To collect, enrich, and store logs, you configure multiple Logpoint entities, including but not limited to repos, devices, and policies.
To get started, go to Settings >> Configuration in the navigation bar.
Configuration Page¶
To collect logs, apply processing policies, and store them in Logpoint for further analytics, perform the following tasks:
Add new devices to receive logs. Go to Adding a Device.
Add devices in bulk. Go to Adding Bulk Devices.
Create a collection of low forwarding devices. Go to Adding a Device Group.
Add parsers to analyze incoming log data and extract individual log. Go to Adding a Parser.
Add repos to collect streaming logs and store them. Go to Adding a Repo / HA Configuration.
Add routing policies. Go to Adding a Routing Policy.
Add normalization packages to normailze logs from log sources. Go to Adding a Normalization Package.
Add normalization policies to determine the normalization mechanism of the data. Go to Adding a Normalization Policy.
Add enrichment policies. Go to Adding an Enrichment Policy.
Add processing policies. Go to Adding a Processing Policy.
Add log collection policies . Go to Adding a Log Collection Policy.
Add label packages. Go to Adding a Label Package.
Apply labels from the search interface. Go to Applying Labels from the Search Interface.
Apply labels using normalization signatures. Go to Applying Labels using Normalization Signatures.
Apply labels with labeling rules. Go to Applying Labels with Labeling Rules.
Activate the label packages. Go to Activating Label Packages.
Update the information of:
Devices: Go to Editing a Device for more details.
Device Groups: Go Editing a Device Group for more details.
Parsers: Go to Editing a Parser for more details.
Repos: Go to Editing a Repo for more details.
Routing Policies: Go to Editing a Routing Policy for more details.
Normalization Packages: Go to Editing a Normalization Package for more details.
Deactivate the signatures: Go to Deactivating Signatures for more details.
Normalization Policies: Go to Editing a Normalization Policy for more details.
Enrichment Sources: Go to Editing an Enrichment Source for more details.
Enrichment Policies: Go to Editing an Enrichment Policy for more details.
Processing Policies: Go to Editing a Processing Policy for more details.
Log Collection Policies: Go to Editing a Log Collection Policy for more details.
Label Packages. Go to Editing a Label Package for more details.
Deactivate the label packages: Go to De-activating Label Packages for more details.
To delete:
Devices: Go to Deleting a Device.
Device Groups: Go to Deleting Device Groups.
Parsers: Go to Deleting a Parser.
Repos: Go to Deleting Repos.
Routing Policies: Go to Deleting Routing Policies.
Normalization Packages: Go to Deleting Normalization Packages.
Normalization Policies: Go to Deleting Normalization Policies.
Enrichment Sources: Go to Deleting Enrichment Source.
Enrichment Policies: Go to Deleting an Enrichment Policy.
Processing Policies: Go to Deleting a Processing Policy.
Log Collection Policies: Go to Deleting Log Collection Policies.
Label Packages: Go to Deleting Label Packages.
Import devices from CSV file. Go to Importing Devices Via a CSV File for more details.
Export the repos. Go to Exporting Repos for more details.
Import the repos. Go to Importing Repos for more details.
Export the normalization packages. Go to Exporting Normalization Packages for more details.
Import the normalization packages. Go to Importing Normalization Packages for more details.
Clone the normalization packages. Go to Cloning Normalization Packages for more details.
Export the label packages. Go to Exporting Label Packages for more details.
Import the label packages. Go to Importing Label Packages for more details.
Clone the label packages. Go to Cloning Label Packages for more details.