Pick your starting point.

Hosted quickstart →

Sign up, get a personal access token, create a monitor.

Self-host quickstart →

Run the full stack on your own host.

OpenAPI spec →

Machine-readable spec — generate a typed client in any language.

The agent API, in 6 features →

Rate-limit headers, signed event webhooks, scoped tokens, idempotency, error codes, tool-format URLs.

API reference →

PAT auth, base URL, 24 scopes, error codes, rate limits, curl + TS + Python examples.

Operational context graph →

Resolve entities, walk evidence-ranked neighborhoods, get an incident blast-radius. Read API + MCP tools, behind context:read.

Interactive OpenAPI →

Every endpoint with schemas + try-it-now, rendered live from the spec the API publishes.

Heartbeats / cron jobs →

Receive URL spec, two-step token retrieval, end-to-end agent example.

Event webhook subscriptions →

Subscribe to incident.opened / acknowledged / resolved / monitor.status_changed / log_alert.fired. Signed delivery, retry, auto-disable, full delivery log.

Verify webhook signatures →

HMAC-SHA256 signature recipe with Node, Python, and Go examples. Same scheme for per-monitor alerts AND event subscriptions.

Send your first event →

Pick a source. Ship in five minutes. JSON, NDJSON, OpenTelemetry, anything that speaks syslog.

Search & live tail →

Type the words you remember. Live-tail at sub-100ms. KQL-lite when you need filters.

Auto-extracted facets →

Every primitive JSON field becomes a click-to-filter chip. No schema to declare.

Pattern grouping →

Collapse 10,000 similar lines into one template. Numbers, UUIDs, IPs, timestamps all normalize.

Error tracking →

Stack-trace fingerprinting. JS, Python, Java, Go, generic ERROR/FATAL. See each bug once.

Log-derived metrics →

Save any search as a time-series. Chartable, alertable, free.

Anomaly alerts →

Spike-vs-baseline when "normal" varies by service. No ML to tune.

Threshold alerts →

Page on-call when N matches in W seconds. Same routing as your monitors.

AWS CloudWatch / Lambda →

Subscription filter → Firehose → us. Lambda, ECS, EKS, RDS, anything CloudWatch-logged.

Heroku →

One `heroku drains:add` and every dyno log line flows. No buildpack, no SDK.

Vercel →

Paste the drain URL. Lambda, edge, static, build logs — all of them.

Docker daemon →

Switch the log-driver to syslog. Daemon-wide or per-container. No agent.

systemd-journald →

Mount /var/log/journal into our collector. Every unit, with severity preserved.

24observe collector →

One Docker container for syslog, fluentforward, OTLP. The "everything else" path.

Check types →

The check primitives and when to use each.

Status pages →

Public, slugged, optionally on your custom domain.

Trust commitments →

What we promise about your data.

Incident response runbook →

What to check, in what order, when something is wrong.

Slack / Discord / Telegram / Teams →

Paste an incoming webhook URL — done.