Gemini 3

Agent Builder

Elastic MCP

·Elastic Track

Autonomous Incident

Investigation

Describe any production incident. SLEUTH uses Gemini AI and Elastic MCP to investigate logs, traces, and metrics — identifies root cause or escalates when uncertain.

⌘↵to investigateCtrl+↵

Try:

See every signal. Find any root cause.

SLEUTH correlates logs, traces, and metrics in a single investigation view — powered by your live Elastic data.

sleuth — investigation #inv-1738

LIVE

Agent is investigating...1:23

Step 3 of 5

Investigation Plan

1.Search error logs in checkout service✓

2.Query payment gateway traces✓

3.Correlate latency metrics with errors●

Search checkout error logsLOGS87%

Found 847 ERROR logs in checkout-service in the last 30 min

Query payment gateway tracesTRACES91%

99th percentile latency spike at 01:32 UTC — 4.2s vs 200ms baseline

Correlate latency with error ratesES|QL

FROM logs-* | WHERE level == "ERROR" | STATS count = COUNT() BY service | SORT count DESC

Elastic MCP Tools

Plan → Execute → Observe → Report

60%

Confidence Threshold

<2min

Mean Time to Investigate

How it works

SLEUTH uses a Plan-Execute agent pattern powered by Gemini AI and Elastic MCP to investigate incidents autonomously.

Describe

Type any production incident — no templates, no dropdowns. Just describe what's wrong.

Plan

Gemini generates a structured investigation plan — which MCP tools to call, which Elastic queries to run, in what order. The agent decides its own strategy.

Investigate via MCP

The agent calls Elastic MCP tools for logs, traces, metrics, and ES|QL cross-signal correlation. Every query appears in the MCP Inspector — full transparency.

Resolve or Escalate

High confidence? Auto-resolve with remediation steps. Low confidence? Escalate to human — the AI knows its limits.

Architecture

Google Cloud Agent Builder + Elasticsearch — AI-powered autonomous investigation with real observability data

User

Describes incident

natural language

Gemini 2.5 Flash

AI Reasoning Engine

generates plan

Agent Loop — Plan · Execute · Observe · Report

Plan

→

Execute

→

Observe

→

Report

queries via MCP

Elastic MCP Server

7 Observability Tools — Real Data Only

LOGS

TRACES

METRICS

SEMANTIC

ES|QL

INDEX

CLUSTER

analyzes findings

Resolve

≥60% confidence

Escalate

<60% confidence

LIVEMCP Inspector — every query shows real data source

6 Elastic MCP Tools

Every tool your AI agent needs

The Elastic MCP Server exposes 6 specialized tools that SLEUTH can invoke during investigation — from log search to ES|QL cross-signal correlation.

Search Logs

Query application and infrastructure logs with full-text search and filtering

SEARCH_LOGS

Search Traces

Distributed tracing with latency analysis and service dependency mapping

SEARCH_TRACES

Search Metrics

Time-series metric queries with aggregation and anomaly detection

SEARCH_METRICS

ES|QL Query★ UNIQUE

Cross-signal correlation with Elastic's powerful pipelined query language

ESQL_QUERY

Index Management

Manage Elasticsearch indices, mappings, and data lifecycle

INDEX_MANAGEMENT

Cluster Health

Monitor Elasticsearch cluster status, nodes, and resource utilization

CLUSTER_HEALTH

Google Cloud + Elastic Partner Integration

Built with Gemini & Elastic MCP

SLEUTH uses Gemini 3 via Google Cloud Agent Builder for autonomous reasoning and connects directly to Elasticsearch for real observability data — 6 tools, one agent, live data.

Gemini 3

AI Reasoning Engine

Planning, analysis,
correlation, escalation

MCP Protocol

Agent Builder

Plan-Execute-Observe-Report

Autonomous agent loop
with tool orchestration

6 Tools

Elastic MCP Server

6 Observability Tools

Logs, traces, metrics,
ES|QL, index & cluster

Gemini 3

AI Reasoning Engine

Elastic MCP Server

6 Observability Tools

Google Cloud Agent Builder

Agent Orchestration Pattern

ES|QL Cross-Signal

Pipelined Query Language

Elastic MCP Tools

search_logs, search_traces, search_metrics, esql_query, index_management, cluster_health

<60%

Auto-Escalation Threshold

The AI knows when it doesn't know — escalates to human instead of guessing

100%

Real Data Only

Every query hits your live Elasticsearch cluster — no mocks, no simulations, no fake data

Transparent AI

The AI that knows when it doesn't know

Most AI tools pretend to be certain. SLEUTH attaches a confidence score to every finding. When confidence drops below 60%, it escalates to a human engineer — because an AI that knows its limits is more useful than one that pretends to be certain.