Skip to main content
Tero Edge Edge is a telemetry policy runtime. It runs in your infrastructure and applies policies to telemetry before that data reaches an observability provider. Edge sits between telemetry sources and destinations: Use Edge when a policy should run before telemetry leaves your network. Common policy actions include dropping low-value logs, sampling high-volume events, redacting sensitive values, and transforming fields into a cleaner shape.

Where Edge fits

Tero owns policy review, state, and impact. Edge owns runtime execution for the policies deployed to it. Reviewers can inspect issue evidence and approve policy changes in Tero. Edge receives the policy set, evaluates incoming telemetry, and forwards the telemetry that remains after policy execution. Edge controls what reaches your observability provider.

When to use Edge

Edge is useful when the control should happen close to the telemetry source:
  • Redact sensitive data before it leaves your infrastructure.
  • Drop repetitive logs before they consume provider ingestion.
  • Sample or rate-limit high-volume events before they flood the pipeline.
  • Run the same field transforms across services before storage.
Provider-side controls can still be useful. Edge is the runtime surface for policies that need to execute in your environment instead of only inside Datadog, Splunk, or another destination.

What Edge processes

Edge receives telemetry through supported distributions and protocols, evaluates policies, and forwards surviving telemetry upstream. Current distribution docs cover:

Datadog

Datadog log and metric ingestion.

OTLP

OpenTelemetry Protocol ingestion.

All protocols

Multi-protocol Edge distribution.

Where to go next

Use How Edge works for the runtime model. Use Quickstart to run Edge locally and verify one policy.