Elastic Security SIEM pricing in 2026: self-managed vs cloud, and the true cost
Independent Elastic Security pricing reference. Open-source Basic tier vs paid subscriptions, Elastic Cloud resource-based pricing (not per-user), self-managed infrastructure and engineering costs, and where Elastic genuinely wins or loses against Splunk and Sentinel. Rates re-verified against the Elastic Cloud Hosted price list, June 2026.
How much does Elastic Security SIEM cost in 2026?
Elastic Security has no single price because it does not license per user or per GB. The free, open-source Basic tier runs the core SIEM at $0 licence, self-managed, so you pay only for your own infrastructure and engineers. On Elastic Cloud Hosted the bill is resource-based (compute plus storage) with a subscription tier layered on top: Standard from ~$99/mo, Gold ~$114/mo, Platinum ~$131/mo (adds machine learning and cross-cluster search), and Enterprise ~$184/mo (adds Endpoint Security and SOAR). Those are starting rates for a small production cluster (roughly 120 GB storage across two zones) and scale with provisioned resources, not headcount. A 50 GB/day mid-market deployment lands near $240K-$320K all-in once infrastructure and the scarce Elastic engineering premium are counted; the licence line is the small part.
Tier rates verified against the Elastic Cloud Hosted price list, June 2026.
Subscription tier comparison
Basic
Free (self-managed)Core SIEM rules, basic detections, ELK stack
Machine learning, advanced analytics, premium support
Standard
From ~$99/moCloud entry tier: core Elastic Security on managed cloud, resource-based
Reporting, Watcher, third-party alerting actions (Gold+)
Gold
From ~$114/moStandard + reporting, Watcher, third-party alerting, multi-stack monitoring
ML, advanced security, cross-cluster
Platinum
From ~$131/moGold + ML jobs, advanced security, cross-cluster
Endpoint integrations, advanced UEBA
Enterprise
From ~$184/moPlatinum + Endpoint Security, SOAR, advanced UEBA
Bespoke MSSP features only
Elastic does not license by seat. The subscription tier is a feature gate applied on top of resource-based consumption (compute, memory, and storage), not a per-user charge. The figures above are Elastic Cloud Hosted starting rates for a small production configuration (roughly 120 GB storage across two zones); the bill scales with provisioned resources, not headcount. Gold is no longer sold to new self-managed customers. Source: elastic.co/pricing/cloud-hosted, June 2026.
The "free software, expensive people" reality
The Elastic Basic tier is genuinely free, but operating an Elasticsearch cluster at security-grade reliability is a specialised skill. Engineers who can tune shards, manage rollover policies, and debug cross-cluster replication command a 30-50 percent premium over generic SREs. Budget honestly.
$15K-$50K per year for 50-200 GB/day clusters. Hot, warm, and cold tiers required for cost-effective retention.
$120K-$180K per year for an engineer who can run Elasticsearch competently. 20-30 percent of their time goes to cluster ops alone.
Open-source rule sets exist but lag commercial vendors. Plan for a detection engineering function, not just a SIEM operator.
Real-world Elastic cost scenarios
| Scenario | Profile | Licence | Total TCO | Notes |
|---|---|---|---|---|
| Startup | 5 GB/day, Basic + self-hosted | $0 licence | $45K-$70K | Single engineer maintains, infra ~$8K-$15K |
| Mid-market cloud | 50 GB/day, Elastic Cloud Platinum, hot-warm cluster | $85K-$110K/yr | $240K-$320K | Resource-based; provisioned compute and storage drive cost |
| Mid-market self-managed | 50 GB/day, Platinum subscription, on-prem cluster | $70K-$95K/yr | $310K-$420K | Engineer salary premium dominates |
| Enterprise | 200 GB/day, Elastic Cloud Enterprise, multi-tier | $280K-$400K/yr | $760K-$1.1M | Full Endpoint Security included |
| Open-source heavy | 200 GB/day, Basic only, 2 dedicated engineers | $0 licence | $520K-$680K | Engineering, infra, opportunity cost |