Astral Indexer

The Astral Indexer is the component responsible for indexing, storing, and retrieving all data ingested by the Astral SIEM. It provides the foundation for fast search, analytics, and visualization by efficiently managing large volumes of security events, logs, and telemetry.

Astral Indexers are deployed as containerized services using Docker on the host machine. This deployment model enables flexible scaling and consistent operation across different environments, allowing additional indexers to be added as data volume, retention, or performance requirements increase.

The Astral Indexer architecture supports high availability (HA) by allowing multiple indexer instances to operate in parallel. Data ingestion and search operations can be distributed across these instances, ensuring resilience against individual node failures and maintaining service continuity. This design enables Astral to sustain performance and availability even under high ingestion rates or infrastructure disruptions.

By distributing data storage and query processing across multiple indexers, Astral ensures efficient use of system resources and rapid response times for searches and analytics. The Astral Indexer integrates seamlessly with the Astral Balancer and Correlator, enabling reliable ingestion, correlation, and visualization as part of a unified SIEM architecture within the Inopli ecosystem.