This tutorial will teach you how to search and send data to Humio. Before we get started, make sure you have a running installation of Humio or a free Humio Cloud account:
Once you have a running instance, go through the interactive in-app tutorial. It is a 101-course that teaches you the basics of searching. You can find the tutorial in the Help menu at the top of the UI:
While the tutorial panel is open it will continuously stream simulated log data from a web server and step you through searching and visualizing the logs.
Once you have completed the tutorial move on to step 2.
You can use the UI’s built-in function documentation by hitting alt+enter while focusing the search field. We also have documentation and examples for all functions in the query function reference.
While simulated data is all well and good, you only feel the real power of Humio once you can work with your own data. It is time to start sending logs to Humio.
First you need a repository to store the data in. You can either use your sandbox repository or if you are running Humio locally you can create a new dedicated repository (make sure to pick a “Repository” and not “View” since views cannot be used for storage).
Once you have chosen a repository you need get an access token called an ingest token. You can find the default ingest token generated for your repository by going to:
Ingest Tokens →
Click the Eye Icon
and copying the default token (or creating a new one).
When data arrives at Humio it needs to be parsed therefore you have to specify
which parser should be used to interpret your data. The parser that you select
is based on the format of your data. One of the most common choices is the
kv (Key-Value) parser. It looks at incoming events and finds
pairs - producing a field
key with the value
"value" on the stored event.
You can go to the “Parsers” menu item in the top menu of the UI to explore the parsers that are available but for now it is a good idea to stick with one of the built-in parsers for your first experiments with Humio.
Having created a repository, copied your ingest token, and selected a parser, you are now ready to read one of the following guides on how to ship data to Humio:
You can read more about these methods in the sending data to humio section.
Tip: If you are already using ElasticSearch ELK you can also take a look at how easy it is to migrate from an Elastic Stack to Humio.
While Humio has built in support for the most popular logging formats (e.g. AccessLog, JSON),
and can rip out almost anything with the
kv. parser, you
may have special needs for your custom application logs. Fortunately Humio allows you to
create your own custom parsers as documented here: create your own custom parser.