08 Oct 2019 05:28 AM - last edited on 08 May 2021 10:05 PM by MaciejNeumann
Hello, I am trying to make a comparison between dynatrace and splunk. In my project we are already using Splunk and we will have dynatrace very soon.
But i want to understand is it really worth having both of them as licensing of these tools is quite expensive. What i want to understand is -
Why we need dynatrace and what is that one factor which differentiate it from other tools?
What does it do which cannot be done from Splunk?
What does splunk do which cannot be done from dynatrace?
I have heavily read about it online but i am not able to make any conclusions. If anyone can help that would be much appreciated.
Solved! Go to Solution.
Splunk is just storage for logs and metrics collected in numerous ways. Dynatrace is way much bigger because you see single transactions with DB calls, MQ, WebRequests etc, and user perspective as well. But comparing Splunk to Dynatrace is not fair for each of those solutions. These are two totally different class of product and use cases.
Splunk is a data repository and analytics tool. You throw data into it and make some dashboards. It does not have any capabilities for instrumentation and generating the APM data such as our agents, synthetics, and network probe.
For Splunk to work, you must have the data you want to “capture” already easily available somewhere that it can grab it (such as a log file). For end-to-end application monitoring, end user monitoring, etc... this data is not magically exposed anywhere. You must instrument the application/environment in order to get at it (this is not easy).
This is the main difference between Splunk and Dynatrace. Dynatrace does the hard part... end-to-end instrumentation in-order-to produce high-value data such as PurePaths and Smartscape.
Splunk lacks the following:
Transaction following (PurePath)
Real user monitoring
Environment/topology mapping and discovery (smartscape)
Application monitoring at code level
Automatic problem identification
Automatic root cause determination
Packet-level network monitoring
Areas where Dynatrace and Splunk overlap:
Splunk can do some basic server OS monitoring using
Definitely Splunk has different capabilities in terms of automation, analysis and monitoring of logs. Depends on your use cases you may need just Dynatrace or both.
Hi @Radoslaw S. thank you for your detailed response. I would see if we can use both because I have read some articles where it says they works best together. Also do you know about the licensing cost comparison.? Like how much Dynatrace cost if we get it installed for 2 of our applications.
Well, you can't compare costs as it brings different level of value - almost like comparing apples to mango. Keep in mind that at infrastructure monitoring level Dynatrace multiplies host unit by 0.3 with a cap of 1.0 host unit at max. https://www.dynatrace.com/support/help/shortlink/monitoring-consumption#host-unit-hours
Moreover, you could use Splunk for log monitoring... but then you have the other tool for that and *no context* if that particular log entry is related to a problem.
And last but not least... with Dynatrace you don't need to change your application code to output proper log entries - as you compare it to Splunk.
Thanks @Radoslaw S.for your detailed explanation. Really appreciate it. Just one more quick thing - If i successfully integrate Dynatrace with Splunk or vice versa, what extra can i achieve?
I mean is it possible for you to list out the important scenarios/factors which we can achieve by integrating these wonderful tools. I know they compliment each other but just want to understand in what ways please?
Let me know if you can help me out here.
Three items that come to my mind are:
you can set up additional alerting based on your log entries. In Dynatrace you need to set up custom metrics based on logs.
You can set up some dashboards in Splunk that might be valuable to you.
You can push Dynatrace Problems to Splunk as an Incident platform. See https://www.dynatrace.com/integrations
However none of these will bring you answers. Using both will create you two silo tools that is inconvenient, increase friction and additional TCO.
If I were you I’d decide on one.
PS also read thread here https://answers.dynatrace.com/questions/198470/integrate-dynatrace-with-splunk.html
I agree with all these comments but if they are using the Splunk ITSI component then they get closer to root cause detection and predictive analytics. Obviously s only as good as the data they are ingesting.