Aggregate Data

The data displayed can be aggrated to make it easier to look for specific issues and cause, this will also change the type of widget used for the collector For example, If we suspect that a newly deployed version might be causing an increase in errors, we can switch aggregation for the widgets to version. This clearly displays an large number of errors originating from the most recently deployed version.

  • Aggregate results by dropdown allows grouping by hostname

  • Enables customized views of collector data

  • Supports filtering by hostname, machineid, system, version, and ipAddress

  • Filter syntax example provided in UI for user guidance

  1. Go to Data Ingest and click Insights.

  2. Aggregate by the same aggregation for all widgets go to the Aggregate results by dropdown menu and select how to aggregate data:

    • version: the version of Falcon LogScale Collector

    • system: the underlying operating systems

    • machineID: the machine ID where the Falcon LogScale Collector is installed.

    • IpAddress: the IP address of the machine where Falcon LogScale Collector is installed.

    • hostname: the hostname of the machine where Falcon LogScale Collector is installed.

    Errors

    Figure 17. Errors


  3. Optionally, you can then use the filter to refine the data displayed in the widgets on the page using simple queries, for example, system=ubuntu* OR hostname=linux-test-server-1 or a simple version based query like version=1.10.1 and click Apply.

    Errors

    Figure 18. Errors


  4. Click Open in overview in the errors table (only in an aggregated view) to view more details on the Falcon LogScale Collector instances.

    Open Overview

    Figure 19. Open Overview