Hello, I am trying to make a comparison between dynatrace and splunk. In my project we are already using Splunk and we will have dynatrace very soon.
But i want to understand is it really worth having both of them as licensing of these tools is quite expensive. What i want to understand is -
I have heavily read about it online but i am not able to make any conclusions. If anyone can help that would be much appreciated.
I see this question allot all over the place and honestly, I think it's comparing apples and oranges. While there is some overlap in functionality, I think both cater to their own specific things.
having worked with both DT and Splunk for the last 4 years, here is my take
Why we need dynatrace and what is the factor which differentiate - DT is an app monitoring tool, splunk is a machine data (raw log data) tool. DTs main (and patented) technology is pure paths, wherein a DT agent running on a server(or multiple servers) can drill down to the individual transaction of a single call. For example, a single pure path drill down can give you transaction level details woth accurate timestamps, methods/calls causing error for an end to end transaction , say for example starting from the web browser log in > time spent in apache layers > time spent in http loads > time spent in the middleware (issues if one front end call is waiting and waiting for resposne from a middleware system) > right down to the DB. So, in a nutshell , DT 'trcaes' real life user calls/transactions giving a range to stats like errors/exceptions/bottlenecks across each layer of an application call. Can Splunk do that? Of course yes, but then you would need to ingest ALL the needed logs (write your own SPL queries to extract times/errros wtc.) right from the web layer/middleware(weblogic,jetty,tomcat etcetc) right down to the DB layer. A single DT monitoring agent running on the correct server takes care of all this with network flow like maps, tracing each sub action of a call.
What does it do which cannot be done from Splunk? - Nothing that can not be done theoretically, BUT look at the overhead plus the total license costs of ingesting all this different kinds of logs + the effort needed to extract errors/timestamps etc. in splunk.
But , one big advantage of splunk is that is t is easier to parse your needed extractions at index / search time . Think for a minute that I do not need logs with , say error=xxx. I can eliminate them before indexing through the .conf files or eliminate them after indexing(in which case the license costs increase) during search time. To do the same through DT, you would have to have a DT developer and configure in the agent level settings to ignore such stuff. Remember, ignoring this will NOT save any DT license costs, since DT licenses based on the number of monitoring agents. DT does however give you many metrics like cpu utilization, consumed memory, thread pool utilisation etc, which again can be done in Splunk, subject to the required logs being ingested.
What does splunk do which cannot be done from dynatrace? - Splunk is a more 'new' product that gives you a lot of other functionality, like using machine learning on your already indexed logs, blockchain monitoring, your own custom viz etc. which DT does not.
My experience is that a combination of the 2 is a real eye opener. For example I see a outofmemory error in splunk from a said call at yyy AM. Now I log in to DT search for a time range like yyy-2min to yyy+2min and hey bingo now I can see the failed call with all its pure path details - got stuck at application level you say?NO , it just might be the Sybase DB which was overloaded due to DB pool exhaustion. DT will drill down to the specific call detail and show you why and where it failed.
In a nutshell there is nothing that DT does which Splunk can not do,however think a bit on the amount of different log sources, time/effort/license costs needed to maintain the same. On the other hand a DT monitoring agent , once installed and configured will give you pre-configured viz on many stuff like call tracing / cpu/memory etc.
However, DT does not have so much other functionalities like machine learning (predict when CPU reaches 90%?) or as many viz as Splunk does. Can you build your own custom viz in DT? Yes, but then thats a lot tougher than simply doing say a chart or a radial gauge in Splunk.
My personal opinion is that as Splunk continues to go towards more modern pricing, it just might overtake not just DT but any appmon tool , but thats in the future. Oh and yes unlike splunk DT can not ingest static sources like s CSV or run a python script/shell script etc etc.
Now, that got rather long(essay?), however I do hope you will benefit 🙂