Humio organizes data into Repositories (or Repos). Each repository has its own set of users, dashboards, saved queries, and parsers.
A repository is a container for data with associated storage. Often you will have one physical repository per project or system. But use-cases vary based on your data volume, user permissions and many other factors.
On a repository you can control retention and create parsers to parse incoming data.
When sending data to humio it will end up in a repository.
The repository has a close cousin called Views. Views are similar to the views you may know from SQL databases.
Views lets you search across multiple repositories. They also have user management and search filters, making it possible to define which users can see what data. This is how fine grained access controls are implemented in Humio
You can search directly in a repository or search using a view. Using a view can give added benefits
You can read more about views in their doc section.
All accounts have a special private repository called the sandbox. Unlike other repositories you cannot add additional users or change retention. You can use the sandbox for testing things out or as your main repo if your needs are simple.
If you are using a the free version of Humio Cloud the sandbox is your main storage repository and is where you send all your logs and events. You can use views to make your data easier to navigate if you have logs from several sources.
Humio provides a few repositories by default to help you monitor your Humio instances.
humio-audit repository is a system repository that keep the audit trail of the actions users take in Humio.
Special access restrictions apply: A user can get access to search this repo using the same set of rules as any other repo. But any user who does not have access through those rules can search this repo while being restricted to searching only the events that has said user as the “actor” that did the event.
By default, a user can only query the
humio-audit repository about their own actions. A user must be a member of the
humio-audit repository to query about other users.
On cloud, the organization owner can query the
humio-audit log for the actions of all users in the organization.
humio-metric repository is a system repository that holds metrics generated by Humio itself. There are metrics on both system-wide scope, such as total number of live queries active, and metrics for each repository.
Special access restrictions apply: A user can get access to search this repo using the same set of rules as any other repo. But any user who does not have access through those rules can search this repo, being restricted to searching only the events that directly relates to other repositories, that said user has access to. You can thus not see what other repos may exist in Humio through this access, and neither can you query the “global” metrics without being a member of the repository.
By default, a user can only query the
humio-metrics repository for the repositories they can search. A user must be a member of the
humio-metrics repository to query about all repositories.
The metrics logged into this repository are also available on JMX and Prometheus endpoints provided those are enabled. By default those listeners are disabled, whereas logging to this repository is always enabled.
On cloud, the metrics for an organization can be accessed through the
humio-organization-metrics view. An organization root can query metrics for all repositories in the organization.
humio-activity repository is a system repository that holds debug logs which are relevant to users. This is a new log repository and over time, some logs that currently go into the
humio repository will instead go into this repository.
For on-premises, the repository can be accessed directly. On cloud, the logs for an organization can be accessed through the
humio repository is a system repository that holds debug logs generated by Humio internally. It also has a few built-in dashboards to help you quickly ascertain the state of your Humio cluster or server.