Tutorial

This tutorial will teach you to search and send data to Humio. Before we get started make sure you have a running installation of Humio or a free Humio Cloud account:

Download Humio Free Cloud Account

The first thing you should do once you have a running instance is to go through the interactive in-app tutorial. It is a 101-course that teaches you the basics of searching. You can find the tutorial in the Help menu at the top of the UI:

Help Interactive Tutorial

While the tutorial panel is open it will continuously stream simulated log data from a web server and steps you through searching and visualizing the logs.

Once you have completed the tutorial move on to step 2.

You can use the UI’s build-in function documentation by hitting alt+enter while focusing the search field. We also have documentation and examples for all functions in the query function reference.

2. Preparing a Repository

While simulated data is all well and good, you only feel the real power of Humio once you can work with your own data. It is time to start sending logs to Humio.

2.1 Sandbox or Dedicated Repository

First you need a repository to store the data in. You can either use your sandbox repository or if you are running Humio locally you can create a new dedicated repository (make sure to pick a “Repository” and not “View” since they cannot be used for storage).

2.2 Find your Ingest Token

Once you have chosen a repository you need get an access token called an ingest token. You can find the default ingest token generated for your repository by going to:

Settings Ingest Tokens Click the Eye Icon

and copying the default token (or creating a new one).

Getting the default ingest token from your repository.

3. Choosing a Parser

When data arrive at Humio it needs to be parsed. Therefore you have to specify which parser should be used to interpret your data. Which one your need depends your data format. A safe bet is the kv (Key-Value) parser.

It looks at incoming events and finds key=value pairs - producing a field key with the value "value" on the stored event.

You can go to the “Parsers” menu item in the top menu of the UI to explore. But for now, it is a good idea to stick with one of the built-in parsers for your first experiments with Humio.

4. Sending Data

Now you are all set, choose one of the following guides:

You can read more about these methods in the sending data to humio section.

Tip: If you are already using ElasticSearch ELK you can also take a look at how easy it is to migrate from an Elastic Stack to Humio.

4.1 Extra: Custom Parsers

While Humio has build-in support for the most popular logging formats (e.g. AccessLog, JSON) and can rip out almost anything with the kv parser, you still may have special needs for your custom application logs. If that is the case you need to create your own custom parser.

5. Next Steps