Home / Companies / Imply / Blog / Post Details
Content Deep Dive

Splunk Smartstore vs Lumi Loglake

Blog post from Imply

Post Details
Company
Date Published
Author
David Gee
Word Count
1,247
Company Posts That Month
4
Language
English
Hacker News Points
-
Summary

Lumi Loglake and Splunk's SmartStore both facilitate the querying of log data stored in object storage like AWS S3, but they differ significantly in their architecture and operational models. While SmartStore requires data to be copied from object storage to a local indexer cache for querying, Loglake allows queries to be executed directly in the object storage using virtual compute pools that activate only when needed. This architectural distinction impacts performance, scalability, and cost, with Loglake offering a more flexible and efficient solution by eliminating the need for constant infrastructure and enabling workload isolation. SmartStore, although innovative in 2018 for reducing retention costs, suffers from limitations like cache thrashing and fixed infrastructure requirements that can degrade performance during extensive searches. In contrast, Loglake's approach of running queries where data resides, without data movement or proprietary constraints, allows for seamless integration with existing Splunk dashboards and tools while also supporting broader query access through SPL, Spark SQL, LogQL, and ANSI SQL.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Real-time 3 5,457 1,338 238 -5%
Observability 1 3,430 674 183 +0%
OpenTelemetry 1 701 153 53 -26%