Walkthrough

Search

One query surface across logs, metrics and traces.

Everything you collect is queryable through the same interface — application and system logs, host metrics, and traces. Because every field was named at collection time, you filter and aggregate on real field names, not on substrings you hope are stable.

One query surface

Queries read as a terse, piped chain: a filter, then stages that narrow, group and sort. Filter by severity, service, host or any named field; bucket over time; count, rate or percentile. It's the same language whatever you're querying — logs, host metrics or traces — so you learn it once and it reads identically across them; there's no separate tool or syntax to pick up per signal type.

The answer is in there

Nothing was sampled away or dropped to fit a budget, so search runs against the whole record, not a thinned-down sketch of it. Combined with the compression engine, that's the point of keeping everything: the question you didn't know to ask up front is still answerable after the fact.

How fast it is

Logs here are structured records, so the normal query is a structured-field filter — severity, service, host, a code — not a text grep. That's where it flies: on a 16.6-million-event corpus, equality filters over structured fields come back in 15–17 ms median server time. You don't tune indexes or decide what's queryable to get there; every field is already indexed.

Counting by a one-hour time window returns in about 138 ms. Broader tail/message text scans — the fallback, not the normal path — run longer, from a few hundred milliseconds into the low seconds; we're honest that those aren't the 15 ms case. (Server-side median over 30 runs, warm cache, single test machine.)

Where this is going: querying with an agent

Because every field is classified as it's ingested, Logpacer knows which ones carry personal data. The end goal we're building toward is letting you point the AI coding agent you already use at all of it — querying across logs, metrics and traces in natural language — while anything classified as personal data is held back and never leaves the EU. That interface is in active development. It isn't live yet, and we won't pretend it is.

source:sshd severity:>=warn last:1h live
12:04:01 web-03 sshd Failed password for invalid user admin
12:04:02 api-01 sshd Failed password for root from 203.0.113.7
12:04:03 db-02 sshd Disconnecting invalid user test: too many failures
12:04:04 gw-01 sshd error: maximum authentication attempts exceeded