Cheaper Alternatives to Elastic X-Pack That Work Just as Well

Elastic X-Pack, like Splunk, is an excellent service that can offer a great deal of value, and these types of services are invaluable to many companies. Unfortunately, however, only those with the biggest budgets can afford them. Many companies are in desperate need of log management software but have to go without it as a result of the high cost of both Elastic X-Pack and Splunk. Thankfully, there are less expensive yet equally effective alternatives to Elastic X-Pack.

X-Pack Pricing

There is a good deal of speculation about the pricing model used by Elastic. Many people have inquired about cost per node. As a rule of thumb, pricing can range anywhere from $2000.00 per node (jvm instance) to as high as $7500.00 per instance. Of course, volume discounts apply, but for enterprises with larger clusters, the cost can quickly add up. As a Certified Elastic license reseller, we often consult with many small to large enterprise customers that use Elasticsearch. They often ask about alternatives.

X-Pack Security – Alternative “SearchGuard” cost “FREE”

Security is the first feature that X-Pack, which used to be called Shield,” offers. The best alternative to this feature is something known as SearchGuard. SearchGuard is a free, open source program that offers many of the same features as X-Pack. While the basic program is free, enterprise and support features are not, yet they are still much cheaper than anything X-Pack offers. The license model for these features is per cluster, which saves users from having to overpay for huge packages.
Sematext Cloud is another program that is great for time series data case use, such as logs and metrics. One of the best things about Sematext is that it features SSL and TLS encryption, as well as rolebased access control. If you’re in need of an alternative for time series data that is secure, Sematext Cloud could provide an excellent option, especially when it comes to metrics and logs.


X-Pack Graph – Alternative “Kibi” cost “FREE”


This feature generates edges and nodes for graphs and adds a graph display to Kibana in order to explore relations. One good alternative to this program is Kibi. A kept-in-sync fork that extends Kibana using a model for relational data, Kibi also has the ability to be extended over multiple, different indices. Not only that; it also supports the relational data that comes from SQL databases. Furthermore, Kibi offers an enterprise edition that includes everything from security features and reporting and alerting to graph visualization and support, as well as additional components.

There’s also an alternative plugin called “Kbn_Network Kibana 5.” This is a free and open source plugin that works with network visualization and an Apache 2 license.

X-Pack Machine Learning

There are a few different alternatives to the machine learning offered by X-Pack, but we’ll just discuss the best two here. The first is Knowi, which is a tool for business intelligence that supports many kinds of different NoSQL and SQL data sources, such as Elasticsearch. Knowi has machine learning abilities as well, because it uses a combination of AI and BI within a single platform in order to support both prescriptive and predictive analytics.

Another machine learning alternative is Sematext Cloud anomaly detection. This can be used to analyze logs and performance metrics through a series of algorithms for machine learning. It computes the values for search results and sends an alert whenever data has left the baseline range.

X-Pack Altering – Alternative “ElastAlerts” cost FREE

X-Pack Altering, formerly called “Watcher,” is the fourth functionality that X-Pack offers. The first alternative to this is a tool called “Elastalert.” This tool works on every version of Elasticsearch and is open-source. Elastalert is used to send out alerts on spikes, anomalies, and patterns of interest data stored within Elasticsearch.

Another alternative to X-Pack Altering is Logagent. This is a general log shipper which schedules queries for Elasticsearch and filters results using its own custom criteria. It can then provide alerts through Slack and other plug-able outputs.

One more alternative to X-Pack Altering is Sentinl. This program extends Kibana or Kibi by the use of reporting and alerting functions to notify, monitor, and report on changes in data series through a variety of different configurable actions, as well as programmable validators and standard queries.

X-Pack Monitoring – Alternative “KOPF or Cerebro” cost FREE

The final functionality of X-Pack is X-Pack Monitoring, which was formerly known as Marvel. Monitoring is a relatively basic service, and there are many alternatives to this tool. New Relic, Prometheus, Sematext Cloud Elasticsearch Integration and Datadog are some of the best.

Through the use of Sematext Cloud, Elasticsearch logs can be collected and correlated with Elasticsearch metrics. This tool will also provide alerts and anomaly detection functionality. When you use Datadog, Sematext Cloud, or any other type of monitoring service that is cloud-based, you will be able to access data even when experiencing production problems because your monitoring data will be shipped off site.
In Conclusion
X-Pack is a great service, but it’s a bit too expensive for many people. Fortunately, there are alternatives to all of the functions provided by X-Pack and Splunk. Most of these are open source and free, and the upgrades they feature still cost less than the typical Splunk package or X-Pack service price. If you know where to look, it is possible to get all the best features of log management service at a fraction of the cost.