK.

Let’s look at these 3 reasons.

Storage

Firstly, Humio uses less storage. There are 3 reasons for this:

  1. It eliminates the need for large index files
  2. It compresses data by 5-15x or more, making it more efficient to store, transfer, and compute.
  3. Humio is designed for streaming data and leverages Bucket Storage as primary storage to make deployments of Humio cheaper, faster, and easier to run. This enables infinite retention, and storage of huge volumes of live data at low costs.

In an example of 2000 GB ingested per day Humio predicts that the total storage required is a fraction of that needed by ELK or Splunk and therefore the costs are also much smaller.

Through 2024, Gartner predicts that 40% of enterprises will have reduced their storage and data protection costs by over 70% by implementing new storage technologies and deployment methods.

David Højelsen,  Co-founder of Mono Solutions said, “Just managing the server our old Elastic set-up costs more that the whole cost of using Humio.”

Hardware

Secondly Humio needs fewer Nodes to operate efficiently. The important thing with Humio is the speed of the query which depends upon the number of CPUs, available RAM, and disk speed. The good news is that Humio’s approach works well with modern hardware as it uses principles of mechanical sympathy to decrease processing time, speed up the search by compressing data, and pulls data from cached memory whenever possible.

In addition, an index-free data store does not need to be sorted and so it can use a simple append-to-file operation to write to a bucket and use streaming reads when processing the data. This sequential data access puts less stress on the hardware and avoids a good deal of I/O waiting.

Humio as a result uses fewer Nodes. If we look at the same 2000 GB per day example the number of Nodes is static with Humio but is predicted to grow quickly with other products. Again, the TCO reflects this requirement.

Product Price

I’m not going to go into the product price as this is not affected by the technical elements I have discussed in the blog. The important thing to mention here is that you have options on how to buy the product.

  • Self-Hosted – you can run Humio yourself, on the infrastructure of your choice
  • Humio SaaS – Humio manage everything and keep your data safe

The costs for these are set out on the Humio web site. In the 2000 GB daily ingested data example I have been using shows TCO savings over 3 years over Splunk of over $500,000 and for ELK even more.

If you would like to know more about Humio or start a trial then please email me at simon.barnes@orb-data.com

Visits: 998