LogScale User Interface

LogScale is brought to you via a web-based user interface, and provides access to your repositories, server logs, and metrics, and is the central area for administration and control. You can set up and find repositories, configure views, filter data, and limit access based on your needs, all in one place.

LogScale User Interface

Figure 1. LogScale User Interface


On smaller screens, the display may change to be simpler to make the best use of the available space.

Repositories and Views

Repositories are containers for your data server logs and metrics, with their own sets of users, dashboards, saved queries, and parsers. Views allow you to search across multiple repositories, can restrict your results to a specific subset of data, or limit access based on your interests and security needs.

To access your repositories and views, click the Repositories and Views tab on the top left of your screen:

Repositories and Views

Figure 2. Repositories and Views


See the Repositories & Views documentation for much more information on how to create and use repositories.

Repository Settings

From within your repository, the Settings page enables you to configure key settings for your repository, as well as create and manage authentication tokens for ingesting data, or managing Packages.

Settings

Figure 3. Settings


Go to Repository and View Settings for more information on what you can do from this page.

Dashboards

You can store often used searches in the Dashboards page. Dashboards are a significant component of the LogScale user interface, a great way to get an overview of your systems. Dashboards are composed of Widgets that you create to view server activities in the form of various graphs and tables of relevant data.

Dashboards

Figure 5. Dashboards


See the Dashboards & Widgets and Widgets documentation pages for more information.

Alerts, Actions & Scheduled Searches

Alerts are stored, live queries that continuously run and are triggered when user-set parameters are met or exceeded and users want to be notified, or when action must be taken. No more relying on routine checks, or worrying about not immediately detecting a problem when it occurs.

Actions are modules that can perform functions like informing administrators of a potential server problem. Alerts can also be set to trigger Actions.

Scheduled Searches are static queries, set to run on a schedule. At a scheduled interval, the query will run. If there is a result, the scheduled search will trigger its associated actions.

They are all available from the Alerts UI page:

Alerts

Figure 6. Alerts


Go to Alerts documentation page for information on how to create and manage these items.

Parsers

When sending logs and metrics to LogScale for ingestion, they must be parsed before they are stored in a repository. This is the case for all but LogScale's structured ingest endpoint, which stores data as-is. Parsers take text as input, and put extracted values into named fields.

You create and configure parsers through the Parsers UI page:

Parsers

Figure 7. Parsers


See Parsing Data documentation for more information.

Files

Files refers to .CSV files that are used for importing metadata, to both enrich and filter your results in LogScale using the match() query function.

You create or import files through the Files UI page:

Files

Figure 8. Files


See Lookup Files for more information.

Keyboard Shortcuts

LogScale supports a number of keyboard shortcuts that make it easier to navigate around the user interface, and also make editing queries and text easier.

For the full list of shortcuts you can use in LogScale, see the Keyboard Shortcuts dedicated documentation.

Among these shortcuts, the Jump Panel allows jumping to any repositories or dashboards: from anywhere within the user interface, press Ctrl+O and start typing the item you want to filter:

The Jump Panel

Figure 9. The Jump Panel


Notifications

Administrators can create notifications to inform LogScale users about warnings, possible issues in the system, and the like. The icon on the top-right of the User Interface shows if notifications are present:

UI Notifications

Figure 10. UI Notifications


Notifications are created by administrators using the notify() GraphQL mutation.

Note

Notifications for alerts and scheduled searches are handled by a job that runs every 15 minutes. When an error or warning is added to an alert or scheduled search, it can take up to 15 minutes before a notification is created. When an error or warning is cleared on an alert or scheduled search, either automatically or manually, it can take up to 15 minutes before the notification is deleted. Manually dismissing a notification will not prevent it from being recreated on the next run of the job, if the error or warning is still present.

Manage Your Account & Settings

LogScale offers a range of global and account specific settings by clicking on your profile account icon in the top right corner:

Account & Settings

Figure 11. Account & Settings


More specifically you can:

  • Manage account settings, like API tokens and appearance from the Manage your Account menu item, see Managing Your Account for more information.

  • Manage your users, groups and roles from the Organization Settings menu item, see Manage users & permissions for more information on managing authorization in LogScale.

  • Administrate your cluster nodes, Kafka clusters, monitor queries, set query quotas and more from the Cluster Administration menu item. See Cluster Management for more information.

Fleet Management

LogScale Collector Fleet Management allows you to monitor and manage a fleet of collector instances. To access these instances, click on the Fleet Management tab at the top of the screen.

Fleet Management

Figure 12. Fleet Management


This page allows you to access:

Fleet Overview

Where you can get information about your configured instances of the Log Collector. See Falcon Log Collector Manage your Fleet.

Config Overview

Where you can centrally manage the configuration of all enrolled instances, including assigning a single configuration file to multiple instances, switching or modifying the configuration assigned, and monitoring the ingest and status of your instances.

Enrollment Tokens

Where you can create tokens for enrolling new instances, see Manage Falcon Log Collector Instance Enrollment

LogScale Collector Download

Where you can download the Log Collector and an example configuration file, see Falcon Log Collector.