UpGuard technical articles

SCOM vs Splunk

Written by UpGuard | Dec 28, 2016 10:48:11 PM

The enterprise's infrastructure monitoring needs have evolved drastically over the years; more often, firms need operational intelligence regarding the health and performance of a myriad of IT assets: physical/virtual servers, applications/services, security devices, and more. System Center Operations Manager (SCOM) and Splunk are two leading solutions on the market for monitoring datacenter health and performance; let's see how they compare for keeping the enterprise IT ship afloat.

It's worth noting that although Splunk is quite proficient in IT operations monitoring, it isn't exactly a monitoring tool per se—the solution focuses on providing search, monitoring, and analysis capabities for log files and other types of machine data. Many firms will pair Splunk's analytics and trending capabilities with open source solutions like Nagios for monitoring and alerting.

 

In fact, a Splunkbase add-on even exists for integrating Splunk with SCOM. The component essentially fetches SCOM events/alert data and forwards it to Splunk, thereby making it possible to search and report on SCOM event/alert data from within the platform.

Splunk

Much of an organization's operational and security intelligence can be derived from server and device-generated logfiles. But without an efficient mechanism for traversing and making sense out of this sea of data, firms are crippled in their ability to prevent outages and data breaches. Splunk's reputation as the "Google for logfiles" stems from its unification of logfile data from a myriad of systems and devices across an IT environment into a single interface.

The Splunk UI. Source: splunk.com.

With Splunk's platform, IT admin and operators can get a single pane of glass view into the collective state of their systems. And with over 1000 apps and add-ons in its Splunkbase library, the platform is capable of accomodating a wide array of data sources.

SCOM

Acquired from Mission Critical Software in 2000, SCOM is a relatively newer addition to Microsoft's line of data center management tools. The flagship infrastructure monitoring solution uses an agent-based architecture to track the performance and availability of pre-defined "objects" in the environment: server hardware, system services, operating systems, hypervisors, or applications. Using SCOM, IT admin and operators can monitor these objects via a streamlined management console. 

The SCOM UI. Source: microsoft.com.

It's worth noting that the product was completely rewritten in 2007 and now comes as part of System Center 2016. Systems Center 2016 includes other tools such as Configuration Manager for managing/enforcing configurations, Orchestrator for automating datacenter tasks, and Service Manager for incident response and change control. 

Side-by-Side Scoring: Splunk vs. SCOM

1. Capability Set

Both solutions offer powerful monitoring capabilities for the enterprise, with specific benefits that vary per organization. For Microsoft shops, SCOM certainly offers more comprehensive monitoring coverage—even Office365 and Azure apps are covered. Organizations with a disparate toolset and heterogeneous environment may find Splunk a better fit.

Splunk
SCOM


2. Ease of Use

Splunk is relatively easy to deploy and use, offering users a set of dashboards with easily accessible features and intuitive configuration options. In contrast, SCOM is notoriously complex to and difficult to configure, run and maintain. That said, its interface will be immediately familiar to Windows-based IT admins and operators.

Splunk
SCOM


3. Community Support

Splunk boasts a large community of users and supporters and provides resources such as its Answers database and User Groups. SCOM have Technet resources at their disposal but not much else, save for Reddit and Google.

Splunk
SCOM

4. Release Rate

Both solutions have seen regular releases over the years: Splunk's enterprise offering is currently at version 6.5; as mentioned previously, SCOM was completely overhauled in 2007 and now comes as part of System Center 2016. Full release histories for SCOM and Splunk are available on the respective vendors' websites.

Splunk
SCOM

5. Pricing and Support

Related Blog:

I Don't Need to Test My Configurations. My Deployments are Automated

A monitoring system won't troubleshoot a configuration error. A configuration test script will.

Both offerings are decidely enterprise-focused and priced according. Splunk's pricing structure is based on the volume of data processed: from a 1 GB/day perpetual license for $4,500 ($1,800 annually) to 100 GB/day for $1,500 ($600 annually). So the more data your organization processes with Splunk, the bigger the discount is.

System Center 2016/SCOM uses a core-based licensing schema that assumes a 16-core 2 processor server. 2 year licenses are available for the Datacenter and Standard Editions at $3,607 and $1,323, respectively. 

Splunk
SCOM

6. API and Extensibility

SCOM does not provide an updated REST API, though SCOM 2012 offers an SDK for automate and extending its features and creating custom applications that access/manage its data. In contrast, Splunk's well-documented REST API gives developers over 200 endpoints for accessing every feature in the product, along with SDKs for popular languages. 

Splunk
SCOM

7. 3rd Party Integrations

Splunk features over 1000 add-ons and apps in its Splunkbase app portal organized into 6 categories: DevOps, IT operations, security/fraud/compliance, business analytics, IoT/industrial data, and utilities. SCOM/Systems Center offers fewer options in this regard, but does provide integration packs for integrating with other vendors' products.

Splunk
SCOM

8. Companies that Use It

SCOM is in use by enteprises across the globe—ING, Vodaphone, Fibabanka, Infosys, MPhasis, and Equifax, among others. Similarly, Splunk counts over 12,000 enterprises and 80 of the Fortune 100 as its customers: Adobe, BlackRock, Coca-Cola, ING, Tesco, AAA, Staples, to name a few. 

Splunk
SCOM

9. Learning Curve

Despite its intuitive SaaS interface, Splunk poses a moderate learning curve, especially when it comes to building expertise for carrying out more specialized analyses. This, however, pales in comparison to SCOM—from learning its terminology to managing/fine tuning alerts and reporting, novices should expect some difficulty gaining expertise with the platform.

Splunk
SCOM

10. CSTAR

Splunk scores a strong CSTAR score of 879—its otherwise good website perimeter security and strong resilience posture are only marred by lack of HTTP strict transport security and missing DNSSEC. SCOM's 689 CSTAR score is a result of various security flaws: server information leakage, lack of secure cookies, missing DNSSEC, and more. 

Splunk

SCOM

 

Scoreboard and Summary

  Splunk SCOM
Capability Set
Ease of Use
Community Support
Release Rate
Pricing and Support
API and Extensibility
3rd Party Integrations
Companies that Use It
Learning Curve
CSTAR

Total  4.4 out of 5  3.8 out of 5

Enterprises with predominantly Windows-based environments will find System Center/SCOM in closer alignment with their needs, though again—many organizations have chosen to integrate the two, pushing SCOM events/alert data to Splunk for analysis and reporting. For tighter integration with other IT operations management and security tools, and in heterogenous environments, Splunk is a safer bet. In either case, be prepared to shell out a pretty penny for world-class infrastructure monitoring. 

 

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article