As security and DevOps teams grapple with rising telemetry volumes and ballooning tool costs, they’re increasingly forced into tradeoffs: index less, ingest less, search less. That might save money in the short term—but it comes at the cost of impairing long-term visibility, historical investigation, and strategic clarity.

Traditional search tools are built around precision. They’re useful when you know what you’re looking for—but far less helpful when you don’t. That creates a major gap: teams often need to explore, not just extract. They need to ask open-ended questions, interrogate historical context, and watch trends evolve—without re-running reports or hydrating petabytes of data every time.

That’s where the next version of Observo Query comes in. It’s not just a better search tool. It’s a smarter way to explore, understand, and communicate what your telemetry is telling you.

The Limits of Traditional Search

Today’s search tools assume you’re asking a specific question with a specific result in mind. But telemetry data doesn’t always work that way. Teams often need to:

• Verify assumptions: Is this value accurate? Has it changed?
• Explore unknowns: Is this a one-off or a pattern?
• Monitor evolution: Will this be a problem tomorrow—or next week?

To do that well, they need context—how a metric is trending, how an event compares over time, and how it aligns with other systems. Running static queries over and over, switching between tools, and manually stitching together reports is slow, expensive, and error-prone.

Observo Query V2 addresses that challenge directly—with a search experience built for iterative discovery, cross-source insight, and evolving understanding.

Unified Querying: One Question, All Your Data

Modern environments don’t store telemetry in a single system. You may have security events in Splunk, application logs in Hive, and compliance data in a cloud archive.

Observo’s federated query engine allows you to query all of them at once. Whether your data is in the Observo Data Lake, a relational database, a third-party SIEM, or a legacy Hadoop system—you can access it through a single query interface.

This removes the need to ingest data into a centralized index just to make it searchable. That’s a major cost and performance win. Indexes are great for real-time search—but not ideal for long-range, large-scale historical investigations.

With federated querying, you get:

• Faster time to answer, with fewer data movement steps
• Reduced need for costly ingestion into analytics tools
• Flexibility to search data where it already lives

The power of a single query saves time, avoids tool sprawl, and eliminates blind spots caused by siloed data.

The Role of Natural Language Search

Precision matters—but accessibility matters more. Observo Query V2 supports both SQL and natural language queries, giving teams flexibility depending on their role and intent.

SQL is ideal when you have a specific goal in mind and know exactly what you need. It’s especially effective for power users performing structured, repeatable analysis across known datasets. But not every user—or every question—fits that mold.

Natural language search is a better fit when you’re still exploring, unsure of the data structure, or less familiar with technical query languages. It lowers the barrier to entry for analysts, engineers, or even business users who need answers but don’t speak SQL. With natural language, users can pose a question in plain English and still get meaningful results—making search more accessible and flexible for a wider range of scenarios.

Users can type questions like:

• "What was the average API response time during the last product release?"
• "Show failed logins by service account in the past 30 days."

Observo Query will translate those into the correct underlying queries, saving time and enabling broader access across technical and non-technical roles.

These queries can be run directly in the main UI or through Observo Orion, Observo AI’s Agentic AI assistant.

Observo Orion: Your Agentic AI Data Engineer (and Query Concierge)

Understanding data isn’t just about retrieving it—it’s about interpreting it. Orion helps users bridge that gap by combining natural language understanding with deep awareness of data structure, pipeline logic, and search history.

With Orion, users can turn natural language questions into precise, SQL-based technical queries. This removes the barrier of needing to know query syntax or data schema in advance, allowing users to interact with their data conversationally and still receive structured, reliable results.

Orion also enables deeper exploration through follow-up questions. Users can clarify or refine their queries without starting from scratch, maintaining the flow of investigation and surfacing insights more efficiently.

In addition, Orion helps users understand where data is stored, how long it has been retained, and what happens to it over time. This contextual awareness is critical for compliance, auditing, and long-term investigation.

Finally, users can describe what they’re trying to accomplish—for example, investigating a spike in latency—and let Orion guide them toward the right data sets and visualizations. It’s a shift from asking "what do I query?" to stating "what do I need to know?"—and letting the assistant close the gap.

This is more than a chatbot. Orion is a fully integrated guide that understands intent, interrogates data, helps validate whether results meet your investigative needs, and then takes action to create what you need to tell the story of your data.

Powerful Visualizations: See What Your Query Can’t Say

Search results in a table are helpful—but they rarely tell the full story. Observo Query’s new visualization engine will let you build dashboards that show trends, clusters, distributions, and relationships across your data.

Supported views include bar charts, pie charts, scatter plots, sunbursts, and more—with full customization and drag-and-drop dashboard creation.

Visualizations make it easier to uncover hidden patterns or anomalies that may not be obvious in raw tables or log files. By turning data into visual form, analysts can quickly spot trends, outliers, and correlations that would otherwise remain buried.

They also make it easier to explain findings to stakeholders who may not have technical backgrounds. A well-designed chart or graph can communicate impact, urgency, or scope far more effectively than rows of query results.

Finally, visualizations allow teams to compare data across multiple dimensions—such as geography, system, or time—giving a broader and more contextual view into how events unfold or correlate across the environment.

Put simply, visuals let you see what lists and logs can’t. They turn rows of data into insight.

Interactive Dashboards: Insight That Evolves Over Time

Data changes. So should your search.

Observo Query’s interactive dashboards let you build reusable queries that update as your data does—so you can monitor trends without re-running reports or repeating analysis.

Think of them as living query results. Interactive dashboards let you track how a metric shifts over time, giving you a dynamic view into trends that may otherwise go unnoticed. Rather than running one-off queries or exporting snapshots, you get evolving insight with every refresh.

They also help identify emerging risks before they escalate—whether it's a slow-building latency issue or unusual access patterns that hint at an underlying threat. By visualizing how patterns change, teams can detect issues earlier and respond faster.

Finally, interactive dashboards make it easier to perform forensic analysis across historical time windows. You can isolate a time period, rehydrate relevant logs, and explore them in context—all within the same dashboard interface.

Instead of ingesting everything into a heavyweight SIEM or APM tool, you can visualize and explore high-value insights directly from the Observo data lake or wherever else data rests—reducing cost while increasing understanding.

Interactive dashboards are especially powerful for identifying slow-burn issues, evaluating system readiness, or spotting early signals of operational or security anomalies.

More Than Search: A New Way to Ask, Explore, and Understand

Observo Query is more than a search upgrade—it’s a new model for how teams interact with their telemetry. It doesn’t just return answers. It invites questions. You can ask about the past and see how it changes over time—giving you a living view of your data rather than a static snapshot. This helps uncover trends, regressions, or anomalies that only emerge with long-term visibility.

You can also explore the unknowns and track whether they’re isolated events or emerging patterns. Rather than hunting for a single answer, Observo lets you iterate, pivot, and expand your investigation as new signals surface.

The platform supports both natural language and technical queries, so teams can operate at their own comfort level. Whether you’re a seasoned analyst writing SQL or a security lead posing questions in plain English, you can search your telemetry without friction.

Finally, you can visualize, annotate, and reuse discoveries to drive real understanding across teams. This makes it easier to share insights, revisit past investigations, and build knowledge over time.

Most importantly, it helps you uncover what you don’t know yet—and act on it before it becomes a problem. For teams drowning in data, that’s more than helpful. It’s essential.