Distributed Logpoint¶

The Distributed Logpoint setup connects multiple Logpoint machines to segregate search and indexing. You can collect, index, and store logs in multiple Logpoint machines and search through them from a single main Logpoint, the Search Head. You can also monitor, configure, and analyze the logs on the connected devices.

The following scenario demonstrates workflow in the distributed setup using two Logpoint machines, LP1 and LP2.

In LP1, you can add LP2 as a distributed Logpoint if you have the permission to access the logs on LP2. The users in LP1 can then search and create dashboards, alerts, and reports using the logs from the repos in either machine. In this case, users in LP2 cannot view the logs in LP1 unless LP1 is also added as a distributed Logpoint of LP2.

You can switch between multiple Logpoint machines using the DLP Selector in the top-right corner of the title bar.

Distributed Logpoint Selector¶

The DLP Selector is only visible in any of the page from Settings.

Four DLPs with a single search head¶

The figure shows a distributed setup with four Logpoint machines. Here, LP2, LP3, and LP4 are added as Distributed Logpoint for LP1. the logs from LP2, LP3, and LP4 are then accessible at LP1. You can configure two or more Logpoint machines as Distributed Logpoint of each other. The logs are then accessible both ways.