This tutorial will teach you to search and send data to Humio. Before we get started make sure you have a running installation of Humio or a free Humio Cloud account:
The first thing you should do once you have a running instance is to go through the interactive in-app tutorial. It is a 101-course that teaches you the basics of searching. You can find the tutorial in the Help menu at the top of the UI:
While the tutorial panel is open it will continuously stream simulated log data from a web server and steps you through searching and visualizing the logs.
Once you have completed the tutorial move on to step 2.
You can use the UI’s build-in function documentation by hitting alt+enter while focusing the search field. We also have documentation and examples for all functions in the query function reference.
While simulated data is all well and good, you only feel the real power of Humio once you can work with your own data. It is time to start sending logs to Humio.
First you need a repository to store the data in. You can either use your sandbox repository or if you are running Humio locally you can create a new dedicated repository (make sure to pick a “Repository” and not “View” since they cannot be used for storage).
Once you have chosen a repository you need get an access token called an ingest token. You can find the default ingest token generated for your repository by going to:
Ingest Tokens →
Click the Eye Icon
and copying the default token (or creating a new one).
When data arrive at Humio it needs to be parsed. Therefore you have to specify
which parser should be used to interpret your data. Which one your need depends
your data format. A safe bet is the
kv (Key-Value) parser.
It looks at incoming events and finds
key=value pairs - producing a field
with the value
"value" on the stored event.
You can go to the “Parsers” menu item in the top menu of the UI to explore. But for now, it is a good idea to stick with one of the built-in parsers for your first experiments with Humio.
Now you are all set, choose one of the following guides:
You can read more about these methods in the sending data to humio section.
Tip: If you are already using ElasticSearch ELK you can also take a look at how easy it is to migrate from an Elastic Stack to Humio.
While Humio has build-in support for the most popular logging formats (e.g. AccessLog, JSON)
and can rip out almost anything with the
kv parser, you still
may have special needs for your custom application logs. If that is the case you need to
create your own custom parser.