IBM QRadar pricing in 2026: EPS tiers, on-prem vs cloud, and enterprise costs
Independent QRadar pricing reference. EPS-based tier pricing from 100 EPS to enterprise scale, Community Edition limits, hardware requirements, on-Cloud subscription model, and head-to-head comparisons against Splunk and Sentinel. Updated April 2026.
Understanding EPS pricing
Events Per Second is QRadar's billing meter. An event is any single log entry crossing the QRadar Event Collector. EPS measures rate, not volume; a chatty source with small events drives higher EPS than a quiet source with large events, even at equal GB per day.
QRadar licences a sustained EPS rate (the long-running average) and a peak EPS rate (the burst ceiling). Sustained EPS at 110 percent of licensed for more than 24 hours triggers reconciliation. Peak bursts are smoothed across windows but persistent bursts force a tier upgrade. Right-sizing requires baseline data from a 30-day pilot. Most environments find their first licensing estimate understates real EPS by 30-50 percent.
EPS-to-GB conversion varies by source. Windows event logs average 60-80 EPS per GB per day. Firewalls and NetFlow data run 200-400 EPS per GB. SaaS audit logs run 30-50 EPS per GB. The dominant source mix in your environment defines the conversion ratio.
QRadar EPS tier pricing
| Tier | Licence range | Effective rate | Best for |
|---|---|---|---|
| 100 EPS | $10K/yr | $8.33/EPS/mo | Community / pilot |
| 500 EPS | $22K-$30K/yr | $3.67-$5.00/EPS/mo | Small business |
| 1,000 EPS | $40K-$55K/yr | $3.33-$4.58/EPS/mo | Mid-market entry |
| 2,500 EPS | $80K-$110K/yr | $2.67-$3.67/EPS/mo | Mid-market |
| 5,000 EPS | $140K-$190K/yr | $2.33-$3.17/EPS/mo | Upper mid-market |
| 10,000 EPS | $240K-$320K/yr | $2.00-$2.67/EPS/mo | Enterprise |
| 25,000+ EPS | $520K+/yr | Negotiated | Large enterprise |
Pricing reflects public IBM list prices and partner price sheets as of Q1 2026. Negotiated discounts of 25-35 percent are routine on multi-year agreements above 5,000 EPS. Maintenance contracts add 20-25 percent annually; QRadar on Cloud rolls maintenance into the subscription.
On-prem hardware requirements
For self-managed QRadar deployments, expect IBM-spec or equivalent hardware with the following rough configurations.
| Deployment | Hardware | Cost |
|---|---|---|
| All-in-one (under 1,000 EPS) | Single appliance / VM, 32GB RAM, 2TB storage | $25K-$45K |
| Distributed (1,000-5,000 EPS) | Console + 2 collectors, 64-128GB RAM each, 10-20TB total | $80K-$160K |
| Enterprise (5,000-15,000 EPS) | HA console, 4+ collectors, 256GB RAM, 50TB+ tiered storage | $200K-$400K |
| Large enterprise (25,000+ EPS) | Multi-site, dedicated event processors, 100TB+ | $500K-$1.2M |
Real-world QRadar cost scenarios
| Scenario | Profile | Licence | Total | Notes |
|---|---|---|---|---|
| Startup | Community Edition, 50 EPS | $0 | $8K-$15K | Free, 5,000 events/min cap; learning only |
| Small business | 500 EPS, on-prem appliance | $26K/yr + $35K hardware | $110K-$160K Y1 | Single-node deployment, 6-12 month payback |
| Mid-market | 2,500 EPS, QRadar on Cloud | $95K/yr | $280K-$380K | Subscription includes infra and updates |
| Enterprise | 10,000 EPS, hybrid, on-prem core | $280K/yr + $200K hardware | $890K-$1.3M Y1 | Distributed deployment, professional services typical |
| Large enterprise | 30,000 EPS on-prem, multi-site | $650K-$850K/yr | $2.1M-$3.0M Y1 | Full QRadar suite plus UBA, X-Force feeds |