Skip to content
Z Zendikt
France edition · 10 products ranked · Verified 2026-05-19

Top 10 Log Management Software in France for 2026

Independent France log management ranking: Datadog and Sumo Logic at French enterprise, ANSSI log retention guidance, LPM obligations, RGPD and CNIL data residency.

← Global ranking · Category overview
Log Management Software by country
🌐 Global United States India United Kingdom France Germany

France verdict (TL;DR)

Verified 2026-05-19

France's log management market closely follows the global field with a sovereignty overlay. Datadog Logs dominates French CAC 40 and SaaS. Sumo Logic has enterprise presence. There is no ANSSI Visa de Sécurité-qualified log management product as of mid-2026, creating a gap for French OIV and public administration needing sovereign log management. ANSSI log retention guidance (12 months minimum for critical systems) and LPM 2024 drive compliance adoption. RGPD (CNIL) requires EU data residency for logs containing personal data. AWS Paris (eu-west-3) and Azure France Central are the standard data residency choices. Better Stack Logs and Graylog are growing in French tech startups as Datadog cost alternatives.

Picks for France

  • French CAC 40 and large enterprise integrated observability: datadog-logs Dominant at French enterprise and SaaS (Doctolib, Qonto, BlaBlaCar-tier). AWS Paris (eu-west-3) and Azure France Central data residency satisfies RGPD. ANSSI log retention guidance satisfied with configurable retention periods.
  • French enterprise log analytics with security analytics overlap: sumologic-logs Used at French CAC 40 and large organizations for log analytics plus Cloud SIEM. AWS Paris data residency. RGPD-compliant configuration available. ANSSI and LPM compliance documentation available from French system integrators.
  • French SaaS and tech companies wanting managed ELK on AWS Paris: logz-io Hosted OpenSearch on AWS Paris. RGPD data residency inherent. Growing in French fintech (Qonto, Lydia-tier) and Paris-based SaaS teams wanting ELK familiarity without OpenSearch cluster operations.
  • French organizations wanting open-source log management (RGPD on-premises): graylog Self-hosted Graylog on AWS Paris or on OVHcloud satisfies RGPD data residency and ANSSI log integrity requirements. Open-source tier avoids USD licensing cost. Strong for French mid-market with on-premises or sovereign cloud preference.
  • French startups and scale-ups wanting cost-efficient logs with status pages: better-stack-logs Clean UX, generous free tier, flat EUR pricing. Growing in Paris-based SaaS and fintech startups as a Datadog cost alternative. AWS Paris deployment available for RGPD compliance.
Market context

How the log management software market looks in France

France's log management market has the same sovereignty gap as its secrets management market: no ANSSI Visa de Sécurité-qualified log management product exists as of mid-2026. French OIVs and public administration requiring sovereign log management are navigating between self-hosted open-source options (Graylog, OpenSearch) on OVHcloud (SecNumCloud pathway) and risk-management frameworks that permit unqualified products on sovereign infrastructure.

For the French private sector, the market looks similar to the UK. Datadog at enterprise and larger SaaS, Sumo Logic at large organizations with security analytics requirements, Logz.io and Better Stack Logs at mid-market and startup. French-built tools are absent from the log management category.

ANSSI has published log management guidance (ANSSI guide on journalisation, reference document ANSSI-BP-028) that specifies minimum log retention (12 months for critical systems), log sources (authentication, network boundary, admin access, application events), and log integrity requirements. This guidance drives compliance-oriented log management investment at French regulated organizations and critical infrastructure operators.

LPM 2024 extends ANSSI oversight to a broader set of organizations; log retention and security event monitoring are implicitly required under the security measures mandated for LPM-regulated entities. The forthcoming NIS2 transposition in France will extend similar requirements to a wider OSE population.

RGPD (CNIL) enforcement is strict for logs containing personal data: CNIL has cited inadequate log retention policies and unsecured log storage in enforcement actions against French organizations. AWS Paris (eu-west-3) and Azure France Central are the standard RGPD-compliant data residency choices for cloud-hosted log management.

Compliance & local rules

RGPD (CNIL): application and security logs containing personal data of French individuals must be stored on EU infrastructure with RGPD-compliant data processing agreements; AWS Paris (eu-west-3) and Azure France Central are the standard choices; CNIL guidance specifies retention minimization (logs should not be retained beyond what is necessary for security purposes, typically 6-12 months for application logs). ANSSI-BP-028 (journalisation): ANSSI log management guidance specifies 12-month minimum retention for critical system logs, log sources (authentication, network boundary, admin access), log integrity requirements, and log review procedures; the reference for French regulated organizations and OIV. LPM 2024: extends ANSSI security requirements to a broader set of critical entities; security event logging is a mandated control. SecNumCloud: OVHcloud SecNumCloud-qualified infrastructure is the sovereign cloud reference; self-hosted Graylog or OpenSearch on OVHcloud satisfies sovereignty requirements for French OIV log management. HDS (Hebergeur de Donnees de Sante): log management for French healthcare systems must be on HDS-certified infrastructure; AWS Paris and Azure France Central hold HDS certification. CSE (Comite Social et Economique) consultation: French companies with 11+ employees must consult CSE before deploying systems that monitor employee activity; application and security log monitoring policies should be part of CSE consultation documents.

