Gravwell is a security data platform that collects and retains unstructured logs and large volumes of data in raw format without forcing data into predetermined schemas. The platform provides search capabilities that filter and transform data for security use cases and IT troubleshooting. Gravwell uses a pricing model based on nodes rather than data volume ingested, allowing organizations to collect unlimited data without per-byte charges or data caps.

The platform includes advanced search capabilities and Data Fusion technology that enables queries across multiple data sources simultaneously. Users can perform correlation analysis, baseline and anomaly detection, and create automated notifications based on statistical analysis of ingestion rates and data patterns. The system supports various data types including netflow records, syslog, DNS queries, and DHCP messages.

Gravwell targets organizations that need to collect and analyze large volumes of security data, build advanced analytics, and support multiple departments beyond security operations. The platform handles unpredictable data surges without dropping data or incurring additional costs, making it suitable for environments with variable data rates. The company positions itself as an alternative to traditional SIEM solutions and other security data platforms that charge based on data volume or impose usage restrictions.