Ask a Dynatrace customer and a Honeycomb customer to describe what "investigating an incident" means, and you'll get two different stories. On Dynatrace, Davis AI has usually already told you what broke by the time you open the laptop, tracing the causal chain through Smartscape's topology graph and handing you a deterministic answer. On Honeycomb, nobody hands you the answer. You select a bad-looking region on a heatmap, BubbleUp tells you which of up to 2,000 attributes correlate with it, and you form and test your own hypothesis from there. One platform automates the investigation. The other makes the investigation itself extraordinarily fast.
That difference isn't incidental, it's the whole reason each company exists. Dynatrace spent over a decade building OneAgent to auto-instrument everything, Smartscape to auto-map everything, and Davis to auto-explain everything, on the bet that engineers shouldn't have to know where to look. Honeycomb was founded on almost the opposite premise: that production failures are frequently novel, that you can't pre-build a dashboard for a problem you haven't had yet, and that the right investment is a query engine fast enough to explore any dimension of your data on the fly, with high cardinality as a feature rather than a billing problem.
Naturally, the pricing follows the philosophy. Dynatrace's consumption model meters memory-GiB-hours, GiB scanned, pod-hours, and per-session charges across a rate card with a reported $24,000/year minimum, no free tier beyond a 15-day trial. Honeycomb's event-based model gives you 20 million events a month free, then scales from $130/month for 100M events, with high-cardinality fields costing nothing extra because cardinality is the product, not a surcharge trigger. This comparison works through where each philosophy earns its cost.
Quick comparison at a glance
Feature
Dynatrace
Honeycomb
Primary purpose
Enterprise observability + security platform
Purpose-built observability engine
Free tier
15-day trial only
Yes (up to 20M events/month)
Pricing model
Consumption rate card (many dimensions)
Event-based (per event ingested)
Minimum commitment
~$24,000/year reported
None (free tier available)
Instrumentation
OneAgent (auto-inject) or OTel (metered)
OTel SDKs (manual, native, no surcharge)
Query language
DQL
Honeycomb query builder (proprietary)
Query fees
Yes ($0.0035/GiB scanned)
None
High-cardinality fields
Counted toward consumption
No penalty (core design)
APM / tracing
Yes (PurePath, method-level)
Yes (wide-event tracing, BubbleUp)
Anomaly attribution
Davis AI (topology-based)
BubbleUp (attribute correlation)
Code-level profiling
Yes (PurePath)
No
Log management
Yes ($0.20/GiB + retention + query fees)
Yes (event-based, shared pool with traces)
Infrastructure monitoring
Yes (deep, incl. mainframe, SAP, VMware)
Yes (Metrics GA March 2026)
Session replay
Yes ($4.50/1K sessions)
No
Synthetic monitoring
Yes (per-action pricing)
No
Error tracking
Yes (via OneAgent)
No (surfaces within traces/logs)
Application security
Yes (runtime protection + posture)
No
AI root cause analysis
Davis AI (deterministic, since 2017)
Canvas + Automated Investigations
MCP server
Yes (GA, query costs apply)
Yes (GA, Claude Code, Cursor, Amazon Q)
On-call scheduling
No (external tools)
No (external tools)
Status pages
No
No
SOC 2 Type II
Yes
Yes
HIPAA
Yes
Yes (BAA available)
FedRAMP
Yes (Moderate)
No
PCI DSS
No
Yes
Platform architecture and philosophy
Every architectural choice in this comparison traces back to one design decision each company made years ago and never walked back. Dynatrace decided the platform should know your system better than you do. Honeycomb decided the platform should let you ask it anything, instantly, and get out of the way.
Dynatrace: OneAgent, Grail, and Smartscape, doing the knowing for you
OneAgent installs on a host and auto-discovers every process, injecting monitoring code with zero configuration. Smartscape turns that discovery into a live topology graph, mapping dependencies across the entire environment in real time. Grail stores everything, logs, traces, metrics, events, with schema-on-read DQL querying, so there's no upfront schema to design. The three pieces exist to build the map that Davis AI then reasons over.
The bill follows the same logic: pay for what the platform does automatically. Full-Stack Monitoring runs $0.01 per memory-GiB-hour (roughly $58/month for an 8 GiB host), logs cost $0.20/GiB to ingest with either metered queries ($0.0035/GiB scanned) or 28x-priced bundled retention, and Kubernetes pods add $0.002/pod-hour. It's transparent at the line-item level and genuinely hard to forecast in aggregate, because you're predicting consumption across a dozen dimensions simultaneously, and the pay-per-query model means a more thorough investigation costs more money than a shallow one.
