A CLI for managing and searching in Humio from the command line. The CLI also has limited support for ingesting data, but it is no substitute for a dedicated log shipper like FileBeat.
This repository also contains Humio GoLang API client you can use to build your own tools.
$ brew tap humio/humio
$ brew install humioctl
$ sudo snap install humioctl
$ nix-env -i humioctl
$ go install github.com/humio/cli/cmd/humioctl@latest
Download the latest release archive from the releases page, unpack and enjoy!
To get started just write:
$ humioctl
and you will be asked to connect to your Humio cluster. To list all commands use:
$ humioctl help
Will print all the different options and commands currently supported.
$ tail -f /var/log/system.log | humio ingest
# or
$ humioctl ingest --tail=/var/log/system.log
You can have Humio's UI open and tail the newly imported data using the -open
flag.
When streaming data into Humio using the ingest
command all events
will be annotated with @label
and @session
attributes. @label
gives you a way to tag your streams to easily find them again e.g.:
$ humioctl ingest -label=work-related -tail=/var/log/mysql.log
@label = "work-related" | groupby(loglevel)
@session
is a unique id that is generated for each execution of the humio
binary. This allows you to find results for this session and nothing else.
To make it easier to switch between different Humio clusters, you can
configure a profile for each cluster. The configuration file, containing the
API token and server address for all profiles will be default be saved in
$HOME/.humio/config.yaml
.
Adding a profile and making it the new default can be done using:
$ humioctl profiles add my-profile
$ humioctl profiles set-default my-profile
It is also possible to use environment variables, and these will take
precendence over the default profile.
```bash
# Your account API token. You can find your token in Humio's UI under
# 'Your Account' in the account menu.
HUMIO_TOKEN=<token>
# The address of the Humio server. E.g. https://cloud.humio.com/,
# or http://localhost:8080/
HUMIO_ADDRESS=<url>
# If access to the Humio server requires trusting a specific Certificate Authority,
# for validating the certificate, you can specify CA certificate in PEM format.
# You can either point to a file with the certificate or provide it directly.
HUMIO_CA_CERTIFICATE=<ca-certificate>
# If access to the Humio server uses an untrusted certificate and you
# are unable to provide a CA certificate, you can disable TLS certificate verification.
# NB: This should only ever be used on test clusters where you are in full
# control of the involved systems and underlying network.
# Do not use this for prodution use-cases.
HUMIO_INSECURE=<bool>