Normalization Packages are the collections of log signatures. A Log Signature is a rule that defines the rules of extracting the key-value pairs from a log. A normalization package consists of the log signatures that normalize logs from a particular log source.
Normalization Packages¶
In LogPoint, you can find two types of Normalization Packages.
Vendor Packages are the Normalization Packages bundled with the LogPoint installation.
My Packages are the Normalization Packages that you add in the LogPoint.
Go to Settings >> Knowledge Base >> Normalization Packages.
Normalization Packages¶
Click Add to open the Normalization Package panel.
Creating a Normalization Package¶
Provide a Name and a Description of the Normalization Package.
Click Submit.
To add signatures, click the Signatures icon under the Actions column of the related package.
Normalization Packages¶
Click Add to open the Add Signature panel.
Signatures on the Package¶
Adding a Signature¶
In the Pattern field, enter the signature.
In the Example field, enter the log message resembling the signature.
Note
Providing an Example is optional.
Click Check Pattern to check if the signature matches the example.
Checking a Signature Pattern¶
Note
Click the ? icon near the top-right corner to get help on the inputs.
Provide the values in the Key Values and the Replace Keys fields. These fields are optional.
Use the Key Values fields to attach other values to a signature. For example, for a particular signature that captures process failure, you can add a key-value as object = “process” and status = “failure”.
Use the Replace Keys fields to replace a key-value pair with another one. For example, if there is a field host_user in a log, you can replace this with host using the Replace Keys textfields.
Click Save.
Click Submit. You can add multiple signatures to the package as per the need.
Once you create the signatures, you can prioritize them. Click Re-Order to open the Drag and Drop the Rows to Re-Order Signatures panel.
Signatures¶
Re-ordering Signatures¶
Click Definers to view the Signature Definers.
Signatures¶
Note
Switch between the My Packages page and the Vendor Packages page by clicking the drop-down menu at the top-left corner.
Go to Settings >> Knowledge Base >> Normalization Packages.
Click the View Signatures icon under the Actions column of the respective normalization package.
Normalization Packages¶
Deselect the signatures that you want to deactivate.
Click Submit.
Only the selected signatures are used to normalize log messages.
Go to Settings >> Knowledge Base >> Normalization Packages.
Select the drop-down at the top-left corner of the panel and click My Packages.
Export Normalization Packages Icon¶
Select the normalization packages you want to export.
Click Export.
Save the exported file.
Go to Settings >> Knowledge Base >> Normalization Packages.
Import Normalization Packages Icon¶
Click Import.
Browse for the Normalization Package.
Click Upload.
Go to Settings >> Knowledge Base >> Normalization Packages.
Click the Name of the package to edit.
Editing Normalization Packages¶
Update the information.
Click Submit.
Note
You cannot edit the name of a Normalization Package.
Go to Settings >> Knowledge Base >> Normalization Packages.
Select the drop-down menu at the top-left corner of the panel and click My Packages.
Click the Share Package With LogPoint icon under the Actions column of the concerned package.
Normalization Packages¶
To share multiple Normalization Packages, select the respective packages. Click the More drop-down menu and choose Share Selected Packages With LogPoint.
Normalization Packages¶
To share all the normalization packages, click the More drop-down menu and choose Share All Packages With LogPoint.
Normalization Packages¶
Note
View the shared Packages by clicking the Shared Packages in the drop-down menu at the top-left corner of the panel.
Go to Settings >> Knowledge Base >> Normalization Packages.
Click the Clone Package icon under the Actions column for the package.
Cloning a Normalization Package¶
To clone multiple Normalization Packages, select the respective packages. Click the More drop-down menu and choose Clone Selected Packages.
Normalization Packages¶
To clone all the normalization packages, click the More drop-down menu and choose Clone All Packages.
Normalization Packages¶
Enter a new Name for the cloned package.
Select the Replace Existing? checkbox to replace an existing package with the same name.
Click Clone.
Go to Settings >> Knowledge Base >> Normalization Packages.
Click the Delete icon under the Actions column for the package.
Deleting a Normalization Package¶
To delete multiple Normalization Packages, select the concerned packages. Click the More drop-down menu and choose Delete Selected Packages.
Normalization Packages¶
To delete all the normalization packages, click the More drop-down menu and choose Delete All Packages.
Normalization Packages¶
A delete confirmation dialog box appears on the screen. Click Yes to proceed.
Note
It is recommended that you create a new Normalization Package and add it under a Normalization Policy rather than cloning a Vendor Package and adding new signatures to it.