Cloud FAQ
General questions about Cloud apps (Reporter and Streamer) — deployment, infrastructure, data access, and integration.
For detailed questions about each product:
-
Cloud Reporter — Cost analysis, calculations, recommendations, integrations
-
Storage Streamer — Querying, performance, comparisons, failure modes
Deployment & Infrastructure
Where do Cloud apps run — my infrastructure or Log10x's?
Both Cloud Reporter and Storage Streamer run in your own Kubernetes cluster — not in Log10x's infrastructure.
- No log data leaves your environment — all processing happens inside your cluster under your control
- Log10x provides the engine binary — you manage deployment, configuration, and secrets. Optional: use our SaaS control plane (console, API, Prometheus, Grafana) to orchestrate both engines
- Your data stays in your VPC — Reporter samples from your SIEM via REST API; Streamer processes events you route to S3
Which cloud providers are supported?
Cloud Reporter: Platform-agnostic. Runs on any Kubernetes cluster: - AWS EKS - Google GKE - Azure AKS - On-premises (any Kubernetes)
Storage Streamer: AWS-first architecture - Today: AWS EKS (requires S3 + SQS for indexing and querying) - Roadmap: Azure Blob Storage
Both apps read from / write to the same log analyzers regardless of where K8s runs (Splunk, Elastic, Datadog, CloudWatch).
How are Cloud apps deployed?
Cloud Reporter:
- Deployed via Helm chart (log10x-cron)
- Runs as a Kubernetes CronJob — executes on a schedule (e.g., every 15 minutes)
- Minimal footprint: <0.1% of your SIEM capacity
- Read-only access to your analyzer
Storage Streamer:
- Deployed via Terraform module (terraform-aws-tenx-streamer)
- Runs as long-running EKS Deployment with three roles: index (receives S3 files), query (searches index), stream (sends results to SIEM)
- Can be deployed as all-in-one or across separate clusters for independent scaling
- Requires AWS infrastructure: S3 buckets, SQS queues, IAM role (IRSA in production)
Data Access & Security
Does Log10x access my actual log events?
No. Both apps run inside your cluster and process only what you authorize.
Cloud Reporter: - Reads small, representative samples from your SIEM's REST API (not a full stream) - Processes in-memory, never stored persistently or transmitted externally - Aggregates to report cost attribution by event type (metadata only) - Your raw logs never leave your SIEM
Storage Streamer: - Processes events you explicitly route to S3 — no automatic ingestion of your SIEM data - Indexes files as they arrive, streamed queries expand selected events on-demand - Index stays in your S3 bucket; you control retention and deletion
What credentials do Cloud apps need?
Cloud Reporter:
| Credential | Value |
|---|---|
| TENX_LICENSE | your Log10x API key |
| Splunk | username + password (or API token) |
| Elasticsearch | username + password |
| Datadog | API key + App key |
| CloudWatch | AWS access key + secret |
Store all credentials in Kubernetes Secrets (not in config files).
Storage Streamer:
| Credential | Details |
|---|---|
| TENX_LICENSE | your Log10x API key |
| AWS IAM role | via IRSA (no long-lived credentials in production) |
| Splunk HEC | token for output streaming (optional) |
| Elasticsearch | username + password for output streaming (optional) |
| Datadog | API key for output streaming (optional) |
Store all credentials in Kubernetes Secrets.
Integration
Do Cloud apps require changes to my existing log pipeline?
Cloud Reporter: - No pipeline changes — reads from your SIEM's REST API (read-only sampling) - Works with any existing forwarder: Fluentd, Fluent Bit, Filebeat, OTel, etc. - No modifications needed to current log shipping
Storage Streamer:
Requires routing logs to S3 via your log shipper.
Supported shippers: - Fluent Bit - Fluentd - Vector - Logstash - Any S3-compatible shipper
Routing options: - Route all logs to S3 — cheaper, stream on-demand queries back to SIEM - Route specific log types to S3 — keep hot logs in SIEM, cold logs in S3
No changes to your SIEM itself.
Which log analyzers and SIEMs are supported?
Cloud Reporter reads from (inputs): - Splunk - Elasticsearch / OpenSearch - Datadog Logs - AWS CloudWatch Logs
See supported analyzers for configuration details.
Storage Streamer streams to (outputs): - Splunk HEC (HTTP Event Collector) - Elasticsearch / OpenSearch - Datadog - AWS CloudWatch Logs - Any HTTP endpoint (custom tools, webhooks, syslog, TCP)
Output types: - Events — raw log data - Aggregated metrics — summary statistics
Can I use Cloud apps without Edge apps?
Yes. Cloud Reporter and Storage Streamer work independently:
- Cloud Reporter alone: Get cost insights, identify high-cost event types, optimize at the source
- Storage Streamer alone: Stream logs from S3 on-demand, cut ingestion costs by 70-95%
- Streamer + Edge Optimizer: Combine for maximum savings
- Edge Optimizer losslessly compacts events before they upload to S3 (50% reduction)
- Storage Streamer indexes compact events and expands on query
- Total S3 cost drops by another 50% on top of ingestion savings