Some of you have deployed logscale at home or in a small setting as a way to get some experience with it. That was possible because Crowdstrike provided a free tier on the same lines as Splunk, Burpsuite, and even AWS/Azure/Google: some features were disabled and the amount of data was limited, but you were still able to get your feet wet in it. Now that is benefitial to both the company and you:
- You learn how to use a well-known commercial product so when you go apply for a job that uses it knowing enough so you can start using it. Now some will claim the only experience that counts is experience you got from a paid job. Given how active I am in the open source community, I disagree. In fact, I will put my neck on the block and say there were many things I learned in a home lab I could not learn at work because, well, even when you work in a research institution what you can work on their time is dictated by what they think is important.
- That does not mean if you install it in your homelab you will be just fiddling with some controls without really understanding the product. Logscale, AWS, Splunk, and Portswiggler (just using the same companies I mentioned because I can't be bothered finding links to others) offer free formal classes with hands-on exercises (and, yes, I know some of the AWS and Splunk videos are cringe but at least they are trying). These classed can lead yo you getting certfied, but that will cost and is a discussion for another post. Which leads to...
- Microsoft, Splunk, and all of those companies want you to learn their product well. If you do, when you work at a company using it, you will not suck using it, so their product will not suck. And, if you get to the point you are the one recommeding products, guess which ones will you select?
So, what about this Logscale gripe you have?
Like the other vendors mentioned above, in early 2021 Crowdstrike acquired Humio, which later became Logscale. Later in that year, they announced the Humio Community Edition, the free version of Logscale with similar restrictions as, say, Splunk's (stealing the above from their announcement):
- Ingest up to 16GB per day
- 7-day retention
- No credit card required
- Ongoing access with no trial period
- Index-free logging, real-time alerts and live dashboards
- Access Humio’s marketplace and packages, including guides to build new packages
Bottom line
- If you want to learn Logscale, and by that I mean also practcing it, you will have to get hired by a company that already has it.
- If you are considering using it but have never used similar products, you will have to spend money. So, you might as well hire someone to see if it is the best solution for your needs. Case in point, a lot of people, me included, make fun of Splunk's price. Thing is, someone who is a Splunk Engineer, as opposite to a Security Engineer with Splunk Experience, knows how to put it together so its yearly cost does not go up the roof.