SkillAgentSearch skills...

Logclaw

LogClaw — Multi-tenant Helm chart monorepo for deploying the full log intelligence stack

GenerateConvertImprove

Install / Use

/learn @logclaw/Logclaw
About this skill

Quality Score

0/100

Category

Operations

Supported Platforms

Universal

README

LogClaw

AI SRE that deploys in your VPC. Real-time anomaly detection, trace-correlated incident tickets, and AI root cause analysis — your logs never leave your infrastructure.

<p align="left"> <img src="https://img.shields.io/badge/license-Apache%202.0-green" /> <img src="https://img.shields.io/badge/helm-3.x-blue?logo=helm" /> <img src="https://img.shields.io/badge/kubernetes-1.27%2B-blue?logo=kubernetes" /> <img src="https://img.shields.io/badge/docker-compose-blue?logo=docker" /> <a href="https://console.logclaw.ai"><img src="https://img.shields.io/badge/try-managed%20cloud-orange" /></a> </p> <p align="center"> <img src="docs/screenshots/overview.png" alt="LogClaw Dashboard — real-time log monitoring with AI anomaly detection" width="800" /> </p>

TL;DR — Try It

Option A: Managed Cloud (no install — fastest)

Try the full experience instantly at console.logclaw.ai — includes AI root cause analysis, API key management, multi-tenant isolation, and the complete incident pipeline. No Docker required.

Option B: Docker Compose (self-hosted, no Kubernetes)

curl -O https://raw.githubusercontent.com/logclaw/logclaw/main/docker-compose.yml
curl -O https://raw.githubusercontent.com/logclaw/logclaw/main/otel-collector-config.yaml
docker compose up -d

Open http://localhost:3000 — the LogClaw stack is running:

  • Dashboard (:3000) — incidents, log ingestion, config
  • OTel Collector (:4317 gRPC, :4318 HTTP) — send logs via OTLP
  • Bridge (:8080) — anomaly detection + trace correlation
  • Ticketing Agent (:18081) — AI-powered incident management
  • OpenSearch (:9200) — log storage + search
  • Kafka (:9092) — event bus

All images are pulled from ghcr.io/logclaw/ — no registry auth required.

Note: The local stack runs in single-tenant mode with LLM-powered root cause analysis disabled. For AI RCA, API key management, and multi-tenant isolation, use the managed cloud or deploy to Kubernetes with LLM_PROVIDER=claude|openai|ollama.

Option C: Kind Cluster (full Kubernetes stack)

git clone https://github.com/logclaw/logclaw.git && cd logclaw
./scripts/setup-dev.sh

This creates a Kind cluster, installs all operators and services, builds the dashboard, and runs a smoke test. Takes ~20 minutes on a 16 GB laptop.

Container Images

All LogClaw images are published to GHCR as public packages:

| Service | Image | Latest Stable | |---------|-------|---------------| | Dashboard | ghcr.io/logclaw/logclaw-dashboard | stable / 2.5.0 | | Bridge | ghcr.io/logclaw/logclaw-bridge | stable / 1.3.0 | | Ticketing Agent | ghcr.io/logclaw/logclaw-ticketing-agent | stable / 1.5.0 | | Flink Jobs | ghcr.io/logclaw/logclaw-flink-jobs | stable / 0.1.1 |

Pull any image directly:

docker pull ghcr.io/logclaw/logclaw-dashboard:stable

See It in Action

<table> <tr> <td align="center"><b>Incident Management</b></td> <td align="center"><b>AI Root Cause Analysis</b></td> </tr> <tr> <td><img src="docs/screenshots/incidents.png" alt="Incident list with severity and blast radius" width="400" /></td> <td><img src="docs/screenshots/ai-analysis.png" alt="AI-powered root cause analysis" width="400" /></td> </tr> <tr> <td align="center"><b>Log Ingestion</b></td> <td align="center"><b>Dashboard Overview</b></td> </tr> <tr> <td><img src="docs/screenshots/ingestion.png" alt="OTLP log ingestion pipeline" width="400" /></td> <td><img src="docs/screenshots/overview.png" alt="LogClaw dashboard overview" width="400" /></td> </tr> </table>

Live demo: console.logclaw.ai | Video walkthrough: logclaw.ai

Open Source vs Cloud vs Enterprise

| Capability | Open Source (free) | Cloud ($0.30/GB) | Enterprise (custom) | |---|---|---|---| | Log Ingestion (OTLP) | Unlimited | 1 GB/day free | Unlimited | | Anomaly Detection | Z-score statistical | Z-score + ML pipeline | Z-score + ML + custom models | | AI Root Cause Analysis | BYO LLM (Ollama/OpenAI/Claude) | Included | Included + fine-tuned models | | Incident Ticketing | PagerDuty, Jira, ServiceNow, OpsGenie, Slack, Zammad | All 6 platforms | All 6 + custom connectors | | Dashboard | Full UI (logs, incidents, config) | Full UI + hosted | Full UI + white-label option | | Authentication | None (open access) | Clerk OAuth + org management | SSO (SAML/OIDC) + RBAC | | Multi-tenancy | Single tenant | Multi-org, multi-project, multi-env | Full namespace isolation per tenant | | API Keys | N/A | Per-project, SHA-256 hashed, revocable | Per-project + custom scoping | | Data Residency | Your infrastructure | LogClaw-managed cloud | Your VPC (AWS/Azure/GCP) | | Secrets Encryption | At rest (OpenSearch) | At rest + in transit | AES-256-GCM for secrets + full TLS | | Config Management | Env vars | 6-tab settings UI | UI + API + GitOps | | Retention | Configurable via Helm | 9-day logs, 97-day incidents | Custom retention policies | | Air-Gapped Mode | Yes (Zammad + Ollama) | No | Yes | | MCP Server | Self-hosted | Hosted (mcp.logclaw.ai) | Both | | Support | GitHub Issues | Email (support@logclaw.ai) | Dedicated SRE team + SLA | | Pricing | Free forever (Apache 2.0) | $0.30/GB ingested | Custom |

No per-seat fees. No per-host fees. AI features included at every tier.

