Query like you think

Hamelin queries flow top to bottom, making them easier to write, test, and read. Start with FROM, pipe through transformations with|, and build queries step by step.

Easily find event patterns

Hamelin is designed for security analysts who need to correlate events, not just search or analyze them. Hamelin focuses on finding patterns across time, using sliding windows and ordered matching.

Search across anything

Query across different event types without worrying about schema differences. Hamelin automatically aligns the schemas of hetereogenous datasets, and handles missing fields.

Embrace structure

Work with arrays, structs, and maps to represent complex data. Parse JSON into variant. Model data the way you think about it.

Built for AI

LLMs translate your detections from natural language to Hamelin more directly than to SQL. This makes queries easier for an LLM to write, and easier for you to review. Hamelin hides complexity behind sensible shorthand.

Use the tech you love

Hamelin compiles to Trino SQL. DuckDB, SparkSQL, and Datafusion are coming soon. It is designed to fit into the open data lake ecosystem, and to help you avoid vendor lock-in. Feel free to swap out the backend later. No query or content re-writes needed.