Splunk vs Sumo Logic: Which Is Better For Big Data Log Analysis?

By UpGuard on June 17, 2015


Splunk and Sumo logic are two competing big-data analytics, machine data, and log management solutions designed mainly for IT operations and security use cases. Albeit fierce competitors on many fronts, the two also take different approaches to the problem space and cater to slightly different markets. Splunk is more enterprise-focused and geared towards on-premise solutions, whereas Sumo Logic is the plucky innovative startup offering a cloud-based offering at lower price points. Let’s look at them in more detail.


Splunk was started in 2003, making it a big data veteranactive in this space long before big data was a thing. In this sense, they arguably invented the machine data analysis industry. By collecting and analyzing machine data, Splunk’s application is able to offer consolidation and reporting based on a number of notices, events, and changes in the whole IT environment. The platform supports over 600 apps: various third-party applications that Splunk can connect to and consume logs from, such as Cisco’s IOS or Windows server event logs. It then uses specific formulas, deep-dive searches, and keyword analyses to aggregate the data into meaningful and actionable summaries for quick human consumption.

Splunk is mostly an enterprise, on-premise tool, although there is a SaaS cloud version (more on that a bit later). There are several advantages to this setupfor example, transferring large data volumes is not a concern on one's own network. Furthermore, confidential and/or sensitive data does not need to be scrubbed from logs before sending to Splunk for processing and analysis. Of course, one needs to provide hardware robust enough for supporting large datasets, as well as manage and scale these resources as needs grow.

As mentioned previously, Splunk introduced a SaaS version of their application in 2012. Dubbed Splunk Storm, it was intended to offer Splunk Enterprise's benefits in a cost-effective SaaS offering. However, the offering proved problematic to the enteprise offering's viability, and was subsequently replaced with Splunk Clouda hosted version of Splunk Enterprise.

Despite its name, Splunk Cloud lacks the multi-tenant, subscription-based delivery model of its predecessor. This of course makes its pricing structure a challenge for smaller organizationsat the time of this writing, Splunk Enterprise's perpetual license starts at $4500 per GB at a 1GB/ day data volume limit, $2500 per GB at a 10GB/day limit, and $1500 per GB for a 100GB/day limit. The equivalent on Splunk Cloud will range from $1800 per GB/year at a 1GB/day limit, up to $600 per GB/year at a 100GB/ day limit. Clearly, Splunk’s price points are aimed at enterprise customers. In-depth pricing information is available on its website.

Sumo Logic

If for nothing else, newcomer Sumo Logic will surely be remembered for its unusual name. Founded in 2010, Sumo Logic is the pack leader among several new contenders vying for Splunk’s throne. Unlike Splunk, Sumo
Logic’s SaaS analytics offering is entirely cloud-based and maintenance-free. Built-in support for Amazon AWS comes out-of-the-box, with integrations and support for VMware also available, among others. The platform is also available as a hybrid cloud solution in which a dedicated on-premise Sumo machine gathers and sends logs to Sumo Logic’s cloud servers.

Designed conceptually as a "Splunk in the cloud," the platform shares many of its competitor's features, essentially enabling the search, refinement, and charting of mass amounts of log data. One of Sumo Logic’s main selling points is its ability to establish baselines and actively notify administrators when key metrics change after an event, such as a new software version rollout or network breach attempt. Sumo Logic doesn’t possess an expansive apps ecosystem like Splunk, but nonetheless incorporates all the main development/automation tools, cloud platforms, OS platforms, and compliance and security tools. The company has won several industry accolades for innovation, and has patents pending for its groundbreaking engines and technologies: Elastic Log Processing, LogReduce, and Anomaly Detection.

Sumo Logic's offering is not without its share of drawbacks. For example, one may run into issues when using devices and services from smaller unsupported vendors. Additionally, the platform's SaaS-only model requires a solid underlying internet connection for supporting environments with significant traffic from devices. Pricing can also get unwieldy fast: the lowest 1GB/day price tier costs $90 per month (with a cryptic $108 annual prepay), but increases to $270, $450 and $1800 for 3, 5 and 20GB/day plans. At the end of the day, however, this is still a fraction of Splunk’s pricing, and Sumo Logic also offers a limited-feature free tier with a 500MB a day limit for 1-3 users. More pricing information is available at Sumo Logic's website.

Sumo Logic and Splunk both offer competent solutions for extracting useful summaries and actionable insights from log data. The latter is a mature, enterprise-focused product with most value centralized in its on-premise offering. Sumo Logic is a newish entrant with an innovative cloud-based solution suited towards small and medium-sized organizations. Noticeably lacking in its offering is an equivalent of Splunk's vast ecosystem of apps, as well as mature documentation and an expansive user base. However, both options feature REST APIs for easily integrating the respective solution into one's continuous security toolchain.

Free DevOps and Security eBooks

The table below summarizes some of the main differences between the two solutions.



Sumo Logic

Installation & Setup

Offers both on-premise and cloud version

Cloud-only, SaaS version


Richest feature set available. Expansive ecosystems of 3rd-party apps.

Not as many apps as Splunk, but all major manufacturers’ products supported. Superior analytics and log-reduction engines.

Pricing (per GB)

Starts at $4500 perpetual license and $1800/ year for cloud version

Starts at $1188 per year (($90 x 12) +108 = 1188) for cloud version

Documentation & Support

Excellent documentation, knowledgeable support, active forums

Mediocre; community support and forums are lacking




The World's First Cyber Resilience Platform

Whether your infrastructure is traditional, virtualized, or totally in the cloud, UpGuard provides the crucial visibility and validation necessary to ensure that IT environments are secured and optimized for consistent, quality software and services delivery.

See how it works at UpGuard.com