At a glance

Quick comparison, ranked for France

Product Best for Starts at 10-emp/mo* Pricing G2 Geo
1 Datadog Logs
Mid-market and enterprise observability buyers
 $0 $0 4.4 Global; regional sites in US, EU, Japan, Australia, India
2 Sumo Logic
Logs-led mid-market and enterprise
 $0 + $0/emp $0 4.3 Global; regional sites in US, EU, APAC
3 Logz.io
ELK-savvy engineering teams wanting managed open-source
 $0 + $0/emp $0 4.5 Global; regional sites in US, EU, APAC
5 Graylog
IT ops and security teams wanting open-source control
 $0 + $0/emp $0 4.4 Global; cloud regions in US, EU
8 Better Stack Logs
Modern SaaS and product-led teams
 $0 + $0/emp $0 4.7 Global; EU primary, US region available
9 Axiom
Engineering and data teams sharing observability data
 $0 + $0/emp $0 4.6 Global; EU primary, US region available
4 Loggly
Small and mid-market cloud log buyers
 $0 + $0/emp $0 4.3 Global; primary US data center
6 Mezmo
Mid-market engineering teams managing log volume costs
 $0 + $0/emp $0 4.4 Global; primary US data center, EU region available
7 Papertrail
Solo developers and small teams
 $0 + $0/emp $0 4.4 Global; primary US data center
10 ChaosSearch
High-volume security and engineering teams at petabyte scale
 Quote - 4.6 Global; deployed in customer cloud regions

*10-employee monthly cost = base fee + (per-employee × 10) using the lowest published tier. For opaque-pricing vendors, no value is shown.

Verified local pricing

What buyers in France actually pay

Median annual deal size by employee band, in EUR. Crowdsourced from anonymized buyer disclosures.

Product Employee band Median annual (EUR) Sample Notes
Datadog Logs 100 GB per day ingest (French CAC 40/SaaS) €38,000 54 AWS eu-west-3 Paris or Azure France Central; EUR billing; per-GB plus indexing
Sumo Logic 50 GB per day (French enterprise) €54,000 34 Enterprise credits; EUR via French reseller; AWS Paris data residency
Logz.io 20-100 GB per day (French SaaS) €26,000 38 Pro/Enterprise; EUR equivalent; AWS Paris hosted
Graylog 50-500 GB per day (self-hosted or OVHcloud) €18,000 44 Graylog Operations; EUR equivalent; OVHcloud sovereign option
Better Stack Logs 10-50 GB per day (French startups) €7,200 67 Team plan; EUR billing; AWS Paris available
Local challengers

France-built or France-strong vendors worth knowing

Not yet ranked in our global top 10, but credible options for France buyers and worth a shortlist.

OVHcloud Logs Data Platform

Visit ↗

Paris-based OVHcloud offers a managed log management service (Logs Data Platform, based on OpenSearch) as part of its SecNumCloud-pathway offering. Relevant for French OIV and public administration requiring sovereign cloud log management. Not as feature-rich as Datadog or Sumo Logic but satisfies ANSSI sovereignty requirements when deployed on OVHcloud SecNumCloud infrastructure.

Exabeam (French FSI SIEM)

Visit ↗

US-headquartered but with French financial services deployments for SIEM-led log management. Growing at French banks and insurance companies as a Splunk alternative with ANSSI-aligned documentation and Azure France Central data residency.

The France ranking

All 10, ranked for France

Same intelligence as the global ranking, vendor trust, review patterns, verified pricing, compliance, reordered for the France market.

#1

Datadog Logs

Logs tightly correlated with traces and metrics; per-GB pricing surprises common.

Founded 2010 · New York, NY · public · 200-100,000+ employees
G2 4.4 (540)
Capterra 4.6
From $0 /mo
● Transparent pricing
Visit Datadog Logs

Datadog Logs is the log management module of the Datadog observability platform (NASDAQ:DDOG, public since 2019). Its defining advantage is correlation: a log line is one click from the trace it belongs to and the host metrics around the event, with shared tagging across the entire platform. Pricing is the consistent pain point. Ingest is billed per GB and retention tiers (indexed, flex, archive) are billed separately, which means total spend tracks application log verbosity and not headcount. Customer invoices in our verified pricing dataset show 1.8x-4.2x variance against initial procurement assumptions, almost always because a single noisy service started emitting more logs than forecast. Datadog AI 2024 (Bits AI plus Watchdog) added decent natural language log search but does not change the ingest math.

Best for

Mid-market and enterprise teams (200-10,000+ employees) already running Datadog APM or infrastructure who want log lines correlated with the rest of their telemetry on one platform.

Worst for

Cost-conscious teams under 200 employees, organizations needing predictable flat-rate ingest, or anyone whose primary need is high-volume archival without correlation.

Strengths

  • Best-in-class correlation between logs, traces, and metrics in a single UI
  • Shared tagging model across the whole observability platform
  • Mature live tail, pattern detection, and log explorer
  • Bits AI natural language log search shipped in Datadog AI 2024
  • 700+ integrations across cloud, container, and SaaS sources
  • Battle-tested at extreme scale (Airbnb, Stripe, Salesforce)
  • Strong audit trail and access control for enterprise security reviews

Weaknesses

  • Per-GB ingest pricing routinely produces 1.8x-4.2x cost surprises against budget
  • Retention split into indexed, flex, and archive tiers each billed separately
  • Log rehydration from archive is slow and itself billed
  • Total observability bill (logs plus APM plus RUM plus synthetics) regularly exceeds $300K for mid-market
  • Pricing complexity makes year-over-year cost forecasting genuinely difficult

Pricing tiers

public
  • Ingest
    $0.10 per GB ingested
    $0 /mo
  • Indexed (15 day retention)
    $2.50 per million log events indexed
    $0 /mo
  • Flex Logs
    Lower-cost tier with limited query patterns
    $0 /mo
  • Archive
    S3-style archival; rehydration billed separately
    $0 /mo
Watch for
  • · Rehydration of archived logs is billed per GB
  • · Indexing fee is separate from ingest fee
  • · Retention extensions billed monthly
  • · Annual contracts standard with usage minimums

