 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. Full stack observability is the new buzz phrase. As businesses go digital, customer experience becomes ever more important. Why? Because fickle consumers can switch brands in the blink of an eye or the click of a mouse. Every vendor wants a piece of the action in this market including companies that have provided traditional monitoring, log analytics, application performance management, et cetera. And they're joined by a slew of new entrants claiming end-to-end visibility across the so-called modern tech stack. Recent survey research from ETR, however, confirms our thesis that no one company has it all. New entrants, they've got a vision and they're not encumbered with legacy technical debt. However, their offerings are immature. On the other hand, established players with deep feature sets in one segment are pivoting through M&A and some organic development to fill gaps. Meanwhile, the cloud players are well-positioned and participating through a combination of their own native tooling combined with strong ecosystems in their respective marketplaces to address this opportunity. Hello everyone and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we dive into a recent ETR drill-down study on full stack observability. And to do so, we once again welcome in our colleague, Eric Bradley, Chief Engagement Strategist and Director of Research at ETR. Eric, good to see you, my friend. Thanks for coming on. Always good to be here, Dave. Thank you so much for having us. We appreciate it. All right, before we get into the survey, Eric, I want to talk a little bit about full stack observability, define what it is. And so let me start and then you can chime in. So when people talk about full stack observability, they're referring to the need to understand the behavior of all the technology components that support an application, i.e. the stack throughout the entire system, meaning the full piece of the equation, the entire system. So the compute, we're talking about the storage, the network, and of course that's all software defined today, the containers that are running the software, the database, other middleware components, the pipeline of data. And then of course the client side code, everything, the HTML, the CSS, everything down to the mobile device. And the idea is to give people who can fix problems full visibility into the system with a dashboard of metrics that can be visualized at a high level and then drilled into to see logs or traces or events, all the metrics that could help remediate an issue. So a simple way to think about this, Eric, is I like to think of it as the ability to see everything in the tech stack that could impact the customer experience, right? How do you see it? If only we're that simple, right? It's a huge thing that we're trying to encompass there with full stack observability. And even though the vendors might tell you on the first sales call that they can do it, it's really not that simple based on everything you just said. In this particular survey, we tried our best to look at it and we'll go into it later, but we had to survey on the application side, infrastructure side, database side, log management, security, network. It's a very difficult thing to encompass. The Holy Grail would be able to do it with one vendor and do it with one dashboard. I don't think we're there anytime soon. All right, so let's get into the drill down survey results and talk about what you've learned. First, explain what a drill down study is. How often does ETR conduct these types of things? Who responds? What can you tell us? Yeah, sure. So the drill downs are actually basically, think of it as a custom type of survey work and that could be customized from two different ways. Either our clients will come to us with a particular topic and we will hold their hands and make sure that they get the responses that they need. And more often than not, it's actually us as a research department wanting to dig into trends that are larger data encompasses. And then we'll say, hey, we really need to look into that. And we've done it with everything from RPA to identity access to, you know, here in observability and also vendor specific and macro trends. As you know, David, this particular one, the Genesis was really a large amount of interest, not only from our community, the end users, but clients. I can't tell you how much interest there is in observability right now. We're constantly getting questions and demands from more research and deeper research in this space. Yeah, so our audience will be familiar with the concept of net score. That's the periodic survey. Every quarter like clockwork, ETR does that. Then in addition, as Eric was saying, hot topics like in this case, full stack observability. So we're talking about respondents in the ETR community, in this case who have a deep understanding of observability and related topics. And they had varying degrees of knowledge about each vendor's offering. So you asked the respondents to concentrate on the ones that they knew well, correct? Yes, that is correct. So this was a smaller survey that we did. The end was a little under 188, I believe. And essentially what we did was we took people that responded in the bigger study on these observability vendors and then sent this drill down out. So they were specifically people that have per view over their spend with observability. Now, some of it might be more database, infrastructure application or security, but everyone here is already qualified as an expert to answer these questions. That's correct, Dave. Yeah, so the first data point is the one we're showing you right here. The respondents were asked, who uses observability tools? And Eric, I've highlighted app ops and the site reliability engineers because given the emphasis on customer centricity that we hear all the time from the vendor community, you would think these roles would be more highly represented, but it's the folks in the boiler room that are using these tools, highly technical and specialized roles. What are your thoughts on this data? You know, I was a little surprised as well. I kind of thought the SREs would be a little bit higher on this, but it really just comes down to, you know, it's the infrastructure dev ops and sec ops that seem to be using it the most. I thought maybe the application operations