Sumo Logic broadened its observability tools this week, positioning itself as a user-friendly, lower-cost alternative to more established enterprise rivals.
The company's AWS Observability Solution and Microservices Observability Solution for Kubernetes, first announced in early August, is now generally available. Observability is a term for IT monitoring techniques that automatically surface useful signals amid high volumes of varied data and make detailed custom queries into system performance for troubleshooting.
In the past, Sumo Logic had a less unified approach: individual AWS services displayed log monitoring data in separate dashboards, and alerts on log data were set separately from metrics. The new tools also build in distributed tracing data based on the OpenTelemetry open source project.
The new Sumo Logic observability tools also introduce the vendor's first automated root cause analysis capabilities, which can proactively pinpoint issues that lead to errors in dependent systems and alert IT ops pros to their presence. Such features have been offered by top competitors such as Splunk and Elastic since 2018. However, Sumo Logic aims to undercut Splunk on price and challenge both with ease of use, as economic pressure on IT departments mounts amid the COVID-19 pandemic.
One user says Sumo Logic has found the right formula.
"I can build [Sumo Logic monitoring] into services within the CI/CD pipeline through Terraform, and logs and metrics flow automatically to standard dashboards that cover about 80% of use cases," said Andy Makings, head of DevSecOps at Snoop, a U.K. fintech startup. For the rest, setting up custom queries doesn't require a steep learning curve.
"Even if you don't know what you're looking for, you can just put a keyword into search," Makings said.
The new AWS Observability dashboards still represent a big improvement over Sumo Logic's previous approach, according to Makings. That approach required separate alerting for log and metrics data, and displayed each AWS service separately rather than correlating data between them.
Sumo Logic observability tempts on price
As cloud-native apps and microservices architectures grow more complex, users must ingest ever-growing volumes of data, which can quickly drive data storage costs out of control. All observability vendors face this problem but take different approaches to solving it.
Makings said he's used most major IT observability tools in past jobs but finds Sumo Logic the most affordable, even compared with AWS CloudWatch Insights. He declined to give specific cost numbers but said excessive CloudWatch Logs Insights searches had caused monthly AWS bills to balloon unexpectedly in the past.
Andy MakingsHead of DevSecOps, Snoop
"The benefit with Sumo is we don't have to worry about that," Makings said. Sumo Logic includes LogReduce, which summarizes back-end log data to better pinpoint searches, rather than running potentially costly queries over terabytes of data. "We can afford to ingest everything, which means we can see everything, and scan across all our environments."
Large enterprise users of Splunk have voiced concerns about cost in the past, though the IT operations management bellwether has made changes over the last year in response. It introduced new entry-level Rapid Adoption pricing options for its on-premises and Splunk Cloud SaaS products in September 2019 that start at $10,000 for three to five use cases, which include IT ops and security.
At the same time, Splunk introduced pricing options based on compute capacity consumed, called infrastructure-based pricing, rather than data volume ingested; and predictive pricing, which is meant to mitigate cost overruns enterprise customers sometimes encountered when they tried to ingest more than their monthly allotment of data.
Users of Splunk Cloud on AWS pay for only infrastructure charges, not for the Splunk software itself. Still, the full Splunk Enterprise suite starts at $1,800 per ingested gigabyte per year, with volume discounts available.
Large IT organizations have found some pricing relief compared with traditional Splunk Enterprise in Elastic, which does not charge separately for its log analytics and SIEM tools. But Sumo Logic similarly bundles SecOps and IT ops tools into its Enterprise Suite, with pricing starting at $4.75 per gigabyte, per month, with additional charges for unlimited search starting at $2.14 per gigabyte, per month.
The Sumo Logic AWS Observability and Microservices Observability products also don't come with a separate license cost for software -- existing users will be charged for only any additional data they ingest to use the new features. Finally, Sumo Logic users can designate some data for infrequent access and store it for $0.10 per gigabyte, per month.
Catching up to observability giants
Sumo's not alone offering automated root cause analysis capabilities, or in expanding the data sets it can collect. Competitors such as Dynatrace, New Relic, Datadog and Cisco's AppDynamics have all made similar moves in the last 18 months. New Relic also drastically slashed its pricing for AIOps software in July.
Enterprises are already bombarded by marketing from this glut of observability vendors, and Sumo Logic must fight to develop and maintain its own customer and partner relationships amid the noise, according to one analyst.
"Cost is one big component to [competing], but the crux of it is, are they able to have a conversation with the appropriate parties within a [customer] organization?" said Stephen O'Grady, principal analyst and co-founder at RedMonk in Portland, Maine. "These [updates] are about making sure Sumo Logic continues to have credible conversations with partners [such as AWS] about complicated problems, and that they're going to give them the attention they deserve."
While observability and automated root cause analysis are much-hyped features, actual production use isn't yet mainstream, O'Grady said.
"Nobody's in a position to own the entire market or a majority of the market yet," he said. "Sumo Logic is evolving as it needs to, but it's a crowded market and will continue to be for the foreseeable future."