Skip to content
Login
Try for free
Login
Try for free
Solutions

Database for Log Analysis
that truly Scales

Insert all your logs into a single database that you can query instantaneously, even for the most write/read intensive use cases.

Log analysis consists in reviewing computer-generated event logs to proactively identify bugs, security threats or other risks. Log analysis can also be used to review user behavior or ensure compliance with regulations.

CrateDB is a database perfectly suited to log analysis thanks to the combination of a real-time SQL engine, a NoSQL foundation, and a full-text search engine. It offers the scalability, performance, and flexibility to process any type of logs and massive volumes of logs in real-time, supporting a wide variety of log analytics use cases, such as cybersecurity, network performance monitoring, video analytics.

Read more about CrateDB for video analytics >

Millions of data points per second

CrateDB allows to ingest huge volumes at very high speed on clusters of inexpensive servers.
cr-quote-image

Intuitive data modeling

CrateDB can collect any type of data (structured, unstructured, semi-structured, time-series, geospatial, BLOB) and can accept any type of log without any need for specific development.

Read more about CrateDB for time-series >

Read more about CrateDB for geospatial tracking >

cr-quote-image

Immediate data indexation and all data fields indexed

CrateDB indexes all data on the fly right upon ingestion, which enables immediate analysis. It also indexes all fields by default, with no impact on performance, thanks to columnar indexing. This is very useful to perform multiple types of ad-hoc queries.
cr-quote-image

Native SQL

CrateDB implements SQL natively, making it easy for any developer to use and integrate. No additional knowledge is required.
cr-quote-image

Real-time query performance

CrateDB enables in-memory SQL query performance thanks to parallel query processing and distributed columnar field caches.
cr-quote-image

Always on

Built-in data replication and failover allow to run 24x7 analysis with no single point of failure.
cr-quote-image
Know more about the product

Interested?

Get started for free
Schedule a meeting

Examples of log analysis queries

        
        

/*
 * Based on system event logs, this query calculates:
 * - a filter for specific messages using a full-text index
 * - the number of entries per minute
 * - the average scoring ratio for each matched row
 */
SELECT DATE_TRUNC('minute', receivedat) AS event_time,
       COUNT(*) AS entries,
       AVG(_score) AS avg_score
FROM "syslog"."systemevents"
WHERE MATCH(message, 'authentication failure') 
USING most_fields WITH (analyzer = 'whitespace')
   AND MATCH(syslogtag, 'sshd')
GROUP BY 1
ORDER BY 1 DESC
LIMIT 10;







        
        
        
        

+---------------+---------+--------------------+
|    event_time | entries |          avg_score |
+---------------+---------+--------------------+
| 1620220260000 |       4 | 1.5798743814229965 |
| 1620220200000 |       8 | 1.7750384211540222 |
| 1620220140000 |      10 | 1.6113891124725341 |
| 1620220080000 |       9 | 1.676726798216502  |
| 1620220020000 |       8 | 1.6908064410090446 |
| 1620219960000 |       8 | 1.690401442348957  |
| 1620219900000 |       7 | 1.7646006005150932 |
| 1620219840000 |       7 | 1.7795820917401994 |
| 1620219780000 |      10 | 1.5844267368316651 |
| 1620219720000 |      13 | 1.5637413492569556 |
+---------------+---------+--------------------+
Bitmovin is a leading video streaming company. They use CrateDB to store 140 terabytes of storage, both user events and user interactions. Every day, there is one billion of new lines of data, with the largest tables containing around 60 billion playback events.

"It is through the use of CrateDB that we are able to offer our large-scale video analytics component in the first place. Comparable products are either not capable of handling the large flood of data or they are simply too expensive."

Daniel Hölbling-Inzko
Senior Director of Engineering
Bitmovin

Read more
Bitmovin
DriveNow helps travelers find and easily compare the best online rates for car and campervan rentals in real time. They use CrateDB to store clickstream data, comprising logs of pages users visit, links they click, search filters they select and site-generated emails they interact with. Real-time queries are made to analyze how promotional campaigns, user interface design changes and A/B tests affect the user experience.
"CrateDB is ideal because it's capable of writing data at a high rate, and delivering fast queries to our business team at the same time. We couldn't have done that using a traditional SQL database without a lot of difficulty."
Read more
Drivenow

Other log analysis resources

Tutorial

Storing server logs on CrateDB for fast search and aggregations

August 10, 2023
If you've used log aggregation tools or advanced SIEM systems, you've likely faced similar frustrations: timeouts, complex query syntax, and difficulty integrating logs into monitoring dashboards. CrateDB solves these issues. Learn how.

Tutorial

Using regex comparisons and other advanced database features for real-time inspection of web server logs

August 14, 2023
Would it not be great if we could have some rules inspecting log entries as they come in, extracting relevant information, and flagging anything potentially suspicious?
There are a lot of nice features in CrateDB to support this kind of setup. Learn how.

Want to know more?

Get started for free
Schedule a meeting