Version:

Normalization Packages

Normalization Packages are collections of log signatures that normalize logs from a particular log source. A log signature is a rule that defines how key value pairs are extracted from a log.

../_images/LP_KB_NP_List.png

Normalization Packages

There are two types of Normalization Packages.

  1. Vendor Packages are the Normalization Packages bundled with the LogPoint installation.

  2. My Packages are the Normalization Packages that you add in the LogPoint.

Adding a Normalization Package

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

../_images/LP_KB_NP_Add.png

Normalization Packages

  1. Click Add.

../_images/LP_KB_NP_AddPanel.png

Creating a Normalization Package

  1. Provide a Name and a Description of the Normalization Package.

  2. Click Submit.

  3. To add signatures, click Signatures icon under Actions.

../_images/LP_KB_NP_SignaturesIcon.png

Normalization Packages

  1. Click Add.

../_images/LP_KB_NP_Signatures_AddSignaturesPackage.png

Signatures on the Package

../_images/LP_KB_NP_AddSignatures.png

Adding a Signature

  1. In Pattern, enter the signature.

  2. In Example, enter the log message resembling the signature. Providing an Example is optional.

  3. Click Check Pattern to check if the signature matches the example.

    ../_images/LP_KB_NP_AddSignatures_PatternCheck.png

    Checking a Signature Pattern

    Note

    Click the ? symbol near the top-right corner to get help on the inputs.

  4. Use Key Values fields to attach other values to a signature. For example, for a particular signature that captures process failure, you can add a key-value as object = “process” and status = “failure”.

  5. Use Replace Keys fields to replace a key-value pair with another one. For example, if there is a field host_user in a log, you can replace this with host using the Replace Keys textfields.

  6. Click Save.

  7. Click Submit. You can add as many signatures to the package as you need.

  8. Once you create the signatures, you can sort them. Click Re-Order.

../_images/LP_KB_NP_Signatures_SOP_ReOrder.png

Signatures

../_images/LP_KB_NP_Signatures_SOP_ReOrderPanel.png

Re-ordering Signatures

  1. Click Definers to view the Signature Definers. For more details, go to List of Definers.

../_images/LP_KB_NP_Signatures_SOP_Definers.png

Signatures

Note

You can switch between My Packages and Vendor Packages by clicking the drop-down at the top-left.

Deactivating Signatures

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the View Signatures icon under Actions column of the respective normalization package.

../_images/LP_KB_NP_SignaturesIcon.png

Normalization Packages

  1. Deselect the signatures that you want to deactivate.

  2. Click Submit.

Only the selected signatures are used to normalize log messages.

Exporting Normalization Packages

You can export a normalization package from one machine and import it in other machines to save configuration time.

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Select the drop-down at the top-left and click My Packages.

../_images/LP_KB_NP_Export.png

Export Normalization Packages Icon

  1. Select the normalization packages you want to export.

  2. Click Export.

  3. Save the exported file.

Importing Normalization Packages

You can import normalization package of other devices to save configuration time.

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

../_images/LP_KB_NP_Import.png

Import Normalization Packages Icon

  1. Click Import.

  2. Browse for the Normalization Package.

  3. Click Upload.

Editing a Normalization Package

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the Name of the package to edit.

../_images/LP_KB_NP_List_Edit.png

Editing Normalization Packages

  1. Update the information.

  2. Click Submit.

Note

You cannot edit the name of a Normalization Package.

Cloning Normalization Packages

You can clone a normalization package to modify it with minor changes and save configuration time.

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the Clone Package icon under Actions.

    ../_images/LP_KB_NP_List_Clone.png

    Cloning a Normalization Package

    1. To clone multiple normalization packages, select the respective packages. Click the More drop-down and choose Clone Selected Packages.

    ../_images/LP_KB_NP_List_CloneSelected.png

    Normalization Packages

    1. To clone all the normalization packages, click the More drop-down and choose Clone All Packages.

    ../_images/LP_KB_NP_List_CloneAll.png

    Normalization Packages

  3. Enter a new Name for the cloned package.

  4. Select the Replace checkbox to replace an existing package with the same name.

  5. Click Clone.

Deleting Normalization Packages

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the Delete icon under Actions column for the package.

    ../_images/LP_KB_NP_List_Delete.png

    Deleting a Normalization Package

    1. To delete multiple normalization packages, select the packages. Click the More drop-down and choose Delete Selected Packages.

    ../_images/LP_KB_NP_List_DeleteSelected.png

    Normalization Packages

    1. To delete all the normalization packages, click the More drop-down and choose Delete All Packages.

    ../_images/LP_KB_NP_List_DeleteAll.png

    Normalization Packages

  3. A delete confirmation dialog box appears on the screen. Click Yes on the confirmation box.

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support