Splunk architect for about 7 years here. 500MB logs a day is a lot for a home lab log ingest. Your biggest issue will probably be the lack of a login prompt if you expose it to the internet. I also think you lose the ability to do a deployment server role to centrally push log collection configs to universal forwarders.
We had to move to Elastic because the higher ups saw a slight savings of money. I’m paying the price in engineering time because of it. Splunk SPL (search language) and sheer amount of premade integrations for add-ons (parsing logs into extracted fields for example) and premade apps (Splunk knowledge objects like dashboards, reports, alerts) far and exceed the Elastic stack.
Though if you’re looking for turnkey solutions without learning how to search, the power of Splunk will be mostly missed. Same for Elastic I suppose. I find Splunk’s approach to be more intuitive. Elastic is like Google and AWS (if you’re familiar with their design decisions): powerful but completely asinine and unintuitive until you get past the learning curve
I’m kinda both.
I have a QNAP at home that served me well for 8 years, a big QNAP (forgot model number) in my lab at work with a dozen or so 3.5”, 4x 2.5”, and expansion for pcie. I find expansion and growth difficult. Like my old QNAP can’t do 10gbe and is stuck with an Atom cpu and a few GB of ram.
It’s expensive especially compared to buying something like a 28c/256GB ram Dell R730, an HBA, and a EMC disk shelf that I now use at home for TrueNAS. For ~$600, I have up to 16 2.5” and 15 3.5” bays, 4x 10gbe, more ram than I know what to do with, and much more capability. Porting my ancient WD Red 5400rpm from my old QNAP into this NAS I’m getting ~400MBps because of the cache and its bananas.