Skip to main content

Welcome to LogClaw

LogClaw is an enterprise-grade, Kubernetes-native log intelligence platform. It combines real-time anomaly detection, trace-correlated incident ticketing, and GitOps-native multi-tenancy into a single deployment stack. LogClaw

Why LogClaw?

OTLP-Native Ingestion

Uses OpenTelemetry Protocol as the sole ingestion interface. Any OTel SDK, agent, or collector works out of the box — no custom integrations.

AI-Powered Detection

Statistical anomaly scoring on error rates, automatic trace correlation across services, and blast radius computation — all in real time.

Multi-Platform Ticketing

Route incidents to PagerDuty, Jira, ServiceNow, OpsGenie, Slack, or Zammad simultaneously with per-severity routing rules.

GitOps-Native Tenancy

Add a YAML file, push to main, and ArgoCD deploys a fully isolated tenant stack in 30 minutes. Namespace-per-tenant — no shared data plane.

How It Works

Apps ──OTLP──▶ OTel Collector ──▶ Kafka ──▶ Bridge (ETL + Anomaly + Trace Correlation)
  (gRPC :4317)                                        │
  (HTTP :4318)                          ┌──────────────┴──────────────┐
                                        ▼                             ▼
                                  OpenSearch                   Ticketing Agent
                                (search + analytics)       (PagerDuty, Jira, etc.)


                                   Dashboard
                              (Next.js pipeline UI)

Core Components

ComponentRoleTechnology
OTel CollectorOTLP gRPC/HTTP receiver, batching, tenant enrichmentOpenTelemetry Collector Contrib
KafkaDurable event bus — raw logs + enriched logs topicsStrimzi KRaft
BridgeOTLP ETL, anomaly detection, trace correlation, OpenSearch indexerPython, Kafka
OpenSearchFull-text search, log analytics, visualizationOpenSearch + Dashboards
Ticketing AgentAI SRE — deduplicated, trace-correlated incident ticketsPython, LangChain
ML EngineFeature Store + model inference servingFeast, KServe
AirflowML pipeline orchestration and retraining DAGsApache Airflow
Infrastructure AgentCluster health collection — Kafka lag, Flink, OpenSearch, ESOGo
DashboardWeb UI for log ingestion, incidents, anomalies, and configNext.js

Quick Start

1

Clone the repository

git clone https://github.com/logclaw/logclaw.git
cd logclaw
2

Start local development environment

./scripts/setup-dev.sh
This creates a Kind cluster, installs all operators and services, and runs a smoke test. Takes ~20 minutes on a 16 GB machine.
3

Send your first log

curl -X POST http://localhost:4318/v1/logs \
  -H "Content-Type: application/json" \
  -d '{
    "resourceLogs": [{
      "resource": {
        "attributes": [
          {"key": "service.name", "value": {"stringValue": "my-app"}}
        ]
      },
      "scopeLogs": [{
        "logRecords": [{
          "timeUnixNano": "'$(date +%s)000000000'",
          "severityText": "INFO",
          "body": {"stringValue": "Hello from LogClaw!"}
        }]
      }]
    }]
  }'

Next Steps

Architecture

Understand the deployment model, data flow, and component interactions.

Tenant Onboarding

Provision a new tenant from zero to fully operational in 30 minutes.

OTLP Integration

Send logs from any language or framework using OpenTelemetry SDKs.

Local Development

Set up a local dev environment with Docker Compose or Kind.

Dashboard Guide

Explore the web UI for log ingestion, incident management, and pipeline monitoring.

API Reference

Full API documentation for every LogClaw service.