circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Labels

Labels are key-value pairs assigned to log fields after parsing, used to categorize, enrich, and structure logs for easier search, correlation, and visualization. They also normalize and make vendor-specific logs searchable in a unified way.

Logpoint applies labels in three ways:

  • Label Packages

  • Normalization Signatures

  • Labeling Rules

hashtag
Label Packages

Label packages are predefined sets of labels, mappings, and taxonomies used to normalize raw log data into a consistent structure. They define how fields from various log sources (for example, firewall, Windows, proxy, or authentication logs) are mapped to Logpoint’s standard label schema. By using label packages, Logpoint ensures that data from different vendors is interpreted consistently, enabling unified searches, dashboards, reports, and correlation rules across diverse log sources.

There are two types of label packages:

  1. Custom Label Packages: Custom made packages created by Logpoint users to meet specific organizational or use-case needs.They allow users to define their own labels and field mappings or modify existing vendor label packages to better fit their data sources.

chevron-rightAdd a Custom Label Packagehashtag

  1. Go to Settings >> Knowledge Base and click Label Packages.

  2. Click ADD.

  3. Enter a Name and a Description in Package Information.

  4. Click Submit. Search Labels opens, containing all the existing search labels.

  5. Click ADD to add a new label.

  6. In Label Information, enter a Search Query and a List of Labels. Labels must contain only alphanumeric characters.

  7. Click Submit.

  1. Vendor Label Packages: Packages bundled with Logpoint and its log sources. Each vendor label package corresponds to a particular product, platform, or integration. For example, Windows, Cisco, Fortinet, or AWS, and enables Logpoint to automatically recognize, parse, and categorize log data from that source.

hashtag
Using Vendor Label Packages

When you install a Log Source integration that includes a Label Package, it is automatically added to Logpoint. However, you must activate the label package so it applies to your searches. You can either activate the entire package or activate specific labels in a package.

chevron-rightActivating Label Packageshashtag

  1. Go to Settings >> Knowledge Base and click Label Packages.

  2. Click the Activate label package icon under Actions.

  3. To activate:

    1. Multiple Label Packages, select all the packages to activate. Click MORE and click Activate Selected Packages.

    2. For all Label Packages, click MORE, then select Activate All Packages.

chevron-rightActivate Specific Labels in a Packagehashtag

  1. Go to Settings >> Knowledge Base and click Label Packages.

  2. In the Actions column, click the Manage Labels icon.

  3. In Search Labels, to activate:

    1. all labels in the package, at the top click the MORE drop-down and click Activate All Label.

    2. one or some of the labels, select them by clicking the check box on the left next to each label you want to activate. Then at the top click the MORE drop-down and click Activate Selected Label.

  4. Click Yes.

chevron-rightDeactivate Label Packagehashtag

  1. Go to Settings >> Knowledge Base and click Label Packages.

  2. To deactivate:

    1. Multiple label packages, select all the packages to deactivate. Click MORE and select Deactivate Selected Packages.

    2. Multiple label packages, select all the packages to deactivate. Click MORE and select Deactivate Selected Packages.

Label Packages can also be exported and imported between Logpoints, allowing you to reuse configurations on another device. Additionally, you can edit existing label packages to customize mappings according to your requirements.

chevron-rightExporting Label Packageshashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Label Packages.

  2. Select the label packages to export.

  3. Click EXPORT.

The selected label package will be downloaded.

chevron-rightImporting Label Packageshashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Label Packages.

  2. Click IMPORT.

  3. Browse to the label package and click Submit.

chevron-rightEditing Label Packageshashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Label Packages.

  2. Click the Name of the package.

  3. Make the required changes and click Submit.

chevron-rightDeleting Label Packageshashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Label Packages.

  2. Click the Delete icon under Actions.

  3. To delete:

    1. Multiple Label Packages, select all the packages to delete. Click MORE and select Delete Selected Packages.

    2. All the Label Packages, click MORE and select Delete All Packages.

  4. Click Yes.

hashtag
Normalization Signatures

Normalization signatures define how raw log data from a specific source is parsed and converted into a structured, standardized format. They are part of a normalization package and contain the rules or patterns used to identify, extract, and label fields from incoming logs.

You can also use normalization signatures to add labels to specific types of logs or logs from a particular device. For example, to tag all logs from a printer, you can add a label such as printer to the normalization signature.

chevron-rightUsing Normalization Signatureshashtag

  1. Go to Settings >> Knowledge Base from the navigation bar and click Normalization Packages.

  2. Click Signatures in Actions.

  3. Click the Edit Signature icon and type label in the first text box for Key Values.

  4. Enter a list of labels in the second text box.

  5. Click Submit.

hashtag
Labeling Rules

Labeling Rules applies labels to logs during searches based on defined patterns or conditions to automatically normalize and enrich the displayed results.

chevron-rightUsing Labeling Ruleshashtag

  1. Go to Search and enter the query to add labels.

  2. Click Search.

  3. Click Add Search To.

  4. Select Labelling Rule.

  5. In LABEL INFORMATION, select a Package.

  6. Click Submit.

Last updated

Was this helpful?