Jonah Kowall

A member of the Gartner Blog Network

Jonah Kowall
Research Vice President
2 years with Gartner
18 years IT industry

Jonah Kowall is a research Vice President in Gartner's IT Operations Research group. He focuses on application performance monitoring (APM), event correlation and analysis (ECA), network management systems (NMS), network performance management (NPM), network configuration and change management (NCCM), and general system and infrastructure monitoring technologies. Read Full Bio

Market Guide for Open-Source and Freeware Monitoring Tools

by Jonah Kowall  |  May 21, 2014  |  2 Comments

Wanted to give a heads up that we’ve updated a note which was published about 18 months ago around open source and freeware monitoring tools.

Clients only link:

Market Guide for Open-Source and Freeware Monitoring Tools

The document covers basic information on the following technologies:

Minisuites : Ipswitch, ManageEngine, Solarwinds

Free Monitoring from Artica ST (Pandora FMS), GroundWork, Icinga, op5, Opsview, Paessler, SevOne, Spiceworks, Splunk, Torch (Graylog2), VMTubro, XpoLog, Zabbix, Zenoss

SaaS monitoring from AppDynamics, AppFirst, Boundary, Datadog, GFI Software, Loggly, New Relic, ScaleXtreme (Citrix now), Splunk, and Sumo Logic

Changes from late 2012 until today:

Vendors Added

Since writing our previous research on how to leverage free and low-cost server, network and storage monitoring tools, we’ve seen the following changes in the market:

  • AppDynamics — Lite offering provides always-on monitoring, where the previous product was only functional during use
  • Artica ST — Pandora FMS, open-source offering
  • Icinga — Open-source offering
  • Loggly — Relaunched offering targeted at a wider user community
  • Torch — Graylog2, a new offering
  • XpoLog — Free offering for log analysis

Vendors Removed

Compared with our earlier research about free and low-cost server, network and storage monitoring, we removed vendors that, unless otherwise noted, left this market:

  • Correlsense — Low-cost offering
  • Jinspired — Lack of adoption across Gartner client base
  • Net Optics — Lack of adoption across Gartner client base
  • Quest Software (now part of Dell Software) — Low-cost offering
  • VMware — Low-cost offering lacked Gartner client adoption, but the solution is being retooled and better integrated with the VMware vCenter Operations Manager offering.

Sorry I forgot to include a few vendors and solutions in the note which will be in the next revision:

  • CA Nimsoft Monitor Snap is a freemium offering covering server monitoring for up to 30 servers without cost. They launched the offering about 7 months ago and have had over 2500 installations of the product!


Category: APM IT Operations Logfile Monitoring SaaS     Tags:

Microsoft TechEd 2014 Wrap-Up

by Jonah Kowall  |  May 17, 2014  |  2 Comments

Sorry no cool vendor this week, instead I’m going to cover some other “cool” stuff coming from a company we don’t normally think of as particularly “cool”. Microsoft is innovating in the systems management space, and creating unique technologies with a broad reach. Microsoft has a significant install base of Operations Manager, they come up very regularly on client inquiry, hence I’ve written several research notes focused on this technology.

I was pleased to make it out to Microsoft TechEd this year, after not making it since 2011 (too many vendor shows, need to rotate). Although this year was an off year in terms of major platform launches, especially around System Center Operations Manager (what was called SCOM previously). Microsoft still announced a slew of new cloud based products around Visual Studio highlights included mobile development based on Apache Cordova to allow for building universal Windows apps (Store and Phone) across Microsoft platforms, as well as iOS and Android.

Within Visual Studio online, the updates around Application Insight were particularly interesting in terms of APM, one of my focus areas. Additionally the announcement of improved functionality and capabilities within System Center Advisor are of interest to my coverage of ITOA and APM. Let’s dig a bit deeper…

Application Insight:

I can now more publicly talk about the changes which Microsoft has been making over the last 14 months internally, re-organizing the teams which consisted of the Avicode acquisition (Microsoft’s APM technology) underneath the Visual Studio (Developer Division) from being aligned with the System Center teams. This organization change and strategy change facilitated Microsoft to create a developer focused APM product consisting of instrumentation of Java and .NET along with embedded tools within Visual Studio for creating custom instrumentation.

