Unified log collection
Ingest from syslog TCP/UDP/TLS, webhooks, cloud APIs, and files. 200K+ events/sec on a single node — fewer appliances, lower cost.
The platform
Collect, enrich, detect, and respond — on your own infrastructure
logrok unifies log management and threat detection in one self-hosted platform. Everything below runs inside your environment, with no telemetry and no call-home.
Four search modes
Plain text, regex, Lucene query syntax, and natural-language AI search across billions of events.
Visual pipeline editor
Drag-and-drop topology builder for collection pipelines. Generate, deploy, and version configs visually — Git-backed.
Dashboards & alerting
Custom dashboards with live widgets. Alert rules on patterns, thresholds, or anomalies.
AI noise filtering
Automatically detect repetitive log patterns and classify, route, or suppress noise to surface actionable events.
Detection engine
25+ built-in detection rules with MITRE ATT&CK mapping, correlation logic, and a custom rule DSL.
Encrypted storage & 20+ destinations
AES-256-GCM at rest with per-tenant keys. Route to S3, Kafka, Splunk, Elasticsearch, Azure, GCP, Loki, Datadog, and more.
Tamper-evident audit trail
Append-only audit log of every platform action — non-repudiation for compliance and forensic review.
Zero Trust access control
MFA-ready SSO with FIDO2, YubiKey, and CAC/PIV support. Defense-in-depth tenant isolation.
OCSF classification
Events classified to OCSF v1.3 for vendor-neutral detection rules and data-lake federation.
AI, honestly
AI that runs where your data lives
Noise filtering
Classifies repetitive patterns as noise, useful, or unclassified, then routes or suppresses them.
Investigation assistant
Produces context briefs, ready-to-run queries, and response recommendations for an open finding.
Natural-language search
Turns plain-language questions into queries over the log store.
Anomaly detection
A model evaluates per-source behaviour at run time to flag outliers — no data is shipped to a third party.
MCP server
Exposes search, analyze, and summarize to AI tooling over the Model Context Protocol.
Detection runs in your environment. logrok ships no pretrained model that sends your data out, and runs fully offline in air-gapped deployments.
Architecture
Three planes, scaled independently
Control Plane
REST API, web UI, and an AI agent interface. Pipelines, search, alerts, and automation.
Ingest Plane
High-performance log collector with config agents. Zero-touch pipeline deployment.
Data Plane
SQL analytics engine, config store with row-level security, SSO, and encrypted local storage.