A Datadog bill can look simple in procurement and messy by month three. The base host price is only the starting point, because logs, traces, custom metrics, retention, and security analysis all stack on top.
If you’re pricing Datadog in 2026, the hard part isn’t finding a public rate card. The hard part is seeing which data types will grow, which teams share the same data, and which features create a second bill later. That context matters more than any single line item.
How Datadog pricing works in 2026
Datadog pricing in 2026 is still mostly usage-based. You buy products by billing unit, then your bill grows as you add hosts, ingest more logs, retain more searchable data, run more tests, or expand security coverage.
Some items have clear public list prices. Others depend on volume, plan level, contract terms, or a sales quote. That means two companies with the same host count can pay very different totals if one sends heavy logs, keeps long retention, or turns on more security analytics.
According to Datadog’s billing documentation, billing runs on a calendar month, and the first month is prorated. Host usage is metered hourly, then billed using a high-water mark based on the lower 99 percent of usage hours. In plain language, Datadog ignores the top 1 percent of short spikes, but sustained growth still raises the bill. Custom metrics work differently, because Datadog bills them from the monthly average of custom metric hours.
The pricing model also mixes fixed-looking and variable charges. Infrastructure monitoring looks predictable because it’s billed per host. Logs, RUM, synthetics, and many security functions do not behave that way. Those products rise with traffic, event volume, and retention choices. For the full set of common billing units, Datadog’s pricing documentation is the best reference point.
Budget by telemetry type, not by vendor logo. Hosts usually set the floor, but logs, traces, and security analytics often set the ceiling.
Official list prices for the core platform products
For platform teams, the most useful public numbers come from Datadog’s official pricing comparison. Those figures are list prices, not a promise of your final contract. Enterprise deals, committed spend, cloud marketplace buying, and regional terms can all change the unit price.
This table shows the clearest public list pricing signals for 2026, plus a few usage-based items that need extra care:
| Product | Billing unit | Public 2026 pricing signal | Best fit |
|---|---|---|---|
| Infrastructure Pro | Per infra host, per month | Official list: $15 annually, $18 month-to-month | Core infra monitoring for ops and SRE teams |
| Infrastructure Enterprise | Per infra host, per month | Official list: $23 annually, $27 month-to-month | Larger orgs that need more governance and advanced features |
| Infrastructure DevSecOps Pro | Per infra host, per month | Official list: $22 annually, $27 month-to-month | Teams that want observability plus host-level security coverage |
| Infrastructure DevSecOps Enterprise | Per infra host, per month | Official list: $34 annually, $41 month-to-month | Enterprises that want deeper security and platform controls |
| APM and tracing | Per host, per month | Estimated public references: about $31+ per host, depending on plan and billing | Microservices, API-heavy apps, latency analysis |
| Logs | Ingested GB and indexed events | Estimated public references: about $0.10 per GB ingest, plus about $1.70 per million indexed events | Centralized log search, incident review, audit trails |
| RUM | Per 1,000 sessions | Usage-based, quote or current list needed | Frontend teams tracking user sessions and browser errors |
| Synthetics | Per test run | Usage-based, quote or current list needed | Uptime checks, API tests, key path monitoring |
The takeaway is simple. Infrastructure pricing is only the base layer. APM, logs, RUM, and synthetics often turn a modest host bill into a much larger observability bill.
For example, 500 hosts on Infrastructure Pro cost $7,500 per month on annual list pricing, or $9,000 month-to-month. That $1,500 monthly gap matters. If the same estate also runs APM, sends heavy logs, and keeps searchable retention, the add-ons can outweigh the host bill.
Platform teams usually buy Infrastructure first, then add APM when service maps and trace-level latency become a must-have. That step often makes sense, because traces shorten incident work. Still, the math changes fast in large Kubernetes estates or microservice-heavy stacks. APM is often billed per host, so it scales with the same footprint you’re already monitoring.
Logs are the next inflection point. Teams tend to forward everything at first because storage feels cheap and search feels useful. Later, they find that ingest, indexing, and retention are different cost layers. A platform group may only need short searchable retention for noisy app logs, while audit logs and incident logs deserve longer retention. If those rules aren’t set early, costs drift upward without a clear owner.
RUM and synthetics fit best when user experience is part of the platform team’s charter. They’re valuable for customer-facing products, but they are traffic-sensitive. A growing consumer app or an aggressive synthetic test schedule can raise monthly spend even when host count stays flat.
One more point often gets missed. Adjacent products such as Cloud Cost Management or Observability Pipelines can help, but they need their own budget logic. They don’t behave like per-host monitoring. Instead, they tie cost to managed cloud spend, ingested volume, or another usage unit.
Security pricing is a separate model, even when the data is shared
Security teams often assume they can piggyback on observability data without much extra cost. That can happen in small environments, but at scale the security bill usually follows its own path.
One reason is scope. Security use cases ask for broader data collection, longer retention, and more analysis. A platform team may only need five days of searchable logs for incident response. A security team may need 30, 90, or more days for investigations, detections, and audit work. The same raw events suddenly have a different cost profile.
