SiftLog by M Media Software Lab

Stop reading logs.
Start reading signals.

SiftLog ingests log streams from every source simultaneously, merges them into a single time-ordered stream, and tells you which service failed first - before any engineer on the bridge call finishes their first log query.

SiftLog Platform - $999/server/yr Open Source on GitHub
61,204
events processed
9
lines worth reading
0.8s
to failure origin
6
log source adapters

The Problem

The dashboard says something is wrong.
It does not say what.

When a production incident fires at 3am, you have engineers on a bridge call and log streams from a dozen services scrolling in separate windows. The dashboard says latency is up and error rate is spiking. It does not tell you which service failed first. It does not tell you whether this is a cascade from an upstream dependency.

Every engineer on that call is manually reading logs, comparing timestamps across systems with different clock configurations, trying to reconstruct a timeline inside their head. This takes 20 to 40 minutes in a well-run organization.

SiftLog eliminates those 20 to 40 minutes.

What the Output Looks Like

61,204 events.
9 lines that matter.

SiftLog processes all 20 sources simultaneously. The 61,204 log events from 16 healthy services are suppressed. The 9 events that explain the failure are surfaced in order, with the origin service identified, in 0.8 seconds.

The cascade origin is auth-service. The propagation chain is named. The silence flag on inventory-service - a separate unrelated issue - is surfaced automatically. Without SiftLog, it would have been invisible until someone noticed the service was gone.

siftlogd - 20 sources
[signal:cascade] auth-service -> api-gateway -> user-service -> session-manager 03:14:19 auth-service ERROR db pool exhausted (pool=50, waiting=312) 03:14:19 auth-service ERROR token timeout [trace: f8a21c] 03:14:19 api-gateway ERROR auth-service unavailable [trace: f8a21c] 03:14:20 api-gateway ERROR circuit breaker OPEN 03:14:20 user-service ERROR upstream auth failure [trace: f8a21c] 03:14:20 user-service ERROR retry 1/3 failed 03:14:21 session-manager ERROR session store unreachable 03:14:21 session-manager WARN falling back to degraded mode [signal:silence] inventory-service - no events in 4m12s noise suppressed: 61,204 events | signal: 9 events | elapsed: 0.8s

Two Editions

Evaluate free.
Deploy when you need it running 24/7.

$999 / server / year

SiftLog Platform

The production-grade distribution. An always-on daemon that runs continuously against all your log sources, stores signal history, and surfaces failures the moment they propagate.

  • Always-on daemon with full terminal UI
  • Cascade, anomaly, and silence detection
  • Persistent signal history (SQLite)
  • All six source adapters
  • Air-gapped operation available
  • Binaries for Linux, macOS, Windows
See SiftLog Platform
Free - MIT License

SiftLog Open Source

The full correlation engine as a Go library and CLI. Review the source, evaluate the detectors against your own logs, or embed the library in your own tooling - no account required.

  • Full correlation engine - MIT license
  • Cascade, anomaly, and silence detectors
  • All six source adapters, open source
  • CLI for manual and scripted use
  • Embeddable Go library
  • No account, no signup, no credit card
View on GitHub

Why It Exists

Built at 2am. For 2am.

Dashboards are good at "something is wrong." They are not built for "I know what is wrong and which service caused it." That second thing requires reading logs across services in time order - which every engineer has done manually at 2am at some point.

"I spent three years complaining about the gap between 'the dashboard says something is wrong' and 'I know what is wrong.' I built SiftLog at 2am on a Tuesday when I couldn't sleep and the problem was still interesting. If it helps you, it was worth the Tuesday."

- Jeff Mutschler, M Media Software Lab
Request a Platform License Start with Open Source