Humio Made Simple
Part of our Getting Started Tutorial series:
There is an easy way to get to know Humio without having to install it. Just go to Humio Cloud and use our Sandbox repository with sample, streaming data. The tutorial includes an interactive guide that will take you through the steps of how to search and monitor data.
The interactive tutorial will walk you through the user interface, the key components, how to perform a search, and query the sample data. The tutorial is self-guided and self-explanatory.This guide provides a walk and some tips on how to get the most from the tutorial.
You register for a free account using Humio Community Edition.
To get started with a full account, go to Getting Started with Humio SaaS and request an account.
Figure 291. Opening Console
Once you've logged into Humio Cloud, it will look like the screenshot in Figure 1.
Let's look at a few things on that screen:
To start, there's a welcome message with links to start an interactive tutorial, and links back to this Getting Started guide. You can always find a link to the tutorial in the Help menu.
The main panel of this opening console has two tabs:
Repos & Viewsand Dashboards. Depending on your Humio Cloud account, you may have a few repositories available. All users get a sample or Sandbox repository.i This is where you'll find sample data for you to try Humio, which is also the repository used with the interactive tutorial.
The Dashboards tab will show your dashboards, which are where widgets are displayed, each containing a set of queries. The results of those queries can be displayed with graphs or plain text in a table. You won't have any dashboards at this point. Dashboards and Widgets are covered in the next tutorial.
On the right, there will be a box with a link to our community Slack channel. The channel is a good place for asking questions about the software, queries, how to ingest information and how other members of the community are using the product.
If you're ready to start the interactive tutorial, click on one of the links on the page. Incidentally, you can always find a link to the interactive tutorial in the Help pull-down menu (see Figure 2). You can also find links back to the Humio Library where you'll find this Getting Started guide.
Layout of the Interactive Tutorial
Figure 293. Layout of the Interactive Tutorial
When you first open the interactive tutorial, the window will appear similar to the screenshot in Figure 3. There are a few things worth noticing before starting the tutorial:
At the top left, next to the Humio logo is the name of the repository, sandbox. This is the sample repository that will be used for the interactive tutorial. You can see the data it contains in the main panel.
Across the top of the window (underneath the Navigation panel) you have the following components:
View Selector — this allows you to switch between different views and representations of the data. The default is the Event List, but if you have selected an appropriate query or display, you can also view tables and graphs of the data.
Queries — displays a list of queries, including recent queries that you have executed, and also saved queries. Saving queries is an important part of the Humio experience as these saved queries can be shared and then used with graphs, widgets and dashboards.
Language Syntax — is a link to our Language Syntax guide.
Event list widget — is a link to the corresponding documentation for the content being displayed.
Time Selector — clicking on the arrows will enable you to flip between the current time range displayed; clicking on the time range will enable to select the time range, include rolling time windows and live displays of incoming, streaming data.
Magnifying Glass — will 'zoom out' to increase the currently displayed time range
Run — Executes the currently displayed query
Query Panel — this is the main panel where you can enter, and edit, your queries. The panel supports lines (use
Shift+Enter) and auto-extends to show up to 20 lines of the query.
Fields — the fields display on the left lists all of the fields identified during parsing that are currently shown in the displayed events. More fields may be in the dataset, but only fields matching the current data set are shown. Humio can parse incoming logs into events and both extract, and augment, the incoming data into specific fields to make it easier to query and process. The display is organized into two groups, the Columns shows the list of columns selected for the current view, and the Fields in result shows all the available fields in the current event list.
Statistics — shows a variety of the statistics for the current data set and query. There are also options to change the displayed view and order of the data, and also export and save the data.
Event Histogram — the histogram shows the number of matching events across the current time span.
Event List — shows the list of all the events as a table. The data is based on parsed fields.
Let's follow the tutorial and try executing a query.
Starting the Interactive Tutorial
To follow the tutorial, use the tutorial navigation in the right panel. The panel on the right will display instructions for you to read and follow. It will tell you what to type and where, as well as explain what you're doing and provide links to the documentation.
Figure 294. Starting the Interactive Tutorial
To start the interactive tutorial, just click on the large dark purple button in the right margin where it says,(see Figure 3).
Searching the Sandbox
The first step is try searching the Sandbox, as shown in Figure 4.
There is a pre-filled input box containing the text example.com. To search for all log entries containing that text, you would type it in the input box near the top left of the screen (see Figure 5 below). For the interactive tutorial, you could copy and paste it in that box, or you could just click on the right arrow next to the input box it'll paste it into the input box for you.
When you run a search, you'll notice after a short amount of time that the log entries in the main panel will change to only those containing the search term. These will be entries that contain example.com. If you'd like, you can go beyond the example suggested. You could change the search term to something else, like Chrome to see all entries in which the server's web site was accessed with the Google Chrome browser, or maybe to Safari for the Macintosh web browser. Try whatever comes to mind, and don't worry about causing problems: you cannot change the data or ruin the tutorial by doing this.
Figure 295. Searching the Sandbox
Whether using the Sandbox or some other repository, you can search on almost anything you want. However, to be assured of some results, click on one of the Known Fields in the left margin to see what's available. For instance, you might click on the field, userid. That will show in the main panel the user identifiers in the repository data. You would then take one of those names (e.g., peter) and type it in the search input box and hit Enter. The results in the main panel will then show all of the entries that contain the user name you entered.
All of this playing will cause the interactive tutorial to take longer than predicted, but it's alright. It'll help you to learn Humio software, and to be comfortable with the interface. When you've had enough, though, click on the dark purple button at the bottom of the right margin that's labeled, Continue. This will take you to many more instructions on how to search a repository.
Other Elements in the Tutorial
Figure 296. Other Elements in the Tutorial
At this point you should be able to follow the interactive tutorial yourself. There are just a few more things worth mentioning, things you might not notice as you're going through the tutorial.
Important items that you need to look at while following the tutorial will be highlighted in Green.
Another thing: when you're about to enter text in the search field, if
you can't remember a function, try hitting
on Macintosh machines and
Ctrl+Space on Windows or
Linux computers. This will offer you some assistance.
Last is the tutorial navigation (see Figure 7). At the bottom of the right margin, you'll see the Back and Next to be able to go back to a previous page or forward to another page, one page at a time. You can also click on where it says, Tutorial Outline. That will reveal the list of pages in the interactive tutorial. This will give you a sense of how far along you are in the tutorial. You can also use this to navigate. You would click on whichever page you want to view.
We recommend that you go through the pages of the interactive tutorial in order. However, you may want to jump back to a previous page to remember something that was covered already, and then jump back to wherever you were. Also, if you have to stop the tutorial and want to return to it later, this navigation will help you to go back to where you left off.
The interactive tutorial is very useful in taking you through the process of first trying Humio. However, you'll learn more from creating your own repository and using your own data. You can add your own temporary trial repository to the same Humio Cloud account — still for free, as long as you do so within thirty days. After you've finished the interactive tutorial and you're ready to learn more, read the Humio with Your Data tutorial.