Skip to content
Z Zendikt
United Kingdom edition · 10 products ranked · Verified 2026-05-19

Top 10 Log Management Software in the United Kingdom for 2026

Independent UK log management ranking: Datadog, Sumo Logic, Logz.io at UK fintech, UK GDPR data residency, FCA Operational Resilience log retention.

← Global ranking · Category overview
Log Management Software by country
🌐 Global United States India United Kingdom France Germany

United Kingdom verdict (TL;DR)

Verified 2026-05-19

UK log management mirrors the US closely at the enterprise and tech scaleup tier. Datadog Logs dominates UK integrated observability. Sumo Logic retains strong UK FSI adoption despite Francisco Partners-driven roadmap slowdown. Logz.io is the managed-ELK choice for UK teams. Graylog has meaningful UK open-source adoption. Better Stack Logs is the fastest-growing choice among UK product-led SaaS. UK GDPR (post-Brexit) requires log data containing personal data to be stored in UK or adequacy-decision jurisdictions. FCA Operational Resilience (SS1/21) and FCA SYSC 9.1.1 create specific log retention requirements for UK regulated firms. NCSC guidance on logging drives adoption in UK CNI and public sector.

Picks for United Kingdom

  • UK enterprise integrated observability (FSI, tech scaleups): datadog-logs Dominant at UK fintech and enterprise (Monzo, Starling, Checkout.com-tier). AWS London (eu-west-2) data residency satisfies UK GDPR. FCA SS1/21 log evidence via Datadog audit trail. NCSC CAF B3 alignment.
  • UK FSI log analytics with Cloud SIEM bundled (FCA/PRA-regulated): sumologic-logs Strong UK FSI installed base. Cloud SIEM satisfies FCA thematic review evidence requirements. AWS London data residency. NCSC CAF B3 alignment documentation provided. UK GDPR-compliant configuration available.
  • UK teams wanting managed ELK without operational burden: logz-io Hosted OpenSearch on AWS London. UK GDPR data residency inherent. Growing in UK SaaS and mid-market companies wanting Kibana familiarity without OpenSearch cluster management.
  • UK open-source IT ops and security log management (NCSC-aligned): graylog Self-hosted Graylog on AWS London satisfies UK GDPR and NCSC logging guidance. Graylog Security tier addresses NCSC CAF security event logging. Strong in UK NHS and public sector where open-source and on-premises preferences persist.
  • UK product-led SaaS teams wanting logs plus uptime (Series A-C): better-stack-logs Clean UX, generous free tier, flat GBP pricing. Status pages bundled. Fastest growing log platform in UK Series A-C SaaS companies wanting a Datadog cost alternative with minimal operational overhead.
Market context

How the log management software market looks in United Kingdom

UK log management adoption closely tracks the US. London-tier fintechs (Monzo, Starling, Wise, Checkout.com, GoCardless) overwhelmingly use Datadog for integrated observability, with log management as part of a broader Datadog APM and infrastructure investment. The per-GB ingest cost concern is as real in the UK as in the US; UK engineering teams on Reddit r/devops consistently raise Datadog cost as the primary log management conversation topic.

The UK regulatory context adds two specific log management requirements not present in the US. First, FCA SYSC 9.1.1 requires FCA-regulated firms to retain records of communications and transactions for five years; while this primarily covers trading and communication records, security event logs for systems supporting regulated activity are expected to be retained for FCA examination. FCA SS1/21 operational resilience reviews have cited inadequate logging of important business service activity as a finding. Second, NCSC guidance on logging (NCSC CAF B3.c and the NCSC logging best practices guide) is the reference for UK CNI operators and public sector organizations; it specifies minimum log retention periods (12 months) and log sources (authentication, network boundary, admin access).

UK GDPR post-Brexit data residency is operationally similar to EU GDPR. AWS London (eu-west-2) and Azure UK South are the standard UK data residency regions for log data. Datadog, Sumo Logic, Logz.io, Graylog, and Better Stack Logs all support UK/EU data residency configurations.

SolarWinds SUNBURST procurement scrutiny (Loggly, Papertrail) persists in UK FSI and government procurement, consistent with US patterns. UK NCSC has not issued specific guidance on SolarWinds product avoidance post-2020, but UK FSI security teams continue to raise it in supply chain risk assessments.

Compliance & local rules

UK GDPR + DPA 2018: application and security logs containing personal data of UK individuals (user IDs, IP addresses, session tokens linked to identifiable persons) must be stored on UK or adequacy-decision infrastructure; AWS London (eu-west-2) and Azure UK South are the standard choices; ICO has issued enforcement notices for inadequate log security practices. FCA SYSC 9.1.1: five-year record retention for regulated activities; security event logs for systems supporting regulated business are expected evidence in FCA thematic reviews. FCA SS1/21: log evidence of important business service resilience testing and incident response is expected in operational resilience self-assessments and skilled-person (S166) reviews. NCSC CAF B3.c and logging best practices guide: 12-month minimum log retention for authentication, network boundary, and admin access events; log integrity protection required; reference for UK OES and CNI operators. NHS DSPT: healthcare system logs are in scope for DSPT cyber assured and standards exceeded tiers; log retention per NHS England cyber strategy guidance. NIS Regulations 2018 / NIS2 UK transposition: OES must maintain audit logs for security monitoring; NCSC CAF is the reference framework. Cyber Essentials Plus: Crown Commercial Service suppliers must hold CE+; log management platforms in government supply chains should be deployed on CE+-certified infrastructure. NCSC SUNBURST / supply chain risk: Loggly and Papertrail (SolarWinds-owned) continue to attract supply chain risk questions in UK FSI and government security reviews.

