Datadog vs. Sumo Logic: a side-by-side comparison for 2024

Both Sumo Logic and Datadog offer top-notch observability toolkits for platforms ranging from small projects to enterprise-grade operations. At glance, they offer the same set of tools, but there are key differences we’ll take a look at today.

Below, you'll find a side-by-side comparison of Datadog and Sumo Logic for 2023.

I've decided to compare these tools based on the following criteria:

1. Platform functionality overview
2. Ease of integration
3. Onboarding, UI & UX
4. Incident management
5. Pricing

1. Platform functionality overview

✓ - partial or limited feature

✓✓ - feature is present

X - the platform does not offer this feature

Sumo Logic

Sumo Logic is a powerful, business-ready observability suite offering end-to-end observability and security tools within one platform. Products are divided into the following sub-categories: Cloud Log Management, Infrastructure Monitoring, Application Observability, Software Development Optimization, Audit and Compliance, Cloud Security Monitoring, and Analytics. Cloud SIEM and Cloud SOAR.

While products like Log Management and Infrastructure monitoring are pretty clear, others might need more insight. Application Observability offers all the “ordinary” APM features, but also covers an entire platform for Application Security. Cloud SIEM is a tool for Security Information and Event Management, which enables developers to investigate security incidents and address alerts within a built-in collaboration platform. Cloud SOAR is a tool for Security Orchestration, Automation, and Response. SOAR enables coordinating tasks and automating workflows among users and tools within one platform.

Datadog

Datadog is mainly praised for infrastructure and security monitoring features. It offers a wide range of features for monitoring and securing distributed cloud infrastructures and applications. Datadog offers standalone tools for Infrastructure monitoring, APM and code profiler, Database, Synthetic, Real User, Serverless, and Network Monitoring.

To bring more clarity into Datadog’s stack, let’s take a look at some of the tools offered. Datadog’s APM, Synthetic Monitoring, and RUM combined to offer a complete end-to-end Application Observability platform. Combined with Application Security Monitoring, you can get your hands on a powerful Dev(Sec)Ops platform.

🔮 Want modern and radically cheaper logging than Datadog or Sumologic?

Go to Logtail and start your log management for free in 5 minutes.

2. Ease of integration and deployment

Sumo Logic

Sumo Logic’s setup has multiple parts, based on your preference. The usual way is to set up the collector agent running on the host. It sends metrics and logs to Sumo Logic for further processing. Setting up the collector is fairly easy as Sumo Logic guides you through the process, so the setup may be considered almost automatic.

However, this is not the only approach to doing things. Sumo Logic also offers Open-telemetry data-collection and also a “Hosted collector”, so a host installed in AWS, collects your data from multiple sources via HTTPS and forwards them all together to Sumo Logic.

Sumo Logic’s documentation is written well, however, a lot of terms or additional configs are available via hyperlinks, some of which, lead to GitHub, others to other parts of the documentation or dead ends. But this can’t be considered a downside since Sumo Logic launched its new Docs platform only recently, so it’s normal to expect some compatibility issues and users still have access to “legacy” documentation.

Nevertheless, tools like Dynatrace had the Open Telemetry setup resources written much better.

Datadog

Datadog’s agent is available for virtually any platform and setup and comes embedded with a python environment. Installing the agent is done with a simple copy&paste of a generated code snippet from the UI based on the selected host.

While Datadog’s agent does not work “out-of-the-box”, it’s not necessarily an issue as it gives the developers more freedom in creating a custom and tinkered monitoring solution. On the other side, this can be a stressful approach for those who are new to Datadog.

Datadog automatically registers and collects metrics from the host and the rest needs to be configured in specified *.conf files. Datadog offers hints on which services might be available but aren’t instrumented and also offers an example config for each service you’d want to monitor. Enabling log collection and management is approximately the same.

3. Onboarding, UI & UX

Sumo Logic is a powerful platform and therefore, there’s a lot you need to learn to fully make your money worth when using this tool.

Personally, Sumo Logic’s UI feels a lot like a file explorer. And this might be the biggest downside of the UI as everything you do spawns a new tab. Every query, monitor, or dashboard can be stored in a folder and accessed from there. Every aspect of the product is built with queries, whether you’re looking to create a dashboard or any other visualization, view your logs, or create alerts.

However, if you ever get lost, Sumo Logic offers a ton of easy-to-access learning materials in the form of either micro-lessons or entire certificates.

Datadog has a much simpler UI, which has some minor design flaws, in the Dark UI. But apart from that, it makes it easy to access data from multiple points based on the context and approach to said data. One can use either the Event explorer or individual product sub-pages to query and analyze ingested data.