teams would be a little bit more involved as well. So I agree with you. I was a little bit surprised on this, but you know, they're the experts and we have to take the data at their word for it. But I think what's really happening here is you're recognizing that the work is being done across the entire enterprise. As you mentioned before about full stack, this isn't just one aspect. It's touching every aspect of the enterprise and that's including the internal IT teams. Well, and I think too, Eric, what I took away from this drill down and we'll get more into it is that the vendor marketing is not aligned with what's actually happening in the field. And so this is early days. We'll talk about that some more. Okay, next question. I thought this was very interesting. ETR asked on the scale of one to three, three being most preferred, which pricing model, host-based, user-based, or amount of data ingested-based pricing that the respondents preferred? And Eric, so what are your thoughts on this? Because just doing a quick scan, pricing is all over the map. Yeah, it really is all over the map from a vendor perspective, right? And also from an end user perspective and all the interviews and panels that I host, pricing's a real concern. It is always, but in this particular field, it's a real concern. And I actually just did a panel yesterday of four of these 88 survey takers to get a little bit deeper. So I'm going to kind of remark on what they taught me a little bit yesterday. One of them said ingestion pricing might be preferable, but because it's so unpredictable, that's why we're seeing the results skew away from it. Another one went so far that said ingestion-based pricing is a nightmare that keeps them up at night, because he's just so afraid he's going to wake up the next day and see what the bill is. So really what they're looking for here and the reason the pricing is skewing that way in this survey is because they need predictability. It's about their budget and it's about their planning. Even though they would prefer an ingestion-based model, the fact that they have to plan for their budgets and they have to concern themselves with spending, it's moving more to host-based. Yeah, so it is complicated and because of, for example, I just took a quick snapshot of some of the pricing models. Dynatrace, AppD, Datadog, AWS and others, they tout their host-based pricing, New Relica, they have a splash page up around its user-based pricing and the tiers. Datadog talks about its ingestion-based pricing for security monitoring. AWS prices by ingestion for cloud watch logs, Splunk prices on index data and calculates a per gigabyte per day metric. So metrics, dashboards, alarms, alerts, events, they could all be priced differently. Yeah, that's true. A few that got called out on us and I'm sure we're going to get into them later. So I don't want to, you know, kill all of our fodder right now. But when we were talking about this slide, one person particularly decided to call out New Relica and specifically for their flexibility around pricing. He said that they have the ability to rapidly scale up but also contract as needed. And he actually, even though he's a user of Splunk, he's a user of Dynatrace, user of Elastic, he also just really wanted to call out the flexibility of New Relic in this area. So to your point, there's a lot of different ways to price this, it's a complex problem, but I think the key takeaway for vendors is flexibility is the key. You really need to give people the ability to be flexible in what they want. All right, let's drill into the functionality and explore the usage and adoption of the different features by the respondents. So this next chart shows module adoption for application performance monitoring, APM, database and digital experience down to the user. And Eric, I underlined APM, which is the blue bar because it seems, it stands out, especially for AWS. And you can see Dynatrace, but also Azure, New Relic and Splunk. And then digital experience, which is the gray bar because despite all the chatter in the market and the marketing around digital transformation and customer experience, other than a slightly higher response percentage for AWS, not a lot of adoption on that front. So the vendor marketing, again, doesn't match the user behavior, does it Eric? No, it doesn't. There's a couple of things to point out here, but let's stick with that digital experience. I was surprised that it was so low on this slide and overall in our survey, I did expect it to be more. And not just from the vendor marketing perspective, but you and I both know at the end of the day, the whole point of this is to actually get into that 360 view of what your customer is doing. So I was a little bit surprised to see it that low. When we spoke to the panel yesterday, a couple of people said, no, listen, it's not that we aren't doing that. It's just that it's not the vendors that you put on this survey. And they called out two particular names. One is called Catchpoint and the other one is Thousand Eyes. And I think you're aware of Thousand Eyes. So I'm going to transition that off to you there. Yeah, so Thousand Eyes is now part of Cisco and we're going to talk about that a little bit later, but essentially, as I was saying up front, they've got gaps in their product line, so they've got to do M&A and then package that up. So we'll get into that a little bit down the road. But I want to bring up the next graphic because that looks at incident management, infrastructure monitoring and log management. And what I did here is I called out infrastructure monitoring, which is the gray bar and log management, that light blue because AWS and Azure, they stand out in these categories and Splunk, of course, Eric, for log management, what do you take away from this data? Yeah, the previous slide and this slide, you really have to call out AWS CloudWatch and Microsoft Azure Monitor. They are very pervasive in this survey and we could probably do an entire show on just that, on the cloud versus independent. But a couple of things I do want to point out, even though these numbers are so high for these cloud tools, the panelists and the people I spoke to in more detail all said, listen, I'm going to look at my cloud tools first. I'm on their infrastructure, they're handing it to me, I'm going to look at it and I'll use it for what