Scanner Pricing Overview

I really like the massive scale and efficiency of Scanner as it can ingest and index tens of terabytes of data rapidly. The cost-to-performance ratio is a significant advantage. Another great aspect is the simplified ingestion; creating a pipeline is effortless by just dropping raw data into an AWS S3 bucket. It's designed for security engineers, not just developers. I also appreciate the true data sovereignty because both the company data and its indices reside in our AWS S3 storage, ensuring full control which is highly attractive for companies with strict compliance and regulatory requirements. Additionally, the seamless AI integration, being fully compatible with Claude-Code and the Claude SDK, is fantastic. Setting it up and getting onboarded was very easy, taking just one day. Review collected by and hosted on G2.com.

There are limitations in the event triggers for alerting. When an event is triggered, I'd like to selectively filter only the data I need from the associated indices, then send an alerting message (e.g., to Slack) or transmit it to another third party via webhook. Currently, it's impossible to select only the necessary data from multiple indices. This adds a few extra tasks for me because I have to receive the entire original alerting message and process it once. Review collected by and hosted on G2.com.

I love the flexibility of Scanner, especially how I can ingest different types of log data into it and then search efficiently. The indexing and categorization of data make it easy to manage, and the way it reads and formats data is really good. Once I see it in their console, everything is well formatted and nicely displayed in a table-like way, with columns and values, making it easier for me to look at the results. I also appreciate that I can query data at a reasonable price, and it uses our own S3 buckets, which keeps costs lower compared to storing data on other platforms. Review collected by and hosted on G2.com.

I guess sometimes I struggle with pulling data that was not ingested for some time. Having more flexibility when data is missed and how I can re-ingest that would be good. There's more documentation or a better way for me to re-ingest when data didn't get ingested. I had some missed logs because of a new environment change and didn't get a notification about it. I'm trying to work on how to re-ingest those. I also think having better documentation would help. We had to manually adjust some configurations that should have been automated during setup. Having a diagram or architecture of how Scanner works and how to set it up in our environment would help us picture how it will work and make adjustments accordingly. Review collected by and hosted on G2.com.