Smart log analysis for Russian businesses. Collect, search, visualize, and alert on machine data across your entire infrastructure — from on-premise servers to cloud-native microservices.
LogTrace ships as four tightly integrated modules. Each one solves a distinct problem in the log-management lifecycle, and together they eliminate the need for stitching together disparate open-source tools.
Deploy the LogTrace Agent (available for RHEL, Debian, Windows Server, and Docker) on any host. The agent tails files, reads Windows Event Logs, and forwards structured JSON over TLS to your cluster. Supports multi-line log parsing for Java stack traces, Go panic dumps, and nginx error logs out of the box. Handles up to 50 GB/day per agent node with backpressure buffering.
Query terabytes of indexed logs with a Lucene-compatible DSL. Search by keyword, regex, field value, or time range. Saved searches, shared dashboards, and query autocomplete reduce mean-time-to-insight. Boolean operators, wildcard matching, and the `grep`-style quick filter let SREs zero in on a specific request ID or error code in seconds.
Build real-time dashboards with pre-built widgets: time-series charts, heatmaps, top-N breakdowns, and log-stream panels. Drag-and-drop layout editor. Export to PNG or PDF for incident post-mortems. Template library includes Nginx throughput, PostgreSQL slow-query trends, and Kubernetes pod restart frequency.
Define alert rules based on log volume anomalies, regex matches, or threshold breaches. Channels include Telegram, Slack, email, and webhook POST to your internal incident manager. Built-in deduplication and cooldown windows prevent alert fatigue. Escalation policies route P1 events to on-call engineers within 60 seconds.
An honest feature comparison so you can see where LogTrace fits in the observability landscape. All data based on vendor documentation and independent benchmarks as of Q2 2025.
| Feature | LogTrace | ELK Stack | Splunk |
|---|---|---|---|
| Deployment model | On-premise, air-gapped, or private cloud | Self-hosted or Elastic Cloud | SaaS or self-managed Splunk Enterprise |
| Ingestion throughput (per node) | 50 GB/day | ~30 GB/day (Elasticsearch) | ~60 GB/day (heavy forwarder) |
| Search query language | Lucene-compatible DSL + quick filter | Lucene + KQL (Kibana) | SPL (Splunk Processing Language) |
| Dashboard builder | Drag-and-drop, 12 widget types | Kibana Canvas / Lens | Splunk Dashboard Studio |
| Alert channels | Telegram, Slack, email, webhook | Webhook, email (via Watcher) | PagerDuty, Slack, email, SMS |
| Licensing | Subscription per GB ingested | SSPL / Elastic subscription | Per-GB ingestion license |
| Regulatory compliance (RU) | FSTEC-certified, data residency guaranteed | No FSTEC certification | No FSTEC certification |
| Support SLA | 4-hour response (Business), 1-hour (Enterprise) | Community or paid Elastic support | 24/7 paid support tiers |
| Estimated TCO (100 GB/day, 3 nodes) | ~₽2.1M/year | ~₽1.4M/year (self-managed) + ops overhead | ~₽5.8M/year |
LogTrace trades raw ingestion scale for regulatory compliance, lower total cost of ownership in Russian data centers, and a simpler operational footprint. If your stack runs on-premise or in a sovereign cloud, LogTrace typically requires fewer engineering hours to maintain than a self-hosted ELK cluster.