SIEM systems help organizations analyze data for security incidents, with tasks like data collection, normalization, event analysis, threat detection, incident response, and reporting. However, the increasing volume of data, especially from cloud usage, elevates SIEM solution costs. Teams pre-filter data sources to stay within budgets, raising security risks. Our challenge is cost-effectively storing security data. OpenSearch’s indexing and query DSL can address this. We’ll share our experience building a cost-effective SIEM using OpenSearch and discuss the engineering hurdles we faced.