What is Expanso and how does it work?

Expanso is a managed platform for deploying intelligent data pipelines at the edge. It processes data where it's generated - reducing bandwidth, latency, and costs. You deploy lightweight agents on your infrastructure, build pipelines using our visual builder or YAML, and control everything from a central SaaS platform.

Can I run AI/ML models directly in my data pipelines?

Yes! Expanso supports running ONNX, TensorFlow Lite, and other models as native pipeline steps. Execute low-latency inference on streaming data, enrich events with model outputs (like risk scores), and make decisions at the edge without cloud round-trips.

How many pre-built components are available?

Expanso provides 200+ pre-built components including inputs (Kafka, HTTP, files), processors (transformations, filtering, PII masking, aggregations), and outputs (S3, Snowflake, Datadog, Splunk). Browse the complete catalog in our Component Reference.

Do I need to write code to build pipelines?

No - use our drag-and-drop visual pipeline builder to create sophisticated pipelines without code. For advanced use cases, you can also write pipelines in YAML or use the Bloblang transformation language for complex data mappings.

How does Expanso help with data governance and compliance?

Expanso includes built-in governance features: automatic PII detection and masking, policy enforcement at the edge, RBAC, SSO integration, and comprehensive audit trails. Mask sensitive data before it ever leaves your network.

Log Processing at Edge

Overview

Modern distributed systems generate massive volumes of logs across edge locations, data centers, and cloud environments. Traditional centralized logging approaches struggle with high data transfer costs, slow query performance, and compliance challenges. Processing logs at the edge - where they originate - addresses these fundamental challenges while maintaining complete visibility into system health.

Expanso's Approach to Log Processing

Expanso Edge transforms log management by processing data at the source before sending it to centralized systems. Edge agents run directly on your infrastructure, applying intelligent filtering, aggregation, and redaction in real-time.

Key capabilities:

Intelligent Filtering: Remove debug-level noise and duplicate events at the source, typically reducing volume by 70-85% before transmission.
PII Redaction: Automatically detect and remove sensitive data (credit cards, SSNs, API keys) before logs leave the edge.
Pre-Aggregation: Calculate metrics and statistics locally, sending summaries instead of raw events.
Multi-Destination Routing: Send errors to search indexes, metrics to monitoring systems, and archives to cold storage - all from a single pipeline.
Real-Time Alerting: Detect critical patterns instantly at the edge, triggering alerts before logs reach centralized systems.

Benefits of Edge Log Processing

Processing logs at the edge provides significant operational and cost advantages:

Cost Reduction

Reduce bandwidth usage by 70-90% through intelligent filtering and compression
Lower cloud ingestion costs by sending only relevant events
Minimize storage costs by archiving pre-filtered data
Typical savings: 80%+ reduction in total logging costs

Performance & Compliance

10x faster queries by searching smaller, filtered datasets
Sub-second alerting on critical events vs. minutes with centralized processing
Automatic compliance with data protection regulations through source-level PII redaction
Regional data processing meets data sovereignty requirements

Operational Excellence

Centralized pipeline management across thousands of edge locations
Consistent processing rules deployed from a single interface
Real-time visibility into log volumes and processing metrics
Simplified troubleshooting with location-aware enrichment

Common Patterns

Severity-Based Filtering Keep only warnings, errors, and critical logs while discarding verbose debug output. This single filter typically provides 70-85% volume reduction.

Sensitive Data Protection Apply regex-based redaction to remove PII, credentials, and other sensitive information before transmission. Ensures compliance with GDPR, HIPAA, and other data protection regulations.

Metric Extraction Calculate error rates, latency percentiles, and custom business metrics at the edge. Send aggregated metrics to monitoring systems while archiving detailed events to cold storage.

Conditional Routing Route different log types to appropriate destinations: errors to Elasticsearch for analysis, metrics to Prometheus, critical alerts to Slack/PagerDuty, and all logs to S3 for archival.

Context Enrichment Add location, environment, and deployment metadata at the edge. Enables filtering and grouping in centralized systems without complex correlation queries.

Example Use Cases

Retail chains processing point-of-sale logs across hundreds of stores, filtering transaction noise while capturing all errors and compliance events
Manufacturing facilities monitoring equipment logs, aggregating metrics locally, and alerting on anomalies before sending summaries to centralized analytics
Financial services redacting PII from application logs, ensuring compliance while maintaining audit trails
SaaS platforms filtering high-volume debug logs from edge regions, routing errors for analysis while archiving filtered events

Next Steps

Quick Start Guide: Build your first edge log processing pipeline
Bloblang Transformations: Learn the transformation language for filtering and enrichment
File Input: Read logs from files or stdout
Mapping Processor: Transform and filter log events
S3 Output: Archive processed logs

Overview​

Expanso's Approach to Log Processing​

Benefits of Edge Log Processing​

Common Patterns​

Example Use Cases​

Next Steps​