As systems and workloads become increasingly abstracted, the velocity, frequency, and variety of data continues to multiply at exponential rates. At one time, many years ago, it was sufficient for administrators to simply log into servers that were unresponsive and comb through a handful of log files in order to determine root cause analysis (RCA).
Today, for example, in OpenStack, there are more than 15 different log files created by OpenStack control plane servers, as well as multiple unique logs in each of the compute servers. All of these logs, combined with logs from the operating systems, routers, switches, load balancers, WAN compressors equals a mountain of data to search in order to find a true incident RCA. The voracity, velocity and volume of data to search through manually decreases...