At a glance

Quick comparison, ranked for United Kingdom

Product Best for Starts at 10-emp/mo* Pricing G2 Geo
1 Datadog Logs
Mid-market and enterprise observability buyers
 $0 $0 4.4 Global; regional sites in US, EU, Japan, Australia, India
2 Sumo Logic
Logs-led mid-market and enterprise
 $0 + $0/emp $0 4.3 Global; regional sites in US, EU, APAC
3 Logz.io
ELK-savvy engineering teams wanting managed open-source
 $0 + $0/emp $0 4.5 Global; regional sites in US, EU, APAC
5 Graylog
IT ops and security teams wanting open-source control
 $0 + $0/emp $0 4.4 Global; cloud regions in US, EU
8 Better Stack Logs
Modern SaaS and product-led teams
 $0 + $0/emp $0 4.7 Global; EU primary, US region available
9 Axiom
Engineering and data teams sharing observability data
 $0 + $0/emp $0 4.6 Global; EU primary, US region available
4 Loggly
Small and mid-market cloud log buyers
 $0 + $0/emp $0 4.3 Global; primary US data center
6 Mezmo
Mid-market engineering teams managing log volume costs
 $0 + $0/emp $0 4.4 Global; primary US data center, EU region available
7 Papertrail
Solo developers and small teams
 $0 + $0/emp $0 4.4 Global; primary US data center
10 ChaosSearch
High-volume security and engineering teams at petabyte scale
 Quote - 4.6 Global; deployed in customer cloud regions

*10-employee monthly cost = base fee + (per-employee × 10) using the lowest published tier. For opaque-pricing vendors, no value is shown.

Verified local pricing

What buyers in United Kingdom actually pay

Median annual deal size by employee band, in GBP. Crowdsourced from anonymized buyer disclosures.

Product Employee band Median annual (GBP) Sample Notes
Datadog Logs 100 GB per day ingest (UK fintech/enterprise) £35,000 84 AWS eu-west-2 London; GBP billing available; per-GB plus indexing
Sumo Logic 50 GB per day (UK FSI) £58,000 52 Enterprise credits; GBP via UK reseller; AWS London data residency
Logz.io 20-100 GB per day (UK SaaS) £29,000 47 Pro/Enterprise; GBP equivalent; AWS London hosted
Graylog 50-500 GB per day (NHS/public sector, cloud) £22,000 61 Graylog Cloud Operations; GBP equivalent; AWS London option
Better Stack Logs 10-50 GB per day (UK Series A-C SaaS) £7,800 112 Team plan; GBP-billed; AWS London available; includes status pages
Axiom 50 GB per day, 90-day retention £9,800 67 Team/Enterprise flat pricing; GBP equivalent; cost alternative to Datadog
Local challengers

United Kingdom-built or United Kingdom-strong vendors worth knowing

Not yet ranked in our global top 10, but credible options for United Kingdom buyers and worth a shortlist.

Grafana Loki (UK cloud-native community)

Visit ↗

Open-source, label-based log aggregation. Growing rapidly in UK cloud-native organizations running Prometheus and Grafana. Deployed on AWS London for UK GDPR compliance. Dramatically lower cost than Datadog for UK teams that can tolerate index-free log querying. Grafana Labs has UK presence (London office).

Humio (CrowdStrike)

Visit ↗

Originally Danish-built, acquired by CrowdStrike in 2021. Humio log management (now Falcon LogScale) has UK FSI and enterprise deployments. AWS London data residency. Growing in UK organizations already running CrowdStrike Falcon for endpoint protection. Not a standalone log product but relevant for UK CrowdStrike customers.

The United Kingdom ranking

All 10, ranked for United Kingdom

Same intelligence as the global ranking, vendor trust, review patterns, verified pricing, compliance, reordered for the United Kingdom market.

#1

Datadog Logs

Logs tightly correlated with traces and metrics; per-GB pricing surprises common.

Founded 2010 · New York, NY · public · 200-100,000+ employees
G2 4.4 (540)
Capterra 4.6
From $0 /mo
● Transparent pricing
Visit Datadog Logs

Datadog Logs is the log management module of the Datadog observability platform (NASDAQ:DDOG, public since 2019). Its defining advantage is correlation: a log line is one click from the trace it belongs to and the host metrics around the event, with shared tagging across the entire platform. Pricing is the consistent pain point. Ingest is billed per GB and retention tiers (indexed, flex, archive) are billed separately, which means total spend tracks application log verbosity and not headcount. Customer invoices in our verified pricing dataset show 1.8x-4.2x variance against initial procurement assumptions, almost always because a single noisy service started emitting more logs than forecast. Datadog AI 2024 (Bits AI plus Watchdog) added decent natural language log search but does not change the ingest math.

Best for

Mid-market and enterprise teams (200-10,000+ employees) already running Datadog APM or infrastructure who want log lines correlated with the rest of their telemetry on one platform.

Worst for

Cost-conscious teams under 200 employees, organizations needing predictable flat-rate ingest, or anyone whose primary need is high-volume archival without correlation.

