NB: The above is a highly selective map that follows the user journey and use cases from the point that data has been extracted from an end system by an agent. For simplicity, it excludes Observability for data, for AI/LLMs, and also storage.

To monitor the performance of their systems, enterprises need to gather data from a fragmented set of sources including applications, network, server logs and system logs. This data needs to be ingested and analysed by Observability platforms so that appropriate action can be taken downstream – for example to fix a security issue or to repair infrastructure.

The Observability market is large and well-established, but nonetheless remains dynamic and innovative, with significant opportunity for new entrants to carve out valuable adjacencies – or even take on the behemoths directly. As a backdrop, Cisco’s landmark acquisition of Splunk in 2024 is a catalyst for buyers and innovators to revisit their tooling and strategy.

Across the value chain, the growing expectations around realtime data and hybrid cloud/on-prem infrastructure represent an opportunity for the latest entrants to displace older competitors.

Market trends / What we’re seeing:

1. Data Pipelines Observability platforms price on the volume of data ingested. Spiralling data volumes are not matched by growth in data budgets, meaning that enterprises do not have the budget to manage logging – let alone to derive value from the data. With the exponential growth in data, this is now a critical issue across the market.The answer is to figure out what data is actually needed to drive the business value – it’s estimated that 20–40% of data ingested by Observability platforms is irrelevant. So rather than sending data directly to analytics platforms, Gartner estimates that by 2026, 40% of Observability data will be processed through a telemetry pipeline product (up from <10% in 2022). Companies such as Cribl and Onum (backed by Dawn) are responding to this acute market need by triaging and pre-processing data. This reins in cost, but just as importantly it enables customers to get much more value from their downstream platforms.
2. Open Telemetry Open Telemetry (OTel) is an open-source standard for metrics and logs that is challenging the current proprietary standards used by the incumbent observability platforms. OTel promises greater interoperability and an end to vendor lock-in driven by closed standards. Companies such as Dash0 and Better Stack are leading the charge by bringing to market full-stack OTel-native platforms. The next few years will be a critical proving ground for OTel as it moves upmarket and seeks to displace entrenched incumbents. Then the question will be whether the incumbents themselves embrace OTel wholeheartedly, or get displaced by OTel-native challengers.
3. Cloud & On-prem Modern enterprises are increasingly sophisticated in their decisions about deployment environment. Cloud promises operational simplicity and scalability, but those tilting towards on-prem are likely prioritising infrastructure costs together with security and compliance. Platforms such as Datadog are cloud-native, which has prompted the likes of Tsuga to enter with an on-prem offering. On the pipelines side, Cribl is on-prem native, whereas next-gen entrants such as Onum support cloud equally well.
4. AI-first actions AI is starting to make its mark throughout the Observability value chain, and one of the most exciting areas is automated actions in domains such as security. The traditional market of SIEMs, which send alerts to human analysts, is giving way to automated, AI-driven incident remediation – helping unburden scarce and overworked security professionals. Early movers include Shoreline.io (backed by Dawn; exited to Nvidia), and we expect continued innovation.