Tag: sumo logic

Coralogix vs. Sumo Logic: Support, Pricing, Features & More

Posted on by eugene evdokimov

Sumo Logic has been a staple of the observability industry for years. Let’s look at some key measurements when comparing Coralogix vs. Sumo Logic, to see where customers stand when choosing their favorite provider.

Summary: Coralogix vs. Sumo Logic

Core Features – Logs, Metrics, Traces & Alerting

Both Coralogix and Sumo Logic support ingesting logs, metrics, and traces. These three data types are common across almost all SaaS observability platforms, so it’s no surprise that they’re well covered in both offerings. 

Data Correlation and Usability – Coralogix vs. Sumo Logic

While both platforms can ingest logs, metrics, and traces from many different sources, Coralogix excels at bringing all this data together in a single, cohesive journey that allows users to sail between data types seamlessly. 

Coralogix Flow Alerts

A significant difference between Coralogix and Sumo Logic is Coralogix Flow Alerts. Flow Alerts allow users to orchestrate their logs, metrics, traces, and security data into a single alert that tracks multiple events over time. This unique capability enables customers to create alerts that describe the complete picture of their system. 

Machine Learning Capabilities – Coralogix vs. Sumo Logic

Both offerings make use of machine learning for similar objectives. They both utilize clustering algorithms to group similar logs and profile customer data to detect anomalies and “unknown unknowns.”

However, the Sumo Logic offering, named Log Reduce, is far less sophisticated than Coralogix Loggregation. While Log Reduce relies heavily on Regex matching, Coralogix Loggregation requires no such configuration and will automatically cluster logs and provide insights without any assistance required.

SIEM, SOAR, and CSPM, and SSPM

Coralogix offers SIEM, CSPM and SSPM solutions. Sumo Logic offers SIEM and SOAR. This means that while Sumo Logic has a built in SOAR solution, it does not offer any visibility into the security posture of cloud infrastructure or the SaaS solutions on which customers depend. This is where Coralogix shines.

Coralogix also supports webhook integrations for any downstream platform. Combined with powerful alerting, users can easily route and orchestrate their remediation systems. The flexible nature of this integration means that customers are not locked into the tools that Coralogix is natively compatible with, and instead can easily fit Coralogix into their existing system and orchestrate their response to incidents.

The Security Resource Center – Your Extended Security Team

There are clear differences in platform features between Coralogix and Sumo Logic, but that isn’t the end of the story. Coralogix offers the Security Resource Center (SRC). The SRC offers threat hunting and incident response services, without the headache of hiring or training an in-house team. The SRC team are comprised of Analysts, Researches and Threat Hunting experts. This service, coupled with the unparalleled scalability of the Coralogix platform, and the cost effective nature of the SRC (20% of the cost of an in-house team) makes the Coralogix platform an incredibly powerful solution.

Pricing Model

Here, again, Coralogix wins out. The Coralogix pricing model is based entirely on GB ingested into the data pipelines that meet your needs. There is no extra costs for features, hosts, etc. making it easy for you to predict costs. Here are the data pipelines available in Coralogix:

  • Frequent Search = Data is indexed and placed in hot storage. Full access to all features.
  • Monitoring = Data is not indexed but fully analyzed in-stream and stored in archive with rapid querying. Full access to all features.
  • Compliance = Data is sent straight to archive but can be fully queried at high speed with no extra cost.

This unified pricing model makes it much easier for customers to understand how much they will be charged. 

Built-in cost optimization with Coralogix

Coralogix does not tier its offering, nor does it charge for different services. Customers pay for their data and get everything else included. One would then expect that the Coralogix per-unit price is higher, right? No, Coralogix is drastically lower.

This is because Coralogix leverages its custom-built Streama© architecture, which enables it to process data in-stream, and make decisions about data, long before it has been stored and indexed. This enables Coralogix to run much more efficiently than anyone else, and in turn, that is reflected in the price point.

Sumo Logic’s pricing stumbles in the ring

By contrast, Sumo Logic charges different rates for different services, and charges a per-host amount for Infrastructure Monitoring, which scales poorly when dealing with microservice-based architectures. Additionally, Sumo Logic’s new flex pricing, while claiming that you only pay for data you use, is priced by scan volume, not valuable data. A query can scan multiple terabytes of logs, before returning only a small portion of valuable information. Sumo Logic will charge for all of those terabytes scanned, anywhere between $2.05 – $3.77 per TB, depending on region and usage profile, which only becomes a bigger problem as customers ingest more data. 

