How Federal Agencies Use LogZilla's Network Event Orchestrator to Reduce Splunk's Cost

How to make Splunk Smarter, Faster and Less Expensive

Clayton Dukes, CEO


How Federal Agencies Use LogZilla's Network Event Orchestrator to Reduce Splunk's Cost

Tuesday, March 17, 2020

Executive Summary

LogZilla’s Network Event Orchestration (NEO) platform improves existing Splunk® investments using a patented deduplication algorithm to filter out unneeded event data before it is sent to Splunk®. By deduplicating the data, not only are the amount of network events sent downstream cut by 40% to 60%, but more important; the software license costs, hardware costs, and operations costs are significantly decreased resulting in millions in savings for federal agencies.

In this forwarding mode, LogZilla becomes the “heavy lifter” for all data where it filters out junk data, deduplicates event streams, and adds enriched information so that Splunk® becomes smarter, faster, and more cost efficient as a result. Organizations are feeling increased pressure on their IT budgets as more and more data are being generated into their Splunk® environments. As a result, organizations are looking for a cost-effective way to manage their increasing data volumes and data retention needs.

This document outlines the potential cost savings when using LZ NEO as a pre-processor to Splunk®.

Key Takeaways

  • TCO research reveals Splunk environments using LZ NEO provides 40% to 60% savings over traditional Splunk deployments
  • Indexer infrastructure requirements reduced by up to 2/3 resulting in savings on hardware, HVAC, power and IT labor
  • Storage infrastructure cost for retention data is reduced by utilizing LogZilla's patented deduplication algorithm
  • Data analytics, processing speed and overall performance are drastically increased for Splunk users




Evaluating Total Cost of Ownership (TCO)

Many organizations fail to put together all of the pieces when calculating the TCO for software. Our research data includes metrics on cost of storage (including how the storage is configured), datacenter costs, rack costs, power, HVAC, network equipment (such as top of rack switches), power distribution units, amortization, property and sales taxes, compute load per rack (kw/h), rack density, cost of hardware, labor costs (including average burdened salaries by employee type) and many others.

By calculating the total cost of ownership for Splunk using data verified from multiple sources, a more complete picture of the full cost becomes apparent. Our research data includes information gathered over the last 2 years from multiple sources as well as direct verification from 100’s of both LogZilla and Splunk customers.

SPLUNK TOTAL COST OF OWNERSHIP
CAPITAL BUDGET AND OPERATING BUDGET SPLITS
Data Indexed (Per Day): 20TB Estimated Splunk list price: $531 per GB
Splunk CapEx
(Hardware)
Splunk OpEx
(YR 1)
Splunk TCO
(3 Year)
Splunk TCO
(5 Year)
Splunk TCO
(7 Year)
Splunk TCO
(10 Year)
Server Hardware $9,787,500 $9,787,500 $9,787,500 $9,787,500 $9,787,500
Server Maintenance $773,333 $2,320,000 $3,866,667 $5,413,333 $7,733,333
Storage Equipment $7,817,748 $7,817,748 $7,817,748 $7,817,748 $7,817,748
Storage Maintenance $11,768,105 $35,304,315 $58,840,526 $82,376,736 $117,681,052
Infrastructure Equipment $75,455 $127,500 $202,955 $202,955 $202,955 $202,955
Network Infrastructure Equipment $1,079,569 $3,839,965 $12,599,465 $20,279,396 $27,959,327 $39,479,224
Network Maintenance $161,935 $485,806 $809,677 $1,133,548 $1,619,354
Bandwidth Cost $438,000 $1,314,000 $2,190,000 $3,066,000 $4,380,000
IT-Labor $19,538,625 $58,615,875 $97,693,126 $136,770,376 $195,386,252
Power $2,562,423 $7,687,269 $12,812,115 $17,936,961 $25,624,230
HVAC $266,240 $798,720 $1,331,200 $1,863,680 $2,662,400
Estimated Software License $10,627,823 $31,883,470 $53,139,117 $74,394,764 $106,278,235
Software Support $2,656,956 $7,970,868 $13,284,779 $18,598,691 $26,569,559
Software Maintenance $2,125,565 $6,376,694 $10,627,823 $14,878,953 $21,255,647
Software Training $1,062,782 $3,188,347 $5,313,912 $7,439,476 $10,627,823
Software Add-Ons $2,125,565 $6,376,694 $10,627,823 $14,878,953 $21,255,647
Subtotal (IT Infrastructure) $18,760,272 $39,476,127 $136,933,654 $215,630,909 $294,328,164 $412,374,046
Subtotal (Software) $18,598,691 $55,796,073 $92,993,455 $130,190,837 $185,986,910
TCO TOTALS $18,760,272 $58,074,818 $192,729,727 $308,624,364 $424,519,001 $598,360,956



