Creating Views

A repository contains all of the data sent to it from servers by data shippers and other methods. That data can be searched. When you do search, in a sense, you reduce the data in the results set.

Similarly, a view may be used to filter out some events in a repository, but in a more formal way. It may also be used to search multiple repositories. And views can be used to limit access to data by some users. The reason this last feature is useful is because in a repository you can’t hide or restrict users to specific data: you have to use a view to do that.

Once you create a view, other than the results it returns being filtered and the Settings being a little diffferent, everything else functions the same: Searches, Alerts, etc. are all the same.

Create a View

Figure 1, User Interface - Opening Screen

To create a view, log into the Humio User Interface. At the opening screen, you’ll see a list of your repositories. Click on the large button labeled, + Add Item. You can see an example of this in the screenshot in Figure 1 here.

When you do that, you’ll see a simple screen with very large buttons, to choose between creating a View or a Repository. Click on View to create a view. You’ll then be shown a screen similar to the one in Figure 3.

You’ll need to give the view a name. You can also enter a description, but that’s optional. You can see all of this in Figure 2 here. For the examples on this page, we’re using a repository for a server that hosts a photography site called, FotoCapito.

Figure 2, New View

Next, you’ll have to select a repository from the pull-down menu of existing repositories. In the example here, we chose a repository called, Testeroo. Now you’ll have to provide a parameters on which to filter the repository. This is what makes it a view, rather than just a repository. Of course, you could enter an asterix in the Event Filter input box and that will show all events for the view. Then you can restrict access to the view, to use it as a method of limiting users.

You’ll notice that in the example in the screenshot that we’ve entered a filter to show only events for which the url field contains fotocapito because the example server hosts the domain, fotocapito.com. This is the reason for the name and description of the view.

When you’ve finished, click on the button labeled, + Create View to save it. It will then bring you to the Settings page for the view. That’s covered after the next section below on View Settings.

Multiple Repositories

You may have noticed that when you choose a repository and enter a filter, that a second row appeared in which you may choose a repository, again. This is because you can construct a view that pulls data from more than one repository. To do this, you would choose another repository on the second row and set the filter for it. You may merge together as many repositories as you want.

When you draw from multiple repositories to make a view, you don’t have to add any join statements like you would with a relational database. It’s similar to a union statement in relational databases. When searching the view, though, you might sometimes want to make use of the repo field to identify which repository is searhed, or at least to know to which repository an event belongs.

View Settings

Figure 3, View Settings

The Settings page for a view looks very similar to that of a repository, but there are some differences. For instance, there’s nothing related to API Tokens or data storage as with repository settings. Incidentally, the way you know you can know if you’re viewing a view is by the name of the view shown at the top left. In Figure 3 here, you can see the name FotoCapito. If that’s not enough, you might name your views with the word, View (e.g., FotoCapito - View).

The Basic Information tab allows you to change the description of the view and to set a default saved query to start when opening the view. The Users tab is where you would add and remove users, as well as assign them roles to give them permissions.

Figure 4, User Permissions

To add a user, click on the button labeled, +Add. A small dialog box will appear in which you can enter either the email address or user name for the user. This is what they will enter when logging into the Humio User Interface. You won’t be able to set their password here: the user will do that when they first log in.

Once you create a user, you can then click on the user’s name to see what permissions they have. A new user will initially be given a Member role, giving them very few privileges — mainly, the ability to view and search data. For a user with the Admin role, you’ll see a screen similar to the one in Figure 4 here. You can see what privileges it has in the screenshot. Notice the other user role is Eliminator. This type of user is the only one that can delete data. A user can be designated one, two, or three roles — or none.

To change a user’s role, click on the user’s name and then the text where it says, Edit user permissions… (see Figure 4). You can only set roles here. There’s no where you can edit or create roles. You can remove a user here, though.

Figure 5, Repository Connections

The Repositories tab is where you can see which repository is the basis of the view, along with the filter you set. If you find that the view is too restrictive or shows too much data, you can adjust your filter on this page. You can also change the repository used, or add one or more repositories, as mentioned in the Multiple Repositories section above.

You’ll also notice a tab labeled, Packages. This is a new feature available as of version 1.19 of Humio — it’s still in beta mode. It’s covered in the Packages section of this Documentation.