Joyful Logging!

😢 Isn't it sad that log aggregation, search, and visualization isn't a solved problem in 2025!?! Taming logs is a chore!

Over the years, we've tried it all:

• Grepping in-place logs simultaneously across countless machines
• Shipping files to NFS and manually grepping through it
• Baby-sitting our own elastic clusters with TBs of logs 😫
• 💥 Watching elastic break during unexpected app load spikes, and then not having logs to discover why 😡
• Waiting forever ⏳ to visualize queries with billions of hits
• Paying a small fortune 💰 every month for a cloud log service (and then having to aggressively filter out data and reduce retention to keep costs down)
• Wrestling with field configs and manual parsing rules 🛠️

Sound familiar?

SparkLogs is a cloud-first log management platform that is limitless (petabyte-scale), easy (schemaless + auto-extract), affordable (ingest everything), and a joy to use (cross-platform modern UX).

Design Principles

Ingestion should be "point and shoot"

• Schemaless:
  • Capture arbitrarily complex JSON data with each log event.
  • Fields don't have to be configured, just send data.
  • Infinite custom fields.
• AutoExtract: Stop wasting time manually configuring fields and complex parsing rules!
  • Our engine automatically extracts semi-structured (e.g., key=value) and JSON data embedded in your text log messages into custom fields.
  • IP addresses, timestamps, and bracketed values are automatically extracted and collected into custom arrays (x.ips[], x.ts[], x.b[]), for easy filtering later.
  • Field types (numeric, timestamp) are automatically detected based on content.
  • Instantly try it out in the AutoExtract simulator!
• AutoClassify: Automatic categorization of your log messages, unlocking insights in patterns in your logs.
• Minimal Configuration: Convention >> Configuration! A system should be smart and adapt to the way you work.
  • Standard fields (timestamp, severity, facility, source, app, message) are automatically detected and mapped from industry-standard log schemas: syslog, OpenTelemetry, Elastic Common Schema, vector, Windows Event Log, AWS CloudTrail, Google Cloud Logging, HEC (Splunk), zap, and log4j.
• Open: Capture logs using your preferred agent, such as Vector, Fluent Bit, OpenTelemetry Collector, or any agent that can ship logs to an HTTPS endpoint.
  • Dozens of sources are available, including files, Kubernetes, journald, syslog, Kafka, Docker, AWS SQS, GCP PubSub, and more.
  • Network syslog is easy to collect by forwarding through a Vector or Fluent Bit agent.
• Scalable: Cloud-first in every way, our serverless design combines with the power of BigQuery to deliver lightning fast, petabyte-scale observability at an unbelievably low cost.
• Hierarchical: Organize data captured from different environments (dev, QA, staging, production), geographic region, or different organizational units (business units, MSP clients) into hierarchies (e.g., production/app1/europe).
  • Enforce least-privilege access by restricting users' scope of access based on hierarchy.
  • Hierarchies can be rearranged at any time to fit your needs.

Log search and analysis should be a joy

• Robust: Use LQL, the Lightning Query Language, for SQL-like, type-aware data querying.
• Visual: Interactive histograms to effortlessly explore patterns across billions of events.
• Powerful: Navigate and browse huge result sets, even with billions of matches.
• Fast: Local 'zoom-in', filtering, search, and export for snappy investigations.
• Modern: A clean, realtime UX that works for you.
• Anywhere, Anytime: Access via the web, or native apps for MacOS, Windows, Linux, iOS, and Android.
• Scalable: Built on BigQuery with accelerated indexes: query petabytes in seconds!

Enterprise ready

• Role-based Access Control: Enforce least-privilege access, and give different users access to only the scope of data and level of access they should have.
• Data Encryption: All data is encrypted in-transit and at rest.
• Data Security: Our cloud operates on Google-managed services within an enterprise-foundations deployment of the Google Cloud; our serverless design means that all infrastructure is continually updated and secured by Google; all changes to production are managed by IaC through a secured workflow.
• Private Cloud: Optionally store/process data in your own Google Cloud tenant for greater control, compliance, and cost savings.
• SSO: 🚧🚧 Coming Soon! 🚧🚧 Option to login using Azure AD or Google credentials, standard in every plan.