LogScale User Interface
LogScale is brought to you via a web-based user interface, and provides access to your repositories, server logs, and metrics, and is the central area for administration and control. You can set up and find repositories, configure views, filter data, and limit access based on your needs, all in one place.
Figure 1. LogScale User Interface
On smaller screens, the display may change to be simpler to make the best use of the available space.
Repositories and Views
Repositories are containers for your data server logs and metrics, with their own sets of users, dashboards, saved queries, and parsers. Views allow you to search across multiple repositories, can restrict your results to a specific subset of data, or limit access based on your interests and security needs.
To access your repositories and views, click the
tab on the top left of your screen:Figure 2. Repositories and Views
See the Repositories & Views documentation for much more information on how to create and use repositories.
Repository Settings
From within your repository, the Settings
page enables you to configure key settings for your repository, as well
as create and manage authentication tokens for ingesting data, or
managing Packages.
Figure 3. Settings
Go to Repository and View Settings for more information on what you can do from this page.
Search
Once you have data coming into your repositories, you can search that data
through the LogScale Search
UI page.
LogScale's Search functionality allows
for robust, fast regex searches of server logs and metrics in your
repositories.
Figure 4. Search
See the Searching Data page for instructions on how to search.
Dashboards
You can store often used searches in the
Dashboards
page.
Dashboards are a significant component of
the LogScale user interface, a great way to get an overview of your
systems. Dashboards are composed of
Widgets that you create to view
server activities in the form of various graphs and tables of relevant
data.
Figure 5. Dashboards
See the Dashboards & Widgets and Widgets documentation pages for more information.
Alerts, Actions & Scheduled Searches
Alerts are stored, live queries that continuously run and are triggered when user-set parameters are met or exceeded and users want to be notified, or when action must be taken. No more relying on routine checks, or worrying about not immediately detecting a problem when it occurs.
Actions are modules that can perform functions like informing administrators of a potential server problem. Alerts can also be set to trigger Actions.
Scheduled Searches are static queries, set to run on a schedule. At a scheduled interval, the query will run. If there is a result, the scheduled search will trigger its associated actions.
They are all available from the Alerts
UI
page:
Figure 6. Alerts
Go to Alerts documentation page for information on how to create and manage these items.
Parsers
When sending logs and metrics to LogScale for ingestion, they must be parsed before they are stored in a repository. This is the case for all but LogScale's structured ingest endpoint, which stores data as-is. Parsers take text as input, and put extracted values into named fields.
You create and configure parsers through the
Parsers
UI page:
Figure 7. Parsers
See Parsing Data documentation for more information.
Files
Files refers to
.CSV
files that are used for
importing metadata, to both enrich and filter your results in LogScale
using the match()
query function.
You create or import files through the
Files
UI page:
Figure 8. Files
See Lookup Files for more information.
Keyboard Shortcuts
LogScale supports a number of keyboard shortcuts that make it easier to navigate around the user interface, and also make editing queries and text easier.
For the full list of shortcuts you can use in LogScale, see the Keyboard Shortcuts dedicated documentation.
Among these shortcuts, the Jump Panel allows jumping to any repositories or dashboards: from anywhere within the user interface, press Ctrl+O and start typing the item you want to filter:
Figure 9. The Jump Panel
Notifications
Administrators can create notifications to inform LogScale users about warnings, possible issues in the system, and the like. The icon on the top-right of the User Interface shows if notifications are present:
Figure 10. UI Notifications
Notifications are created by administrators using the notify() GraphQL mutation.
Note
Notifications for alerts and scheduled searches are handled by a job that runs every 15 minutes. When an error or warning is added to an alert or scheduled search, it can take up to 15 minutes before a notification is created. When an error or warning is cleared on an alert or scheduled search, either automatically or manually, it can take up to 15 minutes before the notification is deleted. Manually dismissing a notification will not prevent it from being recreated on the next run of the job, if the error or warning is still present.
Manage Your Account & Settings
LogScale offers a range of global and account specific settings by clicking on your profile account icon in the top right corner:
Figure 11. Account & Settings
More specifically you can:
Manage account settings, like API tokens and appearance from the Managing Your Account for more information.
menu item, seeManage your users, groups and roles from the Manage users & permissions for more information on managing authorization in LogScale.
menu item, seeAdministrate your cluster nodes, Kafka clusters, monitor queries, set query quotas and more from the Cluster Management for more information.
menu item. See
Fleet Management
LogScale Collector Fleet Management allows you to monitor and manage a fleet of collector instances. To access these instances, click on the tab at the top of the screen.
Figure 12. Fleet Management
This page allows you to access:
Fleet Overview
Where you can get information about your configured instances of the Log Collector. See Falcon Log Collector Manage your Fleet.
Config Overview
Where you can centrally manage the configuration of all enrolled instances, including assigning a single configuration file to multiple instances, switching or modifying the configuration assigned, and monitoring the ingest and status of your instances.
Enrollment Tokens
Where you can create tokens for enrolling new instances, see Manage Falcon Log Collector Instance Enrollment
LogScale Collector Download
Where you can download the Log Collector and an example configuration file, see Falcon Log Collector.