In the early days of SaaS, “real-time” was more aspiration than reality. When Fastly co-founder Simon Wistow first connected with Bronto co-founder Trevor Parsons (then building Logentries), most teams were still refreshing dashboards and waiting on static reports to understand production systems.
Logentries, one of the first SaaS logging platforms, helped pioneer concepts like live tail: streaming logs in real-time, correlated across an entire system as events unfolded. For teams running high-traffic, high-change environments, that changed how they operated. It made Fastly and Logentries a natural fit throughout the 2010s.
Today, observability has changed dramatically. Log volumes have exploded, architectures are more distributed, and AI workloads are pushing traffic patterns (and incident response expectations) into new territory. What used to be millions of events is now billions. What used to be “fast enough”, no longer is.
That's why it feels right to be working together again – not as a reunion, but as a response to a new scale of complexity. Trevor and the team at Bronto have once again teamed up with Simon and Fastly to solve the same problems at a new scale, especially for high-volume log streams like CDN telemetry, where teams need real-time insight and long-term visibility without blowing the budget.
Why Edge Observability Requires a Different Approach
Fastly's platform is architected for the exact scenarios this partnership addresses: high-traffic, high-stakes moments where milliseconds matter. Fastly's modern, software-defined architecture enables rapid content caching and dynamic content delivery at the edge, significantly reducing origin load and latency. But that performance advantage only compounds when paired with observability that operates at the same speed. Fastly's real-time log streaming was built for exactly this use case: instant visibility into what's happening across our global network of POPs, from cache hit ratios to error distributions by region. The challenge has always been what happens after those logs leave the edge, and that's where Bronto changes the equation.
The Challenge of Real-Time Log Analysis During Traffic Spikes
When traffic spikes 10x to 100x during a live event, your team isn’t calmly exploring dashboards – you’re triaging in real-time. Traditional logging platforms weren’t built for that moment. Queries can take 15+ minutes per query, if they don't time out entirely. By the time you get results, the damage is already done. The real risk isn’t the spike itself, it’s the gap in between.
"Something is wrong" and "here's what's causing it" determine whether you catch an issue before viewers notice or after it trends on social media. That gap needs to be seconds, not minutes.
Two High-Stakes Use Cases for Real-Time Visibility
War room (major events)
For championship games, tentpole premieres, or global product launches, Fastly customers often spin up dedicated war rooms with engineering support. When you're in that room, and someone asks, "Is this APAC spike related to the EMEA issue from 10 minutes ago?" you need an answer in seconds, not minutes. That’s not a theoretical question. It’s a room full of engineers, leadership waiting for answers, and millions of viewers hitting ‘refresh.’ Every second spent waiting is a second you're not fixing the problem, whether that's instantly purging bad content, rolling back a config, or escalating to the right team.
With sub-second search across terabytes of CDN logs, you can answer those questions while people are still looking at the screen. Contentstack processes >100TB of CDN logs monthly. With Bronto querying 1TB of log data in ~25ms, 100 TB queries can be processed in as quick as 2.5 seconds. That speed holds up during peak traffic, unlike legacy platforms that time out or fail when you need them most.
"It's a night and day difference to our previous logging provider. Bronto typically returns results in seconds, while our old vendor took over 30 minutes and frequently failed to render visualizations." — Jaymin Patel, Team Lead, Contentstack
Self-service: spin up your own war room
Not every live event gets dedicated engineering support, but that doesn't mean you should fly blind. Regional sports broadcasts, mid-tier product launches, and seasonal traffic spikes still need real-time visibility. The difference is that your team handles them without a dedicated war room.
When your on-call engineer gets paged at 2 AM, they need to see the problem immediately, drill into the data, and get a hypothesis. Within seconds, they can pinpoint the error source, identify the failing URL, and trace it back to a specific edge node. No waiting for a senior engineer to write a custom query. No filing tickets and hoping someone responds before the issue escalates.
The workflow: dashboard → drill down → BrontoScope
1. See the problem on the dashboard
Real-time view of error rates, cache hit ratios, throughput, and latency across all POPs. Geographic distribution shows where traffic is coming from and where problems are concentrated. Error trends by status code and edge node help isolate whether an issue is regional or spreading.
2. Drill down to the logs
Click on an error spike or anomaly and immediately see the underlying log data, filtered to the relevant time window and conditions. No query writing, no waiting. Just click through from the visualization to the raw events.
3. Get AI-powered root cause analysis
BrontoScope analyzes millions of log entries and surfaces a hypothesis: which endpoints are affected, which servers are involved, what the error distribution looks like, and what the probable cause is. Includes suggested next steps and related queries to continue the investigation.
Manually, this analysis would take 30+ minutes of filtering and cross-referencing. During a live event, that’s time you don’t have.
Why 12 months of retention matters
Real-time visibility solves the now. Retention solves the next time. Most logging platforms force a compromise: short retention or unsustainable cost. The result is sampled data, seven-day windows, and blind spots just when historical context matters most.
Bronto's architecture breaks that tradeoff. With 12 months of hot, searchable data at 50% lower cost than legacy platforms, you can answer questions you couldn't before.
Post-event analysis: Compare this year's championship broadcast to last year's. What changed? Where did the new CDN configuration actually help? With only seven days of retention, this comparison is impossible.
Capacity planning: Use historical data to forecast infrastructure needs for upcoming events. "Last Black Friday, we peaked at X. What do we need for this year?" requires data you can actually access.
Trend identification: That cache invalidation issue during last year's big event: did your fix actually work? Pattern recognition across seasonal events requires months of data, not days.
Customer success: When enterprise customers ask, "How did our stream perform compared to last quarter?" you have the data to answer definitively.
And you don't need to be a query expert to see these patterns. Bronto's AI dashboard builder lets you describe what you want to see ("compare cache hit rates this Black Friday vs. last year") and generates the visualization automatically.
Observability that matches your speed
The partnership between Fastly and Bronto comes down to a simple principle: your observability stack should be as fast, flexible, and cost-effective as the edge platform it monitors.
With Bronto, Fastly customers get sub-second query performance on terabytes of CDN logs, 12 months of hot retention for historical analysis and capacity planning, and 50% lower costs compared to legacy logging platforms, all without sacrificing the control and programmability that led them to Fastly in the first place.
Whether you're in the war room for a championship broadcast or responding to a 2 AM page for a regional traffic spike, the gap between "something is wrong" and "here's what's causing it" no longer has to be measured in minutes. It can be measured in seconds.
That's what real-time observability should look like at the edge.
Getting started
Configure Bronto as a logging endpoint in Fastly (takes less than 5 minutes). Logs start streaming immediately, and pre-built CDN dashboards populate with your data automatically. No agents, no forwarders, no complex pipelines.
For the full setup guide and more on Bronto's Fastly integration: Bronto for Fastly: Real-time CDN logging that actually scales.