Through this change Microsoft has launched a SaaS only APM product, which over time will be fed into Operations Manager. They have built specific tooling which integrates into Visual Studio making it easy for developers to write their own instrumentation. This instrumentation can include any metric data or custom messages which are sent to the online service (currently completely free of charge as a preview - and can be viewed, reported upon, and analyzed. Over time this will provide a broader understanding of software analytics across Microsoft and non-Microsoft technologies and platforms. While there are limitations in the preview, there is a lot which can be done today.

The online portal also leverages the same Global System Monitor (GSM) synthetic availability monitoring which can monitor a single URL or a set of steps which a user may traverse as they are using a web application. This is already available for free to users of Operations Manager (with some limitations). This is a similar synthetic testing capability you often see offered by Compuware Gomez, Keynote, and over 3 dozen other companies. These technologies are now part of developer centric tools in Visual Studio Online as well.

The APM components can also monitor servers or Azure components in terms of usage and performance information by leveraging built in instrumentation or agents.

Short video :–Diagnostics-with-Application-Insights

System Center Advisor

This System Center component was previously uninteresting from my coverage perspective, focused on identification of configuration problems of systems. The product has always been cloud only, and something part of the System Center suite.

Microsoft has changed things on the preview of this service, including several security and operations use cases. This begins with sending more collected data from System Center components to the online service, such as leveraging OpsMgr (SCOM) as a data source.

The preview includes capacity planning use cases across systems, both physical and virtual, but more interestingly allows for log analytics technology. Event log data is fed from OpsMgr, but I expect this to expand over time. The log analytics today are based on Elasticsearch on Azure under the covers, but the presentation is all web based. The language and analytics are pretty basic, but useful. The speed of analysis is very good based on the demos I have seen, but I have yet to get it up and running in my lab. Regardless, this is the start of some interesting technology from Microsoft. During the preview this is completely free of charge, and you don’t have any costs for storage since the data is all stored on Microsoft Azure.

Video from TechEd (Fast forward to about 1:05:27 :

Hopefully this was helpful, feel free to leave a comment or hit me up on twitter @jkowall


Category: Analytics APM Big Data IT Operations Logfile Mobile Monitoring SaaS Trade Show     Tags:

Monitoring Technology Pick: Week of May 12th 2014 – AdRem NetCrunch

by Jonah Kowall  |  May 9, 2014  |  9 Comments

Getting this one done for next week, as I will be at Microsoft’s TechEd conference Monday-Wednesday in Houston. If anyone wants to meet up just hit me up on Twitter, I’ll be in meetings and sessions.

There is no question that the most popular vendors which come up regularly for basic availability monitoring are those  which offer low cost, easy to use, and effective products that monitor components health for availability. This has been the main reason folks like Microsoft, Solarwinds, and ManageEngine come up very often in monitoring inquiry. Building a product which focuses on ease of use is difficult, this includes the entire experience from from download, POC, implementation, purchasing, day to day use, and maintenance. As engineers we tend to over-engineer, software vendors are guilty as well, the bloated products are designed by listening to each customer request and implementing solutions without stepping back to reconsider the design and usability. The vendor highlighted this week has done a good job rebuilding their product in this manner.

AdRem (Netcrunch)

Krakow, Poland

AdRem Software is based in Poland, but has an office in New York, NY. They focus on building a unified monitoring offering, Netcrunch, which handles multiple use cases in the monitoring space. With the recent release of version 8, there has been renewed focus on creating a larger market relevance, and growing the client base. Founded in 1998 they have been selling monitoring products, but we have seen less adoption across our client base, probably due to a lack of sales and marketing investment. The customer base tends to be focused in Japan and Europe, with renewed focus and investment in marketing penetration may improve.

