Unified Ingestion Lakehouse

Real-time log database tracking security telemetry streams, operating systems, network events, and hardware inventories.

Ingestion Rate

5120EPS

Storage Utilized

86.42GB

Data Retention

365Days

Operational Data Marts

Unstructured & Raw Logs12.4M rows

Stores raw syslogs, emails, chat logs, images, and unparsed system events.

Windows Events4.8M rows

Active Directory, Kerberos authentications, and PowerShell audits.

Linux Syslog3.2M rows

SSH logons, systemd processes, and daemon events.

Legacy OS (AS400/zOS)1.1M rows

Mainframe transaction journals and RACF access logs.

Firewall Traffic8.9M rows

Network transit packets, firewall rules, and port states.

Identity Governance150K rows

SailPoint IGA, role access changes, and SSO events.

Hardware Inventory1,502 rows

Device types, CPU layout, RAM metrics, and MAC addresses.

Software Inventory4,812 rows

Installed agent binary versions and local dependency paths.

Table: clickhouse.unstructured_raw

🔍

timestamp	source_ip	data_type	raw_content
11:33:02	10.100.12.45	EMAIL	Subject: Security Alert Alert - phishing reported on node 'BOS-01'
11:33:10	10.100.14.78	CHAT	Slack: #incident-response: vm containment executed by orchestrator
11:33:12	10.200.4.5	RAW_SYSLOG	OS390: syslog: RACF access granted to admin key
11:33:20	10.100.12.45	IMAGE	Asset capture: bios_motherboard_revision_b.jpg (SHA256: 8fa12c9b...)

Stores raw syslogs, emails, chat logs, images, and unparsed system events.

timestampDateTime

Ingestion time

source_ipString

Origin host IP

data_typeEnum('CHAT', 'EMAIL', 'IMAGE', 'RAW_SYSLOG')

Type of unstructured payload

raw_contentString

Unstructured message, conversation text, or image metadata