As I have followed Datadog over the last couple of years, I have found that a useful signal for investors to track is the number of listings on the product grid displayed on their web site Pricing page. This has a honeycomb pattern of hexagons, which neatly snap together into rows. Each cell represents a product offering that has individual pricing associated with it. Customers can subscribe to just one of these offerings, or all of them.
At the end of 2020, this product grid had 9 listings. A year later, at the end of 2021, they expanded to 13, for a 44% increase. Now, with their latest product release to general availability, there are 17 of these, increasing by 4 more so far this year. And, we still have Datadog’s annual user conference, Dash, in the Fall.
The reason watching the product grid is important for investors is that it aligns with Datadog’s “land and expand” strategy. A new Datadog customer will typically start with 1-2 product module subscriptions. Over time, they add more incrementally. The process for a customer to add a new product module is seamless, which is part of the beauty of Datadog’s model. New subscriptions can be initiated within the customer’s Admin module, with no new contract required. In most cases, they don’t even need to make software changes.
Each quarter, Datadog reports on the percent of customers with 2 or more (81% in Q1), 4 or more (35%) and even 6 or more (12%) products. These percentages continue to increase and Datadog leadership periodically raises the top-end of the module count (we will likely see 8 or more introduced soon). This expansion of product module subscriptions contributes to Datadog’s best in class DBNRR, which has been above 130% for many quarters.
Datadog isn’t the only company that touts the number of product modules. Hyper-grower Crowdstrike employs this strategy as well. As of their most recent quarter, Crowdstrike leadership stated they had 22 total modules. In Q1, subscription customers with four or more, five or more, and six or more modules increased to 71%, 59% and 35%, respectively. To further underscore their expansion, leadership just added reporting on seven or more modules, which reached 19% in Q1.
For both companies, adding more product modules increases the software and security infrastructure footprint they can service. With more options, customers always have an additional expansion path. I think about this product development motion, layered over a robust go-to-market, as “land and expand and expand”. The second “expand” refers to the thoughtful additions to the product mix in easily consumed, discrete and fairly priced product modules.
Additional product modules usually address logical market adjacencies and extensions. These represent segments of IT or security spend that fall under a similar buying audience and address solutions that are likely already in place. This expansion of customer module subscriptions resembles a consolidation motion in many cases, where the provider is replacing point solutions from other commercial vendors or open source projects. Datadog and Crowdstrike can often leverage their position in a customer’s infrastructure to make the product extension seamless. For example, having a software agent deployed on most of a customer’s cloud infrastructure has made it straightforward for Datadog to expand from infrastructure monitoring into APM, logging, user experience, network and most recently security use cases. For Crowdstrike, similar logic applies as they expand into XDR, identity protection and generalized log analysis.
Sponsored by Cestrian Capital Research
Cestrian Capital Research provides extensive investor education content, including a free stocks board focused on helping people become better investors, webinars covering market direction and deep dives on individual stocks in order to teach financial and technical analysis.
The Cestrian Tech Select newsletter delivers professional investment research on the technology sector, presented in an easy-to-use, down-to-earth style. Sign-up for the basic newsletter is free, with an option to subscribe for deeper coverage. Software Stack Investing members can subscribe for the premium version of the newsletter with a 33% discount.
Cestrian Capital Research’s services are a great complement to Software Stack Investing, as they offer investor education and financial analysis that go beyond the scope of this blog. The Tech Select newsletter covers a broad range of technology companies with a deep focus on financial and chart analysis.
Datadog Observability Pipelines
For Datadog, we reached 17 product modules last week through the addition of Observability Pipelines. These allow IT organizations and security teams to collaborate to collect large amounts of telemetry data from logs, metrics and traces sourced through their infrastructure. The service provides tools to transform that data and route it to any number of receiving systems, which can be for observability, security analytics, business intelligence or other monitoring.
Many organizations manage a large number of IT services running in multiple environments, ranging from the cloud to their own data centers. As these organizations scale and accelerate service adoption, the volume of telemetry data in their environments is increasing exponentially. IT teams are tasked with managing and routing large volumes of metrics, traces and logs from a wide variety of sources to destinations, such as log management tools, data archives or security solutions. As the enterprise scales, managing all the sources and destinations for this data becomes very complex. It also increases costs, as redundant or unnecessary data is often routed to storage or destination systems without any filtering. Additionally, security issues arise if log data isn’t purged for PII or other sensitive information.
Datadog Observability Pipelines addresses these problems by giving IT organizations full control over telemetry data collection, transformation and distribution. This solution from Datadog is interesting, as it transcends their standard use case as the observability or security monitoring provider. It is vendor agnostic, built on an open source project that Datadog maintains. It can also be deployed within a customer’s on-premise data center environment, accommodating a hybrid deployment model.
Observability Pipelines leverages technology that Datadog acquired from Timber Technologies in February 2021. Timber is the company behind Vector, which is an open source project that allows users to collect, transform and route all log and metric data in one tool. It is built in Rust, making it memory efficient and very fast. This is important for a data collection agent. The agent can be installed on a number of containers and operating systems. It is vendor neutral, compatible with 36 sources (host infrastructure) and 46 destinations (like S3, Elasticsearch, Humio, Splunk, Prometheus, Kafka and of course Datadog).
Pricing is based on data volume ingested, starting at $0.10 per GB per month. The main benefit to customers is the ability to reduce costs of managing telemetry data by applying filters to reduce duplication and remove unneeded signals. Customers also get added security and regulatory compliance by removing sensitive data from feeds or anonymizing it before crossing international borders. Further, data can be enriched before being passed to destination vendors. And, of course, managing all these data sources and destinations in one system reduces overhead and complexity for the DevOps team.
For Datadog, Observability Pipelines not only provides another monetized tool, but delivers a solution for customers who might not be current Datadog users. By reaching into their on-premise installations and integrating with many open source solutions for log collection and processing, Datadog would have the opportunity to cross-sell other observability and security services. They also gain insight into generalized usage patterns for various toolsets within the telemetry and monitoring ecosystem.
What’s Next
Beyond observability and security products, Datadog has other avenues they can pursue. Continuing to “shift left” into developer processes makes sense, particularly as the industry is moving towards organizational convergence around DevSecOps. Leadership has also hinted that business operations and product performance analytics are areas they are considering. These are natural extensions, as Datadog already collects most of the data needed to deliver insights to business analysts, product managers and marketing audiences. Other areas are ITSM and code analysis. I hypothesize some product directions in the diagram below (bolded items are recently added products).
Overall, I have been impressed by Datadog’s rapid pace of product innovation. With the annual user conference, Dash, coming in the Fall, it is probable that Datadog will reach 20 monetized products by the end of 2022. These product introductions are not scattershot either. Each represents a logical extension that addresses an existing customer need in a more efficient or less expensive way. In a macro environment where enterprises are looking for ways to control IT costs, Datadog’s (and Crowdstrike’s) platform consolidation strategy should resonate.
NOTE: This article does not represent investment advice and is solely the author’s opinion for managing his own investment portfolio. Readers are expected to perform their own due diligence before making investment decisions. Please see the Disclaimer for more detail.
Thanks for the article. From your previous piece, about Snowflake,
“Snowflake’s vision is to bring the applications to the data, not the data to the applications.”
Will that affect Datadog? I get plenty of results when I google “Snowflake Datadog”, suggesting there’s some level of integration, but as a non-techie, I don’t know if it includes Datadog not needing it’s own copy of the data, or if there’s likely to be a concentration risk from Snowflake becoming the gatekeeper to enterprises’ data. Any thoughts would be appreciated.
Hi – I don’t think it will affect Datadog immediately. But, there is an argument that observability could run on top of the Data Cloud over time. Snowflake already has one powered by partner, Observe, that provides log, metric and trace analysis.
Thanks!