Tutorial

This tutorial will teach you how to search and send data to Humio. Before we get started, make sure you have a running installation of Humio or a free Humio Cloud account:

Download Humio Free Cloud Account

Once you have a running instance, go through the interactive in-app tutorial. It is a 101-course that teaches you the basics of searching. You can find the tutorial in the Help menu at the top of the UI:

Help Interactive Tutorial

While the tutorial panel is open it will continuously stream simulated log data from a web server and step you through searching and visualizing the logs.

Once you have completed the tutorial move on to step 2.

You can use the UI’s built-in function documentation by hitting alt+enter while focusing the search field. We also have documentation and examples for all functions in the query function reference.

2. Preparing a Repository

While simulated data is all well and good, you only feel the real power of Humio once you can work with your own data. It is time to start sending logs to Humio.

2.1 Sandbox or Dedicated Repository

First you need a repository to store the data in. You can either use your sandbox repository or if you are running Humio locally you can create a new dedicated repository (make sure to pick a “Repository” and not “View” since views cannot be used for storage).

2.2 Find your Ingest Token

Once you have chosen a repository you need get an access token called an ingest token. You can find the default ingest token generated for your repository by going to:

Settings Ingest Tokens Click the Eye Icon

and copying the default token (or creating a new one).

Getting the default ingest token from your repository.

3. Choosing a Parser

When data arrives at Humio it needs to be parsed therefore you have to specify which parser should be used to interpret your data. The parser that you select is based on the format of your data. One of the most common choices is the kv (Key-Value) parser. It looks at incoming events and finds key=value pairs - producing a field key with the value "value" on the stored event.

You can go to the “Parsers” menu item in the top menu of the UI to explore the parsers that are available but for now it is a good idea to stick with one of the built-in parsers for your first experiments with Humio.

4. Sending Data

Having created a repository, copied your ingest token, and selected a parser, you are now ready to read one of the following guides on how to ship data to Humio:

You can read more about these methods in the sending data to humio section.

Tip: If you are already using ElasticSearch ELK you can also take a look at how easy it is to migrate from an Elastic Stack to Humio.

4.1 Extra: Custom Parsers

While Humio has built in support for the most popular logging formats (e.g. AccessLog, JSON), and can rip out almost anything with the kv. parser, you may have special needs for your custom application logs. Fortunately Humio allows you to create your own custom parsers as documented here: create your own custom parser.

5. Next Steps