Feature Update
Announcing Trino Integration with Mach5: SQL Over Your Cloud-native Search
TABLE OF CONTENTS
Need Help?
Our team of experts is ready to assist you with your integration.
We're excited to announce native interoperability between Mach5 Search and Trino. Teams can now use standard ANSI SQL to query Mach5 indices, join across multiple indices, and plug datasets into their favorite BI tools without copying data or standing up extra pipelines.
The connector uses Trino's OpenSearch integration to treat Mach5 indices as SQL tables, so analysts and engineers get fast, flexible access to search data with the skills and tools they already use.
Why this matters
Search data is often the most operationally valuable data you have—for example: security events, observability signals, user behavior, catalog and content indexes. Historically, getting this data into SQL workflows required ETL, duplication, or bespoke connectors, slowing time-to-insight and driving up cost. With Mach5 + Trino, that friction drops dramatically:
•
Use SQL instantly
Query Mach5 indices with SELECT, JOIN, WHERE, GROUP BY—no new query language to learn.
•
Join across indices
Blend user, order, session, or event indices on the fly for richer analysis.
•
Keep data in place
Mach5 stores index data on object storage (e.g., Amazon S3), so you scale analytics without data silos.
How this enables security teams
•
Ad-hoc analysis and exploration
Run quick SQL to validate hypotheses on top of live search indices.
•
Security & observability analytics
Correlate events across indices (e.g., user sessions ↔ audit logs ↔ VPC flows) directly in SQL.
•
BI & reporting
Point Trino to Mach5 and connect your SQL-native tools to build dashboards without materializing separate warehouse copies.
Under the hood, Trino's OpenSearch connector is configured to target your Mach5 OpenSearch-compatible endpoint. That means the same SQL you write in Trino can address Mach5 indices, list catalogs and tables, and even count or join across indices from the Trino CLI or your BI tool of choice.
Built for your data platform reality
•
Object-storage native
Mach5 indexes live on S3/GCS/Azure Blob, giving you elastic scale and durable retention while Trino provides the SQL fabric on top.
•
OpenSearch/Elasticsearch compatibility
If your teams already use those APIs and tools, the mental model carries over; Trino simply adds SQL on top.
•
Governance-friendly
Use your existing Trino catalogs, roles, and access patterns; pair with Mach5's authentication and authorization to keep data access controlled.
Who benefits from this Integration
•
Security & platform teams
They can correlate events across indices without staging data, speeding up investigations and reducing pipeline overhead.
•
Data engineers
Can avoid building and maintaining bespoke sync jobs just to serve SQL-native consumers.
•
Analysts & product teams
Get direct, governed access to operational search data from SQL and BI tools, accelerating decisions.
Where to go next
•
Set it up in minutes
Follow the Trino OpenSearch connector guide for Mach5 (Helm install, catalog config, CLI steps).
•
Try a join
Use the sample users and orders indices in the doc and run the provided JOIN query to validate your setup.
•
Connect your BI tool
Point Trino to Mach5 as a catalog so teams can build dashboards without data copies.
If you're standardizing on SQL for analytics, or you're consolidating observability/security analytics into a search + SQL pattern, the Mach5 + Trino integration gives you the fastest on-ramp: query search indices with ANSI SQL, keep data in place, scale on object storage, and stop rebuilding the same pipelines.
Read the setup guide: Trino OpenSearch Connector with Mach5 Search
