LogTide vs New Relic for Log Management
Compare LogTide and New Relic for log management. Self-hosted vs SaaS, pricing, SIEM capabilities, and migration path.
New Relic is a popular SaaS observability platform offering metrics, traces, and logs in a unified experience. LogTide is a self-hosted, open-source log management platform with built-in SIEM capabilities. Here’s an honest comparison to help you decide which fits your needs.
Cost Comparison
New Relic’s pricing model is simpler than most SaaS competitors, but costs still grow linearly with data volume. The per-user fees also add up quickly as teams grow.
New Relic Pricing
New Relic charges based on data ingest volume plus per-user fees:
| Component | Cost |
|---|---|
| Free tier | 100 GB/month included |
| Additional data ingestion | $0.35/GB |
| Full Platform user | $49/user/month (Standard) to $99/user/month (Pro) |
| Core users | $0.35/user/hour |
| Data retention (8 days) | Included |
| Extended retention (30 days) | $0.05/GB/month |
| Data Plus (90 days retention) | $0.50/GB |
Real-world example: A mid-size team ingesting 50 GB/day of logs:
- Monthly ingestion: 1,500 GB - 100 GB free = 1,400 GB
- Data cost: 1,400 GB x $0.35 = $490/month
- 10 Full Platform users (Pro): $990/month
- Extended retention (30 days): ~$75/month
- Total: ~$1,555/month ($18,660/year)
At 200 GB/day with 15 users:
- Data cost: (6,000 - 100) x $0.35 = $2,065/month
- 15 Pro users: $1,485/month
- Total: ~$3,700/month ($44,400/year)
LogTide Pricing
LogTide is free, open-source software. You pay only for infrastructure:
| Component | Cost |
|---|---|
| Software license | Free (AGPLv3) |
| Cloud VM (4 CPU, 16 GB RAM) | ~$100-200/month |
| Storage (1 TB SSD) | ~$50-80/month |
| SIEM features | Included |
| Users | Unlimited |
Same 50 GB/day scenario:
- Infrastructure: ~$200-300/month
- Total: ~$250/month ($3,000/year)
Savings: ~$15,660/year (84%)
At 200 GB/day:
- Infrastructure (8 CPU, 32 GB RAM, 4 TB): ~$400/month
- Total: ~$400/month ($4,800/year)
Savings at scale: ~$39,600/year (89%)
Feature Comparison
| Feature | New Relic | LogTide |
|---|---|---|
| Log ingestion (HTTP API) | Yes | Yes |
| SDKs (Node.js, Python, Go, etc.) | Yes | Yes |
| OpenTelemetry support | Yes (OTLP) | Native OTLP |
| Full-text search | Yes (NRQL) | Yes |
| Real-time streaming | Live Tail | SSE |
| Alert rules | Yes | Yes |
| Email/webhook notifications | Yes | Yes |
| APM / traces | Yes | Logs + OTLP traces |
| Infrastructure metrics | Yes | Roadmap |
| Browser monitoring | Yes | No |
| Mobile monitoring | Yes | No |
| Sigma detection rules | No | Built-in |
| MITRE ATT&CK mapping | No | Included |
| Incident management | Yes | Included |
| Self-hosted option | No | Yes |
| Open source | No (proprietary) | AGPLv3 |
| Custom dashboards | Yes (extensive) | SIEM dashboard |
| Per-user pricing | Yes ($49-99/user/month) | No (unlimited) |
| Data retention (default) | 8 days | Unlimited (storage-bound) |
| Multi-org support | Yes (sub-accounts) | Yes (organizations/projects) |
Where New Relic Wins
Full observability platform. New Relic provides metrics, traces, logs, browser monitoring, mobile monitoring, synthetic monitoring, and infrastructure monitoring in a single SaaS platform. If you need comprehensive observability across all telemetry types, New Relic is more complete.
NRQL query language. NRQL is a powerful SQL-like language for querying all telemetry data. Complex aggregations, facets, time-series comparisons, and cross-signal correlations are straightforward for analysts familiar with SQL. You can join logs with traces and metrics in a single query.
Zero infrastructure management. As a fully managed SaaS, there’s nothing to deploy, scale, or maintain. Your team focuses on analyzing data rather than running the platform. No patching, no backups, no capacity planning.
Generous free tier. 100 GB/month of free data ingest is enough for small projects, staging environments, or proof-of-concept work. This makes it easy to evaluate without any upfront commitment or credit card.
Extensive integrations. New Relic has 700+ integrations and quickstarts for cloud providers, frameworks, databases, and third-party services. Guided installation and pre-built dashboards reduce time to value.
AI-powered insights. New Relic AI provides natural-language querying, automated anomaly detection, and root cause analysis across all telemetry data. These ML-powered features can accelerate troubleshooting.
Where LogTide Wins
Cost at scale. Once you exceed the 100 GB/month free tier, New Relic’s per-GB pricing adds up quickly. LogTide’s self-hosted model saves 80-90%+ for log-heavy workloads. The more logs you generate, the bigger the savings.
No per-user fees. New Relic’s per-user pricing ($49-99/user/month) discourages broad access. Organizations often limit who can access the platform, creating knowledge silos. LogTide has unlimited users, so your entire engineering, security, DevOps, and support teams can access logs without cost concerns.
