Fast search, visualizations, and threat detections for logs in object storage. Lightning fast queries up to 10TB per second, 10-100x faster than Amazon Athena. Reduce costs up to 80%. Search directly from Splunk with a custom command.
Total read
0.00 TB
Events per second
Get a demo, start with a 30 day free trial
No credit card or contract required
Backed by CRV
CRV logo
SOC2 Type ll
SOC2 logo
For teams who love to build
Easy onboarding, powerful search
Scanner indexes log files in object storage in their raw format, eliminating tedious data engineering projects. Pipe AWS CloudWatch or CloudTrail logs to S3 or use the Vector agent to push your application logs to object storage, and Scanner will take over from there. Drawing from the familiarity of popular query languages like Splunk's SPL, Scanner's query language is easy to use - whether you need simple search or advanced aggregations. For Splunk users, use a custom search command to hit Scanner's API and search your object storage logs at high speed directly from Splunk.
Lightning fast search and visualizations
When Scanner indexes log files, it stores index files in object storage at low cost. It leverages serverless functions to traverse the index files at high speed, allowing users to explore their logs and generate visualizations rapidly. A needle-in-haystack search across 100TB of logs takes less than 10 seconds; across 1PB of logs, less than 100 seconds.
Powerful threat detections and alerts
For teams getting started with security, Scanner offers out-of-the-box detection rules for common security logs, like AWS CloudTrail, Cloudflare, Okta, and more. Cover the MITRE ATT&CK framework, or build your own detections. Send alerts to Slack, Tines, Torq, and custom webhooks.
Use the API to build your own stack
Using Scanner's API on top of your object storage logs, you can build a modern stack at a fraction of the cost of traditional log management products. Scanner's API supports integration with various tools, like Splunk, Grafana, and more. For Splunk users, leverage your existing content in Splunk and search your object storage logs with a custom command that hits Scanner's API.
High speed log search with far less cost.
A modern architecture designed for speed and ease of use
When you execute a query, Scanner launches serverless Lambda functions massively in parallel to traverse index files. Searching for a needle-in-haystack across 100TB of logs takes less than 10 seconds; across 1PB of logs, less than 100 seconds. Scanner queries can be 10-100x faster than in other tools that also scan logs in S3, like Trino, Amazon Athena, or CloudWatch.
Reduce log costs by up to 80%
Scanner was built from the ground up to leverage the low cost of cloud storage and burstable, serverless compute. This allows Scanner to be up to 80% less expensive than traditional log tools, like Datadog. Move all your logs into object storage in S3, and search them rapidly in Scanner.
Use the API to build your own custom stack
Using Scanner's API on top of your object storage logs, you can build a modern observability and security stack at a fraction of the cost of other tools. For example, you can use Vector or Cribl to write security logs into S3, use Scanner's API to power dashboards in Grafana or Tableau, and send threat detection events to various destinations: Slack, Tines, Torq, and custom webhooks.
Eliminate data engineering work
Scanner analyzes object storage log files stored in JSON, Parquet, CSV, or plaintext format in your S3 buckets. You do not need to perform significant data engineering work to transform your logs to match a strict schema, unlike Amazon Athena, Snowflake, or other SQL-based tools that interact with S3. All fields are indexed automatically. Spend time searching, not data munging.
No vendor lock-in
Scanner maintains all of its index files in your S3 buckets, giving you full control of your log data with no vendor lock-in. You can think of Scanner as a fast search and detections layer on top of your log files in object storage.
A trustworthy partner
Scanner is committed to the security of your log data. Your logs stay in your S3 buckets, and Scanner's compute stays in an isolated AWS account unique to your organization. Scanner has completed SOC 2 Type I and Type II audits.
Search object storage logs directly from Splunk
Scanner for Splunk
Watch an overview of Scanner's custom app for Splunk. It adds a new search command that allows Splunk users to query their object storage logs at high speed without leaving Splunk - using the Scanner API.
Scanner vs. Amazon Athena and Snowflake
Search Speed Demo
See a short demo showcasing Scanner's search speed compared with other object storage querying tools, Amazon Athena and Snowflake, on 250TB of AWS CloudTrail logs.
Why use Scanner?
Product Overview
Learn how Scanner can help reduce costs compared to an expensive log management tool or SIEM, while maintaining fast search and investigation capabilities.