Join Us!

Notifications
Clear all

Splunk alternatives  

  RSS
WarlocK88
(@warlock88)
New Member

Hey guys,

I'm looking for a good, freeware alternative for Splunk. I'm more than OK with an open source solution.
In my search, I stumbled upon the ManageEngine EventLog Analyzer which is quite good, but not exactly what I'm looking.

I would love to hear with what tools you are working for log analysis and aggregation.

Thanks

Quote
Posted : 13/02/2013 4:46 pm
Migs
 Migs
(@migs)
New Member

Try Kiwi Syslog server. The free version is good, but doesn't come with the agent software. You can get round this by setting up SNMP trapping. Which leads to the question as to what it is your're monitoring, servers, network devices, both?

SNMP works well for network devices, not so great in my opinion on windows machines. An agent software like Snare (free) is pretty good and combined with Kiwi Syslog offers a pretty decent syslog system in all.

In terms of log analysis, not familiar with any decent freeware tools besides splunk. You could always learn a scripting language like Perl, which isn't too hard, tons of free tutorials out there, and great for log analysis.

ReplyQuote
Posted : 28/02/2013 7:01 pm
wexxlar
(@wexxlar)
New Member

Post is old, but for reference you might also be of interest in ELSA (dev now supported by Mandiant).

ELSA
https://code.google.com/p/enterprise-log-search-and-archive/

ReplyQuote
Posted : 10/05/2013 9:55 pm
liisatal
(@liisatal)
New Member

Here's SpectX. You can install it on your desktop and run queries directly on remote log files (on-prem, cloud, web). The data stays in its original location and original form, no price tag on the amount of data processed.

ReplyQuote
Posted : 07/03/2018 11:50 am
jaclaz
(@jaclaz)
Community Legend

Here's SpectX. You can install it on your desktop and run queries directly on remote log files (on-prem, cloud, web). The data stays in its original location and original form, no price tag on the amount of data processed.

Is it Freeware? [1]
Or Open Source? [2]
Or both? [3]

Most probably the third best thing in life after sliced bread and ice cream ) , but it seems a lot like a Commercial program for which only a 30 day limited trial/demo is provided (subject to registration).

jaclaz

[1][2][3]As asked by the OP.

ReplyQuote
Posted : 07/03/2018 12:58 pm
liisatal
(@liisatal)
New Member

Really sorry, should've read the question twice before posting. We've just released the product and considering the initial feedback, it looks like a free version is something to seriously think about.

ReplyQuote
Posted : 07/03/2018 2:26 pm
MDCR
 MDCR
(@mdcr)
Active Member

Try Kiwi Syslog server.

Kiwi is more infrastructure, it does not enable even basic analytics.

A couple of organisations i've heard of go with Kibana/Logstash. It's free and scaleable and is based upon Elastic search, a modern and fast DB backend. Splunk is an overpriced piece of garbage that scales very badly with any wallet. I threw it out of the window, along with Arcsight, Logrythm, Alienvault and RSA security analytics. Dont forget that Netflow and PCAPs also are needed for visibility.

You're better off throwing logs into any (free) modern database and asking questions to it, SQL and Cypher can ask WAY more complex questions than the 1990s piechart GUI that SIEM systems come with. The only new commercial tool that shows promise was Packetsled with NLP and Datavis stuff, but their CEO had an… umm.. lets say "counter productive marketing strategy".

ReplyQuote
Posted : 07/03/2018 6:48 pm
Beleka
(@beleka)
Junior Member

Hello, there isn't any real alternative for Splunk. I have been working with it and it is just magic, the apps support behind it makes it even a greater and more powerful tool, but.. if you want an open source alternative i would choose ELK Stack. It is a SIEM with a similar architecture as Splunk.

https://www.elastic.co/elk-stack

You can use it with plaso framework to feed the SIEM with a timeline and analyze it from a SIEM creating your own indexing of the data. It can make from your PC a powerful workstation for timeline forensic. Anyway, u have a 500MB indexing free license in Splunk, maybe it fits your needs.

I hope i helped you, Regards,

Sergio.

ReplyQuote
Posted : 13/09/2018 1:22 pm
Hunter
(@hunter)
Junior Member

https://www.alienvault.com/

ReplyQuote
Posted : 12/08/2019 9:04 pm
Share: