The Distributed Logpoint setup connects multiple LogPoint machines to segregate search and indexing. You can collect, index, and store logs in multiple LogPoint machines and search through them from a single main LogPoint, the Search Head. You can also monitor, configure, and analyze the logs on the connected devices.
The following scenario demonstrates workflow in the distributed setup using two LogPoint machines, LP1 and LP2 with varying privileges:
In LP1, you can add LP2 as a distributed LogPoint if you have the permission to access the logs on LP2. The users in LP1 can then search and create dashboards, alerts, and reports using the logs from the repos in either machine. In this case, users in LP2 cannot view the logs in LP1 unless LP1 is also added as a distributed LogPoint of LP2.
You can switch between multiple LogPoint machines using the DLP Selector in the top-right corner of the title bar.
Distributed LogPoint Selector¶
Note
The DLP Selector is only visible in the Settings page.
Four DLPs with a single search head¶
The figure demostrates a distributed setup with four LogPoint machines. Here, LP2, LP3, and LP4 are added as Distributed LogPoint for LP1. the logs from LP2, LP3, and LP4 are then accessible at LP1.
Note
You can configure two or more LogPoint machines as Distributed LogPoint of each other. The logs are then accessible both ways.
The names of each LogPoint must be unique in a distributed setup. You can change the name of a LogPoint from System Settings >> General.
The Distributed LogPoint guide helps you to understand and perform the following tasks:
Enable connections between your LogPoint and remote LogPoints. Refer to Enabling Open Door.
Add remote LogPoint in the Distributed setup. Refer to Adding Remote LogPoints.
Add Syslog Forwarder in the Distributed setup. Refer to Adding a Syslog Forwarder.
Configure LogPoint as a Distributed Collector. Refer to Configuring Distributed Collectors.
Add targets to forward the Raw Syslog messages. Refer to Adding a Target.
Add devices to collect the Raw Syslog messages. Refer to Adding Devices.
Configure remote targets to view the logs. Refer to Viewing Logs in Remote Target.
Update the information about the Distributed LogPoints. Refer to Editing a Distributed LogPoint.
Import/Export data of the Syslog Forwarder. Refer to Downloading the Data.
Manage the settings before using the distributed collectors. Refer to Using Distributed Collectors.
Update the information on the Remote Target panel. Refer to Editing a Target
Update the device information. Refer to Editing Devices
Feature accessibility in the Distributed LogPoint setup. Refer to DLP Accessibility.
Delete the Distributed LogPoints. Refer to Deleting a Distributed LogPoint.
Delete the targets. Refer to Deleting a Target.
Delete the devices that collect the Raw Syslog messages. Refer to Deleting Devices.