General

• Overview
• Comparisons

Overview

What is 10x

A stream processor that analyzes code and binaries to turn log events into typed, class-based objects — not raw text — eliminating 50–80% of log storage and analytics costs.

A lightweight, portable data engine that runs where your data is — locally, at the edge, or in the cloud. Works with your existing infrastructure — log forwarders (Fluentd, OTel, Fluent Bit), log analyzers (Splunk, Datadog, Elastic), and storage (S3, Azure Blobs). See Overview.

What does 10x do

Learns the structure of every log event your environment produces — from source code, container images, and Helm charts. At runtime, classifies and optimizes events without regex or manual rules.

Apps, each tackling a different part of the cost problem:

• MCP — agent-facing control plane. Drives the other apps from a chat session: query top patterns and cost drivers, sample SIEM events, cap noisy types, pull historical events from S3 on-demand.
• Reporter (DaemonSet alongside your forwarder) — shows which log event types cost the most, pre-SIEM.
• Receiver (sidecar) — two modes: Filter (lossy — cap noisy event types during spikes) or Compact (lossless — 50%+ volume reduction via a SIEM-side expand plugin).
• Retriever — stores all events in S3 at $0.023/GB; streams selected data to your SIEM on-demand.

Who is 10x for

SRE, DevOps, and FinOps teams facing:

• High costs from Splunk, Datadog, or Elastic for both hardware and licensing
• Billing spikes during traffic surges or incidents
• Storage bloat from verbose logs in k8s and microservices

Where does 10x run

Inside your own infrastructure — k8s, EC2, Lambda, or a local workstation. Log data never leaves your environment.

• Reporter — DaemonSet alongside your forwarder for pre-SIEM cost visibility. Not in the critical log path.
• Receiver — sidecar alongside your forwarder for Filter (cap noisy events) or Compact (lossless shrink) execution.
• Retriever — k8s pods that index S3 log archives and stream selected events to log analyzers on-demand.
• MCP — agent-facing control plane; runs wherever you run an MCP server (workstation, CI, infrastructure).
• Dev — CLI (Docker, macOS, Linux, Windows). Test on your own logs locally. Free, no account needed.

What makes 10x different

No parsing rules : Pipeline tools — Cribl, Logstash, OTel Collector, Vector — require regex, grok, VRL, or OTTL rules for every log format. Those rules break when code changes and need dedicated pipeline engineering to maintain. The 10x compiler builds symbol vocabulary from repos and containers. The JIT stream processor uses those symbols to recognize log structure and assign cached hidden classes at runtime — no regex, no grok, no per-format rules.

Predictable pricing : Commercial tools price per GB ingested — costs spike with traffic. 10x is priced per infrastructure node running log collection. Volume spikes, new applications, and traffic surges have no impact on cost.

Optimize everywhere : The hybrid AOT/JIT engine powers automatic log data optimization at every stage of the pipeline. Test locally, report on costs and regulate billing spikes at the edge, losslessly compact before shipping, ingest from S3 on-demand.

BYO stack : Works with your existing log forwarders, analyzers, time-series databases, object storage, and compute (K8s, Lambda, EC2). No migration required.

Zero egress : The engine runs as a lightweight runtime inside your infrastructure. Log data never leaves your environment. No vendor access to your logs required.

Powering agents : Every event exits the 10x Engine as a typed object with direct field access — not raw text to parse. Aggregation condenses millions of events into compact summaries — so AI agents operate on structured data instead of burning tokens on raw log lines, without exposing customer data to external models.

What tools does 10x work with

The 10x Engine fits your existing infrastructure. A modular extension framework supports integration across your stack:

• Log forwarders — Fluentd, Fluent Bit, OTel, Filebeat, Logstash, Splunk UF
• Log analyzers — Splunk, Datadog, Elastic, CloudWatch
• Time-series — Prometheus, Datadog, Grafana, SignalFx
• Object storage — S3, Azure Blobs, GCS
• Compute — K8s, Lambda, EC2, Docker

See Inputs, Outputs, and Compute.

Where should I start

Two paths — a free local CLI run on your own logs, or a 20-minute DaemonSet deploy for live SIEM cost visibility.

1. Dev (free, no account) — run on your own log files locally. See your reduction ratio in minutes.
2. Reporter — deploy as a DaemonSet alongside your forwarder for pre-SIEM cost visibility. Deploy in 20 minutes.

