This set of tutorials is meant for newcomers and beginners of Humio. It will will introduce you to the foundational concepts involved in Humio. If you read through them, and refer to them in the begining of your time learning and using Humio, you should have a better understand of Humio and how to use it.
Below is a list of these tutorials. We’ve grouped related ones together to make more sense. Click on the heading for a topic to read the tutorial on it.
The general idea of Humio is to bring together all of your log files and other server metrics into one data repository that’s accessible by the Humio software. Humio includes a user interface that makes accessing repositories easy.
To understand better the concept of a repository, at least as it’s referrenced with Humio’s software, read this tutorial article on repositories.
In Humio there is by default a Sandbox repository for testing data, executing queries, and testing new features of Humio software. This brief tutorial provides more information on how you might use the Sandbox repository.
There may be a situation in which you want subset of a repository. This is basically a view. You might want it as a security measure, limiting some users to certain data. It could also be a way to focus on relevant areas of the data. How views are constructed and more details on the reasons for using them is discussed in this tutorial.
As mentioned above, repositories are meant to contain log entries and metrics from your servers. After creating a repository, you will need to configure Humio to receive that data.
You will have to prepare Humio for a particular source of data from your servers, as well as have an authentication token for your server utility to identify itself. This tutorial will explain that.
For better results in Humio, you may want to implement a system and policies related to the management of logs on your servers. This article will tell you how to approach that.
Raw data coming into Humio is fairly useless. It will need to be parsed properly so that you can search the data for the information you need to monitor and administer your servers. This and related topics are covered in this tutorial on ingest flow.
Once you have your server logs and metrics stored and steaming into Humio, you’ll want to query that data for specific events. These tutorials will introduce you to these concepts.
Each entry stored in a Humio repository is known as an event — in part because it includes a time stamp and it’s basically something that happened on the server. The elements of events — such as which repository, metadata associated with it (e.g., user name, IP address) — are listed and described in this tutorial.
Queries are the method by which you search the data in a repository, look for events that meet a specific criteria you give Humio. There is a specific, albeit familiar syntax for queries. It’s presented in this tutorial.
System administrators are particularly interested in spotting problems or certain situations as it happens, so they may react quickly and appropriately. As such, Humio allows you to query data as it’s streaming in. Read this tutorial to learn more.
Rather than having to re-enter queries you use often, you can create widgets to store them. These are then assembled in a dashboard. The results may be displayed as graphs or tables containing aggregated data or raw data. It’s the best way to monitor you servers. This tutorial will tell you more.
Some may want to know more about some of the foundational concepts. These tutorial go deeper or are related to more advanced topics, like clusters.
This is a little more advanced topic, but it’s still foundational. We recommend you read this tutorial on Humio architecture after you’ve familiarized yourself with the other aspects of Humio presented in the previously listed tutorials.
Humio software is very robust. It can track data from single servers, or a cluster of servers. This tutorial talks about how nodes are organized in Humio.