Archiving and Archive Query

When comparing Coralogix vs. Sumo Logic archiving, the differences become clear. While both support archiving of log data into AWS S3, Coralogix takes this a step further with a few key additions:

  • Coralogix also supports archiving of tracing data, for long-term performance analysis
  • Coralogix allows users to query their archive, without the need to reindex

Both platforms support reindexing, but only Coralogix allows users to directly query their archive, without the need to rehydrate their data. Even though the data is held unindexed within S3, query times are still blazing fast. A 10TB query completes in around 10 seconds. For context, the Coralogix DataFusion query engine is up to 5x faster than AWS Athena. 

Unmatched Data Analysis

While Sumo Logic supports reindexing of archived data, this creates a barrier for its customers and opens difficult questions, for example: How much data should be reindexed? With Coralogix, customers can query their archive directly, for no additional cost. Coupled with the power of DataPrime, Coralogix supports schema on read & schema on write queries, which opens up unparalleled data discovery, and makes data navigation much more fluid. 

Archive Query enables HUGE cost optimizations

Coralogix customers often begin by indexing the majority of their data, but over time, the majority of their data tends to go straight to the archive. This is because the archive is not hidden away, and it can be rapidly queried in seconds, for no additional cost

This functionality means Coralogix customers can store the majority of their data in S3, and pay at most $0.023 / GB for storage (further savings are possible with data compression). When this is coupled with the Compliance pipeline’s ingest costs in Coralogix, which are $0.17 / GB, this makes a per GB cost for ingest and storage of $0.193 / GB. This is a fraction of anyone else on the market, and regularly allows customers to cut costs by between 40% and 70%. 

Support

There is no competition in the arena of customer support. The shortest response time SLA that SumoLogic offers to its enterprise customers is 0.5 days. In contrast, Coralogix currently boasts a median support response time of 15-30 seconds. To boot, it offers this support to all of its customers, not just those that are paying for the premium support.

This is because Coralogix does not offer a tiered service. All features, including world-class support, are available to all customers, regardless of spend. This model means Coralogix offers, by far, the best support on the market. 

Even onboarding is free!

Coralogix even offers a free onboarding service, to help new customers get integrated into the Coralogix platform. This involves expert engineers, working with customer teams, to deploy software according to best practices. This means that when a customer decides to join Coralogix, they’re getting support from day 1. 

All in all 

While Sumo Logic has an outstanding set of features, the unique Coralogix differentiators are difficult to beat. 30 second median response time, unlimited retention and remote query, Flow Alerts, and the most transparent pricing model on the market.

But don’t take our word for it. Sign up for a free trial today, and see the next generation of observability for yourself. 

Sumo Logic vs Splunk vs ELK: Which is Best?

Posted on by eugene evdokimov

From production monitoring to security concerns, it’s critical for businesses to analyze and review their log data. This is particularly true for large and enterprise companies, where the sheer amount of data makes log analysis the most efficient way to track key indicators. CTOs, in particular, are dealing with the challenges of this massive amount of data flowing through their organization, including how to harness it, gather insights from it, and secure it.

When it comes to the best platforms for log analysis and security information and event management (SIEM) solutions, 3 trivial Elk Stack alternatives come up: Splunk, Sumo Logic, and ELK.

Choosing which of these big guns to go with is no easy task. We’ll look at these top three platforms, including their advantages and disadvantages, and see who comes out the winner.

What is Splunk?

Splunk Enterprise is a platform to aggregate and analyze data. With Splunk, you can automate the collection, indexing, monitoring, and alerting functions when it comes to your data to control and leverage the information flowing into your business.

Scheduled searches let you create real-time dashboards and visualizations (offering both XML and drag-and-drop style customization options for visualization), while scheduled reports enable you to run and share reports at various intervals. In terms of support and community, Splunk hosts Splunkbase, which has thousands of apps and add-ons.

 

Splunk

The platform has the functionality to be used by experts as well less technically-inclined users. It scales well – with the ability to scale up to unlimited amounts of data per day – and has built-in failover and disaster recovery capabilities.

In addition to the self-hosted Splunk Enterprise, there is also the Splunk Cloud option, where Splunk is deployed and managed as a service.

Splunk dashbaord

 

The pros of Splunk

Splunk is good at what it does, which is primarily fast consolidation of logs to be able to search data and find insights.

