Grafana and GitLab have released a new open-source solution that links GitLab CI/CD events into Grafana's observability stack via a serverless architecture, enabling real-time visibility and correlation between deploy events and performance metrics.
Elastic's new Streams feature uses AI to transform noisy logs into actionable insights, helping SREs diagnose and resolve issues faster. The article discusses how AI is poised to become the primary tool for incident diagnosis and address skill shortages in IT infrastructure management.
Here's a breakdown of the technical details:
* **Problem:** Modern IT (especially Kubernetes) generates massive amounts of log data (30-50GB/day per cluster) making manual analysis for root cause identification slow, costly, and prone to errors. Existing observability tools often treat logs as a last resort.
* **Elastic's Solution (Streams):**
* **AI-powered Parsing & Partitioning:** Automatically extracts relevant fields from raw logs, reducing manual effort.
* **Anomaly Detection:** Surfaces critical errors and anomalies from logs, providing early warnings.
* **Automated Remediation:** Aims to not only identify issues but also suggest or automatically implement fixes.
* **Workflow Shift:** Streams aims to move away from the traditional observability workflow (metrics -> alerts -> dashboards -> traces -> logs) to a log-centric approach where AI proactively processes logs to create actionable insights.
* **Future Direction:** The article highlights the potential of **Large Language Models (LLMs)** to further automate observability, including generating automated runbooks and playbooks for remediation. LLMs could also help address the shortage of skilled SREs by augmenting their expertise.
* **Integration:** Streams is integrated into Elastic Observability.
Here's a breakdown of the technical details:
* **Problem:** Modern IT (especially Kubernetes) generates massive amounts of log data (30-50GB/day per cluster) making manual analysis for root cause identification slow, costly, and prone to errors. Existing observability tools often treat logs as a last resort.
* **Elastic's Solution (Streams):**
* **AI-powered Parsing & Partitioning:** Automatically extracts relevant fields from raw logs, reducing manual effort.
* **Anomaly Detection:** Surfaces critical errors and anomalies from logs, providing early warnings.
* **Automated Remediation:** Aims to not only identify issues but also suggest or automatically implement fixes.
* **Workflow Shift:** Streams aims to move away from the traditional observability workflow (metrics -> alerts -> dashboards -> traces -> logs) to a log-centric approach where AI proactively processes logs to create actionable insights.
* **Future Direction:** The article highlights the potential of **Large Language Models (LLMs)** to further automate observability, including generating automated runbooks and playbooks for remediation. LLMs could also help address the shortage of skilled SREs by augmenting their expertise.
* **Integration:** Streams is integrated into Elastic Observability.
TraceRoot.AI is an AI-native observability platform that helps developers fix production bugs faster by analyzing structured logs and traces. It offers SDK integration, AI agents for root cause analysis, and a platform for comprehensive visualizations.
The company's transition from fragmented observability tools to a unified system using OpenTelemetry and OneUptime dramatically improved incident response times, reducing MTTR from 41 to 9 minutes. By correlating logs, metrics, and traces through structured logging and intelligent sampling, they eliminated much of the noise and confusion that previously slowed root cause analysis. The shift also reduced the number of dashboards engineers needed to check per incident and significantly lowered the percentage of incidents with unknown causes.
Key practices included instrumenting once with OpenTelemetry, enforcing cardinality limits, and archiving raw data for future analysis. The move away from 100% trace capture and over-instrumentation helped manage data volume while maintaining visibility into anomalies. This transformation emphasized that effective observability isn't about collecting more data, but about designing correlated signals that support intentional diagnosis and reduce cognitive load.
Key practices included instrumenting once with OpenTelemetry, enforcing cardinality limits, and archiving raw data for future analysis. The move away from 100% trace capture and over-instrumentation helped manage data volume while maintaining visibility into anomalies. This transformation emphasized that effective observability isn't about collecting more data, but about designing correlated signals that support intentional diagnosis and reduce cognitive load.
PII Guard is an LLM-powered tool that detects and manages Personally Identifiable Information (PII) in logs โ designed to support data privacy and GDPR compliance. It uses the gemma:3b model running locally via Ollama.
Grafana Loki version 3.4 introduces enhancements such as standardized storage with Thanos, a sizing guidance page, merging of Promtail into Grafana Alloy, and support for out-of-order logs.
Cloudflare discusses how they handle massive data pipelines, including techniques like downsampling, max-min fairness, and the Horvitz-Thompson estimator to ensure accurate analytics despite data loss and high throughput.
OpenTelemetry is not just an observability platform, it's a set of best practices and standards that can be integrated into platform engineering or DevOps.
Hydrolix is a streaming data lake platform designed to handle large amounts of immutable log data at a lower cost than traditional solutions. The platform is particularly well-suited for observability data and offers real-time query performance on terabyte-scale data. Hydrolix uses an ANSI-compliant SQL interface, is schema-based and fully indexed, and is designed for high-cardinality data. It is purpose-built for log data and focuses on data that comes in once and never changes. Hydrolix is currently used by companies in industries like media, gaming, ad tech, and telecom security that require long-term retention of data. The company recently announced a $35 million Series B round, and its technology serves as the basis for Akamai's observability product TrafficPeak. The platform is designed to save costs for companies dealing with billions of transactions a day and terabytes of data, as it can store data for longer periods than traditional solutions like Splunk or Datadog, thereby reducing costs or increasing retention.
With the addition of profiling to OpenTelemetry, we expect continuous production profiling to hit the mainstream.
