Adding AI to Observability 2.0 for Dynamic Observability

The original premise of observability was to ensure system health, identify issues, and resolve those issues efficiently. As I recently outlined, the legacy approach (sometimes called Observability 1.0 now) relied heavily on metrics and tracing because logs were seen as too noisy or challenging. But, as most forward thinkers have identified now, logs are exactly the telemetry type that we need the most.

The varied strands of telemetry

While observability aims to answer simple questions like “Why is my application performance dipping?” or “How reliable is my infrastructure?” getting those answers requires a wide range of data sources. While metrics and traces can be a part of that, they’re akin to a strand or two of string when you need thousands to build and maintain your critical apps and user experiences. The main component of that? Unstructured logs.

Structured data is predictable, following predictable formats like CPU percentages or IP address fields, and it’s typically captured in JSON or XML. But the world isn’t static and nothing is less static than a contemporary microservice application. Technical teams grapple with constantly iterating and evolving services that don’t always conform to established structures or designs.

Unstructured log data can take many forms and come from a wide range of sources. Examples I often see include detailed error messages, free-form user feedback, chat transcripts, network traffic logs, IoT sensor data, and photos. I’ve even heard of a customer who ingests unstructured logs from a legacy system that sends a fax to email.

These unstructured logs contain crucial business context and are key to solving the toughest technical problems. The most fundamental unit of data, there’s a reason we at Sumo Logic call it the “atomic level of logs.” But they become even more valuable when combined with AI.

AI powered by a system of record built on unstructured logs

With a system of record built on logs, AI can see the big picture and surface insights to developers, security analysts, and operations professionals. With the ability to do this over unstructured log data, use cases can now be resolved that never could before. But it’s not just about a singular AI that learns and makes decisions, because one model simply isn’t accurate enough.

Instead, we need multiple, separate AIs that can judge each other’s assessments and provide a range of assumptions and interpretations. With varying levels of scrutiny and perspective, this multi-agent, composite AI approach can adapt to changing contexts with flexible intensity. Combining these together we get insights and accuracy that can change the entire approach to maintaining, optimizing, and securing applications.

Imagine seeing a service map that can instantly map 100s of microservice dependencies, not just those manually instrumented. One that shows all the areas that may be under strain or potentially stressed based on patterns in the data and application usage. Imagine identifying issues before they impact your end users, having them summarized quickly in plain language and then being walked through resolving them efficiently armed with automation.

When we leverage logs as the data source and continue to add more critical context, this becomes achievable.

AI will never replace what your technical teams can do. But it can provide them with a level of visibility and insight that makes their jobs easier and that provides connections that would otherwise be too labor-intensive to unearth. AI should empower your teams, from your most junior to experienced, with deep learning and deliver the answers they need to transform first responders into subject matter experts nearly overnight.

This is so much more than an “AI button”. It is tapping into a supportive neural network that can process quantities of data that were unimaginable when we first started talking about observability. This is a scope of vision that provides a whole new field of view.

Integrating generative AI into our unstructured logging DNA requires a fresh approach to observability. Stop worrying about telemetry. Just remove blind spots entirely and help your digital teams have what they need to deliver on the outcomes of observability. It’s time for applications that are reliable, optimized, and prepared for the hardest challenges the future may hold and a system that accelerates that without burdening your limited resources.

All of this is possible. I’m excited to share this innovation at AWS re:Invent.

Visit us at re:Invent and book your demo now. Not going? Discover how cloud-scale log data is powering AI at Samsung.