Get Your Observability Spend Under Control

8 April 2025 - ID G00810018 - 15 min read
By Padraig Byrne, Martin Caren,  and 1 more
Observability spend is increasing rapidly, driven by explosive growth in operational telemetry and increased complexity in digital businesses. This research is designed to help infrastructure and operations leaders control their observability costs and align their investments with business value.

Overview


Key Findings

  • Observability costs are high and are increasing exponentially. In 2024, the median Gartner client spending on observability platforms exceeded $800,000 annually with a single vendor, marking an increase of 20% year over year.
  • A significant portion of costs is driven by the explosion in telemetry volumes and velocity, often accelerated by a shift to modern architectures and applications. Traditional approaches to telemetry ingestion are inefficient and are no longer suitable for these workloads.
  • Clients mention that they see value from observability platforms but often lack a strategy for observability that optimizes return on investment (ROI). Legacy tools, technical debt and outdated practices increase costs and hamper operator productivity.

Recommendations

  • Control your observability costs by implementing telemetry pipelines and analytics tools that regulate the flow of telemetry to observability platforms.
  • Prioritize your observability spending by triaging applications and services into tiers based on business impact, then allocating spending based on these application tiers.
  • Rationalize your observability tools and improve operator productivity by assessing existing implementations.

Strategic Planning Assumptions


By 2028, 80% of enterprises that do not implement observability cost controls will overspend by more than 50%.
By 2028, 50% of enterprises that spend more than $1 million on observability will use artificial intelligence (AI) to optimize their observability spend.

Introduction


Observability costs are increasing exponentially, and controlling these costs is a key driver of client inquiries to Gartner. A review of observability platform vendor proposals submitted to Gartner between 2023 and 2024 showed the following:
  • The median Gartner client spend on observability platforms now exceeds $800,000 annually with a single vendor.
  • The median spend increased by more than 20% with a single vendor.
  • Four percent of clients spend more than $10 million with a single vendor.
One client shared their costs from 2009, when they spent less than $40,000 on a solution. By 2024, their yearly spend was nearly $10 million, a compounding increase of approximately 40% annually for 15 years.
More broadly, these solutions continue to experience strong growth and adoption in the market; Gartner estimates an overall market compound annual growth rate (CAGR) of 11.0% (see Forecast: IT Operations Management Software, Worldwide, 2022-2028, 2Q24 Update), with leading vendors growing at more than 20% year over year.
Those in charge of budgets who want to achieve maximum value from their observability investments need to carefully manage the increased complexity. Spending on observability is becoming an issue for CIOs and CFOs, where, until now, it had largely flown under the radar. Nonetheless, clients often indiscriminately apply observability in their systems rather than targeting spending on the most important applications and services.
There are many drivers behind the rise in costs for observability, some of which are shown in Figure 1.
Figure 1: Drivers Behind the Rise in Costs for Observability
Diagram with observability costs at the center, surrounded by five boxes pointing toward it, labeled: complex environments, increasing telemetry, skills, legacy tool sprawl and increased value.
Much of the cost is attributable to the ever-changing, increasingly complex infrastructure environments and the exponentially increasing volume of operational telemetry. However, organizations increasingly realize the valuable insights into end user or client behavior that only observability can provide. Clients have mentioned that a successful deployment of an observability platform can then “spread like wildfire” across teams and departments, driven by the desire to achieve better and deeper connections. However, as the term “wildfire” implies, one key driver is lax administration, with limited guardrails in place for protection.
This research will help infrastructure and operations (I&O) leaders control costs by:
  • Using new technologies such as telemetry pipelines to take control of operational data
  • Aligning observability spending with business priorities
  • Improving administration and reporting
  • Identifying existing tools that would benefit from rationalization or modernization

Analysis


Take Control of the Exponential Rise in Telemetry

I&O environments continue to grow in size and complexity. Adoption of the public cloud consistently increases, with Gartner research indicating market growth of 20% (see Forecast: Public Cloud Services, Worldwide, 2022-2028, 4Q24 Update). Organizations are creating new workloads on modern environments using cloud-native containers and microservices architectures. These architectures generate significantly more telemetry (e.g., logs, metrics and traces) than traditional on-premises environments.
When telemetry volumes were lower, organizations typically defaulted to ingesting all of the operational data with the intention to analyze it later when needed. However, in today’s complex environments, this is no longer a best practice. Costs associated with ingestion and storage increase exponentially with no demonstrable increase in business value. In addition, higher volumes of poor-quality telemetry inhibit the ability of generative AI (GenAI) and large language models (LLMs) that use this data, slowing down analysis and increasing computing costs.
Although the volumes of all telemetry types are increasing, logs are the primary point at which to address costs and are, therefore, the focus of this section. Although not explored in this research, the rise in metrics and trace volumes means that companies need to take a holistic approach to telemetry management in the long term.

