Loggernaut
The Loggernaut view is a central tool that allows you to comprehensively monitor and analyze log data. It helps you to keep an eye on the utilization and functionality of the Loggernaut at all times and ensure that your systems are running smoothly.
Overview of Collections
On the left-hand side of the view, you will see an overview of all collections in your organization. This overview allows you to quickly access all your log data. The current status is displayed next to each collection, which should ideally be “Green”, indicating that the collection is working properly and there are no problems.
If a collection shows a status other than “Green”, please contact our support team immediately. A different status may indicate an underlying problem that should be resolved quickly.
Field statistics
The field statistics show you the number of incoming logs, not the number of indexed logs. This distinction is important as it helps you to understand the performance of the system. To get detailed information about which host has sent how many logs, click on the button next to the name of the field statistics. This allows you to see exactly where the data comes from and make optimizations if necessary.
In the event of anomalies, you should use the option of creating inbound filters. This helps you to avoid overloading your SIEM (Security Information and Event Management) with irrelevant logs and only process the most important data.
Click on the button next to the view name to obtain an overview of the host collectors. From this list, you can either go to the host overview or have the corresponding entries displayed in the data lake.
Performance Overview
The Loggernaut performance overview shows the average query time and the average indexing time in separate line charts. The query time indicates how long it takes the system to search through logs, while the indexing time shows the speed at which new data is processed. Increasing values in both diagrams can indicate performance problems, for example due to high data volumes or resource bottlenecks.
Processor display
On the right-hand side, you will find the views of the index servers. These provide you with a quick overview of the most important workloads, such as CPU, memory and network resources. The information here is crucial to ensure that your index servers are working efficiently and are not overloaded.
Heap display The heap display provides you with a clear overview of the utilization of Docker Compose. This display helps you to recognize whether the container resources are being used optimally. If this indicator is in the red zone, this is an indication that your VM may need more RAM to meet the requirements. Proactively adjusting the resources can help to avoid performance problems.
RAM indicator The RAM indicator shows you the current utilization of the RAM. As a rule, this display is close to the maximum utilization, as Solr often uses the RAM completely. It is important to monitor the RAM utilization regularly to ensure that sufficient resources are available for log processing and to identify potential bottlenecks in good time.
Hard disk display The hard disk display provides you with information about how much storage space is still available on your index server. This information is crucial for the long-term planning of your log architecture. Make sure you plan sufficient storage space to ensure continuous log processing and to ensure that no data is lost.
Last updated