Security Monitoring and SIEM-style analysis are the clearest examples. These products suit SOC teams, threat hunters, and incident responders who need detection rules across logs, cloud events, and identity signals. Pricing is often tied to analyzed or retained data, or folded into higher-tier security packaging. That means a platform team can already be paying to ingest logs, while the security team pays again for deeper analysis, more indexing, or longer searchable access.
Cloud security and runtime protection add another layer. Posture management, host or workload security, and app-level protection are useful for cloud security engineers and compliance teams, but the pricing often depends on host count, cloud footprint, or bundle level. Public list pricing is much clearer for the Infrastructure DevSecOps tiers than for every standalone security add-on, so many buyers use those host-based plans as the easiest anchor for budgeting.
That said, list pricing still doesn’t tell the whole story. Security deals often include custom terms, minimum commits, or enterprise bundles. Therefore, public numbers are best for first-pass budgeting, not final approval. If you’re comparing options in procurement, ask for quote models based on your expected log volume, searchable retention, and monthly growth, not only your current host count.
Shared data also creates shared politics. When platform, security, and FinOps teams don’t agree on data ownership, no one sees the true cost driver. One team adds logs, another adds retention, and a third team gets the bill.
The billing details that change the math
Most Datadog surprises come from billing mechanics, not from the sticker price. The list price can be fair and still produce an unexpected invoice if your usage pattern is noisy.
The first nuance is host counting. Because Datadog meters hosts hourly and bills from a high-water approach that excludes only the top 1 percent of spikes, short bursts may not hurt much, but regular autoscaling often does. Ephemeral Kubernetes nodes, short-lived CI workers, and seasonal scale-outs need modeling before rollout. If your fleet grows every weekday, that isn’t a spike anymore.
Custom metrics create a different risk. Datadog bills them from the average monthly volume of custom metric hours. A tagging mistake, high-cardinality label set, or unreviewed developer metric can expand that average fast. Security teams see a similar issue when they turn on broad log forwarding without filtering low-value events.
Logs deserve their own warning label. Ingest is only one charge. Searchability, indexed event volume, and retained hot data can add more. If you later decide to keep more security data searchable, your bill can rise even when ingest stays flat. Retention choices matter as much as ingest choices.
Month-to-month pricing also adds up faster than many teams expect. On Infrastructure Enterprise, the jump from $23 to $27 per host looks small. At 1,000 hosts, that difference is $4,000 every month. Security-flavored tiers widen the gap even more.
Another trap is the soft line between “platform” and “security” spend. The same telemetry can support uptime, root-cause analysis, threat detection, and compliance evidence. Procurement often wants one owner, but the data does not behave like one owner’s budget.
If your estimate is built only on host count, it’s incomplete. Retention, indexing, and data reuse often drive the surprise.
How to keep Datadog spend predictable
Good cost control starts before rollout. Teams that win with Datadog don’t only negotiate price, they shape data volume and ownership rules early.
Begin with data classes. Decide which logs need full ingest, which need indexing, and which can go to lower-cost storage or shorter retention. A platform team may want searchable app logs for seven days, while security wants auth and audit data searchable for longer. Separate those classes up front, and your bill becomes easier to explain.
Sampling and filtering matter, too. Trace everything in staging if you want, but production should reflect service value. High-volume, low-value traces don’t help much during incidents, and they make APM harder to forecast. The same goes for custom metrics. Review tag cardinality before every large service rollout, especially in Kubernetes and serverless estates.
A few habits make a big difference over time:
- Set usage budgets by product, not only one overall observability number.
- Tag hosts, services, and log pipelines by team so chargeback is possible.
- Review indexed log volume every month, because ingest alone hides the full cost.
- Ask security and platform leaders to approve retention tiers together.
- Model annual growth, burst traffic, and new services before signing a multi-year commit.
Platform teams should also right-size synthetic tests. Five-minute checks across dozens of regions may be worth it for checkout APIs, but not for low-risk internal pages. Likewise, RUM is best when session tracking answers a clear product or support question. If the data has no owner, it becomes a recurring cost without a clear payoff.
For security teams, the biggest savings often come from scope control. Feed detections with the logs that support real use cases first, then expand. Keeping every event hot and searchable for the longest possible period is easy to justify in a meeting and hard to justify in the invoice review.
FinOps has a practical role here. Monthly usage reviews should compare spend against telemetry growth, not against procurement assumptions. When spend rises, ask what changed in host count, indexed log volume, retention policy, and feature adoption. That ties the bill to real behavior, which makes renewals much easier to manage.
Final thoughts
Datadog pricing in 2026 rewards teams that model the platform as a set of data-driven services, not as one simple per-host tool. Public list prices are useful, but they only tell you where the meter starts.
The strongest budgeting move is to separate official list pricing from estimated, usage-based spend. Once you map hosts, logs, traces, retention, and security analytics to real team behavior, the bill stops feeling unpredictable.
A Datadog purchase can still look simple on paper. The teams that keep it under control are the ones that price the data, not only the software.
