epok
Live demoStart trial
PRICING

Every detector. Every tier.

14-day trial. Then $500/mo flat. Custom pricing on a call.

Every detector runs on every tier — starting with the trial. Pay for volume, retention, team size, and operational controls. Never for intelligence.

Trial
$014 days

Built to be proven, not browsed. Run it on your own logs for fourteen days.

Every feature, every detector, fourteen days. No credit card. At day 15, convert to Team or pause ingest.

VOLUME
Up to 1.5 TB
RETENTION
Full retention
  • All 20 detectors
  • Same AI budget as Team — 1,200 root-cause analyses, 600 playbook imports
  • Up to 1.5 TB over 14 days
  • Full retention during trial
  • Slack · Email · Webhook · PagerDuty
  • No credit card · no sales call
  • Cancel any time before conversion
Start 14-day trial

Sign in with Google. No credit card.

MOST POPULAR
Team
$500/mo flat

When the page needs to name the service, not just the symptom.

AI-generated root cause in your Slack. Longer retention. Your whole team. Fully self-serve, zero sales touch.

VOLUME
1.5 TB/month (~50 GB/day)
RETENTION
30 days
  • 1.5 TB / month included
  • 30-day retention
  • 10 users · unlimited services
  • AI root cause analysis: 1,200 / month (~40/day) — covers most teams with up to 50 alerts/day
  • AI playbook import: 600 / month
  • AI assists (search, suggestions, smart titles): 4,200 / month
  • Customer-impact rollup on every alert (Enterprise · Pro · Free)
  • Auto-drafted postmortem from the incident itself
  • Slack · PagerDuty · Teams · Opsgenie · webhook · email
  • Email support · SLA: best-effort
Start Team

Upgrade in-app. Cancel any time.

Growth
$1,800/mo flat

When the on-call rotation has multiple teams and the auditor wants logs.

Everything in Team, plus SSO, audit log, longer retention, and a bigger AI budget. Self-serve or light-touch onboarding.

VOLUME
5 TB/month (~150 GB/day)
RETENTION
30 days
  • 5 TB / month included (up to 6 TB at $2,400/mo)
  • 30-day retention
  • Unlimited users · unlimited services
  • AI root cause analysis: 3,000 / month (~100/day) — covers 150 alerts/day
  • AI playbook import: 1,500 / month
  • AI assists: 10,500 / month
  • Customer-impact rollup · auto postmortem · Ask Epok (NL search)
  • SSO (Google Workspace) · audit log · role-based access
  • Priority support · SLA: 24h response
CUSTOM · FROM $5,000/MO

SAML SSO, custom retention, dedicated support.

Custom plans for production environments with compliance, procurement, or scale requirements. Retention beyond 30 days, contractual SLA, dedicated support engineer, and self-hosted or dedicated deployments. SAML SSO on roadmap. SOC2 certification in progress. Scoped per-deal.

Contact sales →
OVERAGE PROTECTIONTraffic spike? Logs keep flowing. Nothing gets dropped during an incident.
01bVS DATADOG · VS SPLUNK

Published prices. Not contract-only.

Datadog and Splunk both quote some of this on their pricing pages and gate the rest behind sales. We publish all of it.

Epok Team
Datadog Logs
Splunk Cloud
Price for 1.5 TB/mo, 30-day retention
$500 flat
Ingest $150 + indexing $1.70/M events (15d only)¹
Contact sales²
Pricing model
Flat monthly, published
Per-GB ingest + per-million-events indexing
Workload / ingest / entity / activity — no list prices²
Self-serve sign-up
Yes · no card for 14-day trial
Yes (on-demand, higher unit rates)¹
No published self-serve tier²
AI root-cause analysis
1,200 / month included
Bits AI add-on — pricing not listed¹
AI Assistant — contact sales²
Customer-impact rollup on alerts
Built-in
Not offered
Not offered
Data export on exit
Free up to 1× monthly volume; $0.025/GB above
Log forwarding $0.25/GB outbound, per destination¹
Contact sales²
Alert ack + escalation control
Per-alert ack w/ comment + timeout; bulk ack; escalation pauses on ack
Monitor Mute + downtimes (per-monitor)
ITSI Episode Mgmt (add-on)
Retention beyond 15 days
30 days included; Custom for longer
Contact sales (Standard 7d/30d not published)¹
Contact sales²

¹ Datadog list prices, Log Management, annual-commit tier as of 2026-05-30: ingest $0.10/GB, Standard Indexing $1.70/M events at 15-day retention, log forwarding $0.25/GB outbound. On-demand is ~50% higher. 7-day and 30-day Standard Indexing are not listed — contact sales. A single dollar figure for 1.5 TB requires an events-per-GB assumption Datadog does not publish; we omit it rather than fabricate one. Source: datadoghq.com/pricing/?product=log-management.
² Splunk does not publish per-GB or per-workload list prices on splunk.com/en_us/products/pricing.html. All four models (Workload · Ingest · Entity · Activity) route to "Get an Estimate" / "Contact Sales".

Self-serve sign-up · no sales call required. We don't publish a signup-to-first-alert number until we've measured it on real customer onboardings.

01WHAT YOU GET · BY TIER

One product. Three published volumes. One custom.

Detection is the same on every tier. Volume, retention, team size, and operational controls scale with the plan.

