Skip to content

Dev

The Dev app runs the 10x Engine locally to preview how production apps will process your log data without requiring backend connections or infrastructure changes.

Overview

What is Dev and what can I use it for

Dev runs the 10x Engine locally to preview how edge and cloud apps will process your log data. One use is estimating optimization savings, point it at sample log files and Dev will:

  • Calculate reduction ratios
  • Show which log patterns optimize best
  • Provide detailed metrics on potential cost reductions

Runs entirely on your local machine with no data leaving your environment. Useful for evaluation, POC preparation, and ongoing configuration testing.

How do I install Dev

See Install for platform-specific packages and instructions.

Is Dev free

Yes. Dev requires no account and no signup. An API key validates your license at startup to unlock pre-compiled symbol libraries -- then runs entirely offline. No usage limits.

Capabilities

What log formats does Dev support

Dev analyzes any text-based log format:

  • JSON, key-value pairs, syslog
  • Common log formats (Apache, nginx)
  • Application logs and unstructured text

The tool automatically detects log structure and applies optimization analysis.

Analyze single files, directories, or pipe logs via stdin for forwarder integration. The same formats supported in production work identically in Dev.

How accurate are the savings estimates

Dev uses the same optimization engine as production 10x deployments. Reduction ratios and pattern analysis closely match what you'll see in production.

The key to accuracy is providing representative log samples -- include logs from different time periods, applications, and load conditions.

Dev processes your actual data, not benchmarks. Results reflect your specific log patterns. For POCs, analyze logs across your major sources for representative numbers.

Does Dev store or cache any log data

Dev writes analysis results to your specified output directory. You control where files are written and can delete them after analysis.

No data is sent externally or cached elsewhere. Your original log files are read but never modified.

Security & Workflow

How does Dev use the API key

Dev validates your license once at startup to unlock pre-compiled symbol libraries, then runs entirely offline. No log data is ever transmitted.

Symbol libraries are pre-compiled log pattern definitions (hashed templates) derived from your source code. They contain no source code, no log data, and no telemetry, only structural metadata for pattern matching.

If the network is unavailable at startup, Dev prompts for an offline license file. No outbound network calls are made after initial validation.

How do I move from Dev testing to production

Typical sequence after Dev:

  1. Deploy the Reporter as a DaemonSet alongside your forwarder for pre-SIEM cost visibility. For agentless SIEM-side analysis without deploying a DaemonSet, use the MCP server's SIEM-sample tool.
  2. Deploy the Receiver to act on the findings. Filter mode (cost-based sampling, mute files) or Compact mode (modeled in-place volume reduction on Splunk, self-hosted Elasticsearch/OpenSearch, or ClickHouse via a SIEM-side expand plugin).
  3. Optionally add Retriever to offload events to your own S3 bucket and fetch the exact events on demand.
  4. Optionally connect an agent via the MCP server to drive Filter caps and Retriever pulls from a chat session.

Each app deploys independently. See the App Guide for details.