Introducing Detective

Find the needle in the log haystack

Detective uses ML to surface the anomalies that matter from millions of noisy telemetry events.

View DemoSign up

Ingest from

Datadog
New Relic
Sentry
Loki
OpenTelemetry

Vectorize

& Cluster

DB Queries
HTTP
Auth
Cache
Normal clustersAnomalies
3 detected in 2.4M logs

Detected Anomalies

Sorted by anomaly score
-87ms before crashScore: 0.94

FATAL: connection pool exhausted, no available connections

-52ms before crashScore: 0.89

ERROR: timeout waiting for lock on payments_table

-12ms before crashScore: 0.76

WARN: retry limit exceeded for transaction abc123

87ms

Avg time to root cause

93%

Anomaly detection accuracy

11M

Total logs ingested

100k/s

Logs analyzed per second

K-means Clustering

Cluster logs to find what does not belong

Detective transforms your logs into high-dimensional vectors using embeddings, then clusters them by semantic similarity. Logs that fall far from any cluster are anomalies worth investigating. Click on any anomaly to see a snapshot of similar logs in its nearest cluster.

  • Converts logs to vectors using embeddings
  • Clusters by semantic similarity, not just keywords
  • Surfaces outliers far from normal patterns
  • Click anomalies to see cluster context
Log Vectorization Pipeline

Raw Logs

2.4M events

Embeddings

768-dim vectors

Clusters

42 groups

Sample cluster: DB Connection Errors

ERROR: connection refused to primary-db:5432
ERROR: connection timeout to replica-db:5432
ERROR: connection reset by peer primary-db
Isolation Forest Analysis
Contamination Score0.023%
d=2SIGSEGV in worker thread 7-0.89
d=3Stack overflow in recursive call-0.82
d=2OOM killer invoked for process-0.78
d=8Connection established to db-primary0.12
d=9Request processed in 45ms0.23

Lower depth = easier to isolate = more anomalous

Isolation Forest

Detect contamination in your log data

Isolation Forest is an unsupervised ML algorithm that isolates anomalies by randomly partitioning data. Anomalies are easier to isolate, requiring fewer splits. Detective uses this to find contamination - logs that do not fit the normal patterns of your system.

  • No training data required - fully unsupervised
  • Isolates anomalies with fewer random splits
  • Scores each log by isolation depth
  • Works on high-dimensional log vectors

The Detective Pipeline

From ingestion to alerting - how your logs flow through Detective

Ingest
DatadogDatadog
New RelicNew Relic
SentrySentry
LokiLoki
K8s Deploys
Analyze
ML Engine
K-means Clustering
Isolation Forest
Anomaly Scoring
Store
Data Lake

Clustered logs

Anomaly scores

Deploy context

Integrate
Webhooks

Claude agents

Custom bots

Slack/Discord

Alert
Alert Gate

Cheap LLM filter

Noise reduction

Smart routing

Pull logs from your existing observability stack and deployment events from Kubernetes

Vectorize, cluster, and score anomalies using K-means and Isolation Forest

Persist clustered data with deploy context for historical analysis

Send to your agents via webhooks - Claude, custom bots, or any integration

A lightweight LLM decides if an alert is worth sending to reduce noise

Simple, transparent pricing

Pay based on your log ingestion volume. Start free and scale as you grow.

Starter

For small projects and testing

$0/month
  • Up to 1M logs/month
  • K-means clustering
  • Isolation Forest detection
  • 7-day retention
  • Community support
Get started free
Most Popular

Pro

For growing teams

$200/month
  • Up to 50M logs/month
  • Everything in Starter
  • Webhook integrations
  • LLM alert filtering
  • 30-day retention
  • Priority support
Start 14-day trial

Enterprise

For large-scale deployments

Custom
  • Unlimited logs/month
  • Everything in Pro
  • Custom retention
  • SSO & SAML
  • Dedicated support
  • SLA guarantee
Talk to sales

Stop searching. Start finding.

Let Detective surface the anomalies that matter. No more manual log trawling during incidents.

View DemoSign up