Observability with Prometheus and Grafana

Sysdig Monitor (Enterprise Prometheus Service)

Sysdig Monitor is an enterprise monitoring platform that offers a managed Prometheus-compatible service with full PromQL support. A Sysdig agent on each host embeds a Prometheus scrape engine, collects metrics (plus rich container/host data), and forwards them to Sysdig’s backend. The service is available as SaaS in multiple regions and as self-hosted software for organizations that need on-prem or private cloud deployment.

• Free Tier & Pricing: There is no permanent free tier; Sysdig uses subscription pricing, typically tied to the number of monitored hosts plus included time series. A common reference model is about $30 per host/month, including ~2,000 time series per host, with overage around $5 per 1,000 time series/month. Time-series usage is billed using 95th percentile hourly active series, forgiving short-lived spikes. Storage retention and query volume (including PromQL) are included in the price, so costs are primarily driven by time-series count. Trials/POCs are usually available via sales, and Sysdig positions its total cost as lower than AWS/GCP managed Prometheus at high scale.

• Storage Retention: Sysdig’s Enhanced Metric Store keeps metrics for roughly 13 months using tiered downsampling by default:

• 10s resolution for 7 days

• 1m resolution for 14 days
• 10m resolution for 30 days
• 1h resolution for 3 months
• 1d resolution for 12 months

This provides high fidelity for recent troubleshooting and coarse data for long-term trends. Enterprise deployments can tune retention/downsampling, and export options exist for longer-term analytics outside Sysdig.

• Query Language & Tools: Sysdig Monitor is fully PromQL-compatible. Its UI allows both form-based queries and raw PromQL entry. All metrics collected by the agent, including system and container metrics, are exposed as Prometheus-style time series. Sysdig supports Prometheus-style recording rules and alerting rules; conditions are defined with PromQL and evaluated centrally. A Prometheus-compatible HTTP API and API tokens let external tools, especially Grafana, use Sysdig as a Prometheus data source.

• Visualization & Integration: Sysdig provides its own dashboards and explorers for Kubernetes, cloud services, hosts, and containers, all powered by PromQL under the hood. The UI supports building custom dashboards, service maps, and topology views that combine metrics with metadata. Alerts integrate with common incident channels like Slack, PagerDuty, and webhooks. Many users also connect external Grafana instances to Sysdig’s PromQL API for additional visualization flexibility.

• Hybrid/On-Prem Support: Sysdig supports SaaS (multi-region) and self-hosted/on-prem deployments. The same agent can send metrics from on-prem data centers, VMs, bare-metal hosts, Kubernetes clusters, and multiple clouds into a single Sysdig backend. For strict compliance or air-gapped environments, the self-managed edition runs entirely in the customer’s infrastructure. Agents buffer metrics locally during connectivity issues and flush when connectivity is restored.

• Scalability & Architecture: Sysdig’s backend is a distributed, multi-tenant time-series store (historically based on components like Cassandra, Kafka, and an enhanced metric engine) designed for high ingest rates and cardinality. A default 10-second scrape interval reflects a design optimized for dense data collection. Data is replicated across nodes and AZs for availability. Centralized rule evaluation avoids per-Prometheus duplication of recording/alert rules. Sysdig’s own benchmarks highlight support for hundreds of thousands to millions of active time series with 10s resolution (and 13-month retention like mentioned earlier).

• Key Integrations: Sysdig tightly integrates with Kubernetes, enriching metrics with Kubernetes metadata (namespace, deployment, pod, etc.) and ingesting Kubernetes events. It supports all standard Prometheus exporters and offers PromCat, a catalog of vetted exporters, configs, and dashboards. Cloud integrations pull metrics from AWS, GCP, and Azure services. SSO/SAML, RBAC, and APIs/Terraform support let teams manage dashboards, alerts, and access as code. Sysdig also integrates with its own security product (Sysdig Secure); this allows correlation between performance metrics and runtime security events.

• Drawbacks & Constraints: Sysdig’s backend is proprietary, so you depend on the vendor for fixes and features. The agent-centric model can be a concern for teams wary of third-party agents on all nodes, even though it consolidates multiple functions (metrics, visibility, optional security). Downsampling means you lose fine-grained data beyond the first week and only have daily aggregates after a few months, which can limit deep historical forensics. Pricing is enterprise-oriented and may be complex for small teams (host-based + time-series 95th percentile), with higher minimums than simple per-metric SaaS. Self-hosted deployments require running a relatively heavy stack. As with other managed services, migrating away can be non-trivial and may involve losing historical detail or exporting only aggregated data.

Comparison of Key Features and Limits

In a try to provide a compact overview, the table below maps out the key features of each managed Prometheus service mentioned in this comparative analysis, including free tier, retention, query support, hybrid options, and notable limitations: