Additional Components

In addition to the core elements of ingestion, repositories, queries and dashboards, LogScale also includes a number of other systems and functionality that support these core operations.

Security and Authentication

LogScale provides a role-based authentication (RBAC) system that controls access to the different components and resources within the system. The system allows precise control for roles, groups and users within the system. For example:

A user can be granted access to a specific repository, and by confined to a filtered set of events within the repository.
A role with administration privileges may not have privileges to access any data.
A token created to ingested data in a repository will have no access to the data once ingested, or the ability to manage or control the system.

For authentication, LogScale integrates with many common authentication and identity providers, for example Active Directory or Okta. For a full list, see Configuration & Authentication with SAML.

Tokens

Tokens in LogScale form a critical part of how access is granted to different parts of the system. A token is a random and unique string that is generated and can then be used to access the API or grant access to a repository or other resource within LogScale.

Token types in LogScale include:

Ingest Token for ingesting data
Repository and View API Token for managing repositories
Organization API Token for managing your organization
System API Token for managing your cluster
Personal API Token for running personal API requestes

APIs

A number of different APIs exist to help manage and integrate with LogScale. These use Tokens for authentication and support:

Ingest API for the ingestion of data into LogScale
Search API for querying data from LogScale
GraphQL API for managing your LogScale deployment

Other APIs are available to help manage, monitor your deployment and the data that you store. For more information, see Application Programming Interfaces (APIs).

Automation

LogScale includes two forms of automation, alerts and scheduled searches. :

Alerts
Alerts use live queries to identify matching events.
Scheduled Searches
A scheduled search executes a query and returns the results. Scheduled searches can be used to create regular reports or automate the creation of results for use by other systems.

When an automation is triggered, i.e. matching events are found, one or more actions can be triggered. Actions include:

Sending an email
Forwarding the events to another repository
Trigger PagerDuty
Send a message on Slack

For a full list of available actions, see Actions.

Packages and Integrations

LogScale supports integration with other tools and data sources, allowing it to ingest and process data from other security and log management tools. The types of Integrations include:

Security tools like Corelight or Zscaler
Deployment environments such as Docker Log Format or Amazon Web Services (AWS)
Operating Systems and Platforms such as Windows Log Format or Apple

Many integrations are supported through Packages, a method of encapsulating dashboards, widgets, queries and parsers that make up the integration tool.

LogScale Training

Beginner Introduction

LogScale Tutorials

LogScale Video Series

LogScale Overview

LogScale Internal Architecture