Trial
Team
Growth
Custom
VOLUME / MONTH
1.5 TB (over 14d)
1.5 TB
5 TB
Custom
Daily ingest
~107 GB
~50 GB
~150 GB
Custom
Retention
14 days
30 days
30 days
Custom
Users
3
10
Unlimited
Unlimited
Services
Unlimited
Unlimited
Unlimited
Unlimited
DETECTION
All 20 detectors
Statistical + rule packs
Root cause analysis
AI root cause summaries
Full
Capped
Larger budget
Custom
ALERTS + INTEGRATIONS
SLOs
Unlimited
5
Unlimited
Unlimited
Threshold rules
Unlimited
20
Unlimited
Unlimited
Notification channels
Unlimited
Unlimited
Unlimited
Unlimited
Slack + Email + Webhook
PagerDuty integration
CONTROLS
SSO (Google Workspace)
SAML SSO (roadmap)
Roadmap
Roadmap
Audit log
Role-based access control
DPA on request
Custom data residency
Self-hosted / dedicated
SUPPORT
Community + Docs
Email support
Priority support
Dedicated support
Contractual SLA
02FAQ

Pricing questions, answered.

What does the 14-day trial include?

Every detector, every feature, full AI root cause analysis. Up to 1.5 TB of ingest over the 14 days — the same volume as Team's monthly cap, so you can stress-test the product on real production logs. No credit card required — if you don't upgrade, the trial simply ends, nothing owed.

What happens when the trial ends?

On day 13 we email you to add a card. On day 15, if no card is on file, ingest pauses and your tenant becomes read-only. Existing logs stay searchable for the duration of your retention window. Add a card any time to resume ingest as a paid Team customer.

When should I upgrade to Team vs Growth?

Team ($500/mo, or $5,400/yr — save 10%) is the on-ramp: 1.5 TB/month, 30-day retention, 10 users, 1,200 AI root-cause analyses/month. Most production teams start here. Growth ($1,800/mo, or $19,440/yr — save 10%) adds SSO, audit log, unlimited users, and 2.5× the AI budget (3,000 root-cause analyses/month) — when compliance asks questions, when you have multiple teams on call, or when one tenant fires more than ~50 alerts/day.

When do I need Custom?

When you need custom retention beyond 30 days, dedicated support, a contractual SLA, or a self-hosted deployment. SAML-based SSO is on our roadmap. Starts at $5,000/mo with custom pricing scoped per-deal. SOC2 certification is in progress; we'll re-tier this as Enterprise once SOC2 ships.

What if I get a traffic spike?

Logs keep flowing. Nothing gets dropped during an incident. Overage is billed per GB above your plan's monthly volume at a transparent rate shown on your billing dashboard. Set budget alerts to see it in real time.

Will I get surprise bills?

No. Flat monthly pricing with included volume. No per-event fees. No per-query fees. No per-host charges. No cardinality tax — log as many unique fields as you want. Overage is per-GB, posted daily.

How does the AI work?

Two layers. Statistical detectors find problems automatically — these run on every tier including the trial. AI explanations layer on top: a 2–3 sentence root-cause hypothesis cited to your actual log lines. AI budgets are quoted in published monthly counts (see Team / Growth cards above) and sized so AI cost never exceeds 5% of your subscription. Your log content is never used to train models.

What log formats are supported?

Elasticsearch bulk, Loki push, OTLP (OpenTelemetry), FluentBit, Fluentd, syslog (RFC 5424, 3164, Cisco, Fortinet, Palo Alto), CloudWatch subscription filters, and raw JSON over HTTP. If you can POST, you can send to Epok.

Can I run Epok alongside Datadog or Splunk during the trial?

Yes — dual-shipping is the recommended way to evaluate. Most log shippers (FluentBit, Vector, Promtail, OTLP collector) support multiple sinks. Send the same log stream to both products, compare what each catches, and switch when you're convinced. No DNS changes, no SDK changes.

What happens to my data if I leave?

Tenant-scoped delete on request. Standard data export is free up to 1× your monthly ingest volume per month (so a Team customer can export 1.5 TB / month at no extra cost). Above that, export is $0.025/GB — covers our egress + processing cost without surprise. No DNS changes, no SDK changes: you keep your shippers, your LogsQL queries, and your alert rules in your own config.

What are the AI caps and how were they set?

Team includes 1,200 AI root-cause analyses per month (about 40 per day), 600 playbook imports, and 4,200 smaller AI assists for things like search, suggestions, and smart titles. Growth scales that 2.5×. The caps are sized so AI cost to us never exceeds 5% of what you pay — measured per-call costs come from our 2026-05-29 benchmark on real prod workloads. If you consistently hit the cap, that's a signal to talk about Custom tier where caps are negotiated per-deal.

How do you handle alert acknowledgement and unacked alerts?

Operators acknowledge an alert with an optional comment and a timeout (default 30 minutes, up to 24 hours). Acknowledgement pauses severity escalation — the alert stops re-paging the channel for the timeout window. If the underlying condition is still firing when the timeout expires, the alert un-acks itself and escalation resumes. Unacked critical alerts re-page on a configurable cadence (default: when the alert re-fires ≥4 times OR has been firing >60 minutes, whichever comes first). Bulk-acknowledge handles burst incidents (up to 500 alerts in one call). Every ack, un-ack, and escalation writes to the per-alert activity log with operator identity, comment, and timestamp — so a postmortem can reconstruct who took the alert and when. Snooze is separate from ack: snooze suppresses notifications entirely for a window (useful for known-maintenance), ack keeps the alert visible but tells the system 'someone owns this.'

Fourteen days on your own logs. No card.

Start trialOpen live demo