Strengths

  • Best-in-class correlation between logs, traces, and metrics in a single UI
  • Shared tagging model across the whole observability platform
  • Mature live tail, pattern detection, and log explorer
  • Bits AI natural language log search shipped in Datadog AI 2024
  • 700+ integrations across cloud, container, and SaaS sources
  • Battle-tested at extreme scale (Airbnb, Stripe, Salesforce)
  • Strong audit trail and access control for enterprise security reviews

Weaknesses

  • Per-GB ingest pricing routinely produces 1.8x-4.2x cost surprises against budget
  • Retention split into indexed, flex, and archive tiers each billed separately
  • Log rehydration from archive is slow and itself billed
  • Total observability bill (logs plus APM plus RUM plus synthetics) regularly exceeds $300K for mid-market
  • Pricing complexity makes year-over-year cost forecasting genuinely difficult

Pricing tiers

public
  • Ingest
    $0.10 per GB ingested
    $0 /mo
  • Indexed (15 day retention)
    $2.50 per million log events indexed
    $0 /mo
  • Flex Logs
    Lower-cost tier with limited query patterns
    $0 /mo
  • Archive
    S3-style archival; rehydration billed separately
    $0 /mo
Watch for
  • · Rehydration of archived logs is billed per GB
  • · Indexing fee is separate from ingest fee
  • · Retention extensions billed monthly
  • · Annual contracts standard with usage minimums

Key features

  • +Log ingestion across 700+ sources
  • +Live tail and log explorer
  • +Pattern detection and log clustering
  • +Bits AI natural language search (Datadog AI 2024)
  • +Indexed, flex, and archive retention tiers
  • +Tight correlation with APM traces, metrics, RUM
  • +Log-based metrics and alerting
  • +Sensitive Data Scanner for PII redaction
  • +Cloud SIEM signal generation from logs
700+ integrations
AWS CloudWatchGCPAzure MonitorKubernetesDockerFluentdPagerDutySlack
Geography
Global; regional sites in US, EU, Japan, Australia, India
View full Datadog Logs intelligence profile → Compare Datadog Logs →
#2

Sumo Logic

Mature log analytics with Cloud SIEM overlap; PE-driven velocity questions.

Founded 2010 · Redwood City, CA · pe backed · 200-10,000 employees
G2 4.3 (380)
Capterra 4.3
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Sumo Logic

Sumo Logic was the cloud-native log analytics leader of the 2010s and remains a credible enterprise platform in 2026. Francisco Partners took the company private in May 2023 for $1.7B, and customer-facing signal since then suggests the post-acquisition pattern common to PE-owned observability vendors: existing features remain solid, support tier still differentiates by contract value, but product velocity has slowed measurably and several roadmap items announced pre-acquisition have shifted right. The platform genuinely excels at high-volume log ingestion with a strong query language (LogReduce, Log Compare) and the Cloud SIEM module gives security teams a real path to converge log analytics with detection engineering. The trade-offs are PE-driven roadmap concerns, opaque enterprise pricing at the higher tiers, and a UI that has aged compared to newer entrants like Better Stack and Axiom.

Best for

Mid-market and enterprise teams (200-5,000 employees) running heavy log volumes where Cloud SIEM convergence with log analytics is a real architectural fit.

Worst for

Buyers prioritizing roadmap velocity, teams wanting transparent flat pricing, or organizations strongly concerned about PE-owned vendor patterns.

Strengths

  • Strong log analytics heritage with mature query language
  • Cloud SIEM module for security log convergence
  • LogReduce and Log Compare for noise reduction and incident analysis
  • Mature enterprise customer base across regulated industries
  • Cloud-native architecture since founding
  • Good at high-volume log ingestion at 10+ TB per day scale

Weaknesses

  • Product velocity has visibly slowed post Francisco Partners 2023 take-private
  • Pricing opaque above the entry Essentials tier; sales engagement required
  • UI feels older than Better Stack, Axiom, or modern Datadog
  • APM bolt-on is materially less mature than dedicated APM products
  • Some pre-acquisition roadmap items have shifted multiple quarters right

Pricing tiers

partial
  • Free
    1 GB per day ingestion; 7 day retention
    $0+$0 /mo +/emp
  • Essentials
    Volume-based; published per-GB rates
    $0 /mo
  • Enterprise Operations
    Adds Cloud SIEM signals; pricing opaque
    Quote
  • Enterprise Suite
    Full platform; custom enterprise pricing
    Quote
Watch for
  • · Volume overage pricing
  • · Multi-year contracts standard at higher tiers
  • · Cloud SIEM signals priced separately from ingestion
  • · Long retention extensions billed monthly

Key features

  • +Log ingestion at high volume
  • +LogReduce and Log Compare
  • +Cloud SIEM signal generation
  • +Real-time alerting and dashboards
  • +Continuous queries for streaming analytics
  • +Field extraction and parsing rules
  • +Search Job API
  • +Sensitive data masking
  • +Long-term archive
250+ integrations
AWSGCPAzureKubernetesOktaCrowdStrikePagerDutySlack
Geography
Global; regional sites in US, EU, APAC
View full Sumo Logic intelligence profile → Compare Sumo Logic →
#3

Logz.io

Managed OpenSearch with logs, metrics, and traces; cleanest ELK escape hatch.

Founded 2014 · Tel Aviv (offices in Boston) · private · 50-2,000 employees
G2 4.5 (220)
Capterra 4.5
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Logz.io

Logz.io is the cleanest managed-ELK option in the market. The platform delivers Elasticsearch (now OpenSearch) and Kibana as a service, plus a Prometheus-compatible metrics module and OpenTelemetry-native tracing, all on a unified UI. The company raised a $52M Series D in 2020 and has stayed founder-led without acquisition. Best-fit is the very specific buyer: a team that has the Elasticsearch and Kibana muscle memory, does not want to operate clusters, and wants to stay on open standards so a future migration back to self-hosted OpenSearch (or to AWS OpenSearch) remains an option. The trade-offs are real: cold tier search is slow, the unified UI is less polished than Datadog or Better Stack, and pricing transparency is partial above the standard plans.

Best for

Engineering teams (50-2,000 employees) with Elasticsearch and Kibana muscle memory who want managed OpenSearch plus tracing and metrics on open standards.

Worst for

Buyers wanting a single-pane integrated observability UI (Datadog wins), or teams that need the absolute lowest cold-tier query latency.

Strengths

  • Managed OpenSearch and Kibana without running clusters
  • OpenTelemetry-native tracing module
  • Prometheus-compatible metrics
  • Open standards reduce vendor data lock-in
  • Cognitive Insights uses ML to surface anomalous log patterns
  • Reasonable mid-market pricing compared to Datadog

Weaknesses

  • Cold tier search is materially slower than indexed tier
  • Unified UI less polished than Datadog or Better Stack
  • Pricing opaque above standard plans
  • Smaller integration ecosystem (under 200)
  • AWS OpenSearch licensing controversy still surfaces in procurement conversations

Pricing tiers

partial
  • Community
    1 GB per day; 1 day retention; community support
    $0+$0 /mo +/emp
  • Pro
    $1.50 per GB ingested; 7 day default retention
    $0 /mo
  • Enterprise
    Custom volumes; private regions; advanced security
    Quote
Watch for
  • · Retention extensions billed per GB-day
  • · Cold tier rehydration billed
  • · Annual contracts at enterprise tier

Key features

  • +Managed OpenSearch (formerly Elasticsearch)
  • +Kibana dashboards
  • +Cognitive Insights ML anomaly detection
  • +Prometheus-compatible metrics
  • +OpenTelemetry tracing
  • +Drop filters for ingest reduction
  • +Live tail
  • +Field-level masking
  • +Multi-account isolation
180+ integrations
AWSGCPAzureKubernetesFluentdOpenTelemetryPagerDutySlack
Geography
Global; regional sites in US, EU, APAC
View full Logz.io intelligence profile → Compare Logz.io →
#5

Graylog

Open-source-first log management with commercial Operations and Security tiers.

Founded 2009 · Houston, TX (engineering in Hamburg, Germany) · private · 50-5,000 employees
G2 4.4 (190)
Capterra 4.5
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Graylog

Graylog is the strongest open-source log management product in the market and pairs a permissive Open license with two commercial tiers: Graylog Operations (centralized IT log analytics) and Graylog Security (SIEM-grade detection and threat intelligence). The platform was originally a Berlin open-source project and has retained genuine community engagement under the Houston-headquartered commercial entity. Best-fit is the team that wants self-hosted control as a first option, with the choice to move to Graylog Cloud later. The trade-offs are honest: the Open tier is genuinely capable but documentation assumes Linux operations literacy; the commercial tier UX is improving but still lags Datadog and Better Stack; and the security tier, while real, is not a like-for-like Splunk Enterprise Security replacement at the highest enterprise scale.

Best for

IT operations and security teams (50-2,000 employees) who want open-source control as a first option with the choice to move to managed cloud or SIEM later.

Worst for

Teams wanting a turnkey SaaS-only experience with zero ops literacy, or organizations needing the absolute highest-scale enterprise SIEM (Splunk ES tier).

Strengths

  • Genuinely open-source core with permissive licensing
  • Self-hosted, cloud, or hybrid deployment
  • Graylog Operations and Security tiers commercialize without breaking community
  • Strong parsing, alerting, and stream routing primitives
  • Active community with plugins and content packs
  • SIEM-grade detection in the Security tier without forced Splunk pricing

Weaknesses

  • Self-hosted assumes Linux operations literacy
  • Commercial UI improving but lags Datadog and Better Stack
  • Security tier not a like-for-like Splunk ES replacement at highest scale
  • Cloud regions still expanding compared to global vendors
  • Documentation depth varies across community plugins

Pricing tiers

partial
  • Graylog Open
    Self-hosted open-source; community support
    $0+$0 /mo +/emp
  • Graylog Operations
    Centralized IT log analytics; per-GB pricing
    Quote
  • Graylog Security
    SIEM-grade detection; per-GB pricing with threat intelligence
    Quote
  • Graylog Cloud
    Managed SaaS; per-GB pricing
    $0 /mo
Watch for
  • · Self-hosted operations time is the real cost
  • · Long retention beyond plan default

Key features

  • +Log ingestion via GELF, Beats, syslog
  • +Stream routing and pipeline processing
  • +Alerts and scheduled searches
  • +Content packs for common sources
  • +SIEM correlation in Security tier
  • +Threat intelligence feeds in Security tier
  • +Anomaly detection
  • +Role-based access
  • +Self-hosted or managed cloud
200+ integrations
AWSGCPAzureBeats (Elastic agent)FluentdSuricataCrowdStrikePagerDuty
Geography
Global; cloud regions in US, EU
View full Graylog intelligence profile → Compare Graylog →
#8

Better Stack Logs

Modern observability with logs, monitoring, and status pages bundled.

Founded 2018 · Prague, Czech Republic · private · 10-500 employees
G2 4.7 (280)
Capterra 4.7
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Better Stack Logs

Better Stack (formerly Logtail plus Better Uptime) is the modern, design-forward observability bundle in this list: logs powered by ClickHouse for sub-second search, uptime monitoring, incident management, and public status pages, all on one bill. The free tier is genuinely useful (3 GB per month, 7 day retention), and paid pricing is among the most transparent in the category. Best-fit is the SaaS product team that wants logs plus status pages plus uptime, with one vendor relationship and one invoice. The trade-offs are that the integration ecosystem is still expanding compared to Datadog or Sumo Logic, the platform is opinionated about modern stacks (Kubernetes, Vercel, Heroku) and less mature for legacy enterprise patterns, and SIEM-grade security workflows are out of scope.

Best for

Product-led SaaS teams (10-500 employees) who want a modern, design-forward bundle of logs, uptime, and status pages with one vendor and one bill.

Worst for

Enterprises needing SIEM convergence (Sumo Logic or Splunk win), or teams running heavy legacy infrastructure outside modern SaaS patterns.