The Reporter publishes metrics to ROI Analytics — Grafana dashboards showing cost per application, volume by severity, and top expensive patterns. Act on the findings with the Receiver (Filter or Compact mode) or Retriever.

For agentless SIEM-side analysis without deploying a DaemonSet, the MCP server's SIEM-sample tool offers on-demand SIEM polling.

Comparisons

Does 10x work with Lambda and serverless

Yes. The DaemonSet Reporter and the Receiver sidecar both assume a long-lived host with a forwarder, so they don't apply directly to ephemeral Lambda functions. For serverless workloads:

• MCP server — the SIEM-sample tool analyzes Lambda log costs via your log analyzer's API (Datadog, CloudWatch, Splunk). Read-only, agentless, on-demand — no Lambda modification needed.
• Retriever — archives Lambda logs to S3 and streams selected events to your analyzer on-demand.

Pricing for serverless is based on the Retriever pods in your cluster, not on the number of Lambda functions.

How does 10x differ from log forwarders (Fluentd, OTel, Fluent Bit)

Complementary. The 10x Reporter deploys as a DaemonSet alongside your forwarder (pattern similar to datadog-agent or otel-collector); the Receiver runs as a sidecar in the log path to filter or compact events before they ship.

Log forwarders collect, route, and do basic parsing. 10x adds cost awareness (which event types cost the most), regulation (cap noisy types during spikes), and structured optimization (50%+ lossless volume reduction). No forwarder replacement needed.

How does 10x differ from Cribl

No parsing rules — Pipeline tools — Cribl, OTel Collector, Vector, Tero — require regex, grok, VRL, or OTTL rules for every log format. Those rules break when code changes and need dedicated pipeline engineering to maintain. The 10x compiler builds symbol vocabulary from repos and containers. The JIT stream processor uses those symbols to recognize log structure and assign cached hidden classes at runtime — no regex, no grok, no per-format rules.

Predictable pricing — Pay per infrastructure node running log collection, not per byte ingested. Log volume spikes, traffic surges, and new applications have no impact on cost.

How does 10x differ from Tero

Different signals, different approach — Tero uses AI to classify log patterns from raw text and infer waste categories. 10x classifies from pre-computed quantitative signals produced by the engine itself: regulation survival rate, optimization ratio, and stream match rate. Classification runs on numbers, not text parsing.

Zero data egress — 10x runs entirely inside your infrastructure. Log data never crosses a trust boundary. Tero requires API access to read your telemetry content for its catalog.

Lossless — 10x compacts events; nothing is dropped. Original logs expand at query time. For regulated industries with absolute retention requirements, lossless processing eliminates the compliance risk that filtering introduces.

16 platforms — 10x supports 16 log analyzer platforms. Tero supports Datadog, Splunk, and Prometheus.

How does 10x differ from log analytics tools (Splunk, Datadog, Elastic)

10x reduces the cost of log analytics without replacing them. Your SIEM configuration, dashboards, queries, and alerts all continue working unchanged.

• Reporter — identifies which event types incur the highest costs (pre-SIEM, DaemonSet)
• Receiver — Filter mode — caps noisy event types before they ship
• Receiver — Compact mode — losslessly compacts events 50%+ before ingestion
• Retriever — stores everything in S3, streams selected data to your SIEM on-demand

The open-source 10x for Splunk app auto-expands compact logs at search time. For other SIEMs, Retriever expands and streams events on-demand.

How does 10x differ from APMs and OpenTelemetry

Different goals. APMs (Dynatrace, AppDynamics) and OTel add instrumentation to your applications — more logging, more profiling, more tracing data. 10x processes the data your environment already produces to reduce its cost.

10x is agentless — no SDKs, no bytecode injection, no runtime overhead. Your application code runs exactly as written. 10x processes the output downstream via the DaemonSet Reporter or sidecar Receiver alongside your log forwarder.

The two are complementary: use APMs and OTel for application insights, then use 10x to reduce the cost of storing and analyzing that telemetry.

How do I extend 10x with custom integrations

Build custom input/output integrations using the 10x API framework:

Integration Type	API	Description
Log forwarders	InputStream or Log4j2	Read from or write to custom log forwarding tools
Log analyzers	Apache Camel	Read from 400+ analytics sources via YAML routes
Object storage	Object Storage	Index and query from GCP Storage, MinIO, etc.
Receiver modules	JavaScript	Define custom regulation rules and filters
Launcher types	Launcher	Deploy in k8s, Quarkus, or CLI