Engineering

Designing a detection engine that costs $0.0004 per event

Behind every continuous-evidence claim is a query engine deciding which events matter. Here's how we kept the per-event cost under half a millicent.

Jin HongApr 8, 202612 min read

Detection engines look simple from the product side: events come in, alerts come out. The hard part is doing it for $0.0004 per event when your customers are sending 30 million events a day.

Setting a per-event budget

Before any code, we set a budget: under half a millicent per event, end-to-end. If we couldn't hit that, the customer pricing model didn't work.

Architecture in three sentences

Events land in a Kafka topic, partitioned by tenant. A pool of stateless workers consumes the topic and writes to ClickHouse. Continuous queries run hourly against the same ClickHouse cluster, materialising into a per-tenant evidence table.

Engineeringcompliancelumora

Jin HongStaff Engineer

Jin built the Lumora detection engine. She writes about distributed systems, latency budgets, and PostgreSQL.

All posts →

Engineering · 8 min

Five anti-patterns we see in policy-as-code adoption

Policy-as-code is the right idea. The implementations we see most often aren't. Here are the five mistakes we keep talking teams out of.

Maya KrishnanMar 12, 20268 min read

Engineering · 11 min

SCIM without the tears

If you've never integrated with SCIM, you may believe it's a quiet, well-specified protocol. We're here to tell you the truth.

Jin HongFeb 14, 202611 min read

Setting a per-event budget

Architecture in three sentences

Related posts