Fast search, visualizations, and detection rules for your data lake in S3. Move your logs from a SIEM into a data lake and reduce costs by up to 80%. Search rapidly from Scanner's UI, or directly from Splunk via a custom command.
Total read
0.00 TB
Events per second
Get a demo, start with the free plan
No credit card or contract required
Backed by CRV
CRV logo
SOC2 Type ll
SOC2 logo
Designed for teams who love to build
Lightning fast log search, time series, and threat detection
Scanner indexes the log files in your data lake in S3, providing fast search and threat detection. Scanner's index files are stored in your S3 bucket, so there is no vendor lock-in. Investigate rapidly in Scanner's powerful search UI, or use Scanner's custom search command to query your data lake directly from Splunk. A needle-in-haystack search across 100TB of logs takes less than 10 seconds; across 1PB of logs, less than 100 seconds.
A robust query language engineered for both simplicity and power
Drawing from the familiarity of popular query languages like Splunk's SPL, Scanner's query language is easy to learn - whether you need simple search or advanced aggregations.
Powerful threat detections and alerts
For security teams, Scanner offers out-of-the-box detection rules for common security logs, like AWS CloudTrail, Cloudflare, Okta, and more. Cover the MITRE ATT&CK framework, or build your own detections. Send alerts to Slack, Tines, Torq, and custom webhooks.
Build a modern security and observability stack
Using Scanner's API on top of your data lake in S3, you can build a modern stack for security or observability at a fraction of the cost of traditional log management products. Scanner's API supports integration with many tools, like Splunk, Grafana, Tines, Torq, Slack, and more.
Learn how to reduce log management costs by up to 80% by using a data lake - and indexing it with Scanner.
High volume logs. No more blind spots.
Fast data lake search
When you execute a query, Scanner launches serverless Lambda functions massively in parallel to traverse its index files. Data structures like posting lists and numerical ranges guide Scanner to the regions of logs that contain hits. Searching for a needle-in-haystack across 100TB of logs takes less than 10 seconds; across 1PB of logs, less than 100 seconds. Scanner queries can be 10-100x faster than in other tools that also scan logs in S3, like Trino, Amazon Athena, or CloudWatch.
Reduce log costs by 80%
Scanner was built from the ground up to leverage the low cost of cloud storage and burstable, serverless compute. This allows Scanner to be up to 80% less expensive than traditional log tools that still use an architecture from the on-premise era.
Build a modern security and observability stack
Using Scanner's API on top of your data lake in S3, you can build a modern security and observability stack at a fraction of the cost of other tools. For example, you can use Vector or Cribl to write logs and traces into S3, use Scanner's time series API to power dashboards in Grafana or Tableau, and send threat detection events to various destinations: Slack, Tines, Torq, Jira, and custom webhooks.
Eliminate data engineering work
Scanner analyzes data lake log files stored in JSON, Parquet, CSV, or plaintext format in your S3 buckets. You do not need to perform significant data engineering work to transform your logs to match a strict schema, unlike Amazon Athena or Snowflake. All fields are indexed automatically. Spend time searching, not transforming.
No vendor lock-in
Scanner maintains all of its index files in your S3 buckets, giving you full control of your log data with no vendor lock-in. You can think of Scanner as a fast search and detections layer on top of your data lake in S3.
A trustworthy partner
Scanner is committed to the security of your log data. Your logs stay in your S3 buckets, and Scanner's compute stays in an isolated AWS account unique to your organization. Scanner has completed SOC 2 Type I and Type II audits.
Scanner removes blind spots in your security data lake with fast search and threat detections.
Why use Scanner?
Product Overview
Learn how Scanner helps teams reduce their log management costs by up to 80%, enabling them to move their high volume log sources from an expensive SIEM to a data lake in S3.
Scanner vs. Amazon Athena and Snowflake
Search Speed Demo
See a short demo showcasing Scanner's search speed compared with Amazon Athena and Snowflake on 250TB of AWS CloudTrail logs.