Hi HN,I’m Dan Lussier I built a SIEM named nano. The platform took around 6 months to be fully featured (and tested, and security scanned.. many times over). I’ve been working in information security for over 20 years, and even if it sounds redundant, I always found major SIEM providers to 1, be insanely expensive and 2, often have issues (outages, inability to scale properly and still have strong capabilities / fast searches).Around December (2025), I started down the path of creating nano, at first I was reading about some research around some new extensions released for Postgres (I’ve been using it for over a decade for various projects, so I was intrigued). So, I started creating the SIEM, I got about a week into it and realized even with the new extensions, Postgres will just not scale for SIEM-like workloads (I already knew this overall for standard psql, but the extensions added some really cool keyword concepts for speed). After that I started digging in and found Clickhouse (which I had not used prior), and decided to transition off psql clickhouse for the logs. It made a huge difference (as expected), and really launched the full build once I saw the speed to cost ratio.The backend is written in rust - jobs/api/search, and Clickhouse for the log database. There are a couple other core components - dragonfly for cache (redis), Postgres for metadata/user data/rules, and prometheus for health collection. Each app component can be run stateless, allowing for the ability to utilize spot instances for cost savings on any cloud provider - I spent a lot of time in the early build process deploying completely on Rackspace Spot, and it was actually incredibly stable - but the lack of capacity made it so I had to move off (sometimes could take 12+ hours before a stack would deploy completely). I go in to more detail in my release blog post if you want to see benchmarks and more information about the architecture: https://blog.nano.rs/posts/introducing-nano.The query language should be familiar if you’ve ever utilized opensearch / splunk in the past - it’s a piped query language (nPL), I tried to keep it as familiar as possible, making it easy to jump into the platform. As far as structured (indexed) columns, there are just shy of 200 field names to map to pretty much any log source, these fields are highly indexed and when used in search should keep almost all searches 1 second to return data.I am releasing two versions, one is the open core stack (AGPL), this contains the core components of nano, including alerts, log ingestion, search, detections, rule editor, etc. It is a full solution, while it lacks some more advanced AI features and deeper case management, for hobby/self hosting it can handle whatever you throw at it. The other is the paid-for option, these start at $19/month (hobby tier), and scale up from there to Enterprise. Each tenant is fully deployed via a deployment system, we default to hetzner for hobby tier, civo for mid tiers, and aws/gcp for pro/enterprise. I tried to bring the costs in low enough if you want a fully featured platform, even as a hobby, you can for a relatively low price. That said, the open core version still offers a ton for just spinning up and onboarding for a small lab. The install is fully containerized for open core, and should take 1-2 minutes total for the entire deployment.Give it a shot (demo is on the landing page), and let me know your thoughts!https://github.com/nano-rs/nano https://nano.rs/docsDan