Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Grafana Introduces ML Tool Sift to Improve Incident Response

Grafana Introduces ML Tool Sift to Improve Incident Response

Grafana Labs has introduced Sift, a feature for Grafana Cloud designed to enhance incident response management (IRM) by automating system checks and expediting issue resolution.

Sift automates various aspects of incident investigation, including identifying error log patterns, detecting Kubernetes container crashes, spotting overloaded hosts, monitoring recent deployments, tracking resource contention, and identifying slow requests. By conducting these checks, Sift provides valuable insights into potential issues within Kubernetes environments, helping engineers focus on resolving incidents efficiently.

Incident analysis detail with Sift

Grafana mention specific instances where Sift proved beneficial in internal incident response, such as identifying SSL certificate renewal errors and solving noisy neighbor problems by optimizing the launch process for hosted Grafana upgrades.

Sift is integrated into Grafana Incident -- a tool designed to help with collaboration during an incident. Sift can be automatically triggered in certain cases, such as when declaring an incident from a Grafana alert or when a dashboard is added to a Grafana Incident timeline. These triggers only fire automatically if relevant Kubernetes data is available. Users can however also manually initiate Sift investigations by specifying the Kubernetes cluster and namespace corresponding to their services.

Sift, powered by Grafana Machine Learning, is a part of the Grafana Incident & Response Management (IRM) suite. It is deeply integrated with the Grafana LGTM Stack, which includes Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for metrics, and automatically uses these sources of information for diagnostics.

Sift is currently available in Grafana Cloud and focuses primarily on Kubernetes environments. Grafana Labs plans to expand Sift's capabilities, introduce additional system checks, and offer more versatile use cases beyond Grafana IRM workflows.

Users are encouraged to integrate Sift into their incident response toolkit, explore its capabilities, and contribute to its ongoing improvement by referring to Sift documentation and engaging with the Grafana Labs Community Slack channel dedicated to incident management. Sift is in public preview within Grafana Cloud. For more detailed information, readers can refer to the full article on Grafana's website.

About the Author

Rate this Article