Top multinational retailer buys Elastic Security over Splunk to fuel security operations center

Taking advantage of Elastic's schema on write design

Unlike Splunk's latency-slowing, schema-on-read approach, Elastic response times provide better results regardless of deployment size.

Adopting a developer-friendly platform

The security engineering team had tried Elastic and liked the interface, open source approach, performance, and ease-of-maintenance much more than working with Splunk.

Improved security, productivity

Search response times improved from minutes or hours under Splunk to sub seconds with Elastic, resulting in higher productivity, morale, and security.​

Company Overview

This US-based multinational retail giant runs a chain of hypermarkets, discount department stores, and grocery stores.

Why Elastic instead of Splunk?

The retailer was looking to future-proof its security apparatus. Splunk's license was nearing expiration, and productivity and morale were taking a hit as queries were taking too long, resulting in slower investigations and even slower remediations. Splunk's pricing model, based on data ingest, was getting too costly as more and more data was being ingested.

  • Threat hunting, incident response times dramatically boosted. Elastic also provided security engineers the ability to create meaningful analytics that could not be generated with Splunk.
  • Increased morale. Elastic lifted the spirits of SOC analysts, threat hunters, and incident response teams because they were no longer delayed in their mission critical work because of Splunk's slow latency.
  • Saving hundreds of thousands of dollars yearly. Going all in with Elastic. In addition to no longer being tied to Splunk's cost-prohibitive, per-ingest licensing model, the company can now take advantage of existing Elastic Cloud Enterprise infrastructure to further cutdown on operational costs as they scale their deployment into the future.

Ready to start migrating from Splunk to the Elastic Stack? Learn more.