Version:

Routing Policies

Routing Policies allows you to selectively direct the incoming logs into different repos in the system. You can perform routing by key-value match or key-present. You cannot specify routing specifications for the repo _logpoint. You can find the _LogpointAlerts routing policy by default in Logpoint. It routes the log messages with norm_id as LogpointAlerts to the _LogpointAlerts repo. Otherwise, it forwards them to the default repo.

../_images/LP_Config_RP_List.png

Routing Policies

To sort the columns in ascending or descending order, move your cursor to the column you want to sort. You will see a down arrow; click it and select Sort Ascending or Sort Descending.

../_images/LP_Config_RP_Sort.png

Sorting Columns

To filter the columns you want in the UI, click the MORE dropdown, click Columns, and select the columns you want.

../_images/LP_Config_RP_List_Columns.png

Filtering Columns in the UI

Adding a Routing Policy

  1. Go to Settings >> Configuration from the navigation bar and click Routing Policies.

  2. Click ADD POLICY.

  3. Enter Policy Name for the routing policy.

  4. Choose a repo from Catch All. If an incoming log does not match any routing criteria, it gets stored in the Catch All repo.

  5. Under ROUTING CRITERIA, select Type. The type can be KeyPresent or KeyPresentValueMatches.

The key for both KeyPresent and KeyPresentValueMatches can be a normalized field, or root-level fields such as device_ip, device_name, col_type, repo_name, device_address, and collected_at.

  1. If you select KeyPresent, enter a Key. Logpoint routes all log messages containing the specified key.

  2. If you select KeyPresentValueMatches, enter a Key and a Value. Logpoint routes all log messages that match the specified key-value.

  1. Choose an Operation:

    • Store raw message, to store both the raw message and the normalized data in the target repository.

    • Discard raw message, to discard the raw message and store the normalized data.

    • Discard entire event, to discard both the raw message and the normalized data.

  2. Select the target Repository from the dropdown for the Routing Criteria.

  3. Click Add.

    Once you add a criterion, it is listed in the table below the Routing Criteria. The priority of the routing criteria can be changed by clicking the up and down arrows in Actions.

  4. Click Submit.

Click the ? symbol near the top-right corner for context-sensitive help.

../_images/LP_Config_RP_Add_KeyPresent.png

Adding Routing Policy

If an incoming log message matches any of the configured routing criteria, it is either forwarded to the target repository, or dropped as per the configurations.

Editing a Routing Policy

  1. Go to Settings >> Configuration from the navigation bar and click Routing Policies.

  2. Click the Name of the required routing policy and update the information.

  3. Click Submit.

Deleting Routing Policies

  1. Go to Settings >> Configuration from the navigation bar and click Routing Policies.

  2. Click the Delete (Delete) icon under Actions.

  3. To delete multiple routing policies, select the policies. Click MORE and select Delete Selected.

  4. To delete all the routing policies, click MORE and select Delete All.

    ../_images/LP_Config_RP_Delete.png

    Deleting Routing Policies

  5. Click Yes to confirm deletion.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support