RocketGraph / FAQ

Frequently asked questions

What RocketGraph is, how the anomaly detection actually works, and how it connects to the observability stack you already run.

What is RocketGraph?

RocketGraph is an AI-powered observability platform. It ingests your logs (or connects to where they already live — Datadog, Sentry, Loki, Kibana, CloudWatch, Grafana), groups them into patterns, detects anomalies statistically, correlates co-firing errors into incidents, and answers questions about your production stack in Slack. When alerts fire, it can open a fix PR automatically.

Is RocketGraph a Datadog alternative?

It can be either a layer on top of Datadog or a replacement. Teams that keep Datadog point RocketGraph at it via API keys and get anomaly detection, pattern grouping, and incident correlation Datadog does not provide out of the box. Teams replacing Datadog run RocketGraph’s own OTLP ingestion and Loki-backed storage — typically at a fraction of the per-GB cost, with an on-prem option.

How does RocketGraph’s log anomaly detection work?

Each log message is normalized into a template (ids, numbers, IPs, and paths become placeholders), templates are clustered by similarity, and every cluster is tested statistically against its own historical baseline: Poisson tests for rate spikes and volume drops, novelty detection for never-seen-before patterns, and burstiness scoring. Anomalies that fire together in time are correlated into a single incident with a shared root cause extracted from the error payloads. No black-box ML — every flag comes with the numbers that justify it.

Which data sources does RocketGraph connect to?

Datadog (API + application keys), Sentry (org token), Grafana Loki (Grafana Cloud, self-hosted behind a reverse proxy, or same-network on-prem), Kibana/Elasticsearch, AWS CloudWatch, Grafana, ClickHouse, and native OTLP/HTTP ingestion for anything OpenTelemetry can ship — including a systemd/journald agent for bare-metal fleets.

How do I give RocketGraph access to my self-hosted Loki?

Three patterns: (1) Grafana Cloud — paste your logs endpoint, stack ID, and an access-policy token with logs:read. (2) Self-hosted behind a reverse proxy — expose the read path over HTTPS with Basic auth or a bearer token, plus X-Scope-OrgID for multi-tenant installs. (3) Fully on-prem — deploy RocketGraph inside your network next to Loki with no exposure at all; logs never leave your infrastructure.

Can RocketGraph run fully on-prem?

Yes. The entire platform ships as a self-hostable deployment that runs inside your network — dashboard, detection engine, and storage. This is the standard choice for teams whose logs cannot leave their infrastructure for compliance reasons.

What does "never look at logs again" mean in practice?

Instead of scrolling raw log streams, you get: a Patterns view where millions of lines collapse into a few dozen templates, an Anomalies view that only surfaces statistically significant deviations from baseline, incident groups that bundle co-firing errors with a root cause, and a Slack bot that answers questions like "why did checkout error at 2am" in natural language.

How is RocketGraph priced?

There is a free tier you can start on in about five minutes, and paid plans for teams. Because RocketGraph can sit on top of your existing tools or replace per-GB-priced SaaS ingestion with self-hosted storage, most teams reduce total observability spend.

Does RocketGraph replace my on-call workflow?

It shortens it. Alerts still fire through your existing channels, but each one arrives with the anomaly analysis attached: what pattern spiked, since when, which services co-fired, the extracted root cause, and — where the fix is mechanical — a ready-to-review pull request.

Still curious?

See RocketGraph vs Datadog, the startup guide, or start free — setup takes about five minutes.