Features / 6 capabilities, one binary

Six pillars of an observability platform — running on one box.

Oleus bundles metrics, logs, distributed traces, alerting, and security into a single binary, pre-wired with shared auth, a unified query layer, and a common schema. Each capability is production-grade — we just stop you from gluing them together.

/ 01

Metrics that scale to a billion samples on a $48 box.

PromQL- and MetricsQL-native. Drop-in replacement for Prometheus with 10× cardinality and 7× compression.

PromQL · explore
# requests per second by status, last 5 minutes
sum(rate(http_requests_total[5m]))
  by (status_code, service)
# scanned: 8.2M samples · 42ms · 1.4MB network
  • Query languagePromQL · MetricsQL · SQL via export
  • Ingest formatsPrometheus remote-write · OTLP · InfluxDB · Graphite · CSV
  • Cardinality10M+ active series on a single 4-core node
  • RetentionHot tier: local SSD · cold tier: S3-compatible object store
  • FederationCross-cluster vmselect for global views
  • Migrationoleus import prom backfills from a Prometheus 2.x snapshot
/ 02

SQL-native logs. Year-of-data queries in under a second.

Columnar storage means you can GROUP BY across a billion rows without crying over a $30k bill.

logs · live tail
-- p99 latency per service, last 24h
SELECT service,
      quantile(0.99)(latency_ms) AS p99,
      count() AS req
FROM logs
WHERE ts > now() - INTERVAL 1 DAY
GROUP BY service
ORDER BY p99 DESC;
14,028,191 rows · 0.42s · scanned 2.4 GB
  • Compression10–30× vs. Splunk on equivalent data
  • Ingest formatsOTLP · syslog · journald · Fluent-bit · vector · raw JSON
  • SchemaAuto-inferred or declared. Add fields without migrations.
  • SearchFull-text via tokenbf_v1 indexes · regex · structured
  • RetentionTTL per stream · hot/warm/cold tiering · S3 offload
  • JoinsLogs ↔ metrics ↔ traces by trace_id and service.name
/ 03

Distributed traces. End-to-end correlated.

OTel-native from the ground up. Every span is linked to logs, metrics, and security events sharing the same trace_id.

trace · 7c4e — POST /checkout
api-gateway248ms
↳ auth.verify8ms
↳ orders.create196ms
↳ db.insert158ms
↳ payments.charge72ms
↳ notify.email12ms
  • ProtocolOTLP gRPC · OTLP HTTP · Zipkin · Jaeger thrift
  • SamplingHead-based · tail-based · adaptive (rate-limited per service)
  • RetentionDefault 14d · S3-backed for longer
  • Storage~1KB / span average, indexed by service + operation
  • CorrelationClick any span → tail logs, see metrics, view security events for that trace_id
  • SDKsAuto-instrumentation for Node, Go, Python, Ruby, Java, .NET, Rust
/ 04

PagerDuty-grade routing. Without the bill.

Define alert rules in PromQL. Route by severity, team, or label. Schedule on-call rotations. Open source.

alert lifecycle · firing
1
Rule fires
histogram_quantile(0.99, rate(http_duration_bucket[5m])) > 0.5
2
Grouped & deduped
5 instances of api-gateway rolled into one alert · severity = page
3
Routed to on-call
team = platform · rotation = primary · escalates after 5m
4
Delivered
Slack #alerts · SMS to primary · email to backup
5
Auto-resolved
Below threshold for 2m · clears in all channels · runbook link logged
  • Rule languagePromQL · MetricsQL · ClickHouse SQL (for log-based alerts)
  • RoutingTree-based on labels · grouping · inhibition · silencing
  • SchedulesRotations · overrides · holiday calendars · per-team escalation
  • ChannelsSlack · Discord · email · SMS (Twilio) · webhook · PagerDuty
  • ReliabilityActive-active HA · gossip protocol · zero notification loss across restarts
  • RunbooksMarkdown links per rule · auto-attached to every page
/ 05

Security in the same pane as performance.

Host-based intrusion detection, file integrity monitoring, and CIS-benchmark scanning — sharing infrastructure with your metrics and logs.

security · last 24h
P1
SSH brute-force from 37.x.x.x — 412 attempts on edge-3
rule: 5712 · level 12 · auto-blocked via fail2ban hook
11m ago
P2
File modified — /etc/sudoers on api-1
rule: 553 · FIM · uid=0 · diff captured
2h ago
P2
CVE-2024-3094 detected on db-1 · xz-utils 5.6.0
vuln-detector · CVSS 10.0 · package upgrade pending
5h ago
P3
CIS 1.1.3 — /tmp not on separate partition · api-2
rule: 19501 · CIS Ubuntu 22.04 · finding archived
8h ago
P3
Privileged user logged in outside business hours — deploy
rule: 5901 · level 7 · context-aware
14h ago
  • Detection3,000+ built-in rules · MITRE ATT&CK mapping · custom rules in YARA
  • FIMReal-time file integrity monitoring · diff capture · inotify-based
  • ComplianceCIS · PCI-DSS · HIPAA · GDPR · NIST 800-53 templates
  • Vulnerability scanningCVE database · OSV · per-host package scanning · daily refresh
  • Active responseBlock IP via firewall · kill process · disable user · all scripted
  • Agent footprint~35 MB RAM · <1% CPU · supports Linux, Windows, macOS, AIX, Solaris
/ 06

oleus — your stack, in a pipe.

A 24MB Go binary that talks to the entire platform. Tail logs, run queries, manage alerts, push dashboards — without ever opening a browser.

Single binary · zero dependencies · auto-completion for bash/zsh/fish

oleus CLI · 0.7.2
$ oleus tail --service=api
Live-tail logs across the cluster · grep-friendly · respects --since
$ oleus q 'rate(http[5m])' --range=1h
Run a PromQL query · output JSON, table, or CSV · pipes into jq
$ oleus alerts silence db.lag 30m
Silence noisy alerts for a window · expires automatically · audit-logged
$ oleus dashboards push ./prod.json
GitOps your dashboards · diff-friendly · works with existing Grafana JSON
$ oleus traces show 7c4e
Render a trace as ASCII flame graph · all spans · with duration histogram
$ oleus on-call who --team=platform
Print current on-call · escalation chain · upcoming rotations
$ oleus events --siem --severity=P1
Stream security events · filter by host, rule ID, MITRE technique
$ oleus backup s3://bk/oleus/$(date +%F)
Snapshot all components · streamed to object store · resumable
/ ship it

All six pillars. One curl.

Deploy in 5 minutes See pricing