Thank you! First time hearing of it. I just looked it up, it looks similar to Azure sentinel? Is it really cheaper than on-prem splunk?
Good query language (rollup,piping,stats,etc...),visualization and rich function set (eval and stats functions in splunk) is a minimum requirement for me. Tried Kibana,Graylog,Sentinel and a few others I can't mention here.
Sumo is cheaper the Splunk from all accounts but still pretty expensive. Think half the price of Splunk perhaps. It's still nice but we ended up spending a lot of time trying to keep out bill down by not sending data to it since the price is based on the number of GB/day you send it.
That pricing model is a big turn off. Really looking for something that lets you process events to use a smart approach to pick and choose what to ingest before you get billed for it.
Sumo Logic got reach query language: schema on-read, aggregations similar as Splunk. The cost of ownership is way lower, by a big amount if your load varies or you can leverage different data tiers.
