+1 on elastic search. We swapped splunk out for es + some inhouse pipelines and it's been a decent replacement. It's not 100% the same. We can't throw random garbage logs at it and create structure, we pushed structured logging onto service owners, but it's covered a lot of our common use cases e.g. what happened with this request?
We haven't moved off of splunk for all of our logs, but have reduced the volume going there significantly.
The query capabilities of elastic is subpar compared to Splunk and not feasible for us.
Elasticsearxh does not support JOINS which is a huge trade off for us
https://www.elastic.co/
Depending on your volume and situation, there are hosted options or you can roll your own on-prem.