LogZilla’s Deduplication Algorithm

LogZilla NEO compliments traditional event ingestion products by utilizing a patented deduplication algorithm to filter out unneeded event data before it is sent to downstream event consumers such as Splunk®.

By deduplicating the data, not only are the amount of network events sent downstream cut by 40% to 60% on average, but more important; the software license costs, hardware costs and operations costs of those downstream receivers are significantly decreased, which also decreases the number of renewal requirements; saving on larger IT budgets for future organizational data initiatives.

LZ NEO also allows users to mark events as actionable/non-actionable, further decreasing the amount of data needed to send to downstream systems. At the same time, LZ NEO can also be used to enrich data in, real-time, from multiple sources of information and enrich the outgoing events to downstream systems, increasing their knowledge of how a device or system is affected.



Return on Investment

LogZilla NEO ingests, enriches, and orchestrates data at unprecedented scale with more than 20TB per day of data being processed on a single server. Our highly scalable solution allows LZ NEO to sit a as a pre-processor for other network and security management products which significantly reduces costs associated with deployment of hundreds or thousands of servers needed with traditional event management solutions.

The LZ NEO platform deploys in minutes and can be placed in front of any other products requiring telemetry from servers, applications, networks, and security. In this forwarding mode, LogZilla becomes the “heavy lifter” for all data where it filters out junk data, deduplicates event streams, and adds enriched information so that all downstream consumers become smarter, faster, and more cost efficient as a result.

Sample ROI - 40TB/day
3 year 5 Year 7 Year 10 year
Splunk TCO $382,185,226 $611,803,511 $841,421,795 $1,185,849,222
License Cost Reduction $22,313,603 $37,189,338 $52,065,073 $74,378,676
Infrastructure Reduction $54,123,442 $85,171,364 $116,219,286 $162,791,169
TOTAL ROI $76,437,045 $122,360,702 $168,284,359 $237,169,844



Not only are the licensing costs reduced, but the dramatic reduction in hardware footprint makes any other competitive solution prohibitively expensive and dramatically less efficient or productive.



Clayton Dukes

Clayton Dukes

CEO

4819 Emperor Boulevard Suite 400
Raleigh, NC,27703

About Clayton

Clayton Dukes leverages over two decades of experience in network systems design, implementation, and management. Early years included designing an open source solution to solve network event management challenges as a Datacenter Lead Engineer at Cisco, which and ultimately led to a later-creation of the LogZilla Network Event Orchestrator platform. Dukes has co-authored the CCIE SP OPS certification and resides in North Carolina
Tags: LZ NEO , LogZilla Network Event Orchestrator , LogZilla Network Event Orchestration , Cyber risk management , Cyber defense , Security , Security analyst , Data , SIEM , SOC , Security Operations Center , Security Incident Event Management , SOAR , Security orchestration and automation response , Splunk , Splunk TCO , Splunk Cost

25 Years and Still No New Log Tools - ENOUGH!

Did you miss our last webinar?