superlog
Superlog is an open-source observability platform that ingests OpenTelemetry traces, logs, and metrics, then uses AI agents to automatically group alerts into incidents and investigate issues. It runs self-hosted with a web UI, API, and background workers, backed by Postgres and ClickHouse.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | superloglabs/superlog |
| Owner | superloglabs |
| Primary language | TypeScript |
| License | Apache-2.0 — OSI-approved |
| Stars | 998 |
| Forks | 74 |
| Open issues | 42 |
| Latest release | Unknown |
| Last updated | 2026-07-08 |
| Source | https://github.com/superloglabs/superlog |
What superlog is
TypeScript-based monorepo (Node.js 20+, pnpm) with Vite/React frontend, HTTP API, OTLP intake proxy, Drizzle ORM schema, and pluggable agent runner architecture. Stores telemetry in ClickHouse with incident grouping and background job processing via worker processes.
Get the superlog source
Clone the repository and explore it locally.
git clone https://github.com/superloglabs/superlog.gitcd superlog# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires Node.js 20+ and pnpm 9+; Docker for local development stack includes Postgres and ClickHouse—plan resource allocation and DB tuning for production scale.
- OTLP intake runs on port 4101; integration assumes existing instrumentation (OpenTelemetry SDK) in your services; no auto-instrumentation documented.
- Agent runner architecture is pluggable; custom investigation logic is possible but the 'community' agent runner is local-only (no external API calls) per design.
- Incident grouping logic and fingerprinting are in-process; performance at scale (millions of spans/logs) depends on ClickHouse configuration and query optimization.
- No release versioning yet; pulling main branch means accepting frequent changes; consider pinning commits or waiting for first stable release.
When to avoid it — and what to weigh
- Require production-ready stability and long release history — Project created June 2026 with no tagged releases yet; active development but insufficient track record for mission-critical systems without thorough vetting.
- Need comprehensive vendor support and SLAs — Community-driven open-core; hosted Superlog Cloud exists but support model and uptime guarantees for self-hosted edition are not documented in provided data.
- Expect mature ecosystem of third-party integrations — Early-stage project (998 stars, ~1 month old); limited adoption means fewer battle-tested integrations, plugins, and community extensions available.
- Need out-of-the-box enterprise security compliance (SOC2, HIPAA, etc.) — Security posture, audit trails, RBAC enforcement, and compliance certifications are not documented; requires independent security review before regulated use.
License & commercial use
Apache License 2.0 (permissive OSI license). Covers the full community edition: web app, API, proxy, workers, schema, and fingerprinting library. Source is freely available and modifiable.
Apache 2.0 permits commercial use, modification, and distribution provided you retain the license and copyright notices and provide a copy of the license. No proprietary exceptions noted. However, any modifications or derived distributions must also be licensed under Apache 2.0 (copyleft clause applies to modifications). Verify with your legal team for complex commercial scenarios. Hosted Superlog Cloud (pay-as-you-go) is a separate commercial offering.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Limited |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | Medium |
No security audit, threat model, vulnerability disclosure process, or compliance certifications documented. OTLP intake proxy and agent runner architecture introduce code execution surface (custom agent runtimes); isolation and sandboxing strategy unknown. Self-hosted deployments require standard database and API hardening (TLS, auth, RBAC). Community edition has no role-based access control documented; requires independent assessment before sensitive data ingestion.
Alternatives to consider
Grafana Loki + Prometheus + Tempo (open-source stack)
Mature, separate components; wider adoption and ecosystem; no AI grouping but proven observability foundation; steeper integration burden.
Datadog / New Relic (hosted SaaS)
Production-hardened AI-powered incident correlation; vendor support and compliance; no self-hosting; higher cost; vendor lock-in.
Splunk or Elastic Stack (self-hosted or SaaS)
Enterprise observability with mature alert correlation; broader data source support; higher operational complexity and licensing cost.
Build on superlog with DEV.co software developers
Spin up the Docker Compose stack locally, review the architecture and agent customization options, and assess readiness for production against your security and compliance requirements.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
superlog FAQ
Can I run Superlog entirely on-premises?
What data sources does it ingest?
How does the AI agent investigation work?
Is there commercial support available?
Software developers & web developers for hire
DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If superlog is part of your open-source observability roadmap, our team can implement, customize, migrate, and maintain it.
Ready to evaluate Superlog for your team?
Spin up the Docker Compose stack locally, review the architecture and agent customization options, and assess readiness for production against your security and compliance requirements.