Very relatable experience with log diving, feels very much like a needle-in-haystack problem that gets so much harder when you're not the only one who contributed to the source of errors (often the case).

As for the skepticism with LLMs stumbling around raw logs: it's super deserved. Even the developers who wrote the program often refer to larger app context when debugging, so it's not as easy as throwing a bunch of logs into an LLM. Plus, context window limits & the relative lack of "understanding" with increasingly larger contexts is troublesome.

We found it helped a lot to profile application logs over time. Think aggregation, but for individual flows rather than similar logs. By grouping and ordering flows together, it's bringing the context of thousands of (repetitive) logs down to the core flows. Much easier to find when things are out of the ordinary.

Still a lot of improvements in regards to false positives and variations in application flows.

The best way to improve this is to just generate decent useful and actionable logs. Sifting through a trash heap is where the problem is. No magic will suddenly turn that trash into gold.

You have to do this at the inception of the software you’re building rather then strap it on the donkey when something breaks (the usual way).

Disclaimer: I'm a founder at Gravwell, a log analytics startup

I agree, even when applicable LLMs are relegated to analyzing subselected data, so logs have to go somewhere else first. I think understanding logs is brain intensive because it can be a tricky problem. It gets easier with good tools, but often those tools are the kind that need to be used to build something else that solves the problem, rather than solve the problem themselves (e.g. building a good query + automation). I think LLMs can get better at creating the queries which would help a lot.

We started Gravwell to try bring some magic. It's a schema-on-read time-series data lake that will eat text or binary and comes in SaaS or self-hosted (on-prem). We built our backend from scratch to offer maximum flexibility in query. The search syntax looks like a linux command line, and kinda behaves like one too. Chain modules together to extract, filter, aggregate, enrich, etc. Automation system included. If you like Splunk, you should check us out.

There's a free community edition (personal or commercial use) for 2GB/day anon or 14GB/day w/ email. Tech docs are open at docs.gravwell.io.

> I don't understand, what about that is a "silent failure"?

Silent failures can be "allowed" behavior in your applications that aren't actually labeled as errors but can be irregular. Think race conditions, deadlocks, silent timeouts, or even just mislabeled error logs.

> in order for your product to even know about it, wouldn't I need to write a log message for every single record update?

That's right, and this may not always feasible (or necessary!), but if your application can be impacted by errors like these, perhaps it may be worth logging anyway.

> the general question I have with any product that's marketing itself as being "AI-powered" - how do hallucinations get resolved?

> and if my architecture allows two microservices to update the same row in the same database...maybe it happening within 50ms is expected?

> if I ask your product "what caused such-and-such outage" and the answer that comes back is incorrect, how do I "teach" it the correct answer?

For these concerns, human-in-loop feedback is our preliminary approach! We have our own internally running to account for changes and false errors, but having explanations from human input (even as simple as "Not an error" or "Missed error" buttons) is very helpful.

> when that happens I can walk through their thought process and analysis chain with them and identify the gap that led them to the incorrect conclusion. often this is a useful signal that our system documentation needs to be updated, or log messages need to be clarified, or a dashboard should include a different metric, etc etc.

Got it, I imagine it'll be very helpful for us to display our chain of thought from our dashboards too. Great feedback, thank you!

> Can it run completely on prem ?

Yep we have an on-prem offering as well, got similar notes from folks before!

> What stops me from building my own logger that sends a request to write a record to a DB and later asks an LLM what it means ?

Great question! The main limitation over brute force is the sheer volume of noise, and therefore relevant context. We tried this and realized it wasn't working. From a numbers perspective, at even just 10s of GBs/day scale of data (not even close to enterprise scale), mainstream LLMs can't provide the context windows you need for more than a few minutes of operational data. And larger models suffer from other factors (like attention diffusion / dilution & drift).

> I see the landing page. The pricing should be clear though “ Contact Us” is scary. Noted!

Agreed! Metrics are a high priority, especially since working to increase the available context around each anomaly we flag.

Logs were a natural starting point because that’s where developers often spend a significant amount of time stuck reading & searching for the right information, manually tracking down issues + jumping between logs across services. In a way, just finding & summarizing relevant logs for the user gave people an easier time debugging.

