Pricing

Consumption-based pricing is outdated and unpredictable

Our infrastructure based pricing means clear total cost of ownership and absolutely no surprises.  Whether your data needs are straightforward logs or advanced root cause analysis, there’s a Gravwell plan for you.

Community Edition

Perfect for small commercial projects

Free

Limited to one indexer

  • Community Edition
    Capabilities:
  • Self hosted on-prem or in your private cloud
  • Unlimited Kit Installs (Zeek,CoreDNS, Grok, Netflow, Sysmon and many more)
  • 13.9 GB/day data ingestion
  • Unlimited ingester endpoints
  • Unlimited retention
  • Unlimited search count
  • Allows 2 seats.
  • Binary data support
  • Single Sign on
  • Tiered storage
  • Cloud Archive ("Frozen") Storage
  • Configurable data retention and automatic age-out
  • Search scheduler agent and built-in orchestration
  • Scriptable/custom search
  • Online (“Hot”) replication
  • Region-aware redundancy
  • Enhanced Multi-tenancy Permissions
  • Distributed web frontends
  • High availability search
  • Unlimited automations

Pro
Edition

Great for organizations with single business units that need to collect events, search, and automate

Starting At:

$35k/year

Per indexer

  • Pro Edition
    Capabilities:
  • Self hosted on-prem or in your private cloud
  • Unlimited Kit Installs (Zeek,CoreDNS, Grok, Netflow, Sysmon and many more)
  • Unlimited data ingestion
  • Unlimited ingester endpoints
  • Unlimited retention
  • Unlimited search count
  • Unlimited user seats
  • Binary data support
  • Single Sign-on
  • Tiered storage
  • Cloud Archive ("Frozen") Storage
  • Configurable data retention and automatic age-out
  • Search scheduler agent and built-in orchestration
  • Scriptable/custom search
  • Online (“Hot”) replication    
  • Region-aware redundancy
  • Enhanced Multi-tenancy Permissions
  • Distributed web frontends
  • High availability search
  • Unlimited automations

Enterprise
Edition

Optimized for Critical Environments and Enterprise SOCs.

Starting At:

$70k/year

Per indexer and for example estimated usage of 1.2 TB / day might require 4 nodes

  • Enterprise Edition
    Capabilities:
  • Self hosted on-prem or in your private cloud
  • Unlimited Kit Installs (Zeek,CoreDNS, Grok, Netflow, Sysmon and many more)
  • Unlimited data ingestion
  • Unlimited ingester endpoints
  • Unlimited retention
  • Unlimited search count
  • Unlimited user seats
  • Binary data support
  • Single Sign-on
  • Tiered storage
  • Cloud Archive (“Frozen”) Storage
  • Configurable data retention and automatic age-out
  • Search scheduler agent and built-in orchestration
  • Scriptable/custom search
  • Online (“Hot”) replication    
  • Region-aware redundancy
  • Enhanced Multi-tenancy Permissions
  • Distributed web frontends
  • High availability search
  • Unlimited automations

Enterprise Cloud Edition

Perfect for those looking to concentrate on data analysis and outsource the hosting and maintenance of a Gravwell Cluster

$70,000+

per year

Minimal passthrough cloud costs

  • Enterprise Cloud Edition
    Capabilities:
  • Hosted in the Gravwell Cloud
  • Unlimited Kit Installs (Zeek,CoreDNS, Grok, Netflow, Sysmon and many more)
  • Unlimited data ingestion
  • Unlimited ingester endpoints
  • Unlimited retention
  • Unlimited search count
  • Unlimited user seats
  • Binary data support
  • Single Sign-on
  • Tiered storage
  • Cloud Archive (“Frozen”) Storage
  • Configurable data retention and automatic age-out
  • Search scheduler agent and built-in orchestration
  • Scriptable/custom search
  • Online (“Hot”) replication    
  • Region-aware redundancy
  • Enhanced Multi-tenancy Permissions
  • Distributed web frontends
  • High availability search
  • Unlimited automations

Are you looking for Unlimited Indexers?

This is the license tier of the power users! All with unlimited licensing, you can deploy as many indexers as you want.

Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Learn more about our mission, our team, and why we do what we do.

I’m a Power User, Let’s Talk
Picture → Gravwell20Are20looking20Unlimited Indexers.png
faq-icon

Frequently Asked Questions

A Gravwell node is an indexer; the Gravwell indexer is responsible for accepting ingested data, indexing it, and storing the data in a storage medium. Webservers, ingesters, and other ancillary components are not counted as nodes for the purpose of licensing.

Multiple Gravwell nodes (or Indexers) can be combined to create a single Gravwell Cluster. 

The webserver acts as the focusing point for all searches and provides an interactive interface into Gravwell.

Most likely, no. Multiple webservers make your cluster more complex. In general, we recommend setting up a single webserver, then adding more only if the load is too high in use.

Ingesters gather incoming data, package it into Gravwell entries, and ship it to Gravwell indexers for storage.

Dashboards are aggregated views of searches that provide a view into multiple aspects of the data at once.

Gravwell Kits are pre-packaged tool sets for analyzing a particular data source. Kits exist to analyze Netflow v5, IPFIX, CoreDNS, and more. They're a great way to get started with your data, a jumping-off place to building your own analysis.

Gravwell Community Edition is free for private or commercial usage up to 13.9 GB/day of data ingestion. In addition, our Community actively supports Gravwell on our discord server.

We strongly recommend at least 4GB of RAM and 2 CPU cores to run Gravwell Community Edition; this should be sufficient up to the CE ingest limit.

You should scale up your hardware as your daily data ingest increases. In general, we recommend the following rule of thumb: One CPU core per 30 GB/day ingest. 1 GB of RAM per 6 GB/day ingest.

Yes you can. Check out the migration documents if you have existing data you want to import. https://docs.gravwell.io/#!ingesters/migrate/migrate.md

The community edition has a 13.9GB/Day Ingest Limit but our Professional and Enterprise plans have unlimited ingestion.

Open invitations are available at: https://discord.com/invite/gravwell

Join our Discord server and ask any questions you have! https://discord.com/invite/gravwell

Gravwell is distributed in four ways: via a Docker container, via a distribution-agnostic self-extracting installer, via a Debian package repository, and via a Redhat package repository.

Great! Send us a message, and we will get back to you with an answer. https://www.gravwell.io/contact-us

Great! Email marketing@gravwell.io