Security Requirements and Controls
Change view or repo descriptionpermission
Settings page enables you to configure
key settings for your repository. The page is divided into a number of
Permissions controls user access to the repository
The creation, configuration and installation of Packages is described in the dedicated documentation, which you can find in Packages for more information.
Note that the exact list of available options in this view will depend on
the user permissions and repo.
System repos, for example, cannot be
deleted and so the Danger Zone
will not be shown. The user
repository can't be deleted, and can't be configured with multiple users.
page. This description, along with the name of the repository, will
appear on the tab when you
first log into the LogScale Interface.
Figure 20. Basic Settings
The screenshot above is from a recent version of LogScale. It shows the Settings section of the UI, in particular the Basic Information panel. Below is a list of each part of that panel, with descriptions of each:
This is a description of the repository. To update it, type in the field and click.
Use this to specify the type of repository. For example, you could select a trial or a managed repository (e.g., Falcon LTR).
Repository usage tag
This is where you may specify a tag for the repository so that it may be grouped with other repositories with the same tag. To set or update this, enter a tag and click.
Check this box if search should be started automatically when the Search page is loaded. Uncheck it if it you don't want it started automatically.
Related to the above about automatic search, you can set here the default query which is loaded by default when the search pages is loaded.
The data retention configures when LogScale will delete events from the repository. Old data will be removed automatically when any of the configured limits is reached.
To configure the fields, click on.
Ingest limit in GB (Uncompressed)
Automatically deletes old data when the ingest limit (raw data size) is reached.
Storage size limit in GB (Uncompressed)
Automatically deletes old data when the stored data, including fields and data expanded or filters during parsing, is reached.
Time limit in days
Automatically deletes old data when the event @timestamp passes beyond the configured limit.
The maximum customer configurable limit within LogScale Cloud deployments is 365 days. Please contact support if you would like a limit higher than this.
Once you have finished editing click.
Repository access can be configured on a per-user basis by adding a user and setting their role for each repository.
Figure 21. User Permissions
Select a repository from the
Views page and click on the
To add a user to this repository, clickunder .
Click thebutton to add users and then you will be prompted to set their role.
For more information on user management, see Configuring Security.
On this page you can manage the ingest tokens and assigned parsers, for more information on generating, editing and deleting tokens and assigning parsers to tokens see Ingest Tokens.
Figure 22. Ingest Tokens
Block Ingestion page enables you to
temporarily block ingestion for a short period of time, after which it
will be re-enabled. This can be useful in a variety of situations where
the level of ingestion and activity are causing performance or reporting
For more information, see Disabling Ingestion.
Figure 23. Block Ingest
LogScale segments data into indexes called, data sources which are created automatically as data is ingested into the repository. You can't create them in this section of the User Interface. You can only delete them. You might do this if a data source is old and no longer needed and you want to save the space.
Datasources can be tagged. You can create your own tags and assign them to events. See the Event Tags documentation page for more information on tags.
Figure 24. Data Sources
Deleting a Datasource
Click the trash can icon next to the datasource to delete the datasource. This is a permanent deletion.
Danger Zone panel is so named because
the actions that can be taken here involve the deletion of data and
actions that cannot be reversed. Some actions don't include deleting
data, but can cause problems with the functioning of LogScale, leading
to major disruption of service -- and can be difficult to resolve. As a
result, you should be very cautious when making changes here.
Figure 25. Danger Zone
Danger Zone provides access to two
areas of the repository settings which have the potential to modify or
Repository Name — enables you to change the name. Note that this will change the URL and API calls associated with the repo, and may also affect the queries and automated actions associated with the repo.
Destroy this repository — this option is not available to Cloud users. You must contact Support to delete a repository.
The Packages area allows you to install packages, verify the packages which are installed and create a custom package, see the dedicated documentation Packages for more information.