The product features include network monitoring (with topology), flow analysis, server monitoring (including virtualization technologies). Some unique features are agentless monitoring, but the use of ssh to get deeper server monitoring of linux variants (*BSD, MacOS) systems without software agents, which typically cause support pain.  The product supports dozens of standard packaged applications found on servers, as most unified monitoring tools do. On the network side of things the product builds topologies of interconnected devices, and presents rich maps. These maps also present the flow data such as bandwidth and data usage of the end points including the servers.

I implemented the product in my lab, the download and install process was very easy and the wizard which includes configuration and auto discovery was very well done. The backend includes standard SQL, proprietary noSQL (for metrics), and a XML schema where state data is kept. This is a easy to implement solution with care paid to the design elements. The unified views include seeing multiple data sets in a single place:



Some of the issues with the product include that the tool is not web based (EDIT: They have a web UI, but it’s more of a second class citizen. It does look nice and shares the same look and feel) , there is still a windows application, making the data less available to other people within the organization who do not have the client. The product is also focused more on the network use cases than server use cases, but it handled server monitoring quite nicely in my testing (see screenshot from my lab above). The company has been around for quite a while, but has remained small in terms of staff and investment. The product is priced quite attractively, in a similar manner so what you see for other low cost tools, such as those mentioned above.

Thanks for reading, please leave comments here or on twitter @jkowall


Category: IT Operations Monitoring NPM Pick of The Week     Tags:

Cool Vendors in DevOps 2014

by Jonah Kowall  |  May 2, 2014  |  3 Comments

Lots of interest across the board in how to integrate and deliver in supporting a DevOps philosophy. In this third annual cool vendors in DevOps research there are five vendors, which help DevOps managers, app engineers, and release and cloud managers control the application life cycle.

This year I contributed an interesting monitoring company who focuses on monitoring user experiance of single page applications. Single page applications becoming increasingly popular amongst newer web application architectures, and they change the page interaction paradigm most monitoring and measurement is based on.

I also contributed a write-up for Data Dog, you might have seen other research where they were covered. This innovative SaaS offering provides glimpses at new ideas for event management, collaboration, and open monitoring systems. Of course they also have their own set of challenges.

Ronni Colville and Colin Fletcher contributed MidVision for their deployment software.

Colin Fletcher and Jim Duggan (See we have good DevOps collaboration) contributed Plutora, which provides a SaaS based ARA product with some interesting concepts around release management.

Finally Colin Fletcher included ZeroTurnaround who provide tooling around continuous testing to enable more efficient developer time. They also offer automated release software helping a continuous delivery cycle.

Clients will have access to the full research which highlights much more detail, why the approach of the technology provider is cool, the challenges they face, and who should be investigating or thinking about these innovative and emerging technology companies.

Cool Vendors in DevOps, 2014

16 April 2014  G00262716
Analyst(s): Ronni J. Colville Jim Duggan Jonah Kowall Colin Fletcher


Category: DevOps IT Operations Mobile Monitoring Pick of The Week SaaS     Tags:

Cool Vendors in Application Performance Monitoring (APM) and IT Operations Analytics (ITOA)

by Jonah Kowall  |  April 30, 2014  |  3 Comments

We decided to rename our cool vendors research this year, since we regularly were featuring technologies which were not related directly to performance demands, but also included general analytics technologies applied to infrastructure and operations professionals needs. In the research for this year we saw a similar split between these technologies.

In the research we profiled several vendors:

Will Cappelli included Metafor Software, who provides ITOA technologies to detect and better understand change and configuration of server environments. The product is available as SaaS or on Premise deployment models.

I included NetMotion Wireless, building some cool technology to better track and manage enterprise wireless quality and delivery of services. The product uses a small agent to measure performance and usage. As wireless connectivity becomes more critical understanding carrier and hardware choices will increase in importance.

Colin Fletcher included Nethink, who builds ITOA technology which rely on end user collected information from desktops to help with problem resolution, configuration issues, and some compliance use cases. Many issues today reside on the end user devices and there are few technology providers who provide the client side visibility needed. (Other popular choices aside from Nexthink include Aternity and LakeSide Software)

Colin Fletcher also included Sumo Logic, a SaaS based offering analyzing machine data (logs) similar to popular tools such as Splunk, but also providing a unique real-time architecture. The product has interesting elements of anomaly detection as well as the ability to coach the system’s auto categorization.