Honeycomb: wide events, arbitrary queries, no penalty for asking a weird question
Honeycomb stores everything as wide events in a custom columnar store built for exactly one kind of query: fast, arbitrary, high-cardinality. A span can carry hundreds of custom fields, customer ID, feature flag, deployment version, tenant, region, and every one of them is queryable at sub-second speed with no pre-indexing and, crucially, no cardinality penalty. That last part is the whole architectural bet: most platforms charge you more the more specific your data gets. Honeycomb charges you the same.
BubbleUp is what that architecture makes possible. Select a bad-looking cluster in a heatmap and BubbleUp automatically scans up to 2,000 attributes per span to surface which ones correlate with the anomaly, no hypothesis required going in. It's the closest thing in this comparison to Davis, minus the topology graph and minus a decade of deterministic tuning, but genuinely fast in a way that changes how debugging feels day to day.
The corresponding gap: Honeycomb has no incident management, no on-call scheduling, no session replay, no status pages, and no security product. Honeycomb's own engineers use PagerDuty for on-call. Choosing Honeycomb means choosing to build the rest of your operational stack around it.
Architectural factor
Dynatrace
Honeycomb
Design goal
Automatic understanding
Fast arbitrary querying
Data storage
Grail (proprietary lakehouse)
Columnar wide-event store
Query language
DQL
Honeycomb query builder
Instrumentation
OneAgent (automatic) or OTel (metered)
OTel SDKs (manual, native)
Cardinality handling
Counted toward consumption
No penalty (core design)
Anomaly attribution
Davis AI (topology-based, deterministic)
BubbleUp (attribute correlation)
Self-hosted option
No
No
Scope
Full platform + security
Observability only
Neither platform tells the on-call engineer what to do next
Dynatrace explains the problem; Honeycomb helps you find it fast. Neither one pages anybody or updates a status page. Better Stack connects observability directly to the response, so investigation and action happen in one place.
From heartbeat monitoring to incident timelines to status pages, one platform for the whole reliability lifecycle.Start free.
APM and distributed tracing
Two ways to find the slow request: one where an agent already found it for you, and one where you go looking with a tool built for exactly that.
Dynatrace: PurePath, method-level and automatic
Install OneAgent and PurePath traces flow immediately, following individual transactions from browser through every service call and database query down to the specific method responsible for latency. For JVM and .NET estates specifically, the code-level depth, flame graphs, thread contention, memory allocation, remains unmatched in this comparison. Here's how trace analysis works in practice:
What it costs beyond money: your traces live in Grail's format, queryable through DQL, and trace queries on the pay-per-query plan incur GiB-scanned charges. The deeper you build workflows on PurePath, the more expensive leaving becomes.
Honeycomb: wide-event tracing, BubbleUp on top
Honeycomb's tracing carries zero cardinality penalty for custom fields, so a trace can carry business context, customer tier, experiment variant, whatever matters to your product, and querying across it costs nothing extra. BubbleUp runs directly on trace data: select the anomalous cluster and it tells you which span attributes distinguish it from baseline, an investigative shortcut Dynatrace's topology-based Davis doesn't attempt in quite the same way, because Davis is answering "what's the root cause" while BubbleUp is answering "what's different about this."
The instrumentation reality is the flip side of the automation coin: OTel SDKs, installed per service, per language, maintained over time. For a five-language microservices estate that's a real, ongoing engineering cost that OneAgent simply doesn't impose. There's also no code-level profiling here at all; eBPF-adjacent depth isn't the product Honeycomb is building.
APM / tracing
Dynatrace
Honeycomb
Instrumentation
OneAgent (automatic) or OTel
OTel SDKs (manual, native, no surcharge)
Code-level profiling
Yes (PurePath, method-level)
No
Anomaly attribution
Davis (topology, deterministic)
BubbleUp (attribute correlation)
Cardinality on custom fields
Counted toward consumption
No penalty
Trace query fees
Yes (pay-per-query)
None
APM pricing
$0.01/memory-GiB-hour
Event-based (shared pool)
Tracing without the meter or the SDK maintenance burden
Dynatrace charges to query your own traces and Honeycomb asks your team to instrument every service by hand. Better Stack's eBPF-based tracing captures HTTP, gRPC, and database traffic at the kernel level with zero code changes, priced purely by data volume with no query fees.
Full-fidelity distributed tracing from every service, priced by volume with no surprises.Explore Better Stack tracing.