Datadog’s query language is similar to Sumo Logic’s, however, it offers an easy-to-comprehend query builder enabling users to build queries from start. Every tool offers a setup tab, with guides and documentation required to set it up. While there are a few things missing in the onboarding, Datadog is, in my opinion, easier to start with.

Datadog’s university offers web-based labs with interactive shells, guiding you from the initial steps like setting up the agent and creating dashboards to advanced flows like how to collect application performance data from containers.

4. Incident Management and Alerting

Setting up alerts works the same as everything else in Sumo Logic, you need to write a query and then set up alerts for the query result. Once you figure that out, you can create really outlier-focused or specific use-case alerts and warnings.

You can also tweak your monitors with additional details or potential instructions needed for recovery. However, this is only a simple alert monitor. You can create entire workflows of subqueries or joins to create advanced monitors and also leverage the entire Security Monitoring and Management platform Sumo Logic offers.

You can create entire workflows of subqueries or joins to create advanced monitors and also leverage the entire Security Monitoring and Management platform Sumo Logic offers.

On-call schedules, status pages, and notifications in third-party apps, or via a phone call must be handled via an integration. Like always, you’ll often need to configure the integration yourself.

Datadog offers an almost complete Incident Management tool. With Datadog, you can create incidents, rank them by severity, manage incident resolution by assigning responsible users and teams, draft post-mortems, and send basic e-mail and slack notifications.

While features like on-call management or status pages are missing, It’s important to mention features that make Datadog stand out, like Application Security Monitoring, Vulnerabilities Scanner, or the Cloud CSPM. Cloud Security Posture Management is a configuration monitoring tool, which makes sure that your infrastructure is not made vulnerable from start.

🔮 Want to collaborate on solving incidents from one place?

Go to Better Stack and start managing your incidents in 2 minutes.

5. Pricing

Sumo Logic offers monthly or annual subscription models for each of their product. Pricing is divided into tiers: Free, Essentials, Enterprise Operations, Enterprise Security, and Enterprise Suite.

The price of each product will then depend on the chosen subscription. Products are divided into Cloud Management starting at $3/GB, Infrastructure Monitoring available from $0.45/DPM - (Data Points per Minute), Application Observability starting at $2.10/GB, or Audit and Compliance which starts at $3/GB. The pricing of Cloud Security Tools and Cloud SOAR must be requested from the Sales team.

This minimalistic approach to numbers might be a bit confusing, luckily Sumo Logic offers a Pricing Detail tab, where you can see the expected minimal monthly bill per product.

Looking at Sumo Logics Free subscription, users have the following available:

• Log management with 7 days retention and 1GB/day volume cap
• Limited Application Observability and 1.5GB/day of traces
• Infrastructure Monitoring with a 3000 DPM/day volume cap
• Alert Response

Users get access to the Free subscription plan after the expiration of the, usually 30-day trial period.

Datadog has a decentralized pricing model, each product has its own pricing logic. First of all, the Freemium plan offers only very basic infrastructure monitoring plans, anything on top of that, including log management, needs to be bought.

The rest of the infrastructure is billed based on various metrics. Infrastructure, APM, Network or Database monitoring, or CSPM are priced per host. Log management or Cloud SIEM is priced per GB ingested. The rest is either tool-specific or priced per User like in the case of Incident Management or “committer” in the CI Visibility tool.

To talk numbers, Infrastructure monitoring starts at $15/host per month. Log Management starts at $0.10/GB. APM starts at $31/host. API synthetic tests start at $5/thousand tests and Browser tests start at $12/thousand tests. Incident management starts at $20/User. There is no full-platform subscription plan publicly available, but volume discounts may be arranged with the sales team.

Final Thoughts

Today, we’ve gone through two extremely powerful, enterprise-ready, observability platforms. After spending some time in both environments, I can say that I would seriously consider using both.

Personally, this time I want to go with Datadog for Infrastructure monitoring and Incident response, but also some key security monitoring features. Luckily, in these times vendor, lock-in is a thing of the past, and developers and project managers can cherry-pick solutions. Meaning that one could effectively deploy Datadog, alongside Sumo Logic and easily plug in a plethora of other SaaS or open-source tools.

To wrap things up, here is the promised side-by-side comparison

That’s about it for today, if you got all the way here, thank you for reading my article. Make sure to check out the rest of our community pages where we tackle anything from comparisons of tools all the way to practical and technical guides such as this on reaching High Availability with Docker in production.