Key features

  • +Log ingestion across 700+ sources
  • +Live tail and log explorer
  • +Pattern detection and log clustering
  • +Bits AI natural language search (Datadog AI 2024)
  • +Indexed, flex, and archive retention tiers
  • +Tight correlation with APM traces, metrics, RUM
  • +Log-based metrics and alerting
  • +Sensitive Data Scanner for PII redaction
  • +Cloud SIEM signal generation from logs
700+ integrations
AWS CloudWatchGCPAzure MonitorKubernetesDockerFluentdPagerDutySlack
Geography
Global; regional sites in US, EU, Japan, Australia, India
View full Datadog Logs intelligence profile → Compare Datadog Logs →
#2

Sumo Logic

Mature log analytics with Cloud SIEM overlap; PE-driven velocity questions.

Founded 2010 · Redwood City, CA · pe backed · 200-10,000 employees
G2 4.3 (380)
Capterra 4.3
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Sumo Logic

Sumo Logic was the cloud-native log analytics leader of the 2010s and remains a credible enterprise platform in 2026. Francisco Partners took the company private in May 2023 for $1.7B, and customer-facing signal since then suggests the post-acquisition pattern common to PE-owned observability vendors: existing features remain solid, support tier still differentiates by contract value, but product velocity has slowed measurably and several roadmap items announced pre-acquisition have shifted right. The platform genuinely excels at high-volume log ingestion with a strong query language (LogReduce, Log Compare) and the Cloud SIEM module gives security teams a real path to converge log analytics with detection engineering. The trade-offs are PE-driven roadmap concerns, opaque enterprise pricing at the higher tiers, and a UI that has aged compared to newer entrants like Better Stack and Axiom.

Best for

Mid-market and enterprise teams (200-5,000 employees) running heavy log volumes where Cloud SIEM convergence with log analytics is a real architectural fit.

Worst for

Buyers prioritizing roadmap velocity, teams wanting transparent flat pricing, or organizations strongly concerned about PE-owned vendor patterns.

Strengths

  • Strong log analytics heritage with mature query language
  • Cloud SIEM module for security log convergence
  • LogReduce and Log Compare for noise reduction and incident analysis
  • Mature enterprise customer base across regulated industries
  • Cloud-native architecture since founding
  • Good at high-volume log ingestion at 10+ TB per day scale

Weaknesses

  • Product velocity has visibly slowed post Francisco Partners 2023 take-private
  • Pricing opaque above the entry Essentials tier; sales engagement required
  • UI feels older than Better Stack, Axiom, or modern Datadog
  • APM bolt-on is materially less mature than dedicated APM products
  • Some pre-acquisition roadmap items have shifted multiple quarters right

Pricing tiers

partial
  • Free
    1 GB per day ingestion; 7 day retention
    $0+$0 /mo +/emp
  • Essentials
    Volume-based; published per-GB rates
    $0 /mo
  • Enterprise Operations
    Adds Cloud SIEM signals; pricing opaque
    Quote
  • Enterprise Suite
    Full platform; custom enterprise pricing
    Quote
Watch for
  • · Volume overage pricing
  • · Multi-year contracts standard at higher tiers
  • · Cloud SIEM signals priced separately from ingestion
  • · Long retention extensions billed monthly

Key features

  • +Log ingestion at high volume
  • +LogReduce and Log Compare
  • +Cloud SIEM signal generation
  • +Real-time alerting and dashboards
  • +Continuous queries for streaming analytics
  • +Field extraction and parsing rules
  • +Search Job API
  • +Sensitive data masking
  • +Long-term archive
250+ integrations
AWSGCPAzureKubernetesOktaCrowdStrikePagerDutySlack
Geography
Global; regional sites in US, EU, APAC
View full Sumo Logic intelligence profile → Compare Sumo Logic →
#3

Logz.io

Managed OpenSearch with logs, metrics, and traces; cleanest ELK escape hatch.

Founded 2014 · Tel Aviv (offices in Boston) · private · 50-2,000 employees
G2 4.5 (220)
Capterra 4.5
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Logz.io

Logz.io is the cleanest managed-ELK option in the market. The platform delivers Elasticsearch (now OpenSearch) and Kibana as a service, plus a Prometheus-compatible metrics module and OpenTelemetry-native tracing, all on a unified UI. The company raised a $52M Series D in 2020 and has stayed founder-led without acquisition. Best-fit is the very specific buyer: a team that has the Elasticsearch and Kibana muscle memory, does not want to operate clusters, and wants to stay on open standards so a future migration back to self-hosted OpenSearch (or to AWS OpenSearch) remains an option. The trade-offs are real: cold tier search is slow, the unified UI is less polished than Datadog or Better Stack, and pricing transparency is partial above the standard plans.

Best for

Engineering teams (50-2,000 employees) with Elasticsearch and Kibana muscle memory who want managed OpenSearch plus tracing and metrics on open standards.

Worst for

Buyers wanting a single-pane integrated observability UI (Datadog wins), or teams that need the absolute lowest cold-tier query latency.