Log management
Ask each platform what a log is, and you get a genuinely different answer. Dynatrace treats logs as their own signal type with topology context bolted on. Honeycomb treats a log as just another shape of wide event, sitting in the exact same store as a trace span, which sounds like a technicality until you notice what it does to the pricing model.
Dynatrace: topology-enriched, two pricing models to choose between
Dynatrace logs land in Grail at $0.20/GiB with Smartscape enrichment attaching service, host, and dependency context to every line. Here's the Logs app in action:
Then the plan decision arrives: pay-per-query (cheap retention, $0.0035/GiB scanned per query) or bundled (queries free, retention at roughly 28x the pay-per-query rate). Predict your team's investigation habits wrong and the wrong plan costs real money every month.
Honeycomb: logs as events, no separate indexing decision at all
Honeycomb for Log Analytics, launched late 2024, puts logs in the same columnar store as traces, so every field is queryable with no pre-indexing and BubbleUp works on log data exactly the way it works on spans. One click takes you from a log line to its associated trace, because they're not really different data types underneath, just different shapes of the same event. Pipeline Intelligence (March 2026) uses AI to auto-detect log formats and build parsing pipelines, meaningfully reducing the friction of unstructured input, though structured JSON logs remain the smoothest path.
Where the pricing philosophy diverges cleanly: Dynatrace's two-model puzzle asks you to predict your query behavior in advance. Honeycomb's shared event pool has no such decision, because there's no separate indexing layer to opt into or out of.
Log management
Dynatrace
Honeycomb
Storage model
Separate signal, Smartscape-enriched
Wide event, shared pool with traces
Pricing
$0.20/GiB + retention + query fees
Event-based (no separate log fee)
Query fees
Yes (or 28x retention)
None
BubbleUp on logs
No (Davis instead)
Yes
Unstructured log handling
Native
Requires Pipeline (or Pipeline Intelligence)
Log search with no plan to guess wrong on
Both platforms avoid the industry's worst pattern, indexing half your logs and archiving the rest, but Dynatrace still asks you to bet on a pricing model. Better Stack stores all logs in a unified SQL-queryable warehouse at $0.10/GB with no query fees and no upfront plan decision.
Unified log management with SQL search, live tail, and no indexing surprises.See how it works.
Infrastructure monitoring
This section is short for an honest reason: Honeycomb only just showed up to it.
Dynatrace: the deepest infrastructure story in this entire series
Dynatrace covers cloud hosts and Kubernetes, then keeps going where almost nothing else does: mainframes, SAP landscapes, VMware Tanzu, hybrid data centers running decades of infrastructure generations, all mapped automatically by Smartscape. Tiered pricing ($7 to ~$58/month per host depending on depth and memory) lets large enterprises match spend to criticality across thousands of hosts. The familiar catch applies: Full-Stack pricing scales with host memory, and cloud integrations pull in metrics that bill as custom consumption by default.
Honeycomb: metrics as wide events, genuinely new
Honeycomb Metrics reached general availability in March 2026, and the approach is distinctly Honeycomb: metrics derive from the same wide events as traces and logs rather than living in a separate time-series database, with promotional pricing starting at $2 per 1,000 time series a month and, true to form, no cardinality surcharge for adding useful tags. That's real, and it's a genuine relief for teams that have hesitated to tag metrics on other platforms because of cost. What it isn't yet is mature: no mainframe or SAP coverage, no automatic topology mapping, and a query model different enough from PromQL that teams with deep Prometheus investment will feel the gap.
Infrastructure monitoring
Dynatrace
Honeycomb
Mainframe / SAP / VMware
Yes
No
Automatic topology mapping
Yes (Smartscape)
No
Metrics pricing
Memory-GiB-hours per host
$2/1,000 time series (promotional)
Cardinality penalty
Yes (custom metric charges)
No
Product maturity
Established (years)
GA March 2026
PromQL-style compatibility
Via DQL
Different model, less established
Digital experience and error tracking
Neither of these is close, and it's worth being direct about it rather than padding out a table.
Dynatrace's DEM suite is complete: web and mobile RUM with crash analysis, session replay at $4.50 per 1,000 sessions, browser and HTTP synthetics, all correlated to backend PurePaths through the same platform.
Honeycomb for Frontend Observability, by contrast, is a Core Web Vitals debugging tool, not a RUM product. It captures CWV data and runs BubbleUp attribution to explain which elements and scripts correlate with poor LCP, CLS, or INP, which is genuinely useful for the specific question "why is this page slow," but there's no session replay, no synthetic monitoring, no product analytics, and mobile support (React Native) is Enterprise-only beta.
