Normalization Packages are the collections of log signatures. A Log Signature is a rule that defines the rules of extracting the key-value pairs from a log. A normalization package consists of the log signatures that normalize logs from a particular log source.
Normalization Packages¶
In LogPoint, you can find two types of Normalization Packages.
Vendor Packages are the Normalization Packages bundled with the LogPoint installation.
My Packages are the Normalization Packages that you add in the LogPoint.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Normalization Packages¶
Click Add.
Creating a Normalization Package¶
Provide a Name and a Description of the Normalization Package.
Click Submit.
To add signatures, click the Signatures icon under the Actions column of the related package.
Normalization Packages¶
Click Add.
Signatures on the Package¶
Adding a Signature¶
In the Pattern field, enter the signature.
In the Example field, enter the log message resembling the signature.
Note
Providing an Example is optional.
Click Check Pattern to check if the signature matches the example.
Checking a Signature Pattern¶
Note
Click the ? icon near the top-right corner to get help on the inputs.
Provide the values in the Key Values and the Replace Keys fields. These fields are optional.
Use the Key Values fields to attach other values to a signature. For example, for a particular signature that captures process failure, you can add a key-value as object = “process” and status = “failure”.
Use the Replace Keys fields to replace a key-value pair with another one. For example, if there is a field host_user in a log, you can replace this with host using the Replace Keys textfields.
Click Save.
Click Submit. You can add multiple signatures to the package as per the need.
Once you create the signatures, you can prioritize them. Click Re-Order.
Signatures¶
Re-ordering Signatures¶
Click Definers to view the Signature Definers.
Signatures¶
Note
Switch between the My Packages page and the Vendor Packages page by clicking the drop-down menu at the top-left corner.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Click the View Signatures icon under the Actions column of the respective normalization package.
Normalization Packages¶
Deselect the signatures that you want to deactivate.
Click Submit.
Only the selected signatures are used to normalize log messages.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Select the drop-down at the top-left corner of the panel and click My Packages.
Export Normalization Packages Icon¶
Select the normalization packages you want to export.
Click Export.
Save the exported file.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Import Normalization Packages Icon¶
Click Import.
Browse for the Normalization Package.
Click Upload.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Click the Name of the package to edit.
Editing Normalization Packages¶
Update the information.
Click Submit.
Note
You cannot edit the name of a Normalization Package.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Click the Clone Package icon under the Actions column for the package.
Cloning a Normalization Package¶
To clone multiple normalization packages, select the respective packages. Click the More drop-down menu and choose Clone Selected Packages.
Normalization Packages¶
To clone all the normalization packages, click the More drop-down menu and choose Clone All Packages.
Normalization Packages¶
Enter a new Name for the cloned package.
Select the Replace Existing? checkbox to replace an existing package with the same name.
Click Clone.
Go to Settings >> Knowledge Base
from the navigation bar and click Normalization Packages.
Click the Delete icon under the Actions column for the package.
Deleting a Normalization Package¶
To delete multiple normalization packages, select the packages. Click the More drop-down menu and choose Delete Selected Packages.
Normalization Packages¶
To delete all the normalization packages, click the More drop-down menu and choose Delete All Packages.
Normalization Packages¶
A delete confirmation dialog box appears on the screen. Click Yes to proceed.
Note
We recommended you to you create a new normalization package and add it under a normalization policy rather than cloning a vendor package and adding new signatures to it.
We are glad this guide helped.
Please don't include any personal information in your comment
Contact Support