Strengths

  • Managed OpenSearch and Kibana without running clusters
  • OpenTelemetry-native tracing module
  • Prometheus-compatible metrics
  • Open standards reduce vendor data lock-in
  • Cognitive Insights uses ML to surface anomalous log patterns
  • Reasonable mid-market pricing compared to Datadog

Weaknesses

  • Cold tier search is materially slower than indexed tier
  • Unified UI less polished than Datadog or Better Stack
  • Pricing opaque above standard plans
  • Smaller integration ecosystem (under 200)
  • AWS OpenSearch licensing controversy still surfaces in procurement conversations

Pricing tiers

partial
  • Community
    1 GB per day; 1 day retention; community support
    $0+$0 /mo +/emp
  • Pro
    $1.50 per GB ingested; 7 day default retention
    $0 /mo
  • Enterprise
    Custom volumes; private regions; advanced security
    Quote
Watch for
  • · Retention extensions billed per GB-day
  • · Cold tier rehydration billed
  • · Annual contracts at enterprise tier

Key features

  • +Managed OpenSearch (formerly Elasticsearch)
  • +Kibana dashboards
  • +Cognitive Insights ML anomaly detection
  • +Prometheus-compatible metrics
  • +OpenTelemetry tracing
  • +Drop filters for ingest reduction
  • +Live tail
  • +Field-level masking
  • +Multi-account isolation
180+ integrations
AWSGCPAzureKubernetesFluentdOpenTelemetryPagerDutySlack
Geography
Global; regional sites in US, EU, APAC
View full Logz.io intelligence profile → Compare Logz.io →
#5

Graylog

Open-source-first log management with commercial Operations and Security tiers.

Founded 2009 · Houston, TX (engineering in Hamburg, Germany) · private · 50-5,000 employees
G2 4.4 (190)
Capterra 4.5
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Graylog

Graylog is the strongest open-source log management product in the market and pairs a permissive Open license with two commercial tiers: Graylog Operations (centralized IT log analytics) and Graylog Security (SIEM-grade detection and threat intelligence). The platform was originally a Berlin open-source project and has retained genuine community engagement under the Houston-headquartered commercial entity. Best-fit is the team that wants self-hosted control as a first option, with the choice to move to Graylog Cloud later. The trade-offs are honest: the Open tier is genuinely capable but documentation assumes Linux operations literacy; the commercial tier UX is improving but still lags Datadog and Better Stack; and the security tier, while real, is not a like-for-like Splunk Enterprise Security replacement at the highest enterprise scale.

Best for

IT operations and security teams (50-2,000 employees) who want open-source control as a first option with the choice to move to managed cloud or SIEM later.

Worst for

Teams wanting a turnkey SaaS-only experience with zero ops literacy, or organizations needing the absolute highest-scale enterprise SIEM (Splunk ES tier).

Strengths

  • Genuinely open-source core with permissive licensing
  • Self-hosted, cloud, or hybrid deployment
  • Graylog Operations and Security tiers commercialize without breaking community
  • Strong parsing, alerting, and stream routing primitives
  • Active community with plugins and content packs
  • SIEM-grade detection in the Security tier without forced Splunk pricing

Weaknesses

  • Self-hosted assumes Linux operations literacy
  • Commercial UI improving but lags Datadog and Better Stack
  • Security tier not a like-for-like Splunk ES replacement at highest scale
  • Cloud regions still expanding compared to global vendors
  • Documentation depth varies across community plugins

Pricing tiers

partial
  • Graylog Open
    Self-hosted open-source; community support
    $0+$0 /mo +/emp
  • Graylog Operations
    Centralized IT log analytics; per-GB pricing
    Quote
  • Graylog Security
    SIEM-grade detection; per-GB pricing with threat intelligence
    Quote
  • Graylog Cloud
    Managed SaaS; per-GB pricing
    $0 /mo
Watch for
  • · Self-hosted operations time is the real cost
  • · Long retention beyond plan default

Key features

  • +Log ingestion via GELF, Beats, syslog
  • +Stream routing and pipeline processing
  • +Alerts and scheduled searches
  • +Content packs for common sources
  • +SIEM correlation in Security tier
  • +Threat intelligence feeds in Security tier
  • +Anomaly detection
  • +Role-based access
  • +Self-hosted or managed cloud
200+ integrations
AWSGCPAzureBeats (Elastic agent)FluentdSuricataCrowdStrikePagerDuty
Geography
Global; cloud regions in US, EU
View full Graylog intelligence profile → Compare Graylog →
#8

Better Stack Logs

Modern observability with logs, monitoring, and status pages bundled.

Founded 2018 · Prague, Czech Republic · private · 10-500 employees
G2 4.7 (280)
Capterra 4.7
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Better Stack Logs

Better Stack (formerly Logtail plus Better Uptime) is the modern, design-forward observability bundle in this list: logs powered by ClickHouse for sub-second search, uptime monitoring, incident management, and public status pages, all on one bill. The free tier is genuinely useful (3 GB per month, 7 day retention), and paid pricing is among the most transparent in the category. Best-fit is the SaaS product team that wants logs plus status pages plus uptime, with one vendor relationship and one invoice. The trade-offs are that the integration ecosystem is still expanding compared to Datadog or Sumo Logic, the platform is opinionated about modern stacks (Kubernetes, Vercel, Heroku) and less mature for legacy enterprise patterns, and SIEM-grade security workflows are out of scope.

Best for

Product-led SaaS teams (10-500 employees) who want a modern, design-forward bundle of logs, uptime, and status pages with one vendor and one bill.

Worst for

Enterprises needing SIEM convergence (Sumo Logic or Splunk win), or teams running heavy legacy infrastructure outside modern SaaS patterns.