it's good for. However, we're in a multi-cloud world and they're not good at things that aren't in their ecosystem. So even though these numbers are high, I do not believe that AWS or Azure is going to go and take over all the independence. In a multi-cloud world, they want an independent vendor whether it's a Datadog, New Relic, we can talk about all of those later. But really, I was surprised that the AWS particularly was so high and so pervasive in here across the way. A Splunk, what can you say? I mean, they are the most pervasive vendor, they're everywhere. We had people in the panel call them a Swiss Army Knight and that's a good and a bad that they have a lot of breadth of coverage, which is great. But because there's a breadth of coverage, not all of it is great. Log management without a doubt is what they are great at. They're specialized at it. But the panelists were saying, listen, if you go away from their core and you try to use some of the other things they claim that they can do, it requires a lot of heavy lifting. And then we can get into a little bit later about their cloud SaaS integration. We had some issues with that in the survey as well. And great points about the multi-cloud. You're probably not going to trust that to your cloud, your public cloud vendor. And so a lot of white space available for the traditional on-prem guys. Okay, next the ETR survey drilled into network monitoring and security monitoring and then other security functions. And Eric, there were a couple of things that stood out to me on this chart. I highlighted security monitoring, which is the blue bar because you can again see the adoption from AWS and Azure and of course Splunk. And also we called out SolarWinds because of the large adoption in network monitoring. So let me ask you, what are you seeing in the data since the SolarWinds breach? And is there anything else in this chart that you want to call out? I could go on for a while about SolarWinds, but the data since, I guess it broke around 12 months ago even though the breach was even prior to that. The headlines were big. I think you remember you and I last year did a quick drill down survey just on SolarWinds and the impact that we thought we would have it. There's a very real impact happening. With that said, they're not easy to move away from. We asked about, is there any one vendor that could take this entire space? And the answer was SolarWinds was best positioned to do that, but it's too late now. And then I drilled down a little bit and I asked the panel, well, what can they do to reinvent themselves? What can they do to change the reputational damage from this breach? And the panelists all said, nothing. The reputational damage is done. The best way for them to reinvent themselves would be to do an M&A, consolidate with somebody else, change their name. They truly believe that right now, the only reason that people are still using SolarWinds is it's not that easy to lift and shift away from, but there will be no new net workloads going to these people, at least according to the ones you took our survey. That's on SolarWinds and we could get it in more if you want, but I think that's kind of giving the crux of the matter. On Splunk, again, what can you say? On the security side, on the SIM side, people don't want to use multiple vendors. On the other side, we were talking about with full stack, some might be better at APM, some might be better at infrastructure monitoring. When you're talking about security, you truly do want one vendor to rule them all. And Splunk does seem to be the one that's most well-entrenched on the security side. And as long as the policy is consistent across security, you really can't say much about them. So what they do well, their core, the data shows that people still trust them. Great, thank you for that. Okay, now, the last set of data we want to show, we kind of consolidated some things. We want the detail and the drill down. You had several drill down questions and what we try to do is consolidate them into a single chart, which we had to stare at for a while. So for each of the 11 companies, ETR asked respondents if the features across the top that you see here were strengths, weaknesses, or neutral. And what we've done is we tried to consolidate the chart, showing the strengths in the green, which we just subjectively said, okay, that means more than 40% of the respondents identified the feature as a strength. The weaknesses in yellow meant that more than 20% of the respondents cited the features. The weakness in the neutrals in the gray where neither of those conditions were met, but the gray was, you know, the neutral was high. And what we did is we added four stars for standout features where 60% or more of the respondents cited the feature as a strength and we threw in two stars if they were close to 60, you know, high fifties, even mid fifties, but not single digit weakness for that feature. That was got two stars. So it was able to sort of visualize a lot of data. So Eric, just a quick scan of the chart shows that the two big cloud players, AWS in particular, but also Azure, they have a relatively strong showing. And I say relatively because as you know, Eric, there wasn't a single category of feature for any vendor where more than 70% of the respondents cited a strength for that single feature, not one. And there was a lot of gray. And you can see pricing is a sore point for many customers, including those evaluating SolarWinds, New Relic, Elastic, Datadog, Dynatrace, AppD, and Splunk. Only AWS and Grafana were hit, not hit hard on pricing. And I guess the other thing that stands out to me here is that New Relic, Eric, showed some relative strength. So the last thing I'll mention before you dive in, look at what Cisco is doing. We talked about this before a little bit. The drill down focused on AppD, but as I mentioned earlier, companies that have mature stacks are filling the gaps. So if you look at what Cisco is doing in this space, they've put an interface layer over AppD, inner site, and thousand eyes, even though they're separate products, it's historically priced separately. I think they're still trying to figure out the pricing, but they are definitely going to market with a strategy that bolts together these three separate products. And that's not necessarily a bad strategy because combined, they can claim even