Authored by Benoit Gaudin
Every second, your CDN is generating thousands of logs that tell a critical story about your application's performance, security, and user experience. For large enterprises, this can mean terabytes of log data every day — data that contains invaluable insights about your business.
But here's the uncomfortable truth: most organizations capture only a small fraction of their CDN logs, and retain that limited data for just days or weeks. This isn't because engineering teams don't understand the value. It's because the economics of traditional logging solutions make comprehensive CDN logging prohibitively expensive.
The result? Critical blind spots that can be extremely costly during outages, security breaches, or major events.
Welcome to the flywheel of compromises:
- Cost — Traditional logging vendors charge egregious per-GB rates that make comprehensive CDN logging unaffordable
- Coverage — Companies respond by severely limiting what logs they collect and how long they retain them
- Complexity — To compensate for coverage gaps, teams cobble together 5–8 different logging solutions, creating a management nightmare
The Current State of CDN Logging
The observability sector today resembles markets before transformative innovation — vacuum cleaners before Dyson, mobile phones before iPhone, electric cars before Tesla. Existing solutions were designed for a completely different era: before the separation of compute and storage, before the explosion of log data volumes, and certainly before the demands of the AI era.
Consider how most logging vendors operate today:
- Datadog charges around $2–5 per GB for log ingestion with 15-day retention. A company generating 10TB of CDN logs daily could pay upwards of $600,000 per month
- Splunk forces customers into complex licensing schemes that effectively limit how much data they can realistically log
- New Relic and other vendors offer marginally better pricing but still force unacceptable trade-offs between cost and coverage
What's most frustrating is that these pricing models persist despite dramatic changes in the underlying technology. The separation of compute and storage has revolutionized data economics across virtually every other category of software, yet logging vendors continue to operate on business models created 15 years ago.
A Hypothetical (But Entirely Plausible) Scenario
To illustrate the real-world impact of incomplete CDN logging, consider this:
A week before a major live streaming event, a provider's engineering team makes a routine CDN configuration change. Under normal traffic loads, the misconfiguration goes unnoticed — cache hit ratios remain stable and performance appears normal.
After a week, any trace of the configuration change disappears from their logs due to their 7-day retention policy. Capacity planning teams review infrastructure and assume current backend capacity can handle the anticipated load — after all, it worked fine during the last similar event. Unfortunately, the now-invisible change makes that assumption dangerously wrong.
During the live event, CDN cache efficiency plummets under heavy load. Backend servers get hit much harder than expected. Users experience buffering and connection problems, but the operations team struggles to diagnose the root cause.
By the time they identify the issue — tracing it back to the forgotten configuration change — the damage is done. Over a million viewers have abandoned the stream, social media is flooded with complaints, and the company's stock takes a hit.
With complete CDN logging and longer retention, they could have:
- Identified when the degradation trend first appeared, correlating it to the configuration change
- Maintained visibility throughout the planning period
- Quickly correlated the performance issues with the earlier change during the incident
Limited logging coverage transformed a minor configuration error into a major business incident. The cost of their logging "savings"? Potentially millions in lost ad revenue and subscription cancellations.
The Three Horsemen of the Logging Apocalypse
Cost Explosion
Traditional logging vendors price their products based on data volume, charging premium rates for both ingestion and storage. This pricing model was created when storage was genuinely expensive. In 2025, with cloud storage costs continuing to plummet, this model serves primarily to protect vendor margins.
For CDN logs — which are high-volume by nature — this creates an impossible equation. When faced with estimates of $500,000+ monthly for complete CDN logging, even the most data-driven organizations are forced to compromise.
Coverage Sacrifice
The inevitable result of cost pressure is reduced coverage. Organizations typically:
- Ingest only a sample of the data
- Limit retention to days instead of months
- Exclude high-volume CDNs or regions entirely
- Drop detailed fields that would aid troubleshooting
These compromises create dangerous blind spots. Intermittent issues, security threats that develop over time, and regional performance problems remain invisible. When an incident occurs, teams often discover they're missing exactly the data they need.
Complexity Creep
To compensate for coverage limitations, organizations implement a patchwork of supplementary solutions:
- Self-hosted ELK stacks for longer-term storage (with all the maintenance overhead)
- Cloud provider-specific logging solutions (AWS CloudWatch, GCP Logging)
- Custom scripts to archive logs to object storage with rehydration workflows
- Open-source tools for log analysis and visualization
The result is a Frankenstein's monster of logging infrastructure that no one fully understands, requires constant maintenance, and still fails to provide comprehensive visibility.
CDN Logging for the AI Era
These challenges are escalating as we enter the AI era:
- Exploding volumes — Microservices, containers, and edge computing are all contributing to the data deluge
- AI-powered analysis — ML systems require comprehensive, long-term data to identify patterns and anomalies effectively
- Agentic applications — Autonomous applications require complete historical data to make intelligent decisions
Legacy logging business models simply cannot accommodate these realities. They weren't designed for terabytes of daily log ingestion, years of retention, or a world where AI agents might need to analyze months of historical CDN patterns.
A Different Approach
Solving the CDN logging crisis requires rebuilding the logging stack from the ground up — not incremental improvements on broken foundations. Three core principles drive the right approach:
1. Economics Aligned with Modern Infrastructure
Leveraging the separation of compute and storage to deliver CDN logging at a fraction of traditional costs:
- 90% cost reduction compared to Datadog and similar vendors
- 12-month retention by default
- No charges for search or compute resources
2. Lightning-Fast Search Across Petabytes
"Tracey's Law": the faster you make log search, the more valuable logging becomes to an organization.
- Sub-second search across terabytes of CDN logs
- Seconds-long queries across petabytes
- No rehydration from cold storage, ever
- Fast dashboards even across months of data
When queries return in seconds instead of minutes (or timing out entirely), teams use logging data proactively rather than as a last resort.
3. A Single Unified Logging Layer
Eliminating the patchwork by providing one comprehensive logging layer:
- All CDN providers in one place
- Drop-in replacement for existing solutions
- Two-line configuration change for implementation
- Automatic parsing and PII removal
Breaking Free from the Flywheel
The CDN logging crisis isn't just a technical problem — it's a business problem with real implications for reliability, security, and user experience. For too long, organizations have accepted a dysfunctional status quo because there seemed to be no alternative.
"Every single word about the logging crisis resonates. We were spending over $400,000 monthly on CDN logging with Datadog, and still only capturing about 20% of our logs. With Bronto, we now have 100% coverage, 12-month retention, and our bill is under $40,000."
This isn't an incremental improvement — it's a fundamental reinvention of how logging works. Just as Apple reinvented the smartphone, Dyson reinvented the vacuum cleaner, and Tesla reinvented the electric car, the logging industry is overdue for the same transformation.
Bronto is reinventing logging from the ground up for the AI era. The team brings 150+ years of collective logging domain expertise, with previous experience building and scaling logging platforms at IBM, Rapid7, and Logentries.
Top comments (0)