Log File Collection and Analysis

Logs are often the first point for enterprises to begin understanding their environments. However, logs are verbose and voluminous, meaning that they are expensive to ingest, store and analyze. Gartner clients spend significantly more on log analysis tools than other parts of observability. For larger entities, this can be more than half of total spend. However, few indicate that these solutions deliver half the value of observability.
To derive value from log files in modern IT operations environments, I&O must change its approach to log monitoring and focus on a centralized log management approach. (This approach is shown in Figure 2.)
Figure 2: Traditional Versus Gartner Approach to Log Monitoring
This graphic compares a traditional siloed approach to log management, which results in manual and fragmented log data, with Gartner’s recommended approach to centralized management, which provides consolidated and actionable insight.
Clients can reduce costs associated with log telemetry by:
  • Auditing logs and implementing a log governance framework
  • Deploying telemetry pipelines
  • Using vendor-specific controls

Audit Your Logs and Implement a Log Governance Framework

As a first step, many enterprises move directly to implementing a telemetry pipeline; however, there is a benefit for them to spend time understanding which log files are being collected instead. Organizations should perform an audit of their existing log collection and determine which provides value and which does not. During the audit, the team should assess which systems, services and applications are being collected by the centralized logging service. They should also look at the logging levels.
Based on the information collected, teams should assess whether this information is necessary for operational purposes and whether the logging can be tuned down.” Log levels are often incorrectly set (for example, in full debug mode). This means that organizations are collecting more information than they need for operational purposes. Information about the operational necessity or regulatory nature of the log files can be used to inform actions taken with the telemetry pipeline in the next step.
Teams should also implement a common log governance framework (see Figure 3), which will specify log format, security requirements and must-have fields (e.g., source and status). Doing so will standardize log files, improve telemetry quality and reduce the overhead associated with logging. (Further information on implementing a framework is found in Gartner’s Guidance Framework for Deploying Centralized Log Management and Monitoring research for technical teams.)
Figure 3: Overview of Audit and Framework
Table showing audit questions on the left, and a framework for answering them on the right.

Deploy Telemetry Pipelines

Telemetry pipelines are an emerging set of tools that organizations are deploying to control their telemetry feeds. They serve as an intermediate or preprocessing step between the origin of the log files and the log analysis system. Telemetry pipelines perform various functions on telemetry, including:
  • Reduce Filters data (e.g., time-based filtering or event-based filtering), decreases redundant or repeat events and keeps them from being ingested into destination systems
  • Route — Sends data via logic rules to various endpoints based on the sender or telemetry characteristics
  • Transform — Modifies telemetry into a format consumable by the destination system
  • Enrich — Adds context or attributes to enhance its analytical value
In terms of getting control of telemetry costs, the “reduce” and “route” functions are the most powerful:
  • Reduce — By eliminating extraneous telemetry before it is ingested by the logging system, organizations can significantly lower the volume of data collected and stored.
  • Route — Some telemetry is not needed for operational purposes (e.g., real-time performance or security); instead, it is required for auditory or regulatory needs. Telemetry pipelines can route such information to lower-cost archive systems (e.g., AWS S3/Glacier), where it can be retrieved if needed at a later date.
Gartner clients have indicated that they can reduce costs associated with telemetry ingest and storage by more than 30% by successfully implementing a telemetry pipeline (see Figure 4).
Figure 4: Centralized Log Monitoring Supported by a Telemetry Pipeline.
This figure shows the architecture for deploying centralized log management and monitoring. This includes configuring components for the collection, queuing, aggregation, short-term storage and analysis. The log data collected is sent to a telemetry pipeline via agents, collectors, integrations or other mechanisms. Then, it is transformed, enriched, reduced and routed to the relevant endpoints. Our endpoint will be a telemetry analysis solution for the remainder of this research. The solutions can be SaaS or self-managed deployments, and will leverage AI and advanced analytics to produce insights and visualizations from telemetry data.

