Importing Data

All data within Logscape relies upon Data Sources. Regardless of the original source of the data it will eventually be written to file, and picked up by a Data Source. Below we'll cover some of the more common sources of data, as well as how to get data from that source into Logscape.

Zip Upload -

It is possible to upload data directly through the Logscape dashboard.

  1. Navigate to the 'users' page on the left hand menu and select the 'Upload Zip' tab


  2. Follow the steps on the page, and when prompted select your zip file.

Monitor Multiple Directories -

A Data Source is a way of telling Logscape to monitor the directory in question, the user can also specify filters which the files must meet in order to be modified. When Logscape finds a valid file, a tailer will be assigned and the file indexed and made available on the search page. Data Sources can be created and configured by following these steps.

  1. Navigate to the Data Sources page

    The Data Sources page can be found by selecting the Settings window, followed by the Data Sources tab.

  2. You will then be confronted by the datasource page.


    Directory - Path to Directory to be monitored

    File Mask - File mask which file must be match, accepts partial names and * as a wildcard

    Expires (Days) - The duration in days after which Logscape will stop monitoring a file

    Archiving Rules - First Field - Number of days before Deletion on Forwarder (0 never, if used must be greater than 2), Second Field - Number of days before action is taken on Indexer, Drop Down Box - Action to take.

    Host Filter - Filter that is applied to hostnames

    You can find a full Data Source tutorial Here.

Syslog Clients -

The syslog format is supported by many applications and hardware like SAN disk and network routers. Logscape runs a Syslog Server on the Manager which can also run on Index Stores. There are several syslog compatible clients available

  • Linux System (natively supported)
  • Windows Logs using Snare
  • Network Devices (e.g SAN disks, Cisco Routers)
  • VMWare Suite of tools and applications
In order to get syslog data into Logscape your Syslog clients should be configured to send to your indexstore or manager on
-Dsyslog.tcp.port=1468
-Dsyslog.udp.port=1514

You can learn more about syslog by giving the Syslog Tutorial a read.


HTTP Data

The socket server allows live event streaming from any network enabled device or client.

The tcp server port is set using the -Dsocket.server.port option in the boot.properties
Examples of inputs can be
  • Log4j Appenders
  • Splunk Forwarders
  • Netcat scripts and related tools
  • Beaver and related Open Source data shippers
  • Snare Agents

Logscape Apps -

Any Logscape App which produces data will come bundled with a configuration file, this file contains information for the set up for datasources and datatypes amongst other useful data, this means that there is generally no need for the user to modify the datasources provided. However if the need arises the data sources from an app can be modified in the same way as any other data source.