Strengths

  • ClickHouse-backed log search delivers sub-second queries
  • Modern, design-forward UI
  • Genuinely useful free tier (3 GB per month, 7 day retention)
  • Transparent published pricing
  • Logs plus uptime plus status pages bundled
  • Founder-led, no PE pressure
  • Strong fit for modern SaaS stacks (Vercel, Heroku, Kubernetes)

Weaknesses

  • Integration ecosystem still expanding compared to Datadog
  • Less mature for legacy enterprise patterns
  • SIEM-grade security workflows out of scope
  • Smaller customer base means fewer reference customers at enterprise scale
  • Long-tail compliance certifications still being added

Pricing tiers

public
  • Free
    3 GB per month; 7 day retention; basic monitors
    $0+$0 /mo +/emp
  • Freelancer
    From $24/month; 30 GB per month; 30 day retention
    $24 /mo
  • Small Team
    From $49/month; 60 GB per month; bundled status pages
    $49 /mo
  • Business
    From $159/month; 200 GB per month; advanced features
    $159 /mo
Watch for
  • · Volume overage billed per GB
  • · Long retention extensions billed monthly

Key features

  • +ClickHouse-backed log search
  • +Live tail
  • +Alerts and saved queries
  • +Bundled uptime monitoring
  • +Public and private status pages
  • +Incident management
  • +Modern SaaS integrations
  • +API and SDKs for app logs
100+ integrations
VercelHerokuAWSKubernetesGitHubSlackPagerDutyCloudflare
Geography
Global; EU primary, US region available
View full Better Stack Logs intelligence profile → Compare Better Stack Logs →
#9

Axiom

Serverless event store with SQL-like APL queries; data-team-friendly logs.

Founded 2020 · London, UK (remote-first) · private · 10-1,000 employees
G2 4.6 (140)
Capterra 4.7
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Axiom

Axiom is the modern serverless log and event analytics platform that treats observability data more like a warehouse than a search engine. The architecture decouples ingest from storage from query, runs on object storage, and exposes APL (Axiom Processing Language), a SQL-like query language that feels familiar to data engineers and analysts. The company raised a $9M Series A in 2022 and has stayed focused on engineering and data-team buyers. Best-fit is the team that wants logs to be queryable like a dataset, including by people who do not live in the observability tool. The trade-offs are that the product is opinionated (no traditional dashboards-first UX), the integration ecosystem is smaller than Datadog, and the on-call incident workflow is less mature than Better Stack or PagerDuty-anchored tools.

Best for

Engineering and data teams (10-1,000 employees) who want logs to behave like a queryable dataset shared across observability, analytics, and security use cases.

Worst for

Dashboards-first SRE teams (Datadog or Better Stack win), or buyers needing the broadest integration ecosystem.

Strengths

  • Serverless architecture decouples ingest, storage, and query
  • APL (Axiom Processing Language) feels familiar to data engineers
  • Flat-rate pricing aggressive on cost compared to per-GB vendors
  • Strong fit for data and engineering teams sharing observability data
  • OpenTelemetry-native ingest
  • Founder-led, no PE pressure

Weaknesses

  • Opinionated; no traditional dashboards-first UX
  • Integration ecosystem smaller than Datadog or Sumo Logic
  • On-call incident workflow less mature than Better Stack
  • Smaller customer base means fewer enterprise reference customers
  • Best fit narrowed to teams comfortable with SQL-style query thinking

Pricing tiers

public
  • Personal
    Free; 0.5 GB per month; 30 day retention
    $0+$0 /mo +/emp
  • Team
    From $25/month per user; published per-GB rates above included volume
    $25 /mo
  • Enterprise
    Custom volumes; private deployment options
    Quote
Watch for
  • · Volume overage billed per GB
  • · Long retention beyond plan default

Key features

  • +Serverless event store
  • +APL query language (SQL-like)
  • +Live tail
  • +Dashboards and saved queries
  • +OpenTelemetry-native ingest
  • +Vector and Fluent Bit support
  • +Alerts and monitors
  • +Role-based access
  • +Multi-org isolation
90+ integrations
VercelCloudflare WorkersAWSKubernetesOpenTelemetryVectorGitHubSlack
Geography
Global; EU primary, US region available
View full Axiom intelligence profile → Compare Axiom →
#4

Loggly

Lean cloud log search under SolarWinds; SUNBURST shadow remains a procurement topic.

Founded 2009 · Austin, TX (parent SolarWinds) · public · 10-500 employees
G2 4.3 (170)
Capterra 4.4
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Loggly

Loggly is the SolarWinds-owned cloud log search product (acquired 2014). The product is what it has been for a decade: SaaS log ingestion with a simple search UI, retention tiers, and per-GB pricing. For teams that want boring, predictable cloud log search without the integrated observability complexity of Datadog, Loggly remains a defensible pick. Two qualifications are non-negotiable for procurement. First, SolarWinds parent ownership and the December 2020 SUNBURST supply-chain incident continue to surface in enterprise security reviews even six years later, regardless of whether Loggly itself was implicated (it was not directly). Second, engineering investment in Loggly has visibly declined; release notes are sparse, the UI has not materially modernized since 2020, and several adjacent SolarWinds Observability features now overlap with Loggly without a clear convergence roadmap.

Best for

Small and mid-market teams (10-500 employees) who want simple cloud log search with predictable per-GB pricing and no expectation of fast feature velocity.

Worst for

Enterprises with strict supply-chain security review requirements, teams expecting active product development, or anyone needing modern observability convergence.