Finally I also included ThousandEyes who’ve taken a commoditized market of synthetic monitoring and made it interesting again by layering on additional data sources about the internet path (BGP). This provides added visibility and information to these synthetic transactions making them much more useful to those running or relying on SaaS (which is pretty much everyone these days).

There is much more detail and analysis in the research, including why they are cool, challenges they face, and who should care about these technologies and technology providers. Clients can access the research at the link below:

Cool Vendors in Application Performance Monitoring and IT Operations Analytics, 2014


Category: Analytics APM IT Operations Logfile Mobile Monitoring Pick of The Week SaaS     Tags:

Monitoring Technology Pick: Week of April 28th – GroundWork

by Jonah Kowall  |  April 25, 2014  |  2 Comments

When I mentioned the “pick of the week” idea to my awesome manager John Enck (@johnenck if you can get him to tweet I’ll buy you a beer) he said “be careful if you commit to doing it weekly, you have to do it”. I assured him this was not an issue, and then of course I missed a week. It will happen, but I’m trying to get at least two or three of these, per month. On to the good stuff….


San Francisco, California

GroundWork was one of the first companies to package up open source monitoring components into a commercial offering, which includes the ever popular Nagios engine, into a supported, tested, and well maintained monitoring product offering. This created a natural path for those using Nagios, who wanted support, a more advanced product, and a consistent deployment model. Over the years GroundWork has become quite a different animal, with advanced portal technology, topological awareness and discovery, event correlation, and the ability to scale the solution for large and demanding environments. The next step in the maturation process, was driven by customers who wanted to build solutions incorporating the monitoring data, GroundWork then re-built the core architecture with a robust API layer allowing for diverse use cases of monitoring data, including custom portals or other mashups. The evolution of the company moved them further into the concept of unified monitoring they improved the ability to monitor network devices, hypervizors and have been focused on support for multiple public and private cloud platforms. This unified monitoring platform has been gaining momentum and the customers have been shifting from Nagios up sells into those which need an extensible monitoring platform based on open standard components.

The main reason I wanted to highlight them is based on research we published towards the end of last year Colin Fletcher and I published ( highlighted the need for these unified monitoring tools combined with log analysis. GroundWork is one example of a company who has done this. They have taken the open source ELK stack (highlighted in this blog post : and incorporated it into the GroundWorks solution. Today it’s a portlet within the product, and there isn’t the management tooling needed around the ELK components, but this is a beta product. The future product should better manage the data, and integrate the search and reporting components coming from the ElasticSearch tooling. The feedback from the customer base has been clear, people want this pairing. In fact they did a survey across 400 of their users:

Key Study findings:

  • 37 percent of unified monitoring users are reviewing their IT logs via manual text search; 33 percent are already using log analysis software
  • 96 percent find the ability to combine log field data with other monitoring event data into a single search tool and/or dashboard important
  • 42 percent of users claim they do not have enough time to start analyzing their IT log data; 18% say the cost is too high

These study findings echoed Gartner’s latest report, “Modernize Your Monitoring Strategy by Combining Unified Monitoring and Log Analytics Tools,” on how to better manage today’s complex and dynamic IT environments.

This is quite close to our findings at the last Gartner Data Center Conference across 114 attendees who responded to our audience polling during our presentation titled “The Elusive Promise of Unified Monitoring: How to Monitor Infrastructure and Applications”.

  • 22% had centralized log analysis tooling
  • 46% had tactical or dispirit log analysis
  • 39% had no log analysis

This is music to the log analysis vendors ears :)

Please leave comments here on on twitter @jkowall.


Category: Analytics IT Operations Logfile Monitoring OLM Pick of The Week     Tags:

Contribution : Cool Vendors in IT Operations Management

by Jonah Kowall  |  April 15, 2014  |  2 Comments

In addition to the Unified Communications coverage I also participated in research around IT Operations management software. I contributed a write-up of a small innovative Boston area company Centerity, who provides unified monitoring technology. The simplicity and focus of organizations to simplify and reduce the cost of availability monitoring is core to the offering, with some more advanced features and interesting collection technology for breadth of coverage (including technologies such as SAP HANA and CCMS).  Centerity provides a robust product, with flexibility leveraging multiple types of data acquisition including the popular open source Nagios plugin (or check) compatibility.

