Getting started

Start shipping logs to Scanner in 30 seconds.

Need help getting set up?

Join our Slack Community and ask your questions there. We would love to help you get started with Scanner.

Why use Scanner?

  • Search through your logs fast. Scanner uses sparse skip-list indexing to find search terms quickly. If you have terabytes of logs, and you need to find a rare term, like a UUID or error message, Scanner will narrow down the search space to mere tens of megabytes of logs, yielding your results in seconds.
  • Store large volumes of logs at low cost. Scanner uses low-cost object storage. By decoupling storage from compute, Scanner is less costly than legacy logging solutions without sacrificing speed. Scanner is currently in beta, and it is free during the beta period. Afterward, pricing is expected to be less than $1 per GB ingested, and less than $1 per 100GB scanned during queries.
  • Scanner is semi-structured, so use any log schema you wish. All of the fields of your log events are indexed automatically, and you are free to change the schema of your log events over time. No need to choose which fields to index beforehand.
  • Get started easily with a wide variety of input sources. Scanner supports all major log forwarders, like Vector, Fluent Bit, FluentD, Logstash, and Promtail. Scanner also integrates with Heroku syslog and Amazon CloudWatch Logs. Or, use any data source that supports uploading logs using the Elasticsearch bulk upload API or Loki push API.
  • Use the managed version, or deploy serverless Scanner to an AWS account You can get started quickly by shipping logs to the managed Scanner service, currently in AWS us-west-2. Or, you can deploy Scanner's serverless infrastructure to a separate AWS account with PrivateLink VPC support. If you are interested in this single-tenant version of Scanner, please ping us in our Slack Community or email us at [email protected].

Uploading your logs

Scanner supports ingestion from all major log forwarders. Choose from the options below to learn how to get started.
  • Vector
    • Via Vector's elasticsearch log sink
    • Via Fluent Bit's es output plugin
  • Fluentd
    • Via Fluentd's elasticsearch output plugin
  • Logstash
    • Via Logstash's elasticsearch output plugin
  • Promtail
    • Upload your Loki logs to Scanner using Promtail. Supports the Protobuf or JSON formats of the Loki push API.
Scanner also supports direct integrations with the following sources:
  • Heroku
    • Run a single Heroku CLI command to add a new log drain pointing to Scanner.
    • Create a subscription filter that uses Lambdas to forward your CloudWatch logs to Scanner.
Is there an integration we're missing that you'd like to use? Let us know, and we'll build it. Ping us in the Slack Community, or email us at [email protected].
Last modified 4mo ago