SiftLog - Open Source
The SiftLog correlation engine, all three signal detectors, and all log source adapters are open source and can be reviewed in full. The CLI is free. No account, no signup, no credit card. Run it against your logs right now.
Quick Start
One Go install command. No configuration file required for basic use. Pass your log files as arguments and the CLI starts correlating immediately.
Works against local log files out of the box. The same adapters that power the Platform daemon (Loki, CloudWatch, Elasticsearch, Datadog, Google Cloud Logging) are available in the library and usable from the CLI with a minimal YAML config.
Current release: v0.3.0
What Is Open Source
This is not a stripped-down evaluation build. The open source library is the production correlation engine. You can review exactly how it works, embed it in your own Go applications, and run the CLI in CI pipelines or post-mortem scripts without a license.
The full cascade detection engine - per-service sliding windows, trace ID correlation, propagation chain identification. Same code that runs in siftlogd.
Rolling baseline tracking and configurable multiplier thresholds for per-service error rate anomalies. Fully configurable via code or YAML.
Per-service event volume tracking with configurable drop threshold. Flags services that go quiet - a failure mode that dashboards consistently miss.
Loki, CloudWatch, Elasticsearch, Datadog, Google Cloud Logging, and local file adapters. All open source, all reviewable, all embeddable.
Pass log files directly on the command line. Use a YAML config for remote sources. No daemon, no UI, no license required. Useful in CI, scripts, and post-mortems.
Import the library directly in any Go application. The correlator and all detectors are designed to be embedded. Read the source, fork it, build on it.
Go Library
The library is designed to be imported directly. Build SiftLog into your own observability pipeline, CI test runner, or incident response tooling.
The Platform daemon (siftlogd) is built on top of this library and adds the always-on runtime, persistent signal storage, terminal UI, alerting integrations, and web interface. The library itself does not require a license.
Open Source vs Platform
The open source CLI is for evaluation and one-off use. The Platform daemon is for production - always-on, always correlating, with persistent history and alerting.
| Capability | Open Source CLI | SiftLog Platform |
|---|---|---|
| Cascade, anomaly, silence detection | Yes | Yes |
| All six source adapters | Yes | Yes |
| Run against local log files | Yes | Yes |
| Always-on daemon (siftlogd) | No | Yes |
| Terminal UI | No | Yes |
| Persistent signal history (SQLite) | No | Yes |
| Alerting (email, PagerDuty, Slack) | No - planned | Yes - planned |
| Web interface | No - planned | Yes - planned |
| License required | No - MIT | Yes - $990/server/year |
