3 min read

Introducing RunReveal Search, the fastest way to explore logs

Today RunReveal is releasing a more friendly way to search your logs that we're calling the Explore view. With this new interface you'll be able to search you logs faster by not having to recall all the pesky details of that SQL command or some other proprietary query language.

We're making this feature available to everyone. Today. For free. As part of the RunReveal open beta, so be sure to sign up and try it out! It's going to continue to get better over the coming months, but we wanted to ship it before it was perfect so our users could start using it today. Today it's a fantastic interface for threat hunting, investigations, log exploration or even creating new detections!

We're on a quest to find the best user interface for searching logs

Today we offer two primary ways to query log data: SQL and Natural Language to SQL via LLMs. After using this for a while and getting extensive feedback from our customers, we've found them both lacking.

SQL's long dominant reign over data query languages speaks to the immense flexibility it provides. With flexibility comes a lot of cognitive overhead and a steep learning curve; not to mention the fact that no two databases' SQL interfaces are the same.

As for LLMs, simply put they suffer from the same kinds of problems that human memory does. That is, they are imperfect at recall and while we've found LLMs really great for dead simple queries or even for structuring really complex ones, they struggle to handle highly contextual use cases like determining how to query semistructured data without a lot of back and forth with the prompt.

Customers told us they don't want to memorize the columns, or the tables for that matter. They don't want to remember how to construct the various queries which allow them explore the data at a high level. They know what they're looking for when they see it, but don't need to waste cognitive space or keystrokes producing the queries from scratch each time.

That's how we arrived at an explore page that should look and feel familiar to those who have experience with log search tools elsewhere. We believe a good product is one you can get started with quickly and not need to think think too deeply for basic use. It should be so intuitive to use that it comes naturally. That's our goal and the explore page is a great first step.

A real world example

We had a customer recently ask us a specific question about what was happening in their infrastructure. They knew roughly what they were looking for, but couldn't formulate the SQL query without careful study of what columns were available to them, and what timeframe they cared about.

With our new search interface they were instantly able to find exactly the logs they cared about within a minute or two of sitting down in front of the dashboard.

This one story is way too common. It's the same workflow that SOCs around the world follow when building detections for anomalies, monitoring their security control effectiveness, and make sure they are alerted if the bad things that they're looking for ever happen.

Over the following months we plan to continue to improve this search interface to support making even complex queries simple, and further integrate it with the rest of our products.

What's next?

RunReveal is continuing our mission of making sure no security breach goes undetected. We're providing our services to some of the most sophisticated technology companies, but ensuring that our products remain free and easy to set up for companies of all verticals and budgets. These days nobody can afford the multiple quarters it takes to roll out a baseline of detection across their cloud and SaaS services.

We're adding more alerts, dashboards, and cloud integrations over the coming months. If you want to use RunReveal you could could be completely onboarded in 5 minutes or click here to schedule a demo. We have more than a dozen features we're releasing in January, subscribe to stay tuned.

We're hiring sales development representatives, full-stack engineers, and a developer advocate. Reach out to contact@runreveal.com to learn more.