Ronni Colville and Milind Govekar included the German company Arago, I have spent time with them as well, and am very impressed what they are doing in bringing automation and analytics together in order to learn the behaviors and actions of sysadmins. This differentiated approach makes a lot of sense, and customers have indicated positive results, but as with all automation work is required up front.

Ronni Colville and Milind Govekar also included Innovise a UK based automation company with a programmable and robust library meant to break down the silos of automation commonly observed within enterprises today. Innovative features include cost measurement and efficiency measurement of the automation tasks, and analytics integration with a custom developed complex event processing (CEP) engine.

Ian Head and Jeff Brooks highlighted Navvia for their service management offering with good workflow tools to model and run IT processes.

Finally Jarod Greene and Ronni Colville highlighted Vistara who offers a SaaS based unified platform covering configuration management, patch management, remote system access, and basic features including orchestration and monitoring. The product has a single user interface and views of the associated components.

Of course my brief writeups don’t touch on the depth of the research, including challenges and target persona who should evaluate these technologies as part of a IT Operations Management software strategy. Sorry the in depth research is for our subscribers:

 Don’t worry we are hard at work to deliver the Cool Vendors in APM this year, we expect that to hit shortly.


Category: Analytics Big Data DevOps IT Operations Monitoring SaaS     Tags:

Cool Vendors in Unified Communications – Monitoring Angle

by Jonah Kowall  |  April 13, 2014  |  3 Comments

This year I was privileged to include one of the cool vendors in unified communications research this year. Written with my colleagues Jay Lassman, Bern Elliot, Steve Blood, and Sorell Slaymaker. Who cover unified communications technologies, the fun part about my coverage is everything needs to be monitored, so I was able to contribute to this research. I highlighted Nectar Services Corp. The other vendors included were Acano offering interesting collaboration technologies, Voxer offering innovative peer to peer communications, and Zoom offering conferencing services. The range of technologies covered in this research include monitoring, and several interesting communications options.

Nectar is an interesting company who acquired technology of a previous cool vendor Netsocket and combined it with other  monitoring offerings they previously sold. This combined offering uniquely handles both availability monitoring of vendor agnostic communications systems (such as popular systems from Cisco, Microsoft, and Avaya) but combines capabilities of performance monitoring by looking not only at packet data for measuring the true end user experience, but also visualizing and building network path data by peering with other routers within the customer deployment. Additional depth and insights on this technology provider can be obtained by Gartner subscribers in the published research:



Category: IT Operations Monitoring NPM     Tags:

Monitoring Technology Pick: Week of April 7th – Elasticsearch

by Jonah Kowall  |  April 13, 2014  |  4 Comments

Continuing the blogs topics from last week we are profiling yet another log search and index technology which has begun to emerge as yet another alternative for this necessary technology when troubleshooting today’s complex environments. As the vendor we profiles last week, which utilizes several open source technologies and brings a unique user interface and ingest model the vendor this week leverages much of the same technologies.

Elasticsearch Los Altos, California

Elasticsearch has recently raised a good amount of venture funding to propel open source index and search into the enterprise spotlight. Elasticsearch is the company behind the ELK stack, with a growing set of use cases and products being built upon it. The stack consists of the following open source projects:

  • Elasticsearch is a distributed indexing and storage technology written in Java, the project is designed to scale out with modular systems sharing data storage, indexing, and search responsibilities. The project is complex to setup, maintain, and tune accordingly.
  • Logstash is the data ingest layer, messages are parsed off the hosts or a centralized logging infrastructure and forwarded into the Elasticsearch cluster (or other technologies). Logstash has a complex configuration file with many options for tuning the forwarder and configuring the parsing. The project is based on Java and can have a much larger memory footprint on the hosts than competing forwarder technologies.
  • Kibana is a graphical front end for querying Elasticsearch housed data and deriving insight (think of it as the UI). Kibana has a nice modern UI, but lacks much of the alerting, and administration needed for enterprise log indexing.

