Querying Data

Learn the basics of writing basic queries in Humio

After installing Humio on a server, ingesting data into Humio and having this data parsed, you can start asking Humio to dive deep into the data, by making queries against the fields available in the events. Learning how to query data in Humio is an essential step to effectively use Humio.

graph LR; A["Install and Configure Humio"]--> B B["Create a Repository"]--> C C["Configure Data Ingest"]--> D D["Parse and Filter Data"]--> E E["Enrich Data"]--> F F["Query Data"] style F fill:#A17CA0,color:#fff

Figure 70. Process graph


The events ingested and parsed in Humio can be any type of text based data, structured and unstructured, whether it’s from application logs, infrastructure events, network, or other security-related devices or applications.

Querying these event logs captured in Humio means proactively analysing all your data, making the most of it by asking the right questions and finding answers in order to address issues from your business’ use cases.

For example, you may want to have insights on the users visiting your Company’s website, investigating on where they are coming from, whether they lose the connection, whether they experience errors while on the website, and the like.

All this can be achieved by thoroughly searching your event fields, doing calculations and using query combinations that are made possible by the Humio's powerful query language and its numerous query functions — see them in detail at Query Language and Query Functions.