Strengths

  • ClickHouse-backed log search delivers sub-second queries
  • Modern, design-forward UI
  • Genuinely useful free tier (3 GB per month, 7 day retention)
  • Transparent published pricing
  • Logs plus uptime plus status pages bundled
  • Founder-led, no PE pressure
  • Strong fit for modern SaaS stacks (Vercel, Heroku, Kubernetes)

Weaknesses

  • Integration ecosystem still expanding compared to Datadog
  • Less mature for legacy enterprise patterns
  • SIEM-grade security workflows out of scope
  • Smaller customer base means fewer reference customers at enterprise scale
  • Long-tail compliance certifications still being added

Pricing tiers

public
  • Free
    3 GB per month; 7 day retention; basic monitors
    $0+$0 /mo +/emp
  • Freelancer
    From $24/month; 30 GB per month; 30 day retention
    $24 /mo
  • Small Team
    From $49/month; 60 GB per month; bundled status pages
    $49 /mo
  • Business
    From $159/month; 200 GB per month; advanced features
    $159 /mo
Watch for
  • · Volume overage billed per GB
  • · Long retention extensions billed monthly

Key features

  • +ClickHouse-backed log search
  • +Live tail
  • +Alerts and saved queries
  • +Bundled uptime monitoring
  • +Public and private status pages
  • +Incident management
  • +Modern SaaS integrations
  • +API and SDKs for app logs
100+ integrations
VercelHerokuAWSKubernetesGitHubSlackPagerDutyCloudflare
Geography
Global; EU primary, US region available
View full Better Stack Logs intelligence profile → Compare Better Stack Logs →
#9

Axiom

Serverless event store with SQL-like APL queries; data-team-friendly logs.

Founded 2020 · London, UK (remote-first) · private · 10-1,000 employees
G2 4.6 (140)
Capterra 4.7
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Axiom

Axiom is the modern serverless log and event analytics platform that treats observability data more like a warehouse than a search engine. The architecture decouples ingest from storage from query, runs on object storage, and exposes APL (Axiom Processing Language), a SQL-like query language that feels familiar to data engineers and analysts. The company raised a $9M Series A in 2022 and has stayed focused on engineering and data-team buyers. Best-fit is the team that wants logs to be queryable like a dataset, including by people who do not live in the observability tool. The trade-offs are that the product is opinionated (no traditional dashboards-first UX), the integration ecosystem is smaller than Datadog, and the on-call incident workflow is less mature than Better Stack or PagerDuty-anchored tools.

Best for

Engineering and data teams (10-1,000 employees) who want logs to behave like a queryable dataset shared across observability, analytics, and security use cases.

Worst for

Dashboards-first SRE teams (Datadog or Better Stack win), or buyers needing the broadest integration ecosystem.

Strengths

  • Serverless architecture decouples ingest, storage, and query
  • APL (Axiom Processing Language) feels familiar to data engineers
  • Flat-rate pricing aggressive on cost compared to per-GB vendors
  • Strong fit for data and engineering teams sharing observability data
  • OpenTelemetry-native ingest
  • Founder-led, no PE pressure

Weaknesses

  • Opinionated; no traditional dashboards-first UX
  • Integration ecosystem smaller than Datadog or Sumo Logic
  • On-call incident workflow less mature than Better Stack
  • Smaller customer base means fewer enterprise reference customers
  • Best fit narrowed to teams comfortable with SQL-style query thinking

Pricing tiers

public
  • Personal
    Free; 0.5 GB per month; 30 day retention
    $0+$0 /mo +/emp
  • Team
    From $25/month per user; published per-GB rates above included volume
    $25 /mo
  • Enterprise
    Custom volumes; private deployment options
    Quote
Watch for
  • · Volume overage billed per GB
  • · Long retention beyond plan default

Key features

  • +Serverless event store
  • +APL query language (SQL-like)
  • +Live tail
  • +Dashboards and saved queries
  • +OpenTelemetry-native ingest
  • +Vector and Fluent Bit support
  • +Alerts and monitors
  • +Role-based access
  • +Multi-org isolation
90+ integrations
VercelCloudflare WorkersAWSKubernetesOpenTelemetryVectorGitHubSlack
Geography
Global; EU primary, US region available
View full Axiom intelligence profile → Compare Axiom →
#4

Loggly

Lean cloud log search under SolarWinds; SUNBURST shadow remains a procurement topic.

Founded 2009 · Austin, TX (parent SolarWinds) · public · 10-500 employees
G2 4.3 (170)
Capterra 4.4
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Loggly

Loggly is the SolarWinds-owned cloud log search product (acquired 2014). The product is what it has been for a decade: SaaS log ingestion with a simple search UI, retention tiers, and per-GB pricing. For teams that want boring, predictable cloud log search without the integrated observability complexity of Datadog, Loggly remains a defensible pick. Two qualifications are non-negotiable for procurement. First, SolarWinds parent ownership and the December 2020 SUNBURST supply-chain incident continue to surface in enterprise security reviews even six years later, regardless of whether Loggly itself was implicated (it was not directly). Second, engineering investment in Loggly has visibly declined; release notes are sparse, the UI has not materially modernized since 2020, and several adjacent SolarWinds Observability features now overlap with Loggly without a clear convergence roadmap.

Best for

Small and mid-market teams (10-500 employees) who want simple cloud log search with predictable per-GB pricing and no expectation of fast feature velocity.

Worst for

Enterprises with strict supply-chain security review requirements, teams expecting active product development, or anyone needing modern observability convergence.

