Earlier this week, Karl Evans and I hosted a webinar covering automated observability – one of Edge Delta’s core use cases. Through automated observability, DevOps and SRE teams can eliminate manual toil, spot unknown unknowns, and investigate root causes faster. In the webinar, we walked through the features that enable these benefits.
You can watch the entire event here.
In the meantime, I wanted to summarize three key takeaways from the webinar.
1. Overly manual engineering practices create blind spots
Traditional, centralized observability platforms often require engineers to define queries, dashboards, and alerts to detect anomalies and other irregularities. This approach is great for spotting patterns you’re aware of and have had time to build monitoring logic to detect. But what about surfacing anomalies you’ve never seen before?
One of our customers faced this issue – a services provider that uses Sumo Logic as its centralized observability platform. In this instance, they experienced a significant system outage that caused multiple Kubernetes microservices to fail, including their Redis and RabbitMQ deployments and other internal services. The outage resulted in a massive spike in timeouts, disconnects, exceptions, and various errors.
Thankfully, this customer streamed its logs through Edge Delta before being centralized in Sumo Logic. Edge Delta’s machine learning capabilities automatically detected and alerted on the issue as it occurred, highlighting both the root cause and the components involved.
How does Edge Delta enable this level of visibility? That brings us to point number two…
2. Edge Delta analyzes all your logs all the time
Typically, engineers will store logs in a centralized database and then run pre-defined queries against those datasets. As was the case with the example above, this approach has inherent limitations – what if you didn’t think to monitor a specific log pattern?
Edge Delta flips this traditional approach to observability on its head. You can think of Edge Delta’s approach as an upside-down database, where the platform creates queries based on your log messages, and the queries run against each new logline. In doing so, Edge Delta’s agent automatically detects patterns based on the variants and invariants within your log messages. The patterns are presented to the engineer instead of all raw logs, enabling a complete yet consumable view into multi-petabyte-scale datasets.
Edge Delta analyzes all of your logs all of the time – not just ones that match the pre-defined query in a centralized setup.
3. Converting logs into time-series metrics makes it easy to pinpoint anomalies
As Edge Delta analyzes your logs, they are matched with log patterns. As this happens, the patterns forming the query are updated, and over a period of time, they become time-series metrics.
Time-series metrics are insightful in observability because the peaks and valleys make it easy to identify issues. This is especially true when it comes to large volumes of data. Karl wrote about this concept in-depth earlier in the week if you’d like to learn more.
Edge Delta’s agents use these time-series metrics to generate alerts when patterns in your logs become anomalous. At this point, they trigger an Anomaly Capture, dynamically routing raw logs to your centralized observability platform, giving engineers rich context into the issue. This feature, combined with our Findings Report – which shows the root cause of the issue and affected systems or components – significantly accelerates investigations.
Thanks to all of the folks that attended this webinar live. And for those of you who weren’t able to catch it, we invite you to watch the presentation on-demand here.