Skip to main content


the central unit of the Search Anywhere Framework

the core module

is the central unit of the Search Anywhere Framework, orchestrating the interaction among its various components and providing a unified access point to their functionalities.

It encompasses an analytical engine that implements the SAF Language — a specialized "Search Processing Language" tailored for executing intricate correlation searches within the SAF ecosystem. This language facilitates a deep exploration of vast data volumes, unveiling significant trends, relationships, and anomalies.

The Core Module not only enables automated actions and notifications in response to search queries but also houses tools for constructing the Asset-Service-Model, granting users the capability to visually trace and represent causality relationships, such as degradation in service quality or specific IT/IS infrastructure malfunctions.

key features

search anywhere™ technology

With the SAF Language as its foundation, the Core Module can interact with data stored across various data stores using the universal Search Anywhere™ technology. This module is also adept at triggering diverse notifications or executing automated actions as reactions to specific search inquiries.

Data collection and analysis within the Core Module follow a bottom-up approach—from the sources to high-level health indicators. Conversely, users are granted a top-down perspective, which allows them to monitor the situation, starting from the general monitoring object state to the real reasons behind potential incidents. This structure ensures that users are just a few clicks away from diving deep from metrics and indicators to raw events or functional dashboards that vividly showcase the reasoning behind any particular metric or indicator's current state.
Examples of using Search Anywhere Technology:
  • events from OpenSearch and the win_events index;
  • events from Clickhouse from the events database, nix_events table;
  • events from a postgre connection with a saved pg_query request.
source os:win_events, clk:events.nix_events, db:postgre:pg_query
Configuring all necessary configurations using Search Anywhere Technology provides easy and fast access to data from various sources, while the SAF interface offers convenient tools for managing connected data sources, conducting searches, and analyzing information.

SAF language

Integral to the Core Module is the SAF Language. This language, distinguished as a type of "Search Processing Language", is meticulously crafted to expedite the execution of correlation searches and an array of advanced search tasks. It integrates a plethora of functions, operators, and both SQL and UNIX-pipe syntax. This rich array of tools facilitates users in elucidating complex relationships present within datasets.
source sysmon_operational-*
| aggs count as countEvents by winlog.task.keyword
| sort 20 - countEvents
| eval currentTime = now ()
| rename winlog.task.keyword as task
| table currentTime, task, countEvents

dashboard framework

A built-in wizard streamlines the visualization process, enabling users to quickly devise, customize, and embed the desired visualization type on a dashboard.


    A unique aspect of the Core Module is its built-in tool for the Asset-Service-Model's construction. With a visual constructor, users can devise metrics and indicators, calibrate interconnections, and influence algorithms across various levels. This capability unveils the potential to track and visually depict cause-effect relationships, such as a service's deteriorating quality or glitches at the level of distinct IT/IS infrastructure components.
    The module facilitates the creation of multiple Asset-Service-Model's tailored for varied objectives and offers role-based access control to them. Some of the core purposes include monitoring the health of services and IT infrastructure state, ensuring alignment of information protection tools with stipulated regulations, and overseeing key metrics across different business process stages.

    knowledge center

    The Knowledge Center is used to build corporate knowledge bases. It allows for the integration of intellectual contributions from employees with the results of machine data analysis. With this module, users can write articles and add dashboards to them, bringing the material to life and making it interactive.
    Developers and platform users will be able to share knowledge not only in visual displays, but also by using material created in a simple and convenient text editor. Dynamic content involves the use of previously created dashboards and the results of correlation queries in articles.
    Knowledge Center represents all types of objects that can be reused in SAF.

      Contact Us

      Please type your full name.
      Invalid Input
      Invalid email address.
      Invalid Input
      Invalid Input

      We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.