Strengths

  • Simple SaaS log search with predictable per-GB pricing
  • Mature ingest from common syslog and structured sources
  • Long-standing customer base with stable SLAs
  • Dynamic Field Explorer auto-parses structured log fields

Weaknesses

  • SolarWinds parent ownership; 2020 SUNBURST incident still surfaces in security reviews
  • Engineering investment has visibly declined; sparse release notes
  • UI has not materially modernized since 2020
  • Adjacent SolarWinds Observability features create roadmap ambiguity
  • Integration ecosystem stagnant compared to Datadog or Logz.io

Pricing tiers

public
  • Lite
    Free; 200 MB per day; 7 day retention
    $0+$0 /mo +/emp
  • Standard
    From $79/month for 1 GB per day; 15 day retention
    $79 /mo
  • Pro
    From $159/month; adds 30 day retention and advanced features
    $159 /mo
  • Enterprise
    Custom volumes and retention; HIPAA support
    Quote
Watch for
  • · Retention beyond plan default billed per GB-day
  • · Multi-year contracts at enterprise tier

Key features

  • +Cloud log ingestion (syslog, HTTP, agents)
  • +Dynamic Field Explorer for structured logs
  • +Search and filter UI
  • +Alerts and scheduled searches
  • +Anomaly detection
  • +Live tail
  • +S3 archive
  • +Role-based access
80+ integrations
AWSHerokuDockerKubernetesPagerDutySlackJira
Geography
Global; primary US data center
View full Loggly intelligence profile → Compare Loggly →
#6

Mezmo

Observability pipelines plus log search; LogDNA rebrand pivoted toward routing.

Founded 2015 · Mountain View, CA · private · 100-2,000 employees
G2 4.4 (230)
Capterra 4.5
From $0 + $0 /mo + /employee
◐ Partial disclosure
Visit Mezmo

Mezmo (formerly LogDNA, rebranded in 2022) raised an $80M Series D in 2021 and has pivoted from a pure log search product toward observability pipelines: ingest control, masking, reduction, routing, and destination management before logs land in any storage. The repositioning is genuinely useful for buyers wrestling with Datadog log bills, because Mezmo can sit upstream and reduce volume by 40-70% with field-level controls before the expensive ingest fee starts. The trade-offs are that the original log search product has received less roadmap attention since the rebrand, the documentation reflects two product eras, and the integrated UX is less polished than it was at the LogDNA peak.

Best for

Mid-market engineering teams (100-2,000 employees) who want to reduce log volume and route selectively before paying expensive Datadog or Splunk ingest fees.

Worst for

Teams who only need a search UI with no pipeline interest, or buyers wanting the full integrated observability platform.

Strengths

  • Telemetry Pipeline for ingest control, masking, and reduction
  • Sits upstream of expensive vendors (Datadog, Splunk) to cut ingest bills
  • Vector-style routing and destination management
  • OpenTelemetry-native ingest
  • Reasonable per-GB pricing for the log search tier
  • Founder-led, no PE pressure

Weaknesses

  • Original LogDNA log search has received less roadmap attention since rebrand
  • Documentation reflects two product eras (LogDNA and Mezmo)
  • Integrated UX less polished than at LogDNA peak
  • Smaller integration ecosystem compared to Datadog or Logz.io
  • Best fit narrowed to teams who want the pipeline use case

Pricing tiers

partial
  • Free
    Limited volume; community support
    $0+$0 /mo +/emp
  • Professional
    Per-GB log search; published rates
    $0 /mo
  • Telemetry Pipeline
    Per pipeline-GB; volume-based contracts
    Quote
  • Enterprise
    Custom volumes; private regions
    Quote
Watch for
  • · Pipeline volume billed separately from log search
  • · Retention extensions billed per GB-day

Key features

  • +Log ingestion via agent, syslog, HTTP, OpenTelemetry
  • +Telemetry Pipeline routing and destinations
  • +Field-level masking and reduction
  • +Live tail and log search
  • +Alerts and exclusion rules
  • +Long-term archive
  • +Role-based access
  • +Multi-account isolation
120+ integrations
AWSGCPAzureKubernetesDatadog (as destination)Splunk (as destination)S3OpenTelemetry
Geography
Global; primary US data center, EU region available
View full Mezmo intelligence profile → Compare Mezmo →
#7

Papertrail

Classic developer log tail under SolarWinds; effectively maintenance-mode.

Founded 2008 · Austin, TX (parent SolarWinds) · public · 5-200 employees
G2 4.4 (140)
Capterra 4.5
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Papertrail

Papertrail is the SolarWinds-owned developer-friendly log tail and search product (acquired 2018). The defining experience has always been the same: pipe syslog or app logs to Papertrail and tail-and-search them in a fast, simple UI that feels like grep on the cloud. For solo developers and small teams that value pure utility, Papertrail still works, and the price is fair at the small-team end. Two procurement realities apply. First, the product is effectively in maintenance mode: minimal release notes, no modern observability convergence, no AI features. Second, SolarWinds parent ownership and the 2020 SUNBURST incident continue to come up in enterprise security reviews. Pick Papertrail only if you want a boring, predictable, narrowly scoped log tail that does not pretend to be an observability platform.

Best for

Solo developers and small teams (5-50 employees) who want a boring, predictable, narrowly scoped cloud log tail with no observability ambition.

Worst for

Enterprises with strict supply-chain security review requirements, modern engineering teams expecting AI and observability convergence, or anyone needing roadmap velocity.

