Your SOC team spends more time waiting for dashboards than investigating threats. XERJ runs the canonical SIEM query battery — top source IPs, auth-failure clustering, lateral movement detection — at 74× the speed of Elasticsearch, on a single node that costs a fraction of a 4-node ES cluster.
[logs] retention_days = 90. No ILM policies, no rollover aliases, no curator scripts.The playbook walks the full recipe — schema, ingest command, queries, and the dashboard. The playground runs on seeded data; benchmarks were measured against Elasticsearch 8.13 on 2026-04-14.
Send us your SIEM event schema and a 24-hour sample. We'll run the head-to-head on your data and send back the numbers — with the reproduction scripts so you can verify.