<p align="center"> <a href="https://console.logclaw.ai"><b>Start Free (Cloud)</b></a> &nbsp;|&nbsp; <a href="#tldr--try-it"><b>Deploy from GitHub (OSS)</b></a> &nbsp;|&nbsp; <a href="https://calendly.com/robelkidin/logclaw"><b>Book a Demo (Enterprise)</b></a> </p>

Architecture

All components below are included in every tier — Open Source, Cloud, and Enterprise.

LogClaw Stack (per tenant, namespace-isolated)
│
├── logclaw-auth-proxy       API key validation + tenant ID injection
├── logclaw-otel-collector   OpenTelemetry Collector (OTLP gRPC + HTTP)
├── logclaw-ingestion        Vector.dev edge ingestion (optional)
├── logclaw-kafka            Strimzi Kafka 3-broker KRaft cluster
├── logclaw-flink            ETL + enrichment + anomaly scoring
├── logclaw-opensearch       OpenSearch cluster (hot-tier log storage)
├── logclaw-bridge           OTLP ETL + trace correlation + lifecycle manager
├── logclaw-ml-engine        Feast Feature Store + KServe/TorchServe + Ollama
├── logclaw-airflow          Apache Airflow (ML training DAGs)
├── logclaw-ticketing-agent  AI-powered RCA + multi-platform ticketing
├── logclaw-agent            In-cluster infrastructure health collector
├── logclaw-dashboard        Next.js web UI (ingestion, incidents, config, dark mode)
└── logclaw-console          Enterprise SaaS console (multi-tenant)

Data flow: Logs → Auth Proxy (API key + tenant injection) → OTel Collector (OTLP ingestion) → Kafka → Bridge (ETL + anomaly + trace correlation) → OpenSearch + Ticketing Agent → Incident tickets

All charts are wired together by the logclaw-tenant umbrella chart — a single helm install deploys the full stack for one tenant.

Quick Start (Production / ArgoCD)

Prerequisites

One-time cluster setup (operators, run once per cluster):

helmfile -f helmfile.d/00-operators.yaml apply

Onboard a new tenant

  1. Copy the template:

    cp gitops/tenants/_template.yaml gitops/tenants/tenant-<id>.yaml

  2. Fill in the required values (tenantId, tier, cloudProvider, secret store config).

  3. Commit and push — ArgoCD will detect the new file and deploy the full stack in ~30 minutes.

Manual install (dev/staging)

helm install logclaw-acme charts/logclaw-tenant \
  --namespace logclaw-acme \
  --create-namespace \
  -f gitops/tenants/tenant-acme.yaml

Running Locally (Step by Step)

Prefer the one-command setup? Run ./scripts/setup-dev.sh and skip to Step 6.

Prerequisites

# macOS (Homebrew)
brew install helm helmfile kind kubectl node python3

# Helm plugins
helm plugin install https://github.com/databus23/helm-diff
helm plugin install https://github.com/helm-unittest/helm-unittest

# Docker Desktop must be running
open -a Docker

1 — Create a local Kubernetes cluster

make kind-create

Verify:

kubectl cluster-info --context kind-logclaw-dev

2 — Install cluster-level operators

make install-operators

Wait for operators to be ready (~3 min):

kubectl get pods -n strimzi-system -w
kubectl get pods -n opensearch-operator-system -w

3 — Install the full tenant stack

make install TENANT_ID=dev-local STORAGE_CLASS=standard

This deploys all 16 helmfile releases in dependency order. Monitor progress:

watch kubectl get pods -n logclaw-dev-local

| Time | Milestone | |---|---| | T+2 min | Namespace, RBAC, NetworkPolicies | | T+6 min | Kafka broker ready | | T+10 min | OpenSearch cluster green | | T+15 min | Bridge + Ticketing Agent running | | T+20 min | Full stack operational |

4 — Build and deploy the Dashboard

The dashboard requires a Docker image build:

docker build -t logclaw-dashboard:dev apps/dashboard/
kind load docker-image logclaw-dashboard:dev --name logclaw-dev

helm upgrade --install logclaw-dashboard-dev-local charts/logclaw-dashboard \
  --namespace logclaw-dev-local \
  --set global.tenantId=dev-local \
  -f charts/logclaw-dashboard/ci/default-values.yaml

5 — Access the services

# Dashboard (main UI)
kubectl port-forward svc/logclaw-dashboard-dev-local 3333:3000 -n logclaw-dev-local
open http://localhost:3333

# OpenSearch (query API)
kubectl port-forward svc/logclaw-opensearch-dev-local 9200:9200 -n logclaw-dev-local

# Airflow (ML pipelines)
kubectl port-forward svc/logclaw-airflow-dev-local-webserver 8080:8080 -n l

logclaw

View profile

View on GitHub
GitHub Stars79
CategoryOperations
Updated1d ago
Forks5
logclaw/logclaw

Languages

TypeScript

Security Score

80/100

Audited on Apr 2, 2026

No findings