Error tracking follows the same pattern of scope. Dynatrace captures exceptions natively through OneAgent with full PurePath context and automated regression detection. Honeycomb has no standalone error tracking product; exceptions surface as fields within traces and logs, which works for investigation but offers nothing like issue assignment or grouping workflows.
Digital experience
Dynatrace
Honeycomb
Session replay
Yes
No
Synthetic monitoring
Yes
No
Mobile RUM
Yes (crash analysis)
React Native beta (Enterprise)
BubbleUp for CWV
No
Yes (differentiator)
Standalone error tracking
Yes (via OneAgent)
No (surfaces in traces/logs)
AI capabilities
Two AI stories, and the honest framing is that Dynatrace's has eight more years of runtime behind it. Davis was doing deterministic causal analysis before anyone called it AI; Honeycomb's AI suite is newer but built with unusual transparency.
Dynatrace: Davis, deterministic and battle-tested
Davis runs fault-tree analysis over the Smartscape topology graph, collapsing an alert storm into a single problem with a traced causal chain, reproducible reasoning, in production since 2017. The agentic layer built on top (Dynatrace Assist, an SRE Agent, AutomationEngine remediation) extends that foundation, and the MCP server is GA in remote and local versions, with the platform's now-familiar caveat: MCP queries scan Grail and bill per GiB, so the AI's thoroughness is metered too.
Honeycomb: Canvas, Automated Investigations, and genuine reasoning transparency
Honeycomb's AI suite is smaller in scope but notably honest about how it works. Canvas answers natural-language questions and generates queries, and critically shows its chain-of-thought, exactly which tool calls it made to reach a conclusion, which builds a kind of trust that a black-box answer doesn't. Automated Investigations (early access) fire when an alert triggers or an SLO burns, running the same investigative playbooks a strong SRE would, the closest thing here to Dynatrace's proactive Davis, though still early access rather than fully mature. The Honeycomb MCP server is GA and, notably, ships with Agent Skills that help AI assistants migrate legacy instrumentation to OpenTelemetry, a use case Dynatrace's MCP tooling doesn't really address since it isn't trying to move you off its own agent.
The honest comparison: Davis fires automatically and has years of production hardening behind its conclusions. Canvas requires you to ask, but shows you exactly how it got its answer, which is a different kind of trust-building than Dynatrace's deterministic-but-opaque topology reasoning.
AI capability
Dynatrace
Honeycomb
Fires automatically on alert
Yes (Davis, since 2017)
Automated Investigations (early access)
Reasoning transparency
Deterministic but not chain-shown
Yes (Canvas shows tool calls)
MCP server
GA (queries metered)
GA (includes instrumentation Agent Skills)
Natural language querying
Davis CoPilot / Assist
Canvas
Query cost for AI investigation
Metered (GiB-scanned)
Included in event pool
AI that investigates and then connects to the response
Davis explains what broke; Canvas shows you how it reasoned about what broke. Neither hands the conclusion to an on-call engineer. Better Stack's AI SRE investigates autonomously during incidents and delivers its hypothesis into a live incident, with the responder already paged.
Autonomous root cause investigation connected to on-call, incidents, and status pages.See the AI SRE.
Security and compliance
This section resolves fast because the gap runs one direction almost entirely.
Dynatrace Application Security uses OneAgent's runtime visibility to detect which vulnerable libraries are actually loaded and reachable in production, not just listed in a manifest, with Runtime Vulnerability Analytics, Runtime Application Protection, and Security Posture Management as dedicated products checking against CIS, NIST, DORA, and HIPAA standards. Compliance runs deep too: FedRAMP Moderate, ISO 27001, HIPAA.
Honeycomb has no security product at all, no SIEM, no runtime protection, nothing. Its compliance posture is real but narrower: SOC 2 Type II, HIPAA with a BAA, and notably PCI DSS certification, which Dynatrace doesn't hold in its standard portfolio, a genuine point in Honeycomb's favor for payments-adjacent teams. FedRAMP is absent, which rules Honeycomb out of federal workloads regardless of how good the rest of the story is.
Security and compliance
Dynatrace
Honeycomb
Runtime vulnerability detection
Yes
No
Runtime application protection
Yes
No
Security posture management
Yes
No
SOC 2 Type II
Yes
Yes
HIPAA
Yes
Yes (BAA)
PCI DSS
No
Yes
FedRAMP
Yes (Moderate)
No
ISO 27001
Yes
No
Pricing comparison
Run the same workload through both rate cards and the philosophical split from the intro turns into an actual number.
