I’ve had the same experience in that I love splunk and their tooling is so easy and powerful. But I can’t afford to put data, especially long term data that requires reproducibility for many years.
I’m always happy when I can use some of our sources that are in splunk but get sad that I can’t do that with everything else.
Its cloud pricing is funny because it’s so much more powerful with massive amounts of data, but they charge based on storage. Our on prem instance wasn’t just simpler to price but we could throttle resources to allow for really high volumes of data with relatively slow query and analysis.
I’m always happy when I can use some of our sources that are in splunk but get sad that I can’t do that with everything else.
Its cloud pricing is funny because it’s so much more powerful with massive amounts of data, but they charge based on storage. Our on prem instance wasn’t just simpler to price but we could throttle resources to allow for really high volumes of data with relatively slow query and analysis.