Fleet and Group Management

The Falcon LogScale Collector Fleet Management feature simplifies monitoring and managing multiple collector instances through two distinct approaches: Remote Configuration Management, which offers validated configuration editing and group-wide changes, or Local Configuration Management for manual file control.

Falcon LogScale Collector provides a way to manage a multiple instances of Falcon LogScale Collector throughout the organization from a central location.

These pages can be used to perform the steps required work with Falcon LogScale Collector locally or remotely (using centralized management):

Manage Falcon LogScale Collector Versions - Instances Manage the version of instances.
Create a Configuration - Remote or use groups to create aggregated snippet based configurations and manage groups of instances.
Monitor the status of your fleet and download the Falcon LogScale Collector.
Enroll Instances and configure any required Enrollment Command Options.
Enable Debug on your Falcon LogScale Collector Instances.

Falcon LogScale Collector Data ingest tab provides a set of functionalities which allow you to monitor and manage a fleet of collector instances.

There are two different approaches to managing your fleet from fleet management;

Fleet Management with Remote Configuration Management (recommended method) which allows you to monitor the status of your instances and;
- manage your configuration files using an editor which validates the file as you type,
- reuse configurations across groups of collectors which also means you can roll out a change to multiple instances easily,
- extend configurations
- test out new configurations without impacting log collection.
Fleet Management with Local Configuration files this method allows you to monitor the status of your Falcon LogScale Collector instances but manage the configuration files manually.

Fleet Management Query Modes

Fleet Management provides two query modes:

New mode, which is now the default mode. This mode queries exclusively using #kind tags, and only fully supports collectors running version 1.9.0 or newer. In this mode, collectors on versions 1.5 - 1.8 are identified in the Fleet Overview by a "Requires 1.9.0+" status. Collectors below 1.5.x only appear in the historical section.
Legacy mode, which remains available for existing workflows and is unchanged. This mode does not support using #kind tags for queries. However, it performs queries across all collector versions, including collectors that are not enrolled, and collectors on versions older than 1.9.0, providing visibility regardless of version.

Use the Settings button in the Fleet Overview window to switch between the new and legacy views.

Dashboard displaying summary cards for fleet statistics including total collectors, active collectors, configuration status, and collector health metrics with navigation tabs for Overview, Groups, Remote configs, Enroll token, and Logging

Figure 7. Fleet Overview

Versions of this Page

Fleet and Group Management

Similar Content

Enter search term