Skip to main content

Splunk

Analytics
3.7
Verified Editor's pick ANALYTICS

Splunk deal: Exclusive Splunk access

Splunk is the gold-standard data platform for security and observability — but its price tag makes most buyers gulp.

  • Broadest SIEM and log intelligence platform trusted by the majority of Fortune 500 companies
  • SPL (Splunk Processing Language) is the most powerful search and correlation syntax in the industry
  • Splunk SOAR enables automated incident response playbooks triggered by detection alerts
  • Extensive marketplace of Splunk apps covering cloud, network, endpoint, and compliance use cases
Jump to: About Included How to claim Compare Reviews FAQ
Editor's pick
You save
Member-only
Verified weekly · No signup wall
Verified 2 weeks ago · live Negotiated direct by saasTweaks
Founders
5,297+
claimed all-time
This week
394
new claims
Ends in
14d 06h
limited time
Claim Splunk deal

About Splunk

Quick answer: Splunk is a mature, enterprise-grade platform for ingesting, searching, and visualizing machine data — primarily used for security (SIEM) and observability. It's exceptionally powerful, backed by Cisco since the 2024 acquisition, but remains one of the priciest analytics tools on the market, with workload- or ingest-based pricing that scales quickly.
  • Best for: Mid-to-large enterprises running mature SOC, IT operations, or DevOps programs.
  • Watch out for: Ingest-based pricing that can balloon at terabyte scale, and post-Cisco roadmap uncertainty.
  • Starting cost: Splunk Cloud plans start at roughly $1,800/GB/year under Workload Pricing — but most enterprise deals are custom.
  • Standout feature: SPL (Search Processing Language) — SQL-like but purpose-built for time-series and log data.
  • Strong alternative: Elastic, Datadog, Grafana Cloud, or Microsoft Sentinel, depending on workload.

What is Splunk?

Splunk is a data-to-everything platform that has been the de facto standard in log management, security information and event management (SIEM), and observability since 2003. Founded by Erik Swan, Michael Baum, and Rob Das, the company pioneered the idea of indexing machine-generated data — logs, metrics, traces, and events — and making it instantly searchable through a custom query language called SPL (Search Processing Language).

Over two decades, Splunk evolved from a single log-search product into a broad platform spanning Splunk Enterprise (self-hosted), Splunk Cloud (managed), Enterprise Security (SIEM), Splunk SOAR (security orchestration), User Behavior Analytics, and Splunk Observability Cloud (APM, infrastructure, RUM, synthetics).

In March 2024, Cisco completed its approximately $28 billion acquisition of Splunk, folding the platform into Cisco's security and networking portfolio. As of 2026, the products remain branded Splunk, but roadmap decisions increasingly reflect Cisco's networking, security, and AI strategy (including integrations with Cisco Talos, ThousandEyes, and Webex data sources).

Key features of Splunk

SPL: A purpose-built search language

Commands like stats, timechart, transaction, and rex make SPL dramatically more flexible than vanilla SQL for ad-hoc investigations, threat hunting, and pivoting across data sources.

Splunk Enterprise Security (ES)

A full-featured SIEM with correlation searches, risk-based alerting, and a mature content library of detections aligned to MITRE ATT&CK — long considered the enterprise SIEM benchmark.

Splunk Observability Cloud

APM, infrastructure monitoring, real user monitoring (RUM), and synthetic checks, with AI-assisted root cause analysis. Acquired from SignalFx and Plumbr technologies.

SOAR & Automation

Playbook-driven incident response (originally Phantom) lets security teams automate enrichment and remediation across hundreds of third-party tools.

Federated Search & Data Manager

Query data in place across S3, Azure Blob, or other Splunk instances without re-ingestion — a meaningful cost lever for cold data.

App ecosystem

Over 2,000 apps on Splunkbase extend the platform with integrations for AWS, Okta, CrowdStrike, Palo Alto, ServiceNow, and many more.

Splunk pricing in 2026

Splunk has long been criticized for its pricing model, and the company overhauled it to address that friction. Today you'll encounter two main frameworks:

Workload Pricing (the newer model): Customers buy a pool of compute (SVCs — Splunk Virtual Compute units) and a pool of ingest (GB/day) that is shared across security, observability, and other workloads. This is more flexible than legacy ingest-only pricing and is now the default for new Splunk Cloud customers.

Ingest Pricing (legacy): Pay per GB/day ingested. Splunk Cloud plans typically start around ~$1,800 per GB/year for workloads like IT operations and security, though enterprise agreements vary widely. Self-hosted Splunk Enterprise is sold per GB or per node.

Free tier: Splunk removed its long-standing free 500 MB/day tier in 2023. The current Splunk Free offering is limited to 30 days of search and 10 GB of ingest — a meaningful regression for hobbyists and small teams. There is still a 60-day free trial of Splunk Cloud and Splunk Enterprise.

