Normalization Packages

Normalization Packages are the collections of log signatures. A Log Signature is a rule that defines the rules of extracting the key-value pairs from a log. A normalization package consists of the log signatures that normalize logs from a particular log source.

../_images/LP_KB_NP_List.png

Normalization Packages

In LogPoint, you can find two types of Normalization Packages.

  1. Vendor Packages are the Normalization Packages bundled with the LogPoint installation.

  2. My Packages are the Normalization Packages that you add in the LogPoint.

Adding a Normalization Package

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

../_images/LP_KB_NP_Add.png

Normalization Packages

  1. Click Add.

../_images/LP_KB_NP_AddPanel.png

Creating a Normalization Package

  1. Provide a Name and a Description of the Normalization Package.

  2. Click Submit.

  3. To add signatures, click the Signatures icon under the Actions column of the related package.

../_images/LP_KB_NP_SignaturesIcon.png

Normalization Packages

  1. Click Add.

../_images/LP_KB_NP_Signatures_AddSignaturesPackage.png

Signatures on the Package

../_images/LP_KB_NP_AddSignatures.png

Adding a Signature

  1. In the Pattern field, enter the signature.

  2. In the Example field, enter the log message resembling the signature.

    Note

    Providing an Example is optional.

  3. Click Check Pattern to check if the signature matches the example.

    ../_images/LP_KB_NP_AddSignatures_PatternCheck.png

    Checking a Signature Pattern

    Note

    Click the ? icon near the top-right corner to get help on the inputs.

  4. Provide the values in the Key Values and the Replace Keys fields. These fields are optional.

    • Use the Key Values fields to attach other values to a signature. For example, for a particular signature that captures process failure, you can add a key-value as object = “process” and status = “failure”.

    • Use the Replace Keys fields to replace a key-value pair with another one. For example, if there is a field host_user in a log, you can replace this with host using the Replace Keys textfields.

  5. Click Save.

  6. Click Submit. You can add multiple signatures to the package as per the need.

  7. Once you create the signatures, you can prioritize them. Click Re-Order.

../_images/LP_KB_NP_Signatures_SOP_ReOrder.png

Signatures

../_images/LP_KB_NP_Signatures_SOP_ReOrderPanel.png

Re-ordering Signatures

  1. Click Definers to view the Signature Definers.

../_images/LP_KB_NP_Signatures_SOP_Definers.png

Signatures

Note

Switch between the My Packages page and the Vendor Packages page by clicking the drop-down menu at the top-left corner.

Deactivating Signatures

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the View Signatures icon under the Actions column of the respective normalization package.

../_images/LP_KB_NP_SignaturesIcon.png

Normalization Packages

  1. Deselect the signatures that you want to deactivate.

  2. Click Submit.

Only the selected signatures are used to normalize log messages.

Exporting Normalization Packages

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Select the drop-down at the top-left corner of the panel and click My Packages.

../_images/LP_KB_NP_Export.png

Export Normalization Packages Icon

  1. Select the normalization packages you want to export.

  2. Click Export.

  3. Save the exported file.

Importing Normalization Packages

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

../_images/LP_KB_NP_Import.png

Import Normalization Packages Icon

  1. Click Import.

  2. Browse for the Normalization Package.

  3. Click Upload.

Editing a Normalization Package

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the Name of the package to edit.

../_images/LP_KB_NP_List_Edit.png

Editing Normalization Packages

  1. Update the information.

  2. Click Submit.

Note

You cannot edit the name of a Normalization Package.

Cloning Normalization Packages

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the Clone Package icon under the Actions column for the package.

    ../_images/LP_KB_NP_List_Clone.png

    Cloning a Normalization Package

    1. To clone multiple normalization packages, select the respective packages. Click the More drop-down menu and choose Clone Selected Packages.

    ../_images/LP_KB_NP_List_CloneSelected.png

    Normalization Packages

    1. To clone all the normalization packages, click the More drop-down menu and choose Clone All Packages.

    ../_images/LP_KB_NP_List_CloneAll.png

    Normalization Packages

  3. Enter a new Name for the cloned package.

  4. Select the Replace Existing? checkbox to replace an existing package with the same name.

  5. Click Clone.

Deleting Normalization Packages

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click the Delete icon under the Actions column for the package.

    ../_images/LP_KB_NP_List_Delete.png

    Deleting a Normalization Package

    1. To delete multiple normalization packages, select the packages. Click the More drop-down menu and choose Delete Selected Packages.

    ../_images/LP_KB_NP_List_DeleteSelected.png

    Normalization Packages

    1. To delete all the normalization packages, click the More drop-down menu and choose Delete All Packages.

    ../_images/LP_KB_NP_List_DeleteAll.png

    Normalization Packages

  3. A delete confirmation dialog box appears on the screen. Click Yes to proceed.

Note

We recommended you to you create a new normalization package and add it under a normalization policy rather than cloning a vendor package and adding new signatures to it.


Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support