Articles

    Add Data Source

    A data source points to a directory which contains your data. To add new data go to the Data Sources section.

    Use the browser button to locate data on a server.
    Click OK and the Directory field will be updated with your choice.

    You can specify multiple directories separated by commas.

    Use a meaningful tag for your data source. It is sometimes useful to describe the data or environment the data is in. For example, I may be monitoring weblog data from my DEV and UAT environments. I may tag the datasource with www-dev and www-uat

    Wildcards

    Directory field is extremely flexible and allows multiple directories to be associated to data source using wildcards. Here are a few examples.

    Example 1. Matching files in the current folder

    Directory:/var/log   File Mask: *.log

    Files that match
    • /var/log/messages.log
    • /var/log/auth.log
    • /var/log/wtmp.log

    Example 2. Matching files in the immediate subfolders

    Directory:/var/log/* File Mask: *.log

    Files that match:
    • /var/log/apache2/access.log
    • /var/log/nginx/access.log
    Files that won't match
    • /var/log/messages.log
    • /var/log/app0/errors/13091000.log

    Example 3. Matching files recursively

    dir:/var/log/** File Mask: *

    Time to live specifies how long your data is being actively indexed. Once your data falls outside of this time window it will no longer be searchable. You can always update the Time to Live option and once your data will be imported.

    Tags are extremely versatile. You can have multiple data sources with the same tag. Your data sources will always appear in your search results under its tag You can see all the data sources being indexed by going to the Home Workspace and inspecting the search titled 'Datasource'

    In the screenshot above we can see that 'www' and the 'tomcat-logs' datasources are collecting data at a rate of few thousand log line events a minute. Let's take a deeper look at the search. Drill into the search.

    By clicking on the drill down icon we open the Datasources search on the main search page

    By clicking on the the include icon for the 'www' data source we can update our search to only show this tag.

    After the search completes our replay events will contains log events from the data source 'www'. In this case it is all the web server access logs from two hosts.