Honeycomb's total is intentionally left open because Enterprise event pricing is negotiated, but the shape of the comparison holds regardless of the exact number: at moderate scale, Honeycomb is typically the cheaper platform for the observability signal itself, while Dynatrace's price buys automatic instrumentation, code-level profiling, security, and a decade of Davis's production tuning that Honeycomb simply doesn't sell. Both totals need external tooling added, PagerDuty for either, plus Sentry for Honeycomb specifically, since error tracking isn't native there.
The free tiers tell the same story from a different angle: Dynatrace's 15-day trial expects you to commit before you've really tested anything at scale; Honeycomb's 20M events/month, free forever, lets a small team run real production traffic through it indefinitely before ever talking to sales.
Pricing factor
Dynatrace
Honeycomb
Free tier
15-day trial
20M events/month, forever
Cost anchored to
Host memory + consumption dimensions
Event volume
Cardinality penalty
Yes
No
Query fees
Yes
None
Minimum commitment
~$24,000/year reported
None (negotiated at Enterprise)
External tooling needed
Minimal (security, DEM included)
On-call + error tracking
One platform's price tag, minus the response layer either way
Honeycomb is usually cheaper for the raw signal and Dynatrace is usually cheaper in total engineering time, but neither pages your on-call engineer. Better Stack combines volume-priced logs, metrics, and traces with on-call scheduling, incident management, and status pages, one bill, no external tooling required.
Fewer vendors, fewer context switches, and a single place for the full reliability workflow.Talk to us.
What each platform genuinely lacks
Dynatrace gaps worth knowing:
Consumption forecasting across a dozen dimensions is genuinely hard; surprise costs from cloud metrics and query scanning are commonly reported.
Query fees mean thorough investigation, including by its own MCP-connected AI, carries a metered cost.
No free tier beyond a 15-day trial, and a reported minimum commitment that excludes smaller teams.
No BubbleUp-equivalent for exploring high-cardinality data the platform didn't already model into its topology.
No PCI DSS in the standard portfolio.
Steep learning curve; onboarding is measured in weeks by G2 reviewers, not hours.
No on-call scheduling and no status pages.
Honeycomb gaps worth knowing:
No security product at all: no SIEM, no runtime protection, no posture management.
No session replay, synthetic monitoring, or traditional product-analytics RUM.
No standalone error tracking with issue workflows.
No FedRAMP, ruling out federal workloads.
Metrics product is new (GA March 2026), with a query model that doesn't map cleanly onto existing PromQL investment.
Instrumentation is entirely manual OTel SDKs, an ongoing maintenance cost with no auto-agent alternative.
No mainframe, SAP, or VMware coverage of any kind.
No on-call scheduling and no status pages.
Final thoughts
The two questions worth asking yourself before this decision aren't about features, they're about what kind of problems your production system actually produces.
If most of your incidents are variations on failures you've seen before, and what you need is speed from alert to explanation without anyone forming a hypothesis by hand, Dynatrace's automation is worth its price. OneAgent instruments without asking, Smartscape maps without asking, and Davis has eight years of production tuning behind its causal reasoning. You're buying the absence of investigation, not a better version of it, and for large, complex, partially legacy estates, that absence is genuinely valuable.
If your incidents are frequently novel, if the interesting question is always "wait, why is this specific combination of customer tier and region and deployment version behaving strangely," no pre-built topology graph answers that, because nobody modeled that dimension in advance. That's Honeycomb's whole reason for existing: a query engine fast enough and cheap enough at high cardinality that asking an unplanned question doesn't feel like a research project. The tradeoff is that you're building the investigation skill in your team rather than buying it pre-built, and you're assembling the operational layer (on-call, error tracking, security) from other vendors regardless.
Plenty of organizations will look at this and realize they want both: Davis for the parts of the estate that are stable and well-understood, Honeycomb for the parts where engineers are actively exploring unknown failure modes. That's a more expensive answer, but it's not an unusual one, and it beats asking either platform to be something its architecture was never built to do.
The layer neither one owns
Neither Dynatrace nor Honeycomb includes uptime monitoring, on-call scheduling with phone and SMS, incident management, or customer-facing status pages as a unified product. Better Stack brings all of that together with logs, metrics, and traces, with usage-based pricing and no per-host or per-event surcharges.
The full reliability lifecycle in one place. Start free, no credit card required.Try Better Stack.