There are some players that are more established than others but check out:

https://panther.com - Built on top of Snowflake, so it scales well and they are building a more Splunk like interface.

https://runreveal.com - Still seed but shows a lot of promise

https://matando.dev - Still seed and don't have a hosted product yet but smart founders that have the right idea

https://hunters.ai - More threat hunting than SIEM but maybe that what certain folks need

https://gem.security - Still fairly early but if you are focused on cloud use cases this could be more of an option. (Disclaimer: I'm an Investor)

Founder of runreveal here, if anyone is interested let me know. The news today was big, but not necessarily too surprising.

> The news today was big, but not necessarily too surprising.

So was it you then with that one day call options trade? /s

I would add https://blumira.com to that list; it's more mature than at least a few of these (I'm a former employee)

sorry thats https://matano.dev

Microsoft is doing a surprisingly good job with their Sentinel SIEM. The sweetener is they give you free ingestion on most of your Office 365/Azure logs which can add up if you’re shipping out to another platform.

Makes it attractive for enterprises already on their platform and they throw in discounts for E5 license tier customers as well (gotta keep pushing the “give us everything or pay way more for single feature licenses”).

He's talking out of his ass. But newish competitors are Devo/Sumo Logic.

Not sure how well "new" fits Sumo Logic. I was using them ten years ago, I think?

Humio is also promising, however they've been acquired by CrowdStrike, who aren't know for low prices!

SumoLogic is also not cheap.

Graylog looks like a good competitor. Certainly won't scale as well, but I've had good experience with it.

The thing that will totally replace splunk (and elastic and snowflake and likely several other whole ecosystems) is some random thing pouring data into clickhouse.

I am nervous about how clickhouse is going to monetize, whenever they decide to turn on the revenue spigot.

I hate to shill in this thread, but that's exactly what we built at runreveal, so I completely agree! We saw the power of clickhouse when we were at segment and cloudflare, so built a company around it.

And since clickhouse is open source, we hope that people will stop giving their security data to vendors who then charge you rent for it. I think the future is writing this data to clickhouse, but also our customer's clickhouses

I used to love Graylog, but I was evaluated it for use with AWS and a) it's AWS bits seem limited and b) I found a bunch of deadlinks from their github to their site. If they can't keep their docs updated, it doesn't give me warm fuzzies about their product.

Hey, founder of Tenzir [1] here — We are building an open-core pipeline-first engine that can massively reduce Splunk costs. Even though we go to market "mid stream" we have a few users that use us as light-weight SIEM (or more accurately, just plain log management).

We are still in early access but you can browse through our docs or swing by our Discord.

[1] https://tenzir.com | https://github.com/tenzir/tenzir

If you're looking for something that can handle unstructured data and has a similar query syntax to Splunk then Gravwell (https://www.gravwell.io) might be a fit.