Ingesting Data

After installing Humio on a server, you'll want to put in place a system to feed data automatically into Humio; this loading of information into is known as ingesting data. Configuring Data ingestion is an essential configuration step when you are setting up Humio.

The following diagram provides an overview of the configuration flow to ingest data using Humio.

graph LR; A["Install and Configure Humio"]--> B B["Create a Repository"]--> C C["Configure Data Ingest"]--> D D["Parse and Filter Data"]--> E E["Enrich Data"]--> F F["Query Data"] style C fill:#A6A0D2

Figure 22. Process graph

  • Ingesting Data

    You can use different methods to ingest data depending on your requirements; OS, Log format and so on.

    • Ingesting FDR data

      Humio can ingest Falcon Data Replicator (FDR) data into Humio without having to configure log shippers, see Ingesting FDR Data for more information.

    • Log Shippers

      Humio is able to ingest data from a wide range of log shippers, Log shippers use the Ingest API to send one or more logs to Humio. A log shipper can handle multiple logs, multiple log types, manage the log storage on disk, and pre-process the logs before sending them to Humio. Log shippers are covered in more detailed in Log Shippers.

    • Listeners

      Ingest listeners are a great way of shipping data to Humio through raw sockets, using either UDP or TCP. For more information, see Ingest Listeners.

    • Humio Ingest Tokens

      A repository can have one or more ingest tokens associated with it. Ingest tokens are used with the Ingest API to enable data to be routed to the right repository, and to associate a parser. See Ingest Tokens for more information.

    • Humio API

      the Ingest API can be used directly or through one of Humio's client libraries. See the Ingest API reference page for more information. For a list of software that is supported, see the Software Libraries in the Appendix.

  • Parsing data Parsing the data that is ingested enables the information to be tagged, specific fields and elements of the log data to be extracted, and enables an additional level of detail. The use of a parser also enables the type of the data and fields extracted to be configured, supporting metrics, graphing and dashboards, see Parsers for more information.

In most cases you will want to use a log shipper or one of our platform integrations. If you are interested in getting some data into Humio quickly, see the Ingesting Application Logs tutorial page.

Humio is optimized for live streaming of events in real time. If you ship data that are not live, you need to observe some basic rules so that the resulting events are stored in Humio as efficiently as if they had been received live. See Backfilling Data.