Use Vendor-Specific Controls

Observability platform vendors realize that the exponential rise in spend presents critical problems for I&O and procurement teams and cannot continue unabated. Already, vendors provide administration and reporting tools in their products, which can help clients identify or visualize where spend is allocated. They also allow granular access via role-based access controls (RBAC), which ensures that only authorized individuals or teams can incur costs. Clients should ensure that they are familiar with these tools, that there is a nominated person or team in charge of administration and that spend reports are checked on a frequent basis (at least quarterly).
Beyond those basic tools, vendors are beginning to implement specific controls in their own portfolios to help clients control costs associated with the explosion in telemetry. Although nascent, these capabilities indicate vendors’ willingness to address the issue. In the future, clients should expect to see further enhancements in this area, including the use of AI to control telemetry flows.
Examples of such efforts include:
Despite such innovations, many teams are frequently unaware of these controls in the products they own.
Therefore, clients should ensure that any update presentations, health checks or contract renewal conversations with vendors include discussions of existing or planned capabilities in this area.

Prioritize Observability Spending

When initially implementing observability or monitoring tools, few organizations have a strategic plan in place to optimize their observability investment. For example, an organization may embark on an implementation that treats all systems equally, without an understanding of the applications or services that run on these systems. This is an inefficient use of resources and capital, and does not prioritize based on business value. Having a strategic plan in place for observability will ensure that spending remains under control and that the I&O leader is able to deliver demonstrable business value.
To optimize and correctly target observability spend, organizations should follow the approach in Figure 5.
Figure 5: Workflow for Observability Strategy
A circular flow, with three steps. Step 1: Categorize applications Step 2: Implement tiered observability Step 3: Evaluate success.

Categorize Applications Into Tiers

To provide value to the business, I&O leaders must understand the business value of the applications and services they support. They must then ensure that those of higher value are nurtured and tended to with more attentiveness than those of lesser value.
To implement this, I&O leaders must work with business stakeholders to categorize applications and services into tiers, based on business importance. This is a difficult task, as modern enterprises may have thousands of applications. I&O teams may need to partner with other parts of the business, such as application portfolio management or CIO teams that may have already carried out this work for other projects (e.g., as part of a disaster recovery plan). For most organizations, three tiers are sufficient. Every organization’s priorities are different; however, each tier should approximate what is shown in Table 1.

Application Tiers

Tier LevelApplication/Service CharacteristicsPercentage of Applications
High/Gold
Revenue-generating, client-facing, brand-sensitive; downtime has a quantifiable immediate business impact.
Very low tolerance for disruption
5% to 10% (lower is better)
Medium/Silver
Frequently used applications with a large number of users, not revenue-generating.
Limited tolerance for disruption.
As much as 40%
Low/Bronze
Internal, infrequently used applications, can tolerate downtime for longer periods
Everything else
Source: Gartner (April 2025)

Implement Tiered Observability, Including Digital Experience Monitoring

Based on the analysis of applications and services, I&O teams should then ensure that the observability spend is aligned with the business importance of the applications. Applications in the highest tier should be prioritized, with deployment of full observability, including application, infrastructure, logging, etc., as well as digital experience monitoring (DEM). Applications in the middle and lower tiers should rely less on the expensive options of full observability platforms. Instead, they should focus on solutions with low implementation costs but high value, such as synthetic transaction monitoring, which is part of DEM.
DEM solutions include the ability to run synthetic transactions and real user monitoring on applications. These technologies provide an efficient and fast time-to-value method for providing near-real-time feedback on service performance at a fraction of the cost of full observability. (For further information, see Magic Quadrant for Digital Experience Monitoring.)
I&O teams will find that the observability cost difference between the suggested tiers is significantalmost an order of magnitude in many cases. By aligning observability spend with business value, teams will find that they are able to improve their overall visibility while controlling spending.

