Foundational Concepts

This collection of topics introduces you to the core foundational concepts involved in understanding Humio. They’re related topics are grouped into categories. Click on the title for each topic to see the tutorial article on it.

Humio Repository

The general idea of Humio is to bring together all of you log files and other server metrics into one data repository that’s accessible by the Humio software, a user interface that’s easy to use and configure.


To understand better the concept of a repository, at least as it’s referred with Humio’s software, read this tutorial article on repositories.

The Sandbox

In Humio there is by default a sandbox repository for testing data, queries, and new features of Humio software. This brief tutorial provides more information on how you might use a sandbox repository.


There may be a situation in which you want subset of a repository. This is basically a view. You might want it a security measure, limiting some of your staff to certain data. It could also be a way to focus on relevant areas of the data. How views are constructed and more details on the reasons for using them is discussed in this tutorial.

Data from Servers

As mentioned above, repositories are meant to contain log entries and metrics from your servers. After creating a repository, you will need to configure Humio to receive that data.

Data Sources

You will have to prepare Humio for a particular source of data from your servers, as well as have an authentication token for your server utility to identify itself. This tutorial will explain this.

Log Management

For better results in Humio, you may want to implement a system and policies related to the management of logs on your servers. This article will tell you how to approach that.

Ingest Flow

Raw data coming into Humio is fairly useless. It will need to be parsed properly so that you can search the data for the information you need to monitor and administer your servers. This and related topics are covered in this tutorial on ingest flow.

Querying & Monitoring Data

Once you have your server logs and metrics stored and steaming into Humio, you’ll want to query that data for specific events. These tutorials will introduce you to these concepts.


Each entry stored in a Humio repository is known as an event — in part because it includes a time stamp and it’s basically something that happened on your server. The elements of events — such as which repository, metadata associated with it (e.g., user name, IP address) — are listed and described in this tutorial.


Queries are the method by which you search the data, look for events that meet a specific criteria you give Humio. There is a specific, albeit familiar syntax for queries. It’s presented in this tutorial.

Live Queries

System administrators are particularly interested in spotting problems or certain situations as it happens, so they may react quickly and appropriately. As such, Humio allows you to query data as it’s streaming in. Read this tutorial to learn more.


Rather than having to re-enter queries you use often, you can create widgets to store them. These are then assembled in a dashboard. The results may be displayed as graphs or tables containing aggregated data or raw data. It’s the best way to monitor you servers. This tutorial will tell you more.

Deeper Foundational Concepts

Some may want to know more about some of the foundational concepts. These tutorial go deeper or are related to more advanced topics, like clusters.

Humio Architecture

This is a little more advanced topic, but it’s still foundational. We recommend you read this tutorial on Humio architecture after you’ve familiarized yourself with the other aspects of Humio presented in the previously listed tutorials.

Cluster Nodes

Humio software is very robust. It can track data from single servers, or a cluster of servers. This tutorial talks about how nodes are organized in Humio.