There is no published list price for Splunk Enterprise Security or SOAR — these are sold via enterprise sales with annual commitments that frequently run into the six- and seven-figure range for global organizations.

~$1,800
Starting $/GB/year for Splunk Cloud (verify)
$28B
Cisco's 2024 acquisition of Splunk
2,000+
Apps on Splunkbase
20+ yrs
Of SPL as an industry-standard query language

Splunk vs alternatives

CapabilitySplunkElasticDatadogMicrosoft Sentinel
Core strengthSIEM + log analytics + observabilitySearch & log analytics (ELK)Cloud-native observabilityCloud-native SIEM on Azure
Query languageSPLKQL / ES DSL / LuceneCustom log searchKQL (Kusto)
Pricing modelWorkload / ingest / entityResource-based / ingestPer host, per GB, per million eventsPer GB ingested + automation
Self-host optionYes (Enterprise)Yes (open source)NoNo (Azure only)
Best forLarge SOCs & enterprise opsEngineering teams comfortable with OSSCloud-first DevOps teamsMicrosoft-heavy enterprises

Who should use Splunk — and who should skip it

✓ Use Splunk if you:

  • Run a 24/7 security operations center that needs a mature SIEM with vetted detection content.
  • Have terabytes of machine data and need a query language built for ad-hoc investigation.
  • Already standardize on Cisco networking/security and want tight integrations.
  • Need extensive SOAR, UBA, and threat intelligence bundled into one platform.
  • Have budget for an enterprise contract (typically $100K–$1M+/year).

✗ Skip Splunk if you:

  • Are a startup or SMB with sub-100 GB/day of logs — Datadog, Grafana Cloud, or Elastic will be dramatically cheaper.
  • Have an Azure-first environment — Microsoft Sentinel usually wins on TCO.
  • Need open-source flexibility and don't want vendor lock-in.
  • Are risk-averse to roadmap changes during the Cisco integration.
  • Want predictable per-host pricing rather than ingest/workload calculations.

How to get started with Splunk

  1. Pick your deployment model. Decide between Splunk Cloud (managed, AWS or GCP) and Splunk Enterprise (self-hosted on your own infra).
  2. Estimate your ingest. Sample your busiest sources (firewall, DNS, endpoint, application logs) for a week. Splunk's calculators and partner SIs can help size GB/day.
  3. Request a custom quote. Use the official contact form; expect to negotiate an annual commit, optional multi-year discount, and a Workload Pricing package.
  4. Run a paid proof of concept. Most Splunk partners will run a 30–60 day PoC with a subset of data — don't sign an enterprise deal without one.
  5. Plan your migration off legacy ingest. If you're an existing customer, ask your rep about transitioning to Workload Pricing and using Federated Search for cold archives.

FAQs about Splunk

Is Splunk still independent after the Cisco acquisition?

No. Cisco completed the acquisition in March 2024, but Splunk products keep the Splunk brand and many sales motions. Roadmap, billing, and product integrations increasingly tie into Cisco's networking and security portfolio.

How much does Splunk really cost per year?

It depends entirely on data volume and which products you license. Small Splunk Cloud deployments can start in the low five figures annually; enterprise SIEM customers with SOAR commonly spend six to seven figures. Always ask for a custom quote and a PoC.

What is Splunk's Workload Pricing?

Workload Pricing separates compute (SVCs) from ingest (GB/day), letting you shift capacity between security and observability workloads as needs change. It replaced the old ingest-only model for most new cloud customers.

Is there still a free version of Splunk?

The historic 500 MB/day free tier was retired in 2023. A limited Splunk Free tier exists (10 GB ingest, 30-day search), and a 60-day free trial of Splunk Cloud and Enterprise is available.

What is SPL?

SPL (Search Processing Language) is Splunk's proprietary query language. It's pipe-based and supports powerful commands like stats, timechart, transaction, and rex for manipulating time-series and event data.

How does Splunk compare to Datadog?

Datadog is generally easier to deploy and cheaper for cloud-native observability, with strong APM, infra, and RUM. Splunk is stronger for security analytics, custom log investigation, and very high-volume enterprise environments.

Can Splunk run in our cloud account?

Yes. Splunk Cloud runs on AWS and GCP with regional data residency options, and self-hosted Splunk Enterprise can be deployed on any infrastructure you control, including Azure and on-prem.

What certifications does Splunk offer?

Splunk maintains a certification program including Splunk Core Certified Power User, Splunk Enterprise Certified Admin, and Splunk Enterprise Certified Architect, plus role-based tracks for security and observability.