The company itself, ElasticSearch is run by a combination of technologists and entrepreneurs. Important technical members include co-founder Shay Banon, the creator of Elasticsearch. Simon Willnauer and Uri Boness who are core members of the Apache Lucene team, another highly visible Java indexing open source project. They have hired Jordan Sissel the creator of Logstash, as well as Rashid Khan the creator of the Kibana project. Matched with the marketing skill of Jen Grant who was a critical member at Box during the rise to enterprise adoption, and has had similar success at Google previously. These products will begin evolving much more quickly with a commercial entity driving the development, and solid marketing and positioning behind them. The first product released was marvel, a commercial management platform for ElasticSearch clusters. This new offering include administrative capabilities such as monitoring, root cause analysis, capacity planning, and is a paid offering, but it’s free for development use. With these innovations the product suite will evolve considerably more quickly and become a commercial alternative to other indexing and search technologies. We expect the company to begin launching commercial products later this year, and be thrust into the spotlight.

Next week, we will be highlighting yet another player in the log index and search market, before moving on to other interesting emerging technologies.


Category: Analytics Big Data IT Operations Logfile Monitoring OLM Pick of The Week     Tags:

Monitoring Technology Pick: Week of March 31st – Torch (GrayLog2)

by Jonah Kowall  |  April 4, 2014  |  4 Comments

I’m trying out something new for the blog this week, we have our yearly “Cool Vendor” awards, which are essentially analyst picks of interesting new technologies. I’m trying to build a micro format of this where I pick an interesting technology which I discovered during a specific week and write up a vendor or interesting news of the week. This is really an experiment :

Torch (GrayLog2)

Hamburg, Germany

Torch maintains and controls the GrayLog2 open source unstructured text indexing and search project, what makes the solution interesting is that it’s completely free. They have done some serious redevelopment of the former product (developed as a side project between 2009-2010), spurred by venture capital funding (in late 2013) they now have full time engineering on the project. The results have been impressive, with a nice user interface, and rapid development the project has come a long way in a few short months. The offering is built to index log data, and provides a rich front end for searching and analytics.  The re-engineering effort moved from Rails to Java, providing a highly scalable architecture with common technologies to the other open source projects under the hood.

The underpinnings include what is known at the ELK stack… More on this in future posts. Essentially ElasticSearch is an open source unstructured text indexing engine with a high degree of parallel scalability, the speed of this engine is due to parsing before ingest, while most other products parse after ingest. The second component is Logstash which is often used to get data into ElasticSearch, GrayLog2 has it’s own GELF format, which provides a much cleaner way of data ingest, but LogStash is also supported (I wouldn’t recommend that project due to configuration complexity and lack of deduplication and proper compression). Finally Kibana is the last component of the ELK stack, which GrayLog2 doesn’t use. I will go into other similar emerging solutions in future posts.

The product still takes some work to get up and running (I set it up in my lab), which they are working on, since it requires several open source projects be configured. The requirements include setting up ElasticSearch, MongoDB, and Java 7. The front-end components are a different package from the back-end components, so there are a lot of moving parts and dependencies involved. The management of ElasticSearch can be difficult especially at scale, and the project must be improved to simplify implementation and maintenance of the technology stack.

Other differentiators are the stream processing engine within GrayLog2, which enables message routing to ensure real-time actions be taken as well as indexing via LogStash. Torch doesn’t offer any paid products yet, but they are building some add-on offerings for the core engine to monetise the work they are doing. There is no SaaS offering planned, the software is designed to me implemented on premise. Currently Torch is being approached by large enterprises who have unique requirements, and they are meeting those requirements in a consulting arrangement. We look forward to tracking them as they build new technologies and bring them to market.

Lots of good stuff happening in the log analysis space, I’ll likely cover another one next week.


Category: IT Operations Monitoring OLM Pick of The Week Uncategorized     Tags: