We're helping companies manage their security logs. We've built a fantastic product for a company our stage and signed up some amazing customer logos in the process. We're working on moving up-market and building a product that can displace some of the enormous vendors in the space.
We made pql.dev that works with the different sql syntaxes by translating kusto like queries to sql (using CTE). It's worked really well thusfar and I wish someone would make a standard pipelined query language that gets supported across most databases
I know prql exists, but the syntax is pretty cumbersome and not something I enjoyed writing, but I do understand why folks would gravitate towards it
We're incredibly biased since several members of our team worked at Cloudflare, but we spend ~$20 a month on Cloudflare for our startup and it is fantastic.
- Marketing videos on stream
- Pages for multiple nextjs sites
- DNS + Domain Reg
- cloudflared / tunnels for local dev
- zaraz tag manager
- Page rules / redirect rules for vanity redirects we want to do.
The list gets longer every day and the amount of problems we can solve quickly is amazing. The value to money is unmatched
The main goal was to help security engineers / analysts, who _loathe_ sql (for better or worse).
I tend to think this is a little more user friendly, personally, and it's nice to give some open-source competition to the major languages that are used in security (SPL, Sumologic, KQL, and ES|QL).
We were surprised that there weren't syntactic competitiors (i.e. -- while prql has some similar goals, the syntax and audience in mind were very different)
How's perf for the compiled queries? The first thing I see in the examples is what appears to be a CTE-by-default approach that, in most (all?) engines, means the generated query ultimately runs over an unindexed (and maybe materialized!) intermediary resultset.
I hate to shill in this thread, but that's exactly what we built at runreveal, so I completely agree! We saw the power of clickhouse when we were at segment and cloudflare, so built a company around it.
And since clickhouse is open source, we hope that people will stop giving their security data to vendors who then charge you rent for it. I think the future is writing this data to clickhouse, but also our customer's clickhouses
The json parsing library that parses the config file allows either syntax. That was intentional since we get in the habit as go programmers of ending lines in structs/maps with commas, it's just for convenience.
Serious question though, why use "JSON" at all then? You can just admit it's JWCC, which is fine, at least that's a distinct term -- but even that's not a spec, it's just a blog post that very few people even know about. Even that same blog post endorses using TOML, the spec generally preferred for things that may need to be human-edited. It meets humans half-way a lot better than even JWCC, which is the kind of practicality I think even Grug would prefer.
We're helping companies manage their security logs. We've built a fantastic product for a company our stage and signed up some amazing customer logos in the process. We're working on moving up-market and building a product that can displace some of the enormous vendors in the space.
Email evan @