I've been looking into making something like that myself. My beef with current platforms is that they are good for extracting metrics and routing logs to their correct team (by service/deployment/...) but not so much for analysis.
When there's a problem in my system, I want to bring up multiple views, manually annotate, highlight the new debug log statements I just added, mark events as good/bad from complicated rules, etc.
None of the current systems (except maybe Grafana+Loki) really do this, they focus on ahead-of-time ingestion rules and tags. I would love a desktop or web tool that can do that, working from a log file that I can easily extract from my log platform.
I think I know what you mean! It does feel like there's something missing in Splunk when it comes to analyzing issues.
When there's a problem at work it's usually easy to see that something is wrong on a dashboard, but when I want to drill down into it I usually end up with ten tabs of different searches and Grafana dashboards that I'm trying to correlate between manually.
I haven't fully formed any ideas about how to tackle this since there are still fairly basic features missing in Logsuck that I need to work on first but it's definitely something I'll be thinking more about in the future!
When there's a problem in my system, I want to bring up multiple views, manually annotate, highlight the new debug log statements I just added, mark events as good/bad from complicated rules, etc.
None of the current systems (except maybe Grafana+Loki) really do this, they focus on ahead-of-time ingestion rules and tags. I would love a desktop or web tool that can do that, working from a log file that I can easily extract from my log platform.