I have some experience with ELK via SANS classes only.
My opinion is that Splunk has always been easier to admin and use, etc... than ELK, but ELK is not a bad choice if splunk is not an option.
Lately, I was visited by "The Good Idea Fairy" and I was requested to evaluate ELK vs. Splunk... because ELK is "open source" and "free" (and because time to learn, transition, etc. is not being considered).
If any one can help add to my evaluation criteria, it is much appreciated.
Splunk - Pros
1 Great Community Support
2 Great Paid Support
3 Splunk is more mature, more capabilities
4 Splunk has lots of integrations (SplunkBase)
5 Easy to use
6 Continued development with new versions and capabilities
7 Consistently works -reliable - easy to troubleshoot
8 Bugs are resolved quickly
Please provide any other thoughts as to why Splunk is a better choice.
From anecdotal evidence, I hear that the same configuration in ELK requires twice the hardware, and twice the administration costs (people to administer the product). Visualizations are easier to create in Splunk because they allow drag-and-drop for dashboards, where those have to be coded in ELK. ELK does not scale as well as Splunk does either from what I hear.