Rocketgraph uses ML techniques to continuously monitor your logs, traces, and metrics for changes. It runs in two modes:

Deploy-time analysis

Every time a deploy webhook fires, Rocketgraph:
  1. Fetches logs from a window before and after the deploy (from Sentry, Loki, Datadog, etc.)
  2. Mines templates — groups raw log lines into patterns using template mining, normalizing away variable parts like IDs, timestamps, and UUIDs
  3. Scores novelty — uses TF-IDF cosine similarity to determine if an after-deploy template is genuinely new or just a minor variation of something seen before. This prevents false positives from things like changing thread IDs
  4. Detects anomalies — an Isolation Forest model trained on the before-window scores after-deploy templates for unusual frequency, error rate, or behavior shifts
  5. Classifies changes into: new errors, disappeared patterns, behavior changes, and stable templates
  6. Reports to Slack with severity, evidence, and recommended actions
The deploy diff is deterministic and fast — no LLM required. Root cause analysis with Claude is triggered on demand when you click “Run RCA”.

Continuous monitoring

Independent of deploys, Rocketgraph runs the same ML pipeline on a recurring schedule (default: every hour):
  1. Compares the current window against the previous window (e.g., last hour vs. the hour before)
  2. Detects drift — new error patterns appearing, existing patterns disappearing, frequency shifts
  3. Alerts on meaningful changes — filters out noise using anomaly scoring thresholds
This catches issues that aren’t tied to deploys — infrastructure failures, upstream API degradation, gradual memory leaks, database connection exhaustion.

What gets detected

Change typeExampleSignal
New errorPostgresError: relation "thread_events" does not exist appeared for the first timeTF-IDF novelty score > threshold
Disappeared errorSMTP connection refused stopped occurring after a deployTemplate existed before, no similar match after
Disappeared info logsworkspace_resolved auth logs stopped appearingPossible broken logging pipeline
Behavior changePOST /api/orders error rate went from 0.1% to 8%Isolation Forest anomaly score
Volume shiftTotal log volume dropped 85% after deployBefore/after count comparison

Environment filtering

When connected to Sentry, you can filter analysis by environment (e.g. production, staging, railway) to avoid mixing development noise into production analysis.

Cross-service correlation

For Sentry orgs with multiple projects, Rocketgraph scans all connected projects and identifies causal chains — e.g., an auth service failure cascading into checkout errors.