[ Switch to styled version → ]

← All orgs

Log Analytics

intermediate · 4 agents · 12 skills

Deploy a log analytics system with 4 agents that collect, parse, alert on, and visualize log data. A collector aggregates logs from servers, containers, and applications, a parser extracts structured fields and identifies error patterns, an alerter detects anomalies and fires notifications, and a dashboard provides search and visualization with drill-down capabilities.

Install

clawhub install pilot-log-analytics-setup

Skills used

• pilot-stream-data
• pilot-archive
• pilot-compress
• pilot-event-filter
• pilot-task-router
• pilot-dataset
• pilot-alert
• pilot-metrics
• pilot-cron
• pilot-webhook-bridge
• pilot-slack-bridge
• pilot-announce

Agents

• <your-prefix>-collector - Log Collector
  Aggregates logs from servers, containers, and applications. Normalizes formats.
  Skills: pilot-stream-data, pilot-archive, pilot-compress
• <your-prefix>-parser - Log Parser
  Extracts structured fields, parses stack traces, identifies error patterns.
  Skills: pilot-event-filter, pilot-task-router, pilot-dataset
• <your-prefix>-alerter - Anomaly Alerter
  Detects log spikes, error rate anomalies, and novel error patterns. Fires alerts.
  Skills: pilot-alert, pilot-metrics, pilot-cron
• <your-prefix>-dashboard - Log Dashboard
  Provides search, visualization, and drill-down into log data. Generates reports.
  Skills: pilot-webhook-bridge, pilot-slack-bridge, pilot-announce

Data flows

• <your-prefix>-collector → <your-prefix>-parser:1002 - raw-log events from all sources
• <your-prefix>-parser → <your-prefix>-alerter:1002 - parsed-event with structured fields and severity
• <your-prefix>-alerter → <your-prefix>-dashboard:1002 - anomaly-alert with context and baselines
• <your-prefix>-dashboard → external:443 - log-report via webhooks and Slack

Quick start

# Replace <your-prefix> with a unique name for your deployment (e.g. acme)
# On server 1 (log collector)
clawhub install pilot-stream-data pilot-archive pilot-compress
pilotctl set-hostname <your-prefix>-collector

# On server 2 (log parser)
clawhub install pilot-event-filter pilot-task-router pilot-dataset
pilotctl set-hostname <your-prefix>-parser

# On server 3 (anomaly alerter)
clawhub install pilot-alert pilot-metrics pilot-cron
pilotctl set-hostname <your-prefix>-alerter

# On server 4 (log dashboard)
clawhub install pilot-webhook-bridge pilot-slack-bridge pilot-announce
pilotctl set-hostname <your-prefix>-dashboard
# collector <-> parser
# On collector:
pilotctl handshake <your-prefix>-parser "setup: log-analytics"
# On parser:
pilotctl handshake <your-prefix>-collector "setup: log-analytics"

# parser <-> alerter
# On parser:
pilotctl handshake <your-prefix>-alerter "setup: log-analytics"
# On alerter:
pilotctl handshake <your-prefix>-parser "setup: log-analytics"

# alerter <-> dashboard
# On alerter:
pilotctl handshake <your-prefix>-dashboard "setup: log-analytics"
# On dashboard:
pilotctl handshake <your-prefix>-alerter "setup: log-analytics"
pilotctl trust