The cons of Splunk

The biggest concern with Splunk is the complexity of setting it up and maintaining it. It has a relatively steep learning curve and can take time to get going properly and manage on an ongoing basis. The other major issue to be aware of is pricing, which can be quite high.

Understanding Splunk’s pricing 

Splunk Enterprise starts at $173 per ingested GB, is quoted per month. It is billed annually, and includes standard (not premium, though this is available) support.

What is Sumo Logic?

Sumo Logic is a cloud-native, machine data analytics service for log management and time series metrics. With the service, you can build, run and secure your AWS, Azure, Google Cloud Platform, or hybrid applications. 

How does Sumo Logic compare with Splunk?

The biggest difference when compared with Splunk is that Sumo Logic is built for the cloud; even though Splunk now offers its Splunk cloud option, Sumo Logic’s architecture is built around cloud usage. 

This means integrations are smoother, particularly when it comes to platforms such as AWS; scalability is built-in, there is no need for constant updates, and getting started is quicker and easier than with Splunk.

SumoLogic visualization

 

The pros of Sumo Logic 

Sumo Logic is easy to use and has all the advantages of being a SaaS solution, such as scalability, getting up and running quickly, and so on. Some people like the UI, while others prefer the other offerings’ look and feel.

The cons of Sumo Logic

Sumo Logic lacks some of the extended features of Splunk, particularly when it comes to the Splunk Enterprise offering. There have been complaints about Sumo Logic’s speeds when searching older data, its customer service, and its pricing being on the expensive side. Sumo Logic also lacks some of the community support of Splunk and particularly ELK.

 

Sumologic dashboard

 

Understanding Sumo Logic pricing

The Sumo Logic Enterprise platform starts at $150 per GB per month, with an annual commitment required. If you want the full support package, it’s an optional add-on to this package.

What is ELK?

ELK is the world’s most popular log management platform. The ELK Stack is made up of three different solutions, all of them open-source: Elasticsearch, Logstash, and Kibana.

Elasticsearch is a search engine based on Lucene that provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Logstash collects, parses, and stores logs, and Kibana is a data visualization tool. Also included as part of the stack is Beats, a platform for lightweight shippers that sends data from edge machines to Logstash and Elasticsearch. With the addition of Beats, ELK Stack became known as the Elastic Stack.

 

Kibana visualizations

 

With ELK, you can reliably and securely ingest data from any source, in any format and search, analyze, and visualize it in real-time. Being open source, it’s been rigorously tested by the large ELK community and is trusted by companies such as Sprint, Microsoft, eBay, and Facebook.

The pros of ELK 

ELK consolidates three mature components to form one powerful solution. Being an open source tool, there are numerous benefits that come with the adoption of ELK. In general, there has been a tremendous movement towards open source, particularly for enterprises. 

Open source solutions come with a lot of control, where you aren’t tied to a rigid way of doing things, and open source tools, especially ones like ELK/Elastic Stack, bring with them a vibrant community of contributors, testers, and fellow users who can contribute to your success.

The cons of ELK

If you are setting up yourself, it can be challenging to set up and maintain. Most users go with a solution that handles the setup for them.

Understanding ELK’s pricing

ELK is free (if you are using the open source version without X-pack).

Which platform is the best?

Given our significant combined experience with all of these platforms, deciding which one to pick had to be carefully weighed up. The functionality and feature set of Splunk, the simplicity and cloud-native advantages of Sumo Logic, and the open source design and robust nature of ELK.

A winner had to be chosen, and based on all of our research and experience, it had to be ELK – thanks to its vibrant community, the fact that it’s constantly improving and evolving faster than its competitors, has better JSON format support, is easier to use and get started with, and of course, comes in at a much lower price.

This is despite its drawbacks – the standard versions of it lack alerting, anomaly detection, and integrations into the development lifecycle – overall, however, it stands above the others as an all-round tool.

Being on top of your logs is critical, whether it’s for production monitoring and debugging, security purposes, resource usage, or any other of the multitude of key business functions log analysis supports.

With Coralogix’s platform, you can know when your flows break, automatically cluster your log data back into its original patterns so you can view hours of data in seconds, see all of your organization’s key indicators at a glance, and a whole lot more. 

Interested in finding out more about how your organization can benefit? Check out Coralogix to see how we can help.

(This article was updated in August 2023)