Tier Level Suggested Stacks

Tier LevelSuggested Stack
High/Gold
Comprehensive observability, including the collection of logs, metrics and traces, as well as defined service-level objectives (SLOs). In addition, DEM solutions extend visibility reach.
Medium/Silver
Select measures may include DEM solutions such as synthetic transactions, as well as infrastructure monitoring, targeted tracing, metrics and logging.
Low/Bronze
Basic measures, including synthetic transactions and polling. Log monitoring may be used in limited scenariosfor example, when other collection methods are unsuitable.
Source: Gartner (April 2025)

Continuously Evaluate Success

Applications and services continually change, with new ones being commissioned and others moving to end of life. I&O should work with their business teams on a frequent basis to ensure that they have correct coverage for all applications. New workloads should be assessed based on their business value and placed in the appropriate tier.
Occasionally, a business team may complain that their application has been incorrectly placed in the wrong tierfor example, as silver rather than gold. In such cases, these business teams should provide a rationale why they are misplaced and present the business reasons for upgrading observability. For example, they should quantify the impact of downtime for their service. By implementing such feedback loops, I&O teams can then ensure that any increase in funding is backed by appropriate business cases.

Assess Existing Tools for Fitness

A frequent complaint from Gartner clients is that they have too many monitoring and observability tools. This is not surprisingmonitoring tools have been commonplace in enterprises since the 1990s or even earlier. Such tools were often installed as a point solution to a problem at a moment in time, with no strategic plan in place to limit redundancies. Many clients indicated that they have more than 15 or 20 tools, which include open-source solutions, in-house systems and a variety of commercial software.
In one extreme example, a client recently completed an application review in which they found 56 separate tools covering monitoring and observability.
Clearly, this creates inefficiencies in providing visibility to applications, in addition to creating pain for procurement teams trying to limit vendor risk and improve synergies.
However, rationalizing and consolidating these tools is not trivial, nor does it necessarily yield promised benefits. In the past, I&O teams that have embarked on consolidation have underestimated the amount of time and effort involved in undertaking such an effort. These failed migrations often end up complicating environments, because teams now have to deal with half-implemented solutions, with no tools decommissioned.
Instead of moving to a one-size-fits-all approach, clients should determine a strategic plan for the future of their tools. Using frameworks such as Gartner’s TIME (tolerate, invest, manage, eliminate) model and PAID (plan, address, ignore, delay) to assess the future of each tool, organizations can determine their specific paths to ensuring they have a fit-for-purpose observability environment (see Figure 6).
Figure 6. PAID Model to Triage Tech Debt by Probability and Impact
These are illustrative TIME and PAID models. The graphic shows the "mitigate" quadrant of a TIME model on the left, and a PAID model populated from the solutions in that quadrant. The PAID model is a quadrant in which the Y axis is labeled "impact" and the X axis is labeled "risk." The top-right quadrant is called "address" and highlighted in blue, because it is where technical debt reduction efforts should target first.
I&O teams should work with enterprise architects to run these analyses, with input from other stakeholders such as procurement teams.
Not all legacy tools will be deemed a priority for consolidation and rationalization. For many tools, a policy of “tolerate” and “ignore” may be the correct action, where these tools provide sufficient value in their current deployment.
For further reading on the use of TIME and PAID models, see:

Conclusion

This research covers the key drivers of the rapid increase in observability costs, as well as actionable recommendations that leaders can take to control and mitigate these rises. These actions include:
  • Implement controls for your log telemetry, such as centralized log management.
  • Deploy a telemetry pipeline to reduce, route and transform your telemetry.
  • Use existing and new vendor features and tools for increased visibility and control.
  • Categorize your applications and services based on business value and align observability spending accordingly.
  • Assess your existing tool landscape for fitness, and rationalize, where appropriate.
Organizations must be aware that this is not a one-time exercise. Staying in control of costs requires an ongoing change in behaviors, methodologies and technologies related to observability. By implementing the recommendations in this research, observability teams can ensure that they will be delivering increased value to their organizations while minimizing costs.

Evidence


The information presented is the result of collective research by Gartner analysts focused on the challenges Gartner clients face when using observability platforms, as well as Gartner inquiries with observability vendors.
Datadog: 26% year-over-year increase in revenue in fourth quarter update:
A review of observability platform proposals from January 2023 through December 2024.