Repositories

Humio organizes data into Repositories (or Repos). Each repository has its own set of users, dashboards, saved queries, and parsers.

A repository is a container for data with associated storage. Often you will have one physical repository per project or system. But use-cases vary based on your data volume, user permissions and many other factors.

On a repository you can control retention and create parsers to parse incoming data.

When sending data to humio it will end up in a repository.

Views

The repository has a close cousin called Views. Views are similar to the views you may know from SQL databases.

Views lets you search across multiple repositories. They also have user management and search filters, making it possible to define which users can see what data. This is how fine grained access controls are implemented in Humio

You can search directly in a repository or search using a view. Using a view can give added benefits

  • Joining data from multiple repositories in a single search
  • Restrict results to a subset of a repository’s data
  • Redacting sensitive fields
  • Keeping find-grained control of data retention

You can read more about views in their doc section.

The Sandbox Repository

All accounts have a special private repository called the sandbox. Unlike other repositories you cannot add additional users or change retention. You can use the sandbox for testing things out or as your main repo if your needs are simple.

If you are using a the free version of Humio Cloud the sandbox is your main storage repository and is where you send all your logs and events. You can use views to make your data easier to navigate if you have logs from several sources.

Special Repositories

Humio provides a few repositories by default to help you monitor your Humio instances.

The humio-audit Repository

The humio-audit repository is a system repository that keep the audit trail of the actions users take in Humio.

Special access restrictions apply: A user can get access to search this repo using the same set of rules as any other repo. But any user who does not have access through those rules can search this repo while being restricted to searching only the events that has said user as the “actor” that did the event.

By default, a user can only query the humio-audit repository about their own actions. A user must be a member of the humio-audit repository to query about other users. On cloud, the organization owner can query the humio-audit log for the actions of all users in the organization.

The humio-metrics Repository

The humio-metric repository is a system repository that holds metrics generated by Humio itself. There are metrics on both system-wide scope, such as total number of live queries active, and metrics for each repository.

Special access restrictions apply: A user can get access to search this repo using the same set of rules as any other repo. But any user who does not have access through those rules can search this repo, being restricted to searching only the events that directly relates to other repositories, that said user has access to. You can thus not see what other repos may exist in Humio through this access, and neither can you query the “global” metrics without being a member of the repository.

By default, a user can only query the humio-metrics repository for the repositories they can search. A user must be a member of the humio-metrics repository to query about all repositories.

The metrics logged into this repository are also available on JMX and Prometheus endpoints provided those are enabled. By default those listeners are disabled, whereas logging to this repository is always enabled.

On cloud, the metrics for an organization can be accessed through the humio-organization-metrics view. An organization root can query metrics for all repositories in the organization.

The humio-activity Repository

The humio-activity repository is a system repository that holds debug logs which are relevant to users. This is a new log repository and over time, some logs that currently go into the humio repository will instead go into this repository.

For on-premises, the repository can be accessed directly. On cloud, the logs for an organization can be accessed through the humio-organization-activity view.

The humio Repository

The humio repository is a system repository that holds debug logs generated by Humio internally. It also has a few built-in dashboards to help you quickly ascertain the state of your Humio cluster or server.