more depth and breadth. Eric, what do you make of this data? Yeah, just like this chart, there is a lot there, right? So on a macro level, let's just, the obvious situation here is this is a crowded, crowded marketplace, and consolidation is needed. I had one panelist say to me yesterday, I can't wait for this to consolidate. Like this is just crazy that there needs to be consolidation. Now, to your point about Cisco, Cisco's taking the same playbook they did with security, right? They're going out and they're buying great tools, and then now we have to make sure that they figure out a way to integrate these better. The security side took them a little while to do that, but they're getting there. Hopefully they can do this a little bit quicker here. What we did here is that AppD is actually very strong on the application monitoring side for the core APM, maybe not so much on these others, and then that's why they go out and do what you're doing, what you're saying about now. So hopefully they will get there. Kind of talking across the board, pricing was a problem for all of them, right? So it just seems to me that, you know, the end users, the buyers just feel like, hey, I shouldn't be paying this much for this. We've got a lot of choices. Maybe there's some collusion on the pricing side, but we have to figure it out because they do not want to pay this much for it. It was the number one concern across almost every single vendor. Another aspect that I really want to call out on this is something that our research team found really interesting, and it's really about the digital transformation. As digital transformation continues, the workloads are moving towards the cloud, and we're clearly seeing in this data that that's benefiting the newer players, the data dogs and the new relics, versus some of the others like a Dynatrace and a Splunk. And when you go and actually look at the cloud SaaS integration answer option specifically, it becomes very, very obvious. Splunk had a 38% on that number, whereas Datadog had 61%, New Relic had 58%. So it's just very clear as a digital transformation increases workloads on observability, it is lifting all boats, but it's lifting some faster than others. Great points. All right, as we said at the top, you got a set of incumbents, they're jockeying for position. You got companies like Datadog, it's got, as Eric just mentioned, strong cloud model. Elastics got the open source mojo, and they're going after Splunk's install base, as is Datadog, and then you see startups, like Chaos Search, they're out now talking about how to do log analytics, they do more than that, but that's their sort of starter use case. And they're going after the Elastic and the Elk stack, which got dinged a bit in the survey on simplicity, ease of standing it up and so forth. Not a weakness if you're comfortable with full open source model, but maybe not well understood as some of the other solution oriented plays. And then you got other new entrants, which are not covered in the drill down, they're not as pervasive in the marketplace, but guys like Honeycomb and Observe. Eric, you mentioned some others that came out in the panel, VMware even is getting into the act, they're positioning Tanzu around observability, with really a strong Kubernetes emphasis, and there's dozens of other players in this space, which we haven't talked about. So Eric, this is jump ball. I'll give you the final word, give us your last thoughts. Yeah, there's again a lot there, it's such an interesting space, like even IBM, right? They go out and buy Turbinomics. Everyone seems to be playing, and not only that, the ones that are already playing are expanding. DataDog comes out and says, hey, we do security now. So I don't really know where this is going to end, but there's too much happening. There needs to be some sort of order out of the chaos. To your point about some of the emerging names, we just launched our emerging technology survey this week, David, those are the ones where we're going to see data on those names. So stay tuned for that. We don't track them in the core TSIS, which are more mature public vendors, but we will be getting some data on those. But to your point, I really do believe that this space is rapidly expanding. And I just kind of want to leave everyone with this. There's a lot of growth still left. In the panel yesterday, I basically said to people, how much of your infrastructure are you monitoring today versus how much you want to? And the answer was around 65 to 70% being monitored now. And without a doubt, they all want to get to 100%. So there is still a lot of room to grow in this space, but I just don't know if there's enough room for all of these people that are basically going after the same percentage points. So what we're seeing from a vendor strategy now is bundling. They're trying to bundle because that's the way they're going to actually gain that market share, right? And just one last point for Elastic. A lot of people still view Elastic as a search functionality. So even though they have use cases and observability, I still think there's a lot of people that Elastic got into, they were ELK stack in general, got into their enterprise for search. So that is still kind of where they are. And maybe they're not moving as fast as a data dog or a new relic in pure full stack observability. Eric, so great to have you on. You guys cover so much space. So we're going to leave it there for now. We really appreciate our friends at ETR for the work that they do. And thank you, Eric, for joining us today and sharing your insights. Great stuff. Welcome, Dave. I always enjoy talking to you, you know that. And everyone else will be back in a couple of months with our predictions as well. Yeah, that's right. Yeah, look for those. All right, remember, these episodes are all available as podcasts, wherever you're listening, all you got to do is search breaking analysis podcast. Check out ETR's website, ETR.plus, they've got a whole new packaging and pricing model. So check that out. We also publish a full report every week on wikibon.com and siliconangle.com. You can get in touch with me, david.volante at siliconangle.com or at dvolante on Twitter. I'm on LinkedIn all the time. This is Dave Volante for theCUBE Insights, powered by ETR. Have a great week, everybody. Stay safe, be well, and we'll see you next time.