Table of Contents
- Executive Summary
- Falcon LogScale Analysis & Field Test
- Enterprise Log Analytics at Scale
- Data Ingestion & Processing
- Monitoring & Alerts
- Performance Summary
- Ratings Legend
- Total Cost of Ownership
- Analyst’s Take
- About William McKnight
1. Executive Summary
Real-time observability and enterprise systems monitoring have become critical functions in information technology organizations globally. As organizations continue to digitize and automate key functions, they are introducing more complex systems, hypervisors, virtual machines, Kubernetes, devices, and applications—all of which are generating more log and event data. While the amount of usable log data is growing, there is not an attendant growth in the tools, skilled professionals, and other resources to capture, manage, and analyze this complexity.
Modern IT operations, management, and log analytics are shared across several primary enterprise functions such as ITOps, SecOps, and DevOps. Specialized mature and proven tooling is required to collect, aggregate, search, and alert across all these operations. Critical system logs come in structured, unstructured, and semistructured forms and contain valuable information about system access, performance, threats, software execution, services/microservices, uptime, downtime, networking, and much more.
The high volume of log data in these systems must be collected, aggregated, and stored in real time so that it can be searched quickly to determine key business insights. Performing these actions in real time and consolidating, storing, and analyzing petabytes of log data is hard enough, but the challenge of quickly uncovering potential system issues and threats is even more difficult. Modern IT organizations must have log management and observability platforms that scale beyond traditional system monitoring and log analyzer tools widely used in the industry today. If they can achieve a higher level of log management to improve overall observability, organizations will have the context to better understand the health, security, and performance of their IT assets across the board.
CrowdStrike Falcon LogScale is a log management solution for real-time analysis of enterprise system log and operational data. Formerly known as Humio, which was acquired by CrowdStrike in March of 2021, Falcon LogScale is built for large-scale data ingestion, processing, and analysis of system data in various formats with a scalable storage and search capability that produces valuable insights and analytics in support of IT, security, dev/apps, and data operations teams. CrowdStrike claims this index-free data storage and search capability is superior to traditional methods of log monitoring and analytics in tools like Splunk, Elasticsearch, SolarWinds, etc. The GigaOM team has evaluated these claims through several predefined test cases and provided this complete analysis on the Falcon LogScale product relative to the log management, aggregation, and analytics product industry.
Falcon LogScale pulls it all together quite nicely and handles a lot of data. It really plugs into any ITOps-type use cases in support of DevOps, SecOps, and DataOps across many areas.
In addition to providing insights into Falcon LogScale specifically, we hope this report is informative and helpful in identifying many of the challenges and nuances of log management platforms in general. We strongly encourage you to look past marketing messages and discern for yourself what is of value in technical terms, according to the goals you are looking to achieve. You are encouraged to compile your own representative log management and analytics use cases and workflows and review these platforms in a way that applies to your requirements.