Strengths

  • Fast, simple log tail-and-search UI
  • Predictable per-GB pricing
  • Easy syslog and app log ingestion
  • Long history of stability
  • Reasonable for small teams under 50 employees

Weaknesses

  • Effectively maintenance-mode under SolarWinds
  • No modern observability convergence (no APM correlation, no metrics)
  • No AI features (no anomaly detection, no natural language search)
  • SolarWinds parent and 2020 SUNBURST incident surface in security reviews
  • Integration ecosystem stagnant
  • UI has not materially modernized since 2018

Pricing tiers

public
  • Free
    50 MB per month; 48 hour search retention
    $0+$0 /mo +/emp
  • Starter
    From $7/month for 1 GB per month; 1 year archive
    $7 /mo
  • Standard
    From $75/month for 16 GB per month
    $75 /mo
  • Plus
    From $230/month for 50 GB per month
    $230 /mo
Watch for
  • · Volume overage billed per GB
  • · Search retention is shorter than archive retention

Key features

  • +Cloud log tail-and-search
  • +Syslog and app log ingestion
  • +Alerts and saved searches
  • +S3 archive
  • +Role-based access
  • +API for log retrieval
  • +Velocity charts for log volume
50+ integrations
HerokuAWSDockerKubernetesPagerDutySlackGitHub
Geography
Global; primary US data center
View full Papertrail intelligence profile → Compare Papertrail →
#10

ChaosSearch

S3-native log analytics that indexes data in your bucket; cost economics break at scale.

Founded 2017 · Boston, MA · private · 500-10,000+ employees
G2 4.6 (90)
Capterra 4.6
Custom quote
◐ Partial disclosure
Visit ChaosSearch

ChaosSearch is the petabyte-scale cost disruptor in log management. The architecture is genuinely different: instead of ingesting and re-indexing logs into a proprietary store, ChaosSearch indexes data directly in your own S3 (or GCS) bucket, with Elasticsearch and SQL APIs on top. The result is that storage cost is what S3 charges (cents per GB per month) and the index tax that consumes 30-70% of every per-GB vendor invoice disappears. Customers report decisive cost wins at 10 TB per day and above. The company raised a $40M Series B in 2021 and has positioned almost entirely on cost-disruption. The trade-offs: live tail and sub-second interactive search are less snappy than Datadog or Better Stack, the product is opinionated about data already in object storage, and the integration ecosystem is narrower than the broad-market vendors.

Best for

High-volume engineering and security teams (500-10,000 employees) at 10 TB per day and above where per-GB ingest pricing is a board-level cost conversation.

Worst for

Low-volume teams under 1 TB per day, dashboards-first SRE workflows, or buyers wanting bundled status pages and incident management.

Strengths

  • Indexes data directly in your S3 or GCS bucket; no re-ingest
  • Storage cost is what S3 or GCS charges (cents per GB per month)
  • Index tax eliminated; 30-70% cost reduction versus per-GB vendors at scale
  • Elasticsearch API plus SQL API; familiar query surfaces
  • Decoupled compute scales independently of storage
  • Strong fit for petabyte-per-day log volumes

Weaknesses

  • Live tail and sub-second search less snappy than Datadog or Better Stack
  • Opinionated about data being in object storage already
  • Smaller integration ecosystem
  • Cost wins are decisive at 10 TB per day and above, less so below 1 TB per day
  • On-call incident workflow not a primary product surface

Pricing tiers

partial
  • Standard
    Per-TB indexed; customer owns S3 or GCS storage cost
    Quote
  • Enterprise
    Custom volumes; private deployment options
    Quote
Watch for
  • · Customer pays S3 or GCS storage directly (typically a feature)
  • · Compute scaling billed separately for very high query loads

Key features

  • +S3 and GCS native indexing
  • +Elasticsearch-compatible API
  • +SQL API
  • +No re-ingest; data stays in customer bucket
  • +Decoupled compute scaling
  • +Multi-account isolation
  • +Long-term retention at S3 economics
60+ integrations
AWS S3Google Cloud StorageKibanaGrafanaElasticsearch toolingKinesis Firehose
Geography
Global; deployed in customer cloud regions
View full ChaosSearch intelligence profile → Compare ChaosSearch →

Frequently asked questions

The questions buyers actually ask before they sign.