But metrics will introduce more dimensions to establish baseline behavior, so we're pretty excited about it too.

Our free tier doesn't include the anomaly/error detection (noted on the site, we can make it more clear though). And your numbers do add up! That's why you can't just run all your logs through an LLM.

Aggregated (+ simplified) versions of your logs + flagged anomalies get passed through our LLMs

Ah, any particular reason to want these SDKs public? Happy to, especially since you can see source on install anyway. Just curious!

And Kudos to SigNoz as well - have to check out other folks in the space :)

Hey, loglayer looks super cool! Would love to chat and set something up, send us an email at founders@runsift.com

Yes, we support OpenTelemetry ingestion! Also Datadog, Splunk, and various other vendors’ agents/forwarders - even custom HTTP Daemons.

If you’ve already set up logging, good chance you can just point your instrumentation towards us and we know how to ingest and handle it.

Datadog is industry standard at this point, if you dont know what splunk or datadog is you are likely not their ICP and their marketing is not targeting you.

Hey - thanks for the feedback. We were trying to give people a good idea of where we fit in quickly, but I can see where you're coming from!

Even if it won't work for everyone — some people (including me) are looking for Datadog alternatives, so this is the easiest way for them to speak to their ICP.

We offer competing core functionality in terms of storage and search, but we’re also focused on intelligence: real-time anomaly detection, semantic log analysis, and natural language search.

Would recommend the demo video and playground environment we linked above! Feel free to reach out at founders@runsift.com if you’d like to learn more

Absolutely! Java bindings are on our radar. Any specific use cases / implementations you'd like to see? In the meantime, we do also support a couple off-the-shelf collectors that should already support Java applications!

I assume this is most in regards to our anomaly/error detection! Deterministic rules for flagging anomalies + human feedback help in adapting our flagging system accordingly. So hallucinations won't directly impact flagged anomalies. The rules (patterns) we generate are on the stricter end, so they err on the side of flagging more.

However, the rules themselves aren't deterministically generated (and therefore prone to LLM hallucinations). To address this, we currently have a simpler system that lets you mark incorrectly flagged anomalies so they can be incorporated into our generated rules. There's room to improve that we're actively working on: exposing our generated patterns in a human-digestible manner (so they can be corrected), introducing metrics and more data sources for context, and connecting with a codebase.

OP literally said they worked at Datadog and Splunk. That’s enough tbh as those are leaders in this space

Is it common practice to display fake realtime numbers on the homepage?

let storedNumber = getCookie("countingNumber"); let startNumber = storedNumber !== null ? storedNumber : Math.floor(Math.random() * (10300000 - 10000000 + 1)) + 10000000; let currentNumber = startNumber; function updateNumber() { let randomIncrement = Math.floor(Math.random() * (275 - 101 + 1)) + 101; currentNumber += randomIncrement; element.textContent = formatNumber(currentNumber); setCookie("countingNumber", currentNumber, 7); // Save number in cookie for 7 days } element.textContent = formatNumber(currentNumber); setInterval(updateNumber, 1000);

The marketing design approach feels very off to me. You barrage me with an annoying scrolling marquee showing me the most abstract, unrecognizable logos telling me I should trust you because they do. 10+ companies on board feels rather small.

You said AI-driven analysis to identify logs, but I'm already skeptical of AI doing tasks like this, and you obfuscate it further by not actually showing me how it works, just another generic abstract marketing design graphic.

I dunno. It just seems like vaporware-as-a-service from the design vibes.

Hey, maybe you can have a better hiring practice than datadog with a 5 question test where if you get a single answer wrong in even the smallest of ways you get disqualified from getting a job with them for 6 months.

I'm guessing they lost a wealth of great talent due to this test on how to support a platform that they give to fresh off the street applicants rather than having even a modicum of training about their product. They want you to study it for free, probably as a marketing tactic - but also so they don't have to pay to train employees. it's great like cancer.

Disclaimer: I have never applied to a role with datadog, nor interviewed with them. Just had multiple friends complete the process with mixed results. Seems like you need to put in ~two full weeks of self directed study to pass their on site interview 'exam' where they don't tell you about the exam being 100% or fail (but it is!)