Search AI vendor Elastic which makes an open source platform for high-performance search, context engineering, and AI, has announced that Elastic 9.2 contains Streams, a new agentic AI-powered solution that rethinks how teams work with logs to enable much faster incident investigation and resolution. Streams uses AI to automatically partition and parse raw logs to extract relevant fields, greatly reducing the effort required of Site Reliability Engineers to make logs usable. Streams also automatically surfaces significant events such as critical errors and anomalies from context-rich logs, giving the Site Reliability Engineers [SRE] early warnings and a clear understanding of their workloads, enabling them to investigate and resolve issues faster.
“Logs just became your most valuable asset, thanks to Streams, a new feature we announced today in Elastic 9.2,” said Ken Exner, Chief Product Officer at Elastic.
Exner referred to the problem of SREs often being overwhelmed by dashboards and alerts that show what and where things are broken, but fail to reveal why. This industry-wide focus on visualizing symptoms forces engineers to manually hunt for answers. The crucial “why” is buried in logs, but their massive volume and unstructured nature have led the industry to toss them aside or treat them as lesser. This has forced teams into costly tradeoffs – either spend countless hours building complex data pipelines, drop valuable log data and risk critical visibility gaps, or log and forget.
Streams directly addresses this challenge by reimagining the entire log pipeline. It leverages the Elasticsearch platform to combine AI-driven parsing, which automatically adapts to new log formats. Instead of forcing SREs to comb through noise, Streams automatically surfaces significant events, such as out-of-memory errors, internal server failures, and critical startup or shutdown messages. These events act as actionable markers, providing a clear investigative focus and an early warning before a service impact occurs.
“For too long, SREs have been forced to treat logs as a noisy, expensive last resort for investigations,” Exner said. “Teams hunt through dashboards for what is broken, while the actual why is buried. Streams make logs your most valuable asset. It automatically finds the signal in the noise, surfacing critical events from any log source. This gives SREs time back, allowing them to move from symptom to solution in minutes.”
As part of Elastic Observability, Streams automatically finds the signal in the noise, surfacing critical events from any log source.
Exner laid out how Elastic Observability works.
He began by stating that users should log everything in any format, and don’t worry about pipelines. “Send logs in any format, structured or unstructured, from any source directly to a single Elastic endpoint, without needing specific agents.” He said just send all your logs to /logs, “and we will automatically, using the power of LLMs, figure out how to extract the different entities” – as well as what they identify say, a Kubernetes cluster or a Nginx server. “We will do that automatically, and partition the data into different streams, into different logical entities.” They then automatically extract fields.
“The magic doesn’t stop there because then what we do is start generating lots of content using the power of LLMs,” he stated. They define significant events, processing all the different log information to determine the pieces of data that you should pay attention to. And we do this automatically for you. And over time, Exner said that they woud be generating more things for users, like alerts, SLOs and dashboards – all from logs.
His second piece of advice was to move beyond collecting logs, in order to get answers from them.
“Streams analyzes your data to surface ‘Significant Events,’ proactively identifying critical errors, anomalies, and performance bottlenecks like out-of-memory exceptions,” he stated.
Exner’s final instruction was to achieve complete visibility at a lower cost.
“By intelligently structuring data and surfacing only the most critical events, Streams reduces operational complexity and dramatically cuts down root cause analysis time,” he concluded.
“If you’re an observability professional, site reliability engineer or developer doing DevOps, this is for you!” Exner emphasized.