LogZilla’s Network Event Orchestration (NEO) platform improves existing Splunk® investments using a patented deduplication algorithm to filter out unneeded event data before it is sent to Splunk®. By deduplicating the data, not only are the amount of network events sent downstream cut by 40% to 60%, but more important; the software license costs, hardware costs, and operations costs are significantly decreased resulting in millions in savings for federal agencies.

In this forwarding mode, LogZilla becomes the “heavy lifter” for all data where it filters out junk data, deduplicates event streams, and adds enriched information so that Splunk® becomes smarter, faster, and more cost efficient as a result. Organizations are feeling increased pressure on their IT budgets as more and more data are being generated into their Splunk® environments. As a result, organizations are looking for a cost-effective way to manage their increasing data volumes and data retention needs.

This document outlines the potential cost savings when using LZ NEO as a preprocessor to Splunk®.

Key Takeaways
  • TCO research reveals Splunk environments using LZ NEO provides 40% to 60% savings over traditional Splunk deployments
  • Indexer infrastructure requirements reduced by up to 2/3 resulting in savings on hardware, HVAC, power and IT labor
  • Storage infrastructure cost for retention data is reduced by utilizing LogZilla's patented deduplication algorithm
  • Data analytics, processing speed and overall performance are drastically increased for Splunk users


Evaluating Total Cost of Ownership (TCO)

Many organizations fail to put together all of the pieces when calculating the TCO for software. Our research data includes metrics on cost of storage (including how the storage is configured), datacenter costs, rack costs, power, HVAC, network equipment (such as top of rack switches), power distribution units, amortization, property and sales taxes, compute load per rack (kw/h), rack density, cost of hardware, labor costs (including average burdened salaries by employee type) and many others.

By calculating the total cost of ownership for Splunk using data verified from multiple sources, a more complete picture of the full cost becomes apparent. Our research data includes information gathered over the last 2 years from multiple sources as well as direct verification from 100’s of both LogZilla and Splunk customers.


LogZilla’s Deduplication Algorithm

LogZilla NEO compliments traditional event ingestion products by utilizing a patented deduplication algorithm to filter out unneeded event data before it is sent to downstream event consumers such as Splunk®.

By deduplicating the data, not only are the amount of network events sent downstream cut by 40% to 60% on average, but more important; the software license costs, hardware costs and operations costs of those downstream receivers are significantly decreased, which also decreases the number of renewal requirements; saving on larger IT budgets for future organizational data initiatives.

LZ NEO also allows users to mark events as actionable/non-actionable, further decreasing the amount of data needed to send to downstream systems. At the same time, LZ NEO can also be used to enrich data in, real-time, from multiple sources of information and enrich the outgoing events to downstream systems, increasing their knowledge of how a device or system is affected.


LogZilla’s Deduplication Algorithm
LogZilla’s Deduplication Algorithm


Return on Investment

LogZilla NEO ingests, enriches, and orchestrates data at unprecedented scale with more than 20TB per day of data being processed on a single server. Our highly scalable solution allows LZ NEO to sit a as a pre-processor for other network and security management products which significantly reduces costs associated with deployment of hundreds or thousands of servers needed with traditional event management solutions.

The LZ NEO platform deploys in minutes and can be placed in front of any other products requiring telemetry from servers, applications, networks, and security. In this forwarding mode, LogZilla becomes the “heavy lifter” for all data where it filters out junk data, deduplicates event streams, and adds enriched information so that all downstream consumers become smarter, faster, and more cost efficient as a result.


Not only are the licensing costs reduced, but the dramatic reduction in hardware footprint makes any other competitive solution prohibitively expensive and dramatically less efficient or productive.



Posted 
August 11, 2020
 in 
Federal
 category

Clayton Dukes

View Posts

Post Tags:

Security
Security analyst
Data
SIEM
SOC
FEDRamp

More from the

Federal

 category

View All
This is some text inside of a div block.
This is some text inside of a div block.
Intersection of AI and Countermeaures
3
 min read
This is some text inside of a div block.
This is some text inside of a div block.
How Federal Agencies Use LogZilla's Network Event Orchestrator to Reduce Splunk's Cost
7
 min read