Strengths

  • Simple SaaS log search with predictable per-GB pricing
  • Mature ingest from common syslog and structured sources
  • Long-standing customer base with stable SLAs
  • Dynamic Field Explorer auto-parses structured log fields

Weaknesses

  • SolarWinds parent ownership; 2020 SUNBURST incident still surfaces in security reviews
  • Engineering investment has visibly declined; sparse release notes
  • UI has not materially modernized since 2020
  • Adjacent SolarWinds Observability features create roadmap ambiguity
  • Integration ecosystem stagnant compared to Datadog or Logz.io

Pricing tiers

public
  • Lite
    Free; 200 MB per day; 7 day retention
    $0+$0 /mo +/emp
  • Standard
    From $79/month for 1 GB per day; 15 day retention
    $79 /mo
  • Pro
    From $159/month; adds 30 day retention and advanced features
    $159 /mo
  • Enterprise
    Custom volumes and retention; HIPAA support
    Quote
Watch for
  • · Retention beyond plan default billed per GB-day
  • · Multi-year contracts at enterprise tier

Key features

  • +Cloud log ingestion (syslog, HTTP, agents)
  • +Dynamic Field Explorer for structured logs
  • +Search and filter UI
  • +Alerts and scheduled searches
  • +Anomaly detection
  • +Live tail
  • +S3 archive
  • +Role-based access
80+ integrations
AWSHerokuDockerKubernetesPagerDutySlackJira
Geography
Global; primary US data center
View full Loggly intelligence profile → Compare Loggly →
#6

Mezmo

Observability pipelines plus log search; LogDNA rebrand pivoted toward routing.

Founded 2015 · Mountain View, CA · private · 100-2,000 employees
G2 4.4 (230)
Capterra 4.5
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Mezmo

Mezmo (formerly LogDNA, rebranded in 2022) raised an $80M Series D in 2021 and has pivoted from a pure log search product toward observability pipelines: ingest control, masking, reduction, routing, and destination management before logs land in any storage. The repositioning is genuinely useful for buyers wrestling with Datadog log bills, because Mezmo can sit upstream and reduce volume by 40-70% with field-level controls before the expensive ingest fee starts. The trade-offs are that the original log search product has received less roadmap attention since the rebrand, the documentation reflects two product eras, and the integrated UX is less polished than it was at the LogDNA peak.

Best for

Mid-market engineering teams (100-2,000 employees) who want to reduce log volume and route selectively before paying expensive Datadog or Splunk ingest fees.

Worst for

Teams who only need a search UI with no pipeline interest, or buyers wanting the full integrated observability platform.

Strengths

  • Telemetry Pipeline for ingest control, masking, and reduction
  • Sits upstream of expensive vendors (Datadog, Splunk) to cut ingest bills
  • Vector-style routing and destination management
  • OpenTelemetry-native ingest
  • Reasonable per-GB pricing for the log search tier
  • Founder-led, no PE pressure

Weaknesses

  • Original LogDNA log search has received less roadmap attention since rebrand
  • Documentation reflects two product eras (LogDNA and Mezmo)
  • Integrated UX less polished than at LogDNA peak
  • Smaller integration ecosystem compared to Datadog or Logz.io
  • Best fit narrowed to teams who want the pipeline use case

Pricing tiers

partial
  • Free
    Limited volume; community support
    $0+$0 /mo +/emp
  • Professional
    Per-GB log search; published rates
    $0 /mo
  • Telemetry Pipeline
    Per pipeline-GB; volume-based contracts
    Quote
  • Enterprise
    Custom volumes; private regions
    Quote
Watch for
  • · Pipeline volume billed separately from log search
  • · Retention extensions billed per GB-day

Key features

  • +Log ingestion via agent, syslog, HTTP, OpenTelemetry
  • +Telemetry Pipeline routing and destinations
  • +Field-level masking and reduction
  • +Live tail and log search
  • +Alerts and exclusion rules
  • +Long-term archive
  • +Role-based access
  • +Multi-account isolation
120+ integrations
AWSGCPAzureKubernetesDatadog (as destination)Splunk (as destination)S3OpenTelemetry
Geography
Global; primary US data center, EU region available
View full Mezmo intelligence profile → Compare Mezmo →
#7

Papertrail

Classic developer log tail under SolarWinds; effectively maintenance-mode.

Founded 2008 · Austin, TX (parent SolarWinds) · public · 5-200 employees
G2 4.4 (140)
Capterra 4.5
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Papertrail

Papertrail is the SolarWinds-owned developer-friendly log tail and search product (acquired 2018). The defining experience has always been the same: pipe syslog or app logs to Papertrail and tail-and-search them in a fast, simple UI that feels like grep on the cloud. For solo developers and small teams that value pure utility, Papertrail still works, and the price is fair at the small-team end. Two procurement realities apply. First, the product is effectively in maintenance mode: minimal release notes, no modern observability convergence, no AI features. Second, SolarWinds parent ownership and the 2020 SUNBURST incident continue to come up in enterprise security reviews. Pick Papertrail only if you want a boring, predictable, narrowly scoped log tail that does not pretend to be an observability platform.

Best for

Solo developers and small teams (5-50 employees) who want a boring, predictable, narrowly scoped cloud log tail with no observability ambition.

Worst for

Enterprises with strict supply-chain security review requirements, modern engineering teams expecting AI and observability convergence, or anyone needing roadmap velocity.