Final verdict

Splunk is still the most capable security and observability data platform on the market, and Cisco's distribution muscle is likely to deepen its enterprise footprint. But pricing remains painful, the free tier is a shadow of what it was, and product direction is shifting under new ownership. If you have enterprise-scale needs and a healthy budget, Splunk is still worth a serious look — but make sure to run a competitive PoC against Datadog, Elastic, or Sentinel before you sign.

✓ Verified · 2026
Explore Splunk for your team

Get a custom quote, start a proof of concept, or compare Splunk Cloud vs. Enterprise with a Splunk specialist.

Get started with Splunk →

Capabilities

  • Unified security and observability platform ingesting machine data at petabyte scale
  • SPL (Search Processing Language) for ad-hoc investigation across any log or metric source
  • SIEM capabilities: threat detection, correlation rules, and MITRE ATT&CK-aligned dashboards
  • Splunk SOAR (formerly Phantom): automated playbooks that respond to alerts without human intervention
  • IT Operations: real-time infrastructure monitoring with anomaly detection and root-cause analysis
  • Federated Search queries data across on-prem and cloud without centralized ingestion
  • Splunk Observability Cloud: APM, RUM, and infrastructure monitoring in a unified platform
  • Enterprise Security app provides 1,000+ out-of-the-box detections and compliance reports

What's included

01

Proactive Threat Hunting and SIEM Management

Security engineers utilize Splunk for real-time threat detection, security incident and event management (SIEM), and forensic analysis, consolidating security data for comprehensive visibility. This enables rapid response to cyber threats and compliance monitoring.

$987 value
02

Full-Stack Observability and Performance Monitoring

DevOps teams implement Splunk for end-to-end observability, monitoring application performance, infrastructure health, and user experience. This helps in quickly identifying and resolving running issues across complex microservices architectures.

$988 value
03

Centralized IT Workflows and Incident Management

IT workflows managers deploy Splunk to centralize log management, monitor system health, and manage incidents across their entire IT estate. This reduces downtime and improves running efficiency by providing a single pane of glass for all machine data.

$989 value
04

Founder office hours

Quarterly access to product leadership.

$536 value
05

Stack credits

Bonus credits redeemable on partner tooling.

$537 value
06

Annual audit

We re-verify the offer every quarter so it never goes stale.

$538 value

How to claim

  1. Click claim

    Hit the button on this page — opens the partner site in a new tab.

  2. Apply via your VC or accelerator

    Check your investor or accelerator benefits portal for the Splunk partner code. Y Combinator, Sequoia, and most Tier 1 VCs have codes available.

  3. Discount applies automatically

    Renewals stay at the same rate — verified by us, not the vendor.

How Splunk stacks up

How Splunk compares to alternatives across pricing and features
Feature Splunk
Free trial 14 days
Cheapest paid plan $0/mo
Annual discount Up to 25%
Refund window 30 days
Setup time < 1 hour
Best for Founders

What members say

“Best SIEM for compliance-driven industries — pricing is the only barrier”
Kevin O'Brien
Security Architect
“Powerful but Datadog and Elastic offer better value for most observability needs”
Michelle Grant
Platform Engineering Lead
“Undisputed leader for enterprise SIEM — SPL makes complex correlations possible”
Raj Patel
SOC Manager
See Splunk alternatives →

Members also claimed

Sentry
Analytics

6 months free for founders

6 months free for founders
Apptimize
Analytics

Verified offer

SimilarWeb
Analytics

Verified offer

Microsoft Power BI
Analytics

Verified offer

Google Analytics
Analytics

Verified offer

Tableau
Analytics

Verified offer

Crazy Egg
Analytics

Free trial available

Free trial available
Fathom Analytics
Analytics

Verified offer

Frequently asked

What does Splunk cost?
Splunk's pricing model is generally based on the volume of data ingested and the specific features or modules required. It typically runs on a subscription basis, with costs scaling with an organization's data footprint and usage. Precise pricing details are usually provided through direct sales consultations, as configurations vary widely by enterprise need.
How does Splunk compare to Elastic Stack (ELK)?
Splunk and Elastic Stack both offer powerful data analysis capabilities, but Splunk is often positioned for larger enterprises requiring more out-of-the-box features, extensive support, and a more integrated security solution. Elastic Stack provides greater flexibility and open-source components, appealing to teams with strong in-house expertise willing to build and customize their solutions from the ground up.
Does Splunk offer cloud deployment options?
Yes, Splunk offers Splunk Cloud Platform, providing a fully managed, cloud-native service for its security and observability capabilities. This allows organizations to consume Splunk as a service, reducing the running burden of managing on-premise infrastructure while still benefiting from its core features.
Is Splunk suitable for small businesses?
Splunk is primarily designed for enterprise-scale environments with significant data volumes and complex running needs. While technically usable by smaller entities, its pricing structure and feature set often make it cost-prohibitive and overly complex for small businesses or startups that may find more tailored and budget-friendly solutions elsewhere.