Additional Components

In addition to the core elements of ingestion, repositories, queries and dashboards, LogScale also includes a number of other systems and functionality that support these core operations.

Security and Authentication

LogScale provides a role-based authentication (RBAC) system that controls access to the different components and resources within the system. The system allows precise control for roles, groups and users within the system. For example:

  • A user can be granted access to a specific repository, and be confined to a filtered set of events within the repository.

  • A role with administration privileges may not have privileges to access any data.

  • A token created to ingested data in a repository will have no access to the data once ingested, or the ability to manage or control the system.

For authentication, LogScale integrates with many common authentication and identity providers, for example Active Directory or Okta. For a full list, see Configuration & Authentication with SAML.

Tokens

Tokens in LogScale form a critical part of how access is granted to different parts of the system. A token is a random and unique string that is generated and can then be used to access the API or grant access to a repository or other resource within LogScale.

Token types in LogScale include:

APIs

A number of different APIs exist to help manage and integrate with LogScale. These use Tokens for authentication and support:

Other APIs are available to help manage, monitor your deployment and the data that you store. For more information, see Application Programming Interfaces (APIs).

Automation

LogScale includes two forms of automation, alerts and scheduled searches:

  • Alerts

    Alerts use live queries to identify matching events.

  • Scheduled Searches

    A scheduled search executes a query and returns the results. Scheduled searches can be used to create regular reports or automate the creation of results for use by other systems.

When an automation is triggered, i.e. matching events are found, one or more actions can be triggered. Actions include:

  • Sending an email

  • Forwarding the events to another repository

  • Trigger PagerDuty

  • Send a message on Slack

For a full list of available actions, see Actions.

Packages and Integrations

LogScale supports integration with other tools and data sources, allowing it to ingest and process data from other security and log management tools. The types of Integrations include:

Many integrations are supported through Packages, a method of encapsulating dashboards, widgets, queries and parsers that make up the integration tool.