SiftLog — microservices monitoring on mobile and desktop

SiftLog by M Media Software Lab

Stop reading logs.
Start reading signals.

SiftLog ingests log streams from every source simultaneously, merges them into a single time-ordered stream, and tells you which service failed first - before any engineer on the bridge call finishes their first log query. Signals stream live to the free Android app over your LAN or VPN.

SiftLog Platform - $999/server/yr Open Source on GitHub
61,204
events processed
9
lines worth reading
0.8s
to failure origin
6
log source adapters

The Problem

The dashboard says something is wrong.
It does not say what.

When a production incident fires at 3am, you have engineers on a bridge call and log streams from a dozen services scrolling in separate windows. The dashboard says latency is up and error rate is spiking. It does not tell you which service failed first. It does not tell you whether this is a cascade from an upstream dependency.

Every engineer on that call is manually reading logs, comparing timestamps across systems with different clock configurations, trying to reconstruct a timeline inside their head. This takes 20 to 40 minutes in a well-run organization.

SiftLog eliminates those 20 to 40 minutes.

What the Output Looks Like

61,204 events.
9 lines that matter.

SiftLog processes all 20 sources simultaneously. The 61,204 log events from 16 healthy services are suppressed. The 9 events that explain the failure are surfaced in order, with the origin service identified, in 0.8 seconds.

The cascade origin is auth-service. The propagation chain is named. The silence flag on inventory-service - a separate unrelated issue - is surfaced automatically. Without SiftLog, it would have been invisible until someone noticed the service was gone.

siftlogd - 20 sources
[signal:cascade] auth-service -> api-gateway -> user-service -> session-manager 03:14:19 auth-service ERROR db pool exhausted (pool=50, waiting=312) 03:14:19 auth-service ERROR token timeout [trace: f8a21c] 03:14:19 api-gateway ERROR auth-service unavailable [trace: f8a21c] 03:14:20 api-gateway ERROR circuit breaker OPEN 03:14:20 user-service ERROR upstream auth failure [trace: f8a21c] 03:14:20 user-service ERROR retry 1/3 failed 03:14:21 session-manager ERROR session store unreachable 03:14:21 session-manager WARN falling back to degraded mode [signal:silence] inventory-service - no events in 4m12s noise suppressed: 61,204 events | signal: 9 events | elapsed: 0.8s

Two Editions

Evaluate free.
Deploy when you need it running 24/7.

$999 / server / year

SiftLog Platform

The production-grade distribution. An always-on daemon that runs continuously against all your log sources, stores signal history, and surfaces failures the moment they propagate - on your terminal and on your phone.

  • Always-on daemon with full terminal UI
  • Cascade, anomaly, and silence detection
  • Persistent signal history (SQLite)
  • All six source adapters
  • REST API -- powers the free Android companion app
  • Air-gapped operation available
  • Binaries for Linux, macOS, Windows
See SiftLog Platform
Free - MIT License

SiftLog Open Source

The full correlation engine as a Go library and CLI. Review the source, evaluate the detectors against your own logs, or embed the library in your own tooling - no account required.

  • Full correlation engine - MIT license
  • Cascade, anomaly, and silence detectors
  • All six source adapters, open source
  • CLI for manual and scripted use
  • Embeddable Go library
  • No account, no signup, no credit card
View on GitHub

Why It Exists

Built at 2am. For 2am.

3am calls are the worst. Not because of the hour -- because everyone's looking at their own service and nobody knows where to start. My first thought was: what if you just tail everything at once and merge it by timestamp? If you can see all your services in a single time-ordered stream, the origin of a failure should be obvious.

"So I built that. Then I kept building. The Android app was the moment it clicked -- I saw a cascade signal on my phone before I had my laptop open. That felt like the whole point."

- Jeff Mutschler, M Media Software Lab
Request a Platform License Start with Open Source