Skip to main content

Welcome to LogClaw

LogClaw is an enterprise-grade, Kubernetes-native log intelligence platform. It combines real-time anomaly detection, trace-correlated incident ticketing, and GitOps-native multi-tenancy into a single deployment stack. LogClaw

Why LogClaw?

OTLP-Native Ingestion

Uses OpenTelemetry Protocol as the sole ingestion interface. Any OTel SDK, agent, or collector works out of the box — no custom integrations.

AI-Powered Detection

Statistical anomaly scoring on error rates, automatic trace correlation across services, and blast radius computation — all in real time.

Multi-Platform Ticketing

Route incidents to PagerDuty, Jira, ServiceNow, OpsGenie, Slack, or Zammad simultaneously with per-severity routing rules.

GitOps-Native Tenancy

Add a YAML file, push to main, and ArgoCD deploys a fully isolated tenant stack in 30 minutes. Namespace-per-tenant — no shared data plane.

How It Works

Apps ──OTLP──▶ OTel Collector ──▶ Kafka ──▶ Bridge (ETL + Anomaly + Trace Correlation)
  (gRPC :4317)                                        │
  (HTTP :4318)                          ┌──────────────┴──────────────┐
                                        ▼                             ▼
                                  OpenSearch                   Ticketing Agent
                                (search + analytics)       (PagerDuty, Jira, etc.)


                                   Dashboard
                              (Next.js pipeline UI)

Core Components

ComponentRoleTechnology
OTel CollectorOTLP gRPC/HTTP receiver, batching, tenant enrichmentOpenTelemetry Collector Contrib
KafkaDurable event bus — raw logs + enriched logs topicsStrimzi KRaft
BridgeOTLP ETL, anomaly detection, trace correlation, OpenSearch indexerPython, Kafka
OpenSearchFull-text search, log analytics, visualizationOpenSearch + Dashboards
Ticketing AgentAI SRE — deduplicated, trace-correlated incident ticketsPython, LangChain
ML EngineFeature Store + model inference servingFeast, KServe
AirflowML pipeline orchestration and retraining DAGsApache Airflow
Infrastructure AgentCluster health collection — Kafka lag, Flink, OpenSearch, ESOGo
DashboardWeb UI for log ingestion, incidents, anomalies, and configNext.js

Quick Start

No cloning, no building — just pull and run:
curl -O https://raw.githubusercontent.com/logclaw/logclaw/main/docker-compose.yml
curl -O https://raw.githubusercontent.com/logclaw/logclaw/main/otel-collector-config.yaml
docker compose up -d
Open http://localhost:3000 — the full stack is running. All images are pulled from ghcr.io/logclaw/ (public, no auth required).Send a test log:
curl -X POST http://localhost:4318/v1/logs \
  -H "Content-Type: application/json" \
  -d '{
    "resourceLogs": [{
      "resource": {
        "attributes": [
          {"key": "service.name", "value": {"stringValue": "my-app"}}
        ]
      },
      "scopeLogs": [{
        "logRecords": [{
          "timeUnixNano": "'$(date +%s)000000000'",
          "severityText": "INFO",
          "body": {"stringValue": "Hello from LogClaw!"}
        }]
      }]
    }]
  }'

Container Images

All LogClaw images are public on GHCR — pull directly with no auth: 
docker pull ghcr.io/logclaw/logclaw-dashboard:stable
docker pull ghcr.io/logclaw/logclaw-bridge:stable
docker pull ghcr.io/logclaw/logclaw-ticketing-agent:stable
docker pull ghcr.io/logclaw/logclaw-flink-jobs:stable

Next Steps

Architecture

Understand the deployment model, data flow, and component interactions.

Tenant Onboarding

Provision a new tenant from zero to fully operational in 30 minutes.

OTLP Integration

Send logs from any language or framework using OpenTelemetry SDKs.

Local Development

Set up a local dev environment with Docker Compose or Kind.

Dashboard Guide

Explore the web UI for log ingestion, incident management, and pipeline monitoring.

API Reference

Full API documentation for every LogClaw service.