Foundational Concepts

Basic concepts about how LogScale operates and functions

This set of tutorials is meant for newcomers and beginners of LogScale. It will introduce you to the foundational concepts involved in LogScale. If you read through them, and refer to them in the beginning of your time learning and using LogScale, you should have a better understanding of LogScale and how to use it.

Below is a list of these tutorials. We've grouped related ones together to make more sense. Click on the heading for a topic to read the tutorial on it.

LogScale Repository

The general idea of LogScale is to bring together all of your log files and other server metrics into one data repository that's accessible by the LogScale software. LogScale includes a user interface that makes accessing repositories easy.


To understand better the concept of a repository, at least as it's referenced with LogScale's software, read this tutorial article on repositories.


There may be a situation in which you want a subset of a repository. This is basically a view. You might want it as a security measure, limiting some users to certain data. It could also be a way to focus on relevant areas of the data. How views are constructed and more details on the reasons for using them is discussed in this tutorial.

Data from Servers

As mentioned above, repositories are meant to contain log events and metrics from your devices, including servers, firewalls, Falcon sesnsors and many others. After creating a repository, you will need to configure LogScale to receive that data.

Data Sources

You will have to prepare LogScale for a particular source of data from your servers, as well as have an authentication token for your server utility to identify itself. This tutorial will explain that.

Use Case: Log Management

For better results in LogScale, you may want to implement a system and policies related to the management of logs on your servers. This article will tell you how to approach that.

Ingest Flow

Raw data coming into LogScale is fairly useless. It will need to be parsed properly so that you can search the data for the information you need to monitor and administer your servers. This and related topics are covered in this tutorial on ingest flow.

Querying & Monitoring Data

Once you have your server logs and metrics stored and streaming into LogScale, you'll want to query that data for specific events. These tutorials will introduce you to these concepts.


Each entry stored in a LogScale repository is known as an event — in part because it includes a time stamp and it's basically something that happened on the server. The elements of events — such as which repository, metadata associated with it (e.g., user name, IP address) — are listed and described in this tutorial.


Queries are the method by which you search the data in a repository, look for events that meet a specific criteria you give LogScale. There is a specific, albeit familiar syntax for queries. It's presented in this tutorial.

Live Queries

System administrators are particularly interested in spotting problems or certain situations as it happens, so they may react quickly and appropriately. As such, LogScale allows you to query data as it's streaming in. Read this tutorial to learn more.


Rather than having to re-enter queries you use often, you can create widgets to store them. These are then assembled in a dashboard. The results may be displayed as graphs or tables containing aggregated data or raw data. It's the best way to monitor your servers. This tutorial will tell you more.

Deeper Foundational Concepts

Some may want to know more about some of the foundational concepts. These tutorials go deeper or are related to more advanced topics, like clusters.

Architecture of LogScale

This is a little more advanced topic, but it's still foundational. We recommend you read this tutorial on LogScale architecture after you've familiarized yourself with the other aspects of LogScale presented in the previously listed tutorials.

Cluster Nodes

LogScale software is very robust. It can track data from single servers, or a cluster of servers. This tutorial talks about how nodes are organized in LogScale.