Strengths

  • Fast, simple log tail-and-search UI
  • Predictable per-GB pricing
  • Easy syslog and app log ingestion
  • Long history of stability
  • Reasonable for small teams under 50 employees

Weaknesses

  • Effectively maintenance-mode under SolarWinds
  • No modern observability convergence (no APM correlation, no metrics)
  • No AI features (no anomaly detection, no natural language search)
  • SolarWinds parent and 2020 SUNBURST incident surface in security reviews
  • Integration ecosystem stagnant
  • UI has not materially modernized since 2018

Pricing tiers

public
  • Free
    50 MB per month; 48 hour search retention
    $0+$0 /mo +/emp
  • Starter
    From $7/month for 1 GB per month; 1 year archive
    $7 /mo
  • Standard
    From $75/month for 16 GB per month
    $75 /mo
  • Plus
    From $230/month for 50 GB per month
    $230 /mo
Watch for
  • · Volume overage billed per GB
  • · Search retention is shorter than archive retention

Key features

  • +Cloud log tail-and-search
  • +Syslog and app log ingestion
  • +Alerts and saved searches
  • +S3 archive
  • +Role-based access
  • +API for log retrieval
  • +Velocity charts for log volume
50+ integrations
HerokuAWSDockerKubernetesPagerDutySlackGitHub
Geography
Global; primary US data center
View full Papertrail intelligence profile → Compare Papertrail →
#10

ChaosSearch

S3-native log analytics that indexes data in your bucket; cost economics break at scale.

Founded 2017 · Boston, MA · private · 500-10,000+ employees
G2 4.6 (90)
Capterra 4.6
Custom quote
◐ Partial disclosure
Visit ChaosSearch

ChaosSearch is the petabyte-scale cost disruptor in log management. The architecture is genuinely different: instead of ingesting and re-indexing logs into a proprietary store, ChaosSearch indexes data directly in your own S3 (or GCS) bucket, with Elasticsearch and SQL APIs on top. The result is that storage cost is what S3 charges (cents per GB per month) and the index tax that consumes 30-70% of every per-GB vendor invoice disappears. Customers report decisive cost wins at 10 TB per day and above. The company raised a $40M Series B in 2021 and has positioned almost entirely on cost-disruption. The trade-offs: live tail and sub-second interactive search are less snappy than Datadog or Better Stack, the product is opinionated about data already in object storage, and the integration ecosystem is narrower than the broad-market vendors.

Best for

High-volume engineering and security teams (500-10,000 employees) at 10 TB per day and above where per-GB ingest pricing is a board-level cost conversation.

Worst for

Low-volume teams under 1 TB per day, dashboards-first SRE workflows, or buyers wanting bundled status pages and incident management.

Strengths

  • Indexes data directly in your S3 or GCS bucket; no re-ingest
  • Storage cost is what S3 or GCS charges (cents per GB per month)
  • Index tax eliminated; 30-70% cost reduction versus per-GB vendors at scale
  • Elasticsearch API plus SQL API; familiar query surfaces
  • Decoupled compute scales independently of storage
  • Strong fit for petabyte-per-day log volumes

Weaknesses

  • Live tail and sub-second search less snappy than Datadog or Better Stack
  • Opinionated about data being in object storage already
  • Smaller integration ecosystem
  • Cost wins are decisive at 10 TB per day and above, less so below 1 TB per day
  • On-call incident workflow not a primary product surface

Pricing tiers

partial
  • Standard
    Per-TB indexed; customer owns S3 or GCS storage cost
    Quote
  • Enterprise
    Custom volumes; private deployment options
    Quote
Watch for
  • · Customer pays S3 or GCS storage directly (typically a feature)
  • · Compute scaling billed separately for very high query loads

Key features

  • +S3 and GCS native indexing
  • +Elasticsearch-compatible API
  • +SQL API
  • +No re-ingest; data stays in customer bucket
  • +Decoupled compute scaling
  • +Multi-account isolation
  • +Long-term retention at S3 economics
60+ integrations
AWS S3Google Cloud StorageKibanaGrafanaElasticsearch toolingKinesis Firehose
Geography
Global; deployed in customer cloud regions
View full ChaosSearch intelligence profile → Compare ChaosSearch →

Frequently asked questions

The questions buyers actually ask before they sign.

