What is Expanso and how does it work?

Expanso is a managed platform for deploying intelligent data pipelines at the edge. It processes data where it's generated - reducing bandwidth, latency, and costs. You deploy lightweight agents on your infrastructure, build pipelines using our visual builder or YAML, and control everything from a central SaaS platform.

Can I run AI/ML models directly in my data pipelines?

Yes! Expanso supports running ONNX, TensorFlow Lite, and other models as native pipeline steps. Execute low-latency inference on streaming data, enrich events with model outputs (like risk scores), and make decisions at the edge without cloud round-trips.

How many pre-built components are available?

Expanso provides 200+ pre-built components including inputs (Kafka, HTTP, files), processors (transformations, filtering, PII masking, aggregations), and outputs (S3, Snowflake, Datadog, Splunk). Browse the complete catalog in our Component Reference.

Do I need to write code to build pipelines?

No - use our drag-and-drop visual pipeline builder to create sophisticated pipelines without code. For advanced use cases, you can also write pipelines in YAML or use the Bloblang transformation language for complex data mappings.

How does Expanso help with data governance and compliance?

Expanso includes built-in governance features: automatic PII detection and masking, policy enforcement at the edge, RBAC, SSO integration, and comprehensive audit trails. Mask sensitive data before it ever leaves your network.

Real-Time Alerting

Overview

Detecting critical events quickly is essential for operational excellence, but traditional centralized monitoring introduces latency - data must traverse the network, be ingested, indexed, and queried before alerts fire. This delay can mean minutes between an incident occurring and teams being notified. Processing data at the edge enables sub-second detection and alerting, triggering notifications before data even reaches centralized systems.

Expanso's Approach to Real-Time Alerting

Expanso Edge runs detection logic directly at data sources, analyzing events in real-time and triggering alerts immediately upon pattern detection. Edge agents apply rules, thresholds, and pattern matching locally, sending alerts through multiple channels while continuing to forward data for historical analysis.

Key capabilities:

Sub-Second Detection: Analyze events as they occur at the edge, triggering alerts in milliseconds rather than minutes.
Pattern-Based Detection: Identify complex patterns across event sequences, not just simple threshold breaches - detect emerging issues before they become critical.
Multi-Channel Alerting: Send alerts to Slack, PagerDuty, email, webhooks, or custom endpoints directly from the edge without central coordination.
Intelligent Filtering: Apply de-duplication, rate limiting, and severity-based routing at the edge to reduce alert fatigue and noise.
Contextual Enrichment: Automatically add location, environment, and historical context to alerts at the source, improving incident response.

Benefits of Edge Alerting

Faster Incident Response

Reduce mean time to detection (MTTD) from minutes to sub-second
Alert on critical issues before data reaches centralized monitoring
Enable automated responses to events at the source
Maintain alerting capability during network outages

Reduced Alert Fatigue

Filter and de-duplicate alerts at the edge before generating notifications
Apply intelligent rate limiting to prevent storm conditions
Route different severity levels to appropriate channels automatically
Suppress known issues during maintenance windows without central coordination

Improved Context

Enrich alerts with edge-specific metadata: location, equipment ID, recent trends
Include relevant event history in alert payloads for faster diagnosis
Correlate events across local systems before creating alerts
Maintain full event context even when centralized systems are unavailable

Common Patterns

Threshold-Based Alerting Monitor metrics against static or dynamic thresholds, triggering alerts when values exceed limits. Apply at the edge for immediate notification rather than waiting for centralized metric aggregation.

Error Pattern Detection Identify sequences of errors, sudden spikes in failure rates, or specific error patterns that indicate systemic issues. Alert immediately while buffering events for later analysis.

Anomaly Detection Apply statistical analysis or ML-based models at the edge to detect unusual behavior: sudden metric changes, unexpected patterns, or deviations from historical baselines.

Multi-Event Correlation Combine events from multiple sources at the edge to detect complex scenarios: multiple related failures, cascading issues, or coordinated attack patterns.

Rate-Based Alerting Trigger alerts when event rates exceed thresholds: too many errors per minute, unusual request volumes, or unexpected traffic patterns - detected immediately at the source.

Example Use Cases

E-commerce platforms detecting payment processing failures at the edge, alerting teams instantly while orders are still in flight, enabling real-time remediation
Manufacturing facilities monitoring equipment sensor readings at the source, triggering immediate shutdown procedures for dangerous conditions before data reaches cloud systems
Security operations analyzing authentication logs at the edge, detecting brute force attacks or credential stuffing in real-time and triggering automatic IP blocking
SaaS platforms identifying service degradation at regional edge points, alerting operations teams and triggering circuit breakers before issues impact broader user base

Next Steps

Quick Start Guide: Build your first edge alerting pipeline
Bloblang Transformations: Learn pattern detection and filtering techniques
Mapping Processor: Apply detection rules and thresholds
Branch Processor: Route alerts to different channels by severity
HTTP Client Output: Send alerts to webhooks and APIs

Overview​

Expanso's Approach to Real-Time Alerting​

Benefits of Edge Alerting​

Common Patterns​

Example Use Cases​

Next Steps​