Investigate
Root-cause analysis on a service or pattern, and cross-pillar correlation between log patterns and APM / infra / business metrics via three deterministic primitives.
You
spike on payments-svc, what's driving it?
Log10x
Root cause: Payment_Gateway_Timeout jumped 200/min → 45,000/min at 14:30. CPU spike on db-replica-2 matches.
You
which metrics moved with the pattern?
Log10x
4 metrics moved (gap ≥ 15%): apm_request_duration_p99 (+68%), http_client_503 (+52%), db_connection_pool_active (+31%), apm_p50 (+18%).
You
rank them by shape similarity
Log10x
apm_request_duration_p99 Pearson=0.91 lag=0s · http_client_503 0.87 lag=−60s (leads) · db_pool 0.74 lag=+30s
| You ask | Example answer |
|---|---|
| spike on payments-svc — what's driving it? | Root cause: Payment_Gateway_Timeout jumped 200/min → 45,000/min at 14:30. |
| which metrics moved during the spike? | 4 metrics moved ≥ 15% gap. Step 1 of 3. |
| rank those by shape similarity | Pearson + lag ranked list. Step 2 of 3. |
overlay apm_p99 against the pattern |
Two aligned timeseries + peak_offset_seconds. Step 3 of 3. |
query apm_request_duration_p99 directly |
Direct passthrough to your Datadog / Grafana / Prometheus endpoint. |
| join key for logs ↔ metrics? | Found service (87% overlap). |
examples of Payment_Gateway_Timeout |
Live SIEM events, grouped by exact template, with slot values per match. |
Prerequisites
Investigate needs the Reporter deployed. The cross-pillar primitives (metrics_that_moved, rank_by_shape_similarity, metric_overlay, customer_metrics_query, discover_join) additionally need LOG10X_CUSTOMER_METRICS_URL pointing at your Grafana, Datadog, or Prometheus instance.