What log retention periods does FCA SS1/21 require for UK financial services firms?
FCA SS1/21 does not specify exact log retention periods but requires firms to demonstrate operational resilience of important business services. In practice, FCA examiners and skilled-person (S166) reviewers expect security event logs for systems supporting important business services to be retained for a minimum of 12-24 months (aligning with NCSC logging guidance) and transaction-related logs for five years (per FCA SYSC 9.1.1). Application performance logs and infrastructure monitoring logs are expected to be available for at least the duration of any regulatory investigation period. Datadog, Sumo Logic, and Logz.io all support configurable retention periods; configure archive tiers for cost control at the 12-24 month mark rather than full indexed retention.
Does UK GDPR require log management systems to be hosted in the UK?
UK GDPR requires that personal data (including log data that can identify UK individuals) be stored in the UK or a country with UK adequacy status. EU member states and EEA countries have UK adequacy, as do several others. AWS London (eu-west-2) and Azure UK South satisfy UK data residency inherently. Datadog's EU region (AWS eu-west-1 Ireland) also satisfies UK GDPR under the UK-EU adequacy decision. US regions (AWS us-east-1) do not satisfy UK GDPR for personal data without Standard Contractual Clauses and a transfer impact assessment. Check your log management vendor's data residency configuration and ensure you have selected a UK or EU adequacy jurisdiction, not a US-default region.
Is Better Stack Logs a credible alternative to Datadog for a UK 100-person SaaS company?
For a UK 100-person SaaS company where logs are primarily developer-debug and uptime-monitoring rather than security analytics, Better Stack Logs is a credible and meaningfully cheaper alternative. The bundled status pages and incident management are genuinely useful for UK product-led SaaS teams that also need uptime monitoring. The gaps vs. Datadog are: no native APM trace-to-log correlation (Datadog's strongest differentiator), thinner integration ecosystem (~40 vs Datadog 700+), and less mature SIEM-adjacent security analytics. If your team already runs Datadog APM and wants log correlation with traces, stay on Datadog. If your primary log use case is searching application errors and correlating with service uptime, Better Stack Logs at 30-50% of Datadog's cost is worth a 30-day parallel evaluation.
Log management vs APM: which do I need?
APM (application performance monitoring) tracks request-level performance through your code: latency, throughput, errors, and traces across services. Log management ingests every log line your apps and infrastructure emit and lets you search, alert, and correlate them. The honest answer in 2026 is that you need both, and most teams buy them from the same vendor (Datadog, New Relic, Sumo Logic, Grafana) so logs and traces correlate in one click. Standalone log management is the right call only when you specifically want a focused product (Better Stack, Axiom, ChaosSearch) or open-source control (Graylog, Logz.io).
Log management vs SIEM: where is the line?
Log management is the substrate; SIEM (security information and event management) is the security analytics workload that runs on top of log data with detection rules, correlation, threat intelligence, and case management. In 2026 the line is blurring fast: Sumo Logic Cloud SIEM, Graylog Security, Datadog Cloud SIEM, and Splunk Enterprise Security all run on the same log ingestion path the operations side uses. Many mid-market teams now buy one platform for both and rely on tier-level features (rules, threat feeds, SOC workflows) to enable the SIEM use case.
Why does my Datadog log bill keep surprising me?
Datadog Logs is billed as three separate line items: ingest (per GB), indexed retention (per million events at a 15 day default), and archive plus rehydration. A single noisy service emitting verbose logs can multiply each line independently. Customer-shared invoices in our verified pricing dataset show 1.8x-4.2x variance against initial budgets, almost always for that reason. Mitigations: use Datadog Sensitive Data Scanner plus exclusion filters, route through an upstream pipeline like Mezmo or Vector to reduce volume before ingest, and set spend alerts on every retention tier.
How does open-source compare to proprietary log management?
Open-source-first products (Graylog Open, self-hosted ELK, OpenSearch) give you total control and zero per-GB vendor fees, but you pay in operations time: clusters to operate, indices to rotate, and capacity to forecast. Logz.io and Graylog Cloud are the managed-open-source middle ground. Proprietary SaaS (Datadog, Sumo Logic, Better Stack, Axiom) trades that ops time for a vendor invoice. The right answer depends on whether you have Linux and Elasticsearch literacy on the team and whether your data sovereignty needs require self-hosted control.
Should the SolarWinds SUNBURST incident still affect my procurement of Loggly or Papertrail?
The December 2020 SUNBURST supply-chain breach affected the SolarWinds Orion product, not Loggly or Papertrail directly. However, both products are owned by SolarWinds, and enterprise security review teams continue to raise the parent-company association in 2026 procurement reviews. Combined with visibly slower engineering investment in both products, the practical answer is that Loggly and Papertrail remain defensible picks for small teams who want predictable, narrowly scoped cloud logging, but they should be expected to fail enterprise supply-chain security reviews more often than peers in this list.
What does S3-native log analytics actually mean for cost?
S3-native architecture (ChaosSearch, plus increasingly Axiom) means your logs stay in your own S3 or GCS bucket and the vendor indexes them in place rather than re-ingesting into proprietary storage. The cost implication is decisive: object storage is cents per GB per month, versus the per-GB ingest plus index tax of traditional vendors. The break-even point is roughly 10 TB per day; below that, the operational simplicity of integrated platforms often wins. Above that, customer invoices show 30-70% cost reduction against per-GB vendors at the same data volume.
How does observability convergence affect log management buying?
In 2026 the standalone log management category is shrinking. Logs, metrics, and traces are converging onto unified platforms (Datadog, Grafana Cloud, New Relic, Sumo Logic) and security analytics is collapsing onto the same data plane (Cloud SIEM, Graylog Security). The practical buying implication: if you already run Datadog APM or Grafana metrics, your log management decision is partially made by your existing telemetry vendor. Standalone log tools (Better Stack, Axiom, ChaosSearch) win when you specifically value focus, cost economics, or product-led UX over integrated correlation.
How long is log management implementation typically?
Better Stack, Papertrail, Loggly, Axiom: hours to a few days for cloud SaaS apps. Logz.io, Mezmo: 1-2 weeks including agent rollout and pipeline tuning. Datadog Logs, Sumo Logic: 2-6 weeks for production-grade deployment with tagging discipline, log routing rules, retention policy, and alerting. Graylog self-hosted: 2-8 weeks depending on cluster size and high-availability needs. ChaosSearch: 1-4 weeks because data is already in S3; the work is index configuration and access control.
What about free tiers and trials?
Permanent free tiers: Better Stack Logs (3 GB per month), Papertrail (50 MB per month), Loggly Lite (200 MB per day), Logz.io Community (1 GB per day), Sumo Logic Free (1 GB per day), Mezmo Free, Axiom Personal (0.5 GB per month). Graylog Open is fully free as self-hosted open-source. Time-limited trials (14 days typical): Datadog, ChaosSearch.
How does AI fit into log management in 2026?
AI in log management means three things in 2026: (1) Anomaly detection, surfacing unusual log volume or pattern shifts without manual rules (Datadog Watchdog, Logz.io Cognitive Insights, Sumo Logic LogReduce, Graylog Security). (2) Natural language search, asking the platform a question in English and getting a query plus results back (Datadog Bits AI, Better Stack). (3) Automated root-cause clustering, grouping related log lines and traces around an incident. AI is now table-stakes; vendors compete on the quality of the AI output, not its presence.

Final word

Looking at a different market? See the global Log Management Software ranking, or pick another country at the top of this page.

Last updated 2026-05-19. Local pricing reverified quarterly. Found something inaccurate? Tell us.