The startup Blue Matador is all about alerts for small DevOps teams that run cloud applications. The company’s cloud-based service monitors a wide range of AWS services, as well as Kubernetes clusters and Linux servers.
It plans to add Azure monitoring by the end of this year.
Blue Matador sends alerts when issues are detected, such as CPU spikes, disks that are about to fill, or an anomalous event that may need investigation.
The company says it has over 200 alert types available out of the box.
It also says customers don’t have to set up and configure the service; it just needs read-only access to your AWS accounts or an agent to run on Kubernetes.
Once it has access, it begins to monitor your environment. There’s no need to select which alerts you get or to set thresholds; the system starts generating alerts based on what it observes. The company says its alerts draw on industry best practices, common use cases, leading failure indicators, calendar-based events (i.e. expiring certificates), and machine learning.
“We look to see if anything is out of whack, like CPU on a server, or the amount of incoming packets on a server, or 404s on CloudFront,” says Matthew Barlocker, CEO and cofounder.
The system also uses machine learning models to build baselines and set dynamic thresholds. Barlocker says these thresholds will adjust over time as the ML system accrues data about the customer environment.
Alerts can be useful. If a customer-facing server or service is down, obviously you want to know about it. The problem with alerts is that they create a lot of noise and can overwhelm operators, particularly if they lack context or actionable information.
Barlocker says Blue Matador errs on the side of too much information. “We’d rather give too many than miss some.”
To keep teams from being overwhelmed and help them prioritize issues, the system classifies alerts in one of three categories:
Alerts are high-priority events that should be addressed right away. Warnings are issues that should be addressed, but not immediately (i.e. renew a cert). Anomalies are unusual events or conditions that may or may not indicate a problem.
Keeping It Simple. Maybe Too Simple?
At present, Blue Matador’s dashboard is very bare bones, which is by design. The company isn’t interested in generating lots of charts and graphs. You get alerts listed on the right-hand side of the screen, with a summary tracker on the left.
Users can click on specific alerts to get more details, including contextual information and troubleshooting tips to help resolve problems faster.
If you want to assign alerts to a specific operator or track them through some kind of lifecycle, you’ll have to integrate with tools such as PagerDuty and OpsGenie. Blue Matador doesn’t offer much in the way of workflows or incident management.
As for clearing alerts from the dashboard, Barlocker says that’s automated. “We tell you when they are cleared. If you attempt to fix a problem and it isn’t solved, we don’t clear it.”
On the one hand, I like that there’s a closed-loop element here; the alert persists until the problem is resolved. On the other hand, it sounds like there’s a potential for the dashboard to get very messy and hard to prioritize. That said, you can mute rules for up to 24 hours, which is useful if a problem is being addressed.
Barlocker acknowledges that the startup is tightly focused on alerting, and leaves incident management workflows to other products. He positions the service as a threat board to surface up the most important information.
“We rely on other systems for the workflow management. Most of our users find that getting the information from PagerDuty is enough. You don’t have to click through to Blue Matador. Just log in to the broken system and fix it.”
Besides PagerDuty and OpsGenie, Blue Matador integrates with Slack and email.
Blue Matador Details
Blue Matador is offered as a service, which is run on AWS. That means metadata about your own AWS and Kubernetes environments are being sent to Blue Matador.
That’s a pretty common practice these days, and certainly no deal-breaker, but it does mean potential customers must perform due diligence to ensure their data is logically separated from that of other customers, and sufficiently anonymized and otherwise protected.
Blue Matador was founded in 2016. The company has announced $3.1 million in seed funding.
The company says it has more than 20 customers, including NIKE and Deloitte.