Subtrace

What do they actually do

Subtrace is a zero‑code network/HTTP inspector for backends. It watches live HTTP requests that hit your services and shows the full request and response (headers, body, timing) in a Chrome‑DevTools‑style interface, so engineers can find, inspect, copy‑as‑cURL, and replay exact production requests without changing application code homepage Quickstart.

You add it by installing a small helper and running your process under Subtrace (e.g., “subtrace run -- ”). Guides cover Node.js, Python, Go, and Docker/Kubernetes workflows. It attaches to running processes/containers, captures each HTTP request with network context, indexes them for fast search (the site notes ClickHouse for search), and surfaces a searchable UI with features like time‑travel replay. macOS support is noted as experimental/private beta in their repo/releases docs index GitHub quickstart homepage GitHub releases.

The project is open source and available as both a hosted service and on‑prem enterprise deployment, with enterprise controls like SAML/OIDC and compliance options (SOC2/HIPAA) listed on the pricing page. Public traction includes a case study with Trieve (YC W24) describing faster incident resolution using Subtrace GitHub pricing Trieve case study.

Who are their target customer(s)

• Backend engineer at a startup running services in Docker/Kubernetes: Needs to quickly find the exact production HTTP request/response that caused a bug without adding new logs or redeploying; reproducing issues locally is slow and unreliable Quickstart/docs homepage.
• On‑call SRE or incident responder at a mid‑sized team: Needs fast search over recent production requests and clear timing/latency breakdowns to identify root causes, instead of chasing logs across services homepage Trieve case study.
• Platform/DevOps engineer responsible for developer productivity: Wants a low‑friction way for developers to replay real production requests locally to cut noisy debug cycles, without instrumenting every service homepage demo docs.
• Security/compliance lead at a regulated organization: Cannot send sensitive traffic to third‑party SaaS; needs on‑prem deployment, access controls, and SOC2/HIPAA assurances before approving observability tooling pricing.

How would they acquire their first 10, 50, and 100 customers

• First 10: Convert early adopters from the open‑source repo, Product Hunt, and YC network with hands‑on installation/pairing sessions using the one‑command quickstart; collect feedback to fix docs and edge‑case bugs GitHub Product Hunt Quickstart Trieve case study.
• First 50: Publish language‑specific and Docker/Kubernetes guides, short demo videos, and run recorded webinars; seed content into developer communities and leverage press/tech writeups to drive repeatable inbound docs index homepage demo InfoQ.
• First 100: Offer paid on‑prem pilots and small commercial trials to mid‑sized teams; use the Trieve case study and enterprise assurances (SAML/OIDC, SOC2/HIPAA, SLAs) to close, and list in relevant partner marketplaces Trieve case study pricing.

What is the rough total addressable market

Top-down context:

Relevant ceiling is observability software (about $2.9B in 2025, growing toward ~$6.1B by 2030) and, more precisely for Subtrace, deep/cloud‑native observability (~$0.88B in 2025 rising to ~$2.7B by 2029) Mordor Intelligence Frost & Sullivan via Gigamon.

Bottom-up calculation:

Example: 15,000 mid‑market and enterprise teams running containerized backends × 20% potential adoption × $15,000 average annual contract = ~$45M TAM for Subtrace’s current workflow focus. A heavier enterprise mix (e.g., 3,000 customers at $40,000 ACV) would imply ~$120M.

Assumptions:

• Focus on teams with multi‑service backends in Docker/Kubernetes rather than all software teams.
• Adoption limited by incumbents and need for on‑prem/compliance in regulated orgs.
• ACV ranges from ~$5k SMB hosted to ~$50k+ for on‑prem/enterprise with SSO/compliance.

Who are some of their notable competitors

• GoReplay: Open‑source tool to capture and replay live HTTP traffic to other endpoints; overlaps on traffic replay but is CLI/pipe‑oriented for testing rather than a searchable DevTools‑style request index and in‑place time‑travel UI GoReplay GitHub GoReplay blog.
• HTTP Toolkit: Intercepts HTTP(S) from processes, browsers, or Docker to inspect and resend; great for developer‑machine debugging, but not a cluster‑scale indexed backend request store for incident search and long‑term replay HTTP Toolkit.
• mitmproxy: Mature open‑source intercepting proxy to record, inspect, and replay HTTP(S); requires routing traffic through a proxy and manual filtering, and lacks automatic process/container attachment and production‑scale indexing/UI workflows mitmproxy.
• Pixie (New Relic / px.dev): eBPF‑based Kubernetes observability that auto‑captures HTTP requests, traces, and payloads without language agents; positioned as an in‑cluster, scriptable observability platform more than a Chrome‑DevTools‑style request inspector with replay and enterprise packaging px.dev New Relic docs.
• Rookout: Live production debugger focusing on code‑level snapshots and non‑breaking breakpoints; overlaps on production debugging but not on capturing and replaying full HTTP request/response traffic across services Rookout.