Data sovereignty. Your logs never leave your infrastructure. No third-party data processing agreements needed. Full GDPR compliance with EU data residency. No concerns about sensitive data — PII, credentials, healthcare records — being processed by a third party.
Built-in SIEM. LogTide includes Sigma detection rules, MITRE ATT&CK mapping, and incident management at no extra cost. New Relic offers vulnerability management and some security features, but not a full SIEM with standardized, community-backed detection rules.
No vendor lock-in. LogTide is AGPLv3 open-source. Your data lives in TimescaleDB or ClickHouse (your choice) that you control. Your detection rules use the portable Sigma standard. You can inspect, modify, and extend every line of code.
Unlimited retention. New Relic’s default retention is 8 days. Extended retention to 30 days costs $0.05/GB/month; 90 days requires the expensive Data Plus plan at $0.50/GB. LogTide retains logs as long as your storage allows, with no additional fees. Keep a year of logs for forensic analysis at just the cost of disk space.
Real-time SSE streaming. LogTide’s Server-Sent Events streaming provides real-time log tailing with no per-minute charges. New Relic’s Live Tail is available but with limitations on the free tier.
When to Choose New Relic
- You need a full observability platform (metrics + traces + logs + browser + infrastructure)
- Your team doesn’t want to manage infrastructure
- Log volume stays under 100 GB/month (free tier covers your needs)
- You need 700+ out-of-box integrations and pre-built dashboards
- You want NRQL’s SQL-like query language for cross-signal analysis
- AI-powered anomaly detection and root cause analysis are important
When to Choose LogTide
- Log volume exceeds 100 GB/month and costs are a concern
- Per-user pricing is limiting access across your team
- Data sovereignty or GDPR compliance requires self-hosting
- You need SIEM capabilities (Sigma rules, MITRE ATT&CK mapping)
- You want unlimited log retention without extra fees
- You prefer open-source with no vendor lock-in
- You’re comfortable managing a Docker Compose deployment
Migration Path
Step 1: Ship Logs to Both
Run LogTide in parallel with New Relic during evaluation. Use the LogTide SDK alongside the New Relic agent:
import { LogTideClient } from '@logtide/node';
const logtide = new LogTideClient({
dsn: process.env.LOGTIDE_DSN!,
service: 'my-service',
});
// Your existing New Relic agent continues capturing logs
// LogTide receives the same events via its SDK
logtide.info('Order processed', { orderId: 'abc-123', total: 49.99 });
logtide.warn('Slow query detected', { query: 'SELECT ...', duration_ms: 3200 });
logtide.error('Payment failed', { provider: 'stripe', error: 'card_declined' });Step 2: Forward with Fluent Bit
Use Fluent Bit to ship infrastructure logs to LogTide while keeping New Relic active:
[SERVICE]
Flush 5
Log_Level info
[INPUT]
Name tail
Path /var/log/app/*.log
Tag app.*
Parser json
[INPUT]
Name systemd
Tag system.*
Systemd_Filter _SYSTEMD_UNIT=nginx.service
# Send to LogTide
[OUTPUT]
Name http
Match *
Host logtide.internal
Port 8080
URI /api/v1/ingest
Format json
Header X-API-Key lp_your_api_key
# Keep New Relic output during migration
[OUTPUT]
Name newrelic
Match *
licenseKey ${NEW_RELIC_LICENSE_KEY}Step 3: Validate and Cut Over
Compare LogTide and New Relic log results for 1-2 weeks:
- Verify search results match for the same time ranges and queries
- Confirm alerts fire correctly in LogTide with equivalent thresholds
- Validate that your team is comfortable with the LogTide UI
- Test SIEM detection rules on your real log data
- Once validated, remove the New Relic agent and Fluent Bit output, then cancel your subscription
Query Migration (NRQL to LogTide)
| NRQL Query | LogTide API |
|---|---|
SELECT * FROM Log WHERE service = 'api' | GET /api/v1/logs?service=api |
SELECT * FROM Log WHERE level = 'ERROR' | GET /api/v1/logs?level=error |
SELECT * FROM Log WHERE message LIKE '%timeout%' | GET /api/v1/logs?q=timeout |
SELECT count(*) FROM Log SINCE 1 hour ago TIMESERIES | GET /api/v1/logs/aggregated?interval=1h |
SELECT * FROM Log WHERE service = 'api' SINCE 1 hour ago | GET /api/v1/logs?service=api&from=2025-01-15T11:00:00Z |
Concept Mapping
| New Relic | LogTide | Notes |
|---|---|---|
| Account | Organization | Top-level container |
| Sub-account | Project | Logs are scoped to projects |
| Entity (service) | Service | 1:1 mapping |
| Log forwarding | HTTP API / SDK | Direct ingestion |
| NRQL query | REST API params | Query via API parameters |
| Alert condition | Alert Rule | Threshold-based alerts |
| Alert policy | Alert Rule group | Group related alerts |
| Dashboard | SIEM Dashboard | Security-focused dashboards |
| License Key | API Key (per project) | Prefix: lp_ |
| Vulnerability Mgmt | Sigma Rules + SIEM | Built-in detection engine |
| Logs in Context | metadata JSON | Structured context in metadata |
| Log patterns | N/A | Manual log analysis |
Ready to switch from New Relic?
- Deploy LogTide - Free, open-source
- Docker Integration - Quick start on any infrastructure
- Join GitHub Discussions - Get help from the community