The Real Datadog Bill: A $40k/year SaaS Migration Story

A small-to-mid-size SaaS — 30 hosts, four engineering teams, ~5M requests/day — published their Datadog invoice on Hacker News last quarter. The annualized number was $42,840. The discussion that followed was illuminating: half of the comments were variations of "yeah, that's about right," and the other half were "how did you manage to keep it that low?"

If you're reading this you probably already know Datadog is expensive. What's less obvious is why the bill grows the way it does, and which line items are genuinely necessary versus which exist because Datadog's pricing model is designed to grow with your fleet, not with your usage. This post walks through the actual breakdown, where the surprises are, and what migrating away looks like in practice.

If you'd rather skim the bottom-line comparison, jump straight to the SecureNow vs Datadog page.

The line items, in order of pain

Datadog's public pricing has roughly 11 separate SKUs as of 2026. The five that drive the bill for most SaaS teams are:

APM (Application Performance Monitoring) — billed per host, per hour. The price tier ranges from $0.07/host/hour for small commitments up to $0.31/host/hour for the "full stack with profiling" tier. A 30-host deployment running the full APM tier 24/7 lands at about $6,700/month before any other product is added. This is the single biggest line item in the typical bill.

Log Management — $0.10/GB ingested plus $1.70 per million indexed events. Logs are deceptively expensive because the indexed events charge applies any time you run a query that hits a log line, and most teams query their logs constantly. A team ingesting 200 GB/month and indexing 30M events lands at around $70 ingest + $51 index = $121/month, which sounds reasonable until you realize your peak month was 1.2 TB and 200M events at $720 + $340 = $1,060.

Application Security Monitoring (ASM) — $17 per host per month. For 30 hosts, that's an additional $510/month. ASM is sold as runtime application self-protection, which in practice means it watches for known attack signatures in your traces. It does not include enforcement — for that, you still need a WAF.

Custom Metrics — $0.05 per custom metric per month. Easy to underestimate. A single Kubernetes cluster with histogram buckets and high-cardinality labels can produce 10,000+ custom metrics. At $0.05 each, that's $500/month from one cluster.

Real User Monitoring (RUM) and Synthetics — separate line items, each priced per session or per test run. Most teams either don't use them or pay another $100–$500/month.

The 30-host SaaS in question paid roughly: $6,700 APM + $1,000 logs + $510 ASM + $400 custom metrics + $300 misc = $8,910/month, or $107k/year. The Hacker News post quoted $42k because they had committed to a 1-year contract with volume discounts and had not yet enabled some features.

What gets the bill down (without leaving Datadog)

If migration isn't on the table, three levers usually move the needle:

1. Drop the per-host APM tier from "full stack" to "lite" or "basic." Most teams don't use profiling, RUM, or the deeper APM features and the lite tier is roughly half the price.
2. Configure logs sampling at the source. Datadog's UI shows you the indexed logs cost, not the ingest cost, and most teams over-ingest by 5–10×. Set a sampling rate per service and you'll often cut ingest cost by 70%.
3. Audit custom metrics. Find the high-cardinality offenders — usually a single misconfigured histogram with too many buckets — and either drop them or aggregate before sending.

These three steps typically cut a $9k bill to $5k. That's still $60k/year, which is why most teams eventually look at migration.

What migrating actually looks like

The OpenTelemetry data model is compatible with Datadog's internal trace format — Datadog itself accepts OTLP today. This means you don't have to choose between "Datadog SDK" and "open standards"; you can run OpenTelemetry SDKs into Datadog if you want, then swap the destination later. A typical migration:

• Week 1. Replace the Datadog APM agent with the OpenTelemetry Node SDK. Point the OTLP exporter at Datadog. Verify dashboards still work.
• Week 2. Stand up a parallel destination — SecureNow, SigNoz, Grafana Tempo, or another OTLP-compatible backend. Send the same traces to both. Compare for two days.
• Week 3. Migrate logs (this is the biggest single change because Datadog's structured log format is its own dialect). Run both in parallel.
• Week 4. Cancel Datadog. Or keep it on the smallest plan as a fallback if your team is risk-averse.

Total engineering effort for a team of 4: roughly 60 hours, or about 1.5 weeks of one engineer. The same team had been spending 4 hours per week on Datadog dashboard maintenance and cost-management investigations — they got that time back too.

What the same workload costs on usage-priced tools

For the 30-host SaaS scanning roughly 200 GB/month, here's the rough comparison after migration:

These are illustrative; your traffic profile may push each up or down. The big takeaway is that anything with a usage-based pricing axis will be at least 5× cheaper than per-host charging at this scale, and the gap widens as the host count grows.

The catch nobody warns you about

Two things that surprised the team during their migration:

Dashboards don't transfer. Datadog's dashboard query language is proprietary. Tools like SigNoz, SecureNow, and Grafana use PromQL or SQL-like dialects. Plan to rebuild your most-used dashboards manually. The good news is most teams find they only had 5–10 dashboards they actually relied on; the rest were Datadog-default views nobody touched.

Alerts need re-implementation. Same reason — alert syntax is per-vendor. This was the longest single task in the migration, and the only one where the team had a brief regression in coverage (about 36 hours where some non-critical alerts weren't yet ported). For a SOC team, plan a phased cutover.

When to leave, when to stay

Stay with Datadog if: you're under 10 hosts, your traffic is small, your team is already trained on it, and the bill is under $1,500/month. The friction of migration won't pay back.

Leave if: you're over 25 hosts, the bill is north of $5,000/month and growing, you have OpenTelemetry skills on the team, and at least one engineer has the political capital to drive the project. The payback is typically under 3 months.

Either way, the data layer should be OpenTelemetry — even if the destination is still Datadog. That single decision means the next migration (when it happens) is a config change, not a rewrite. Read more on the broader Datadog alternative landscape or the OpenTelemetry-native APM approach.

Frequently asked

See the FAQ schema in the page metadata for the most common questions about Datadog pricing, migration timing, and OpenTelemetry readiness.

Related

• SecureNow vs Datadog comparison
• APM + Security in one tool
• Application security monitoring guide