Managing Groups

Fleet Management allows you to create groups to manage the configurations of a large number of instances with ease. Groups can be created using a simplified version of the LogScale query language which allows you to create dynamic groups where any new collector instance, which is enrolled into the fleet and meets the filters is automatically added.

The configurations which are applied to a group are created by combining one or more configuration snippets, the combined file is validated during the procedure and applied to all the instances in the group.

Group Page

Figure 9. Group Page


Combining Configuration Snippets

When you create a group you can assign multiple configurations to the group to create a complete configuration, without creating duplicated configuration sections.

Let's say for example you need to manage the configuration of 200 instances, where;

  • 115 instances collect data from services and have this combined configuration:

    yaml
    sources:
       service:
         type: file
         include: /var/service/*
         sink: logscale
    
      sinks:
        logscale:
          type: humio
          token: <ingest-token>
          url: <logscale-base-url> // example - https://cloud.community.humio.com

  • 85 instances collect data from var_log and have a combination of the above and another configuration.

    yaml
    sources:
      var_log:
        type: file
        include: /var/log/*
        sink: logscale
       service:
         type: file
         include: /var/service/*
         sink: logscale
        
      json_log:
        type: unifiedlog
        format: json
        include:
          - process: securityd
           predicate: eventMessage CONTAINS 'Session ' && subsystem == 'com.apple.securityd'
        parser: "apple/unifiedlog:unifiedlog-json"
        sink: logscale
    
      sinks:
        logscale:
          type: humio
          token: <ingest-token>
          url: <logscale-base-url> // example - https://cloud.community.humio.com

In the above case you would create three snippet configurations:

  • One containing the sinks section:

    sinks:
        logscale:
          type: humio
          token: <ingest-token>
          url: <logscale-base-url> // example - https://cloud.community.humio.com

  • Two containing the different sources sections:

    sources:
      var_log:
        type: file
        include: /var/log/*
        sink: logscale

    sources:
       service:
         type: file
         include: /var/service/*
         sink: logscale

Creating a Group

Groups allow you to manage the configuration of multiple instances of the LogScale Collector along with the possibility to combine configuration snippets to create a configuration which can be applied to all the instances in the group, these features allow you to bulk manage instances.

You can create groups which contain a static list of instances, using for example the id of specific machines or dynamic filters based on a subset of the LogScale query language, see Query Language Syntax for more information on our query language.

  1. Go to your LogScale account and click Data Ingest and select Groups.

    Group Page

    Figure 10. Group Page


  2. Click + New group, a pop-up is displayed.

    Create Group

    Figure 11. Create Group


  3. Specify a name for the group and search for the configuration or configurations snippets you want to apply to the group.

    The files are combined to create a single valid configuration file where possible and any merge conflicts which may occur are displayed on the pop-up. When the resulting configuration meets your requirements click Next. See Combining Configuration Snippets for more details on snippets.

    Create Group Error

    Figure 12. Create Group Error


  4. Use the filter to query the instances to add to the group, you can use a subset of LogScale Query Language to create a dynamic list of instances, or a more static list, for example by machine ID or version,

    version=1.*

    which will filter for instances running any version which starts with 1. The instances in the group are automatically updated with any new instances that meet the filter criteria. Click Create group.

    Create Group 2

    Figure 13. Create Group 2


Editing a Group

You can edit groups to change:

  • the name of the group

  • the configuration/s which are assigned

  • the instance included in the group (the filter)

  1. Go to your LogScale account and click Data Ingest and select Groups. The Group page is displayed.

  2. Click the three dots next to the group you want to edit and select Edit group. The edit pop-up is displayed.

  3. On the first page of the pop-up you can edit the configuration, see Creating a Group for details on the configuration or combined configuration for your group. Click Next to go to the filter page of the pop-up.

  4. On this page you can edit the query filters which are applied create a group of instances, you can use a subset of the LogScale Query Language to filter for instances. When you edit the query filters of a previously created group the pop-up displays how the changes impact the number of instances in the group. Click Update group.

    Edit Group

    Figure 14. Edit Group


Deleting a Group

You can delete groups when they are no longer required.

  1. Go to your LogScale account and click Data Ingest and select Groups. The Group page is displayed.

  2. Click the three dots next to the group you want to delete and select Delete group. The delete pop-up is displayed with details on how many instances deleting the group will effect.