Fleet Management Overview
The Fleet Overview
page allows you to monitor the status of your fleet of Falcon LogScale Collector
instances which have been either enrolled into
Manage Remote Configurations
Management and those which have been added to Fleet Management.
(group managed instances) extend the configuration of an instance with an additional configuration, see Extending Remote Configurations.
Export a configuration file as a yaml file to be used as a template. Export Configuration Template
Manage the version of Falcon LogScale Collector installed on your fleet Managing Falcon LogScale Collector Versions - Instances
Note
You can only see Falcon LogScale Collector instances which have been configured to work with Fleet Management.
 |
Figure 15. Fleet Overview
Viewing the Status of your Fleet
You can achieve the following from Fleet
overview:
see when data was last ingested.
see how much data was ingested in the last 24 hours.
see which instance have been enrolled in remote configuration management and their configurations.
view the status of an instance where; Okay means no errors has been reported and Error means an error is present and you can view details in a pop-up.
Go to your LogScale account and click Data Ingest. The Fleet overview page will load with all the Falcon LogScale Collectors which have been configured for fleet management and/or enrolled in remote config file management.
Click on the left menu. The page will be displayed with the details listed above. You can use the filter boxes to filter by status and or the assigned configuration.
Switching between Live and Historic overview
The default overview is Live - meaning collectors that are online at the moment. The Live fleet overview will be continuously updated with details like status updates or new CPU metrics.
When disabled the fleet overview will display all records of collectors for the last 30 days. In this case the overview will not be updated with the latest information.
 |
Figure 16. Fleet Overview - Historic
Viewing Details on a Specific Instance
Search for specific instances to view details on the host and logs.
Go to Data ingest. The Fleet overview page will load with all the Falcon LogScale Collectors that have been configured for fleet management, see Fleet Management (
fleetManagement) for more information.Click on the left menu.
Search for the required instance by version, hostname or system, or use the filter boxes to filter by configuration and/or status. Click next to the instance.
Figure 17. Fleet Overview Search
Click and a pop-up is displayed with these details about the host, instance and the log sources:
General
Hostname — The name of the host.
System — The operating system on which the instance is running.
Version — The version of Falcon LogScale Collector installed.
IP Address — The IP Address of the host.
Machine ID — Unique UUID generated on the host machine.
Ephemeral Timeout — If a collector is offline for the specified duration it will be un-enrolled and disappear from the fleet overview.
Log Sources
Source Name — The name of the source.
Source Type — The type of source, for example, syslog.
Repository — The name of the repository assigned to collect the data via token.
Parser — The name of the parser, if assigned.
Metrics
Last activity— when the instance was last active.
ingest— the amount of data ingested in the last 24 hours.
CPU— the average CPU usage in the last 5 minutes.
disk— the max disk usage in the last 5 minutes.
memory— the max memory usage in the last 5 minutes.
Config
Config name— the name of the configuration or configurations which are assigned to the instance.
Added by— the source of the configuration assignment, which can be manual or the name of the group.
Error messages— A list of error messages related to the configuration YAML, like duplicated sections..
Combined YAML— The full configuration of the collector.
Figure 18. Instance Details Pop-up
Figure 19. Instance Details Pop-up - Config
Extending Remote Configurations
You can extend the group configuration which has been assigned to your Falcon LogScale Collector Instance through.
Go to Data ingest tab and click .
Click the ellipsis icon next to the instance you want to change and select .
Select the configuration to add the configuration (combined or singular) from the drop down menu and click to confirm.
Managing Falcon LogScale Collector Versions - Instances
This feature allows you to remotely manage the version of Log Collector installed on your fleet from the Fleet overview page. You can also manage the version at a group level from the Groups
page Manage Versions - Groups.
Note
If the version of Falcon LogScale Collector can be upgraded or rolled back the version number on the fleet overview page will be a click-able button. Only instances installed using Download and Install Falcon LogScale Collector Using Curl Commands(Full Install) can be managed remotely.
Upgrading an Instance
You can upgrade the version of a specific instance of a Log Collector.
Go to Data ingest tab and click . Make sure that the version column is displayed, if not click and select .
Click the version number.
Select the version to upgrade to and either click:
and the to apply the update to your instance now, or
to schedule a date and time when the update will be applied, then click .
Figure 20. Updates
Downgrading an Instance
You can downgrade the version of a specific instance of a Log Collector.
Go to Data ingest tab and click . Make sure that the version column is displayed, if not click and select .
Click the version number.
Select the version to downgrade to and either click:
and the to apply the downgrade to your instance now, or
to schedule a date and time when the change will be applied, then click .
Figure 21. Updates