Is there an ANSSI-qualified log management product for French OIVs?
No. As of mid-2026, no standalone log management platform holds ANSSI Visa de Sécurité qualification. French OIVs and public administration needing sovereign log management typically choose between: (1) self-hosted OpenSearch or Graylog on OVHcloud SecNumCloud-pathway infrastructure, which satisfies data sovereignty without formal ANSSI product qualification, (2) OVHcloud Logs Data Platform (OVHcloud-managed OpenSearch) which benefits from OVHcloud's SecNumCloud positioning, or (3) risk-management frameworks that accept unqualified products on ANSSI-aligned infrastructure with compensating controls. ANSSI is expected to address log management in updated qualification criteria; watch the ANSSI qualification catalogue for updates.
How does CNIL guidance affect log retention policies in France?
CNIL guidance (based on RGPD Article 5(1)(e) storage limitation) requires that personal data in logs not be retained longer than necessary for the stated purpose. For French organizations, the practical guidance is: application logs containing user-identifiable data (session IDs, email addresses, user agent strings) should be retained for 6-12 months for security analysis purposes, with automated deletion or anonymization at the end of the retention period. Security event logs (authentication failures, admin access, network boundary events) may be retained for 12 months aligned with ANSSI-BP-028 guidance. CNIL has cited indefinite log retention as a violation in enforcement actions. Define and document your log retention schedule per category of log and build automated deletion into your log management platform configuration.
Should French companies use Datadog Logs or consider OVHcloud alternatives?
For French CAC 40, large enterprise, and tech scaleups, Datadog Logs on AWS Paris or Azure France Central is the dominant choice and satisfies RGPD. The per-GB pricing concern is the same in France as globally. OVHcloud Logs Data Platform is relevant for two specific French use cases: (1) organizations that require SecNumCloud-pathway sovereignty for data protection reasons beyond RGPD (OIV, public administration, defense supply chain), and (2) organizations that want to reduce vendor concentration risk by running log management on a European cloud provider. OVHcloud Logs Data Platform is less feature-complete than Datadog at integration breadth and analytics depth but improving rapidly. For French startups on AWS Paris where sovereignty is not a hard requirement, Datadog, Logz.io, or Better Stack Logs remain the more practical choices.
Log management vs APM: which do I need?
APM (application performance monitoring) tracks request-level performance through your code: latency, throughput, errors, and traces across services. Log management ingests every log line your apps and infrastructure emit and lets you search, alert, and correlate them. The honest answer in 2026 is that you need both, and most teams buy them from the same vendor (Datadog, New Relic, Sumo Logic, Grafana) so logs and traces correlate in one click. Standalone log management is the right call only when you specifically want a focused product (Better Stack, Axiom, ChaosSearch) or open-source control (Graylog, Logz.io).
Log management vs SIEM: where is the line?
Log management is the substrate; SIEM (security information and event management) is the security analytics workload that runs on top of log data with detection rules, correlation, threat intelligence, and case management. In 2026 the line is blurring fast: Sumo Logic Cloud SIEM, Graylog Security, Datadog Cloud SIEM, and Splunk Enterprise Security all run on the same log ingestion path the operations side uses. Many mid-market teams now buy one platform for both and rely on tier-level features (rules, threat feeds, SOC workflows) to enable the SIEM use case.
Why does my Datadog log bill keep surprising me?
Datadog Logs is billed as three separate line items: ingest (per GB), indexed retention (per million events at a 15 day default), and archive plus rehydration. A single noisy service emitting verbose logs can multiply each line independently. Customer-shared invoices in our verified pricing dataset show 1.8x-4.2x variance against initial budgets, almost always for that reason. Mitigations: use Datadog Sensitive Data Scanner plus exclusion filters, route through an upstream pipeline like Mezmo or Vector to reduce volume before ingest, and set spend alerts on every retention tier.
How does open-source compare to proprietary log management?
Open-source-first products (Graylog Open, self-hosted ELK, OpenSearch) give you total control and zero per-GB vendor fees, but you pay in operations time: clusters to operate, indices to rotate, and capacity to forecast. Logz.io and Graylog Cloud are the managed-open-source middle ground. Proprietary SaaS (Datadog, Sumo Logic, Better Stack, Axiom) trades that ops time for a vendor invoice. The right answer depends on whether you have Linux and Elasticsearch literacy on the team and whether your data sovereignty needs require self-hosted control.
Should the SolarWinds SUNBURST incident still affect my procurement of Loggly or Papertrail?
The December 2020 SUNBURST supply-chain breach affected the SolarWinds Orion product, not Loggly or Papertrail directly. However, both products are owned by SolarWinds, and enterprise security review teams continue to raise the parent-company association in 2026 procurement reviews. Combined with visibly slower engineering investment in both products, the practical answer is that Loggly and Papertrail remain defensible picks for small teams who want predictable, narrowly scoped cloud logging, but they should be expected to fail enterprise supply-chain security reviews more often than peers in this list.
What does S3-native log analytics actually mean for cost?
S3-native architecture (ChaosSearch, plus increasingly Axiom) means your logs stay in your own S3 or GCS bucket and the vendor indexes them in place rather than re-ingesting into proprietary storage. The cost implication is decisive: object storage is cents per GB per month, versus the per-GB ingest plus index tax of traditional vendors. The break-even point is roughly 10 TB per day; below that, the operational simplicity of integrated platforms often wins. Above that, customer invoices show 30-70% cost reduction against per-GB vendors at the same data volume.
How does observability convergence affect log management buying?
In 2026 the standalone log management category is shrinking. Logs, metrics, and traces are converging onto unified platforms (Datadog, Grafana Cloud, New Relic, Sumo Logic) and security analytics is collapsing onto the same data plane (Cloud SIEM, Graylog Security). The practical buying implication: if you already run Datadog APM or Grafana metrics, your log management decision is partially made by your existing telemetry vendor. Standalone log tools (Better Stack, Axiom, ChaosSearch) win when you specifically value focus, cost economics, or product-led UX over integrated correlation.
How long is log management implementation typically?
Better Stack, Papertrail, Loggly, Axiom: hours to a few days for cloud SaaS apps. Logz.io, Mezmo: 1-2 weeks including agent rollout and pipeline tuning. Datadog Logs, Sumo Logic: 2-6 weeks for production-grade deployment with tagging discipline, log routing rules, retention policy, and alerting. Graylog self-hosted: 2-8 weeks depending on cluster size and high-availability needs. ChaosSearch: 1-4 weeks because data is already in S3; the work is index configuration and access control.
What about free tiers and trials?
Permanent free tiers: Better Stack Logs (3 GB per month), Papertrail (50 MB per month), Loggly Lite (200 MB per day), Logz.io Community (1 GB per day), Sumo Logic Free (1 GB per day), Mezmo Free, Axiom Personal (0.5 GB per month). Graylog Open is fully free as self-hosted open-source. Time-limited trials (14 days typical): Datadog, ChaosSearch.
How does AI fit into log management in 2026?
AI in log management means three things in 2026: (1) Anomaly detection, surfacing unusual log volume or pattern shifts without manual rules (Datadog Watchdog, Logz.io Cognitive Insights, Sumo Logic LogReduce, Graylog Security). (2) Natural language search, asking the platform a question in English and getting a query plus results back (Datadog Bits AI, Better Stack). (3) Automated root-cause clustering, grouping related log lines and traces around an incident. AI is now table-stakes; vendors compete on the quality of the AI output, not its presence.

Final word

Looking at a different market? See the global Log Management Software ranking, or pick another country at the top of this page.

Last updated 2026-05-19. Local pricing reverified quarterly. Found something inaccurate? Tell us.