Calculating the ROI of Log Analytics
As noted before, log analytics costs can quickly add up. Many organizations turn to open source solutions like the ELK stack or a managed Elasticsearch service because their startup costs are low.
But over time costs can creep up due to steadily increasing volumes of data ingested per day, required retention periods, and the associated personnel needed to manage the deployment.
As demonstrated in our four key use cases, log data contains a wealth of otherwise hidden insights an organization needs to run more effectively, and more securely. Some of the benefits of these use cases can be mapped to clear cost centers. In some cases, the cost of inaction is clear. For example, according to the IBM and Ponemon Institute study cited earlier, the cost of a security incident in 2021 rose to $4.24 million—the highest average cost in 17 years. With the variety and number of security incidents increasing, it’s likely this number will continue to rise.
Average cost of a security incident in 2021.
In addition, depending on your industry, the cost of non-compliance can be severe. Violations to widely applicable data protection laws like GDPR can cost organizations hundreds of thousands to millions of dollars.
How do you know if the costs are worth it?
Calculating the ROI of a log analytics solution involves two main steps:
Determining the value of log analytics to your organization
Figuring out the TCO of a log analytics solution
To calculate the TCO of log analytics, consider how the following aspects of log monitoring and retention will impact your monthly cost. Here are some key questions to ask:
How much log data do you need to support everyday operations?
How many days do you need to retain logs to meet compliance or business requirements, before moving these logs to cold storage?
How much raw data will you need to ingest per day in the coming weeks and months?
How will your storage capacity account for sudden spikes in data ingestion, due to unexpected events such as legitimate user demands or unauthorized activity?
From there, you should consider the cost of inaction (see the cost centers identified previously) within your TCO calculation. In other words, how much will not having a log analytics solution cost you?
Beyond the hard numbers, be sure to map the intangible benefits—including the potential to drive bottom line revenue by discovering previously unidentified insights. One other aspect to think about is how log analytics can complement existing observability investments, such as a SIEM platform or an APM tool.
If you are struggling with the cost and complexity of managing an on-premises ELK stack or a managed Elasticsearch service, it might be time to consider a more cost-efficient alternative.
A true TCO analysis of your ELK stack must include the cost of administration and maintenance, as well as difficult trade-offs for data retention. Fortunately, the unique ChaosSearch architecture and technologies consume far fewer resources than a comparable ELK stack, providing cost savings of up to 80%.