Permalink
Browse files

Start splitting things up

  • Loading branch information...
thomashumio committed Jun 16, 2018
1 parent 56695fa commit 7e860ce24ee2f56c7d156d725e27335c37e5d676
Showing with 956 additions and 469 deletions.
  1. +2 −1 content/{features → }/alerts/_index.md
  2. 0 content/{features → }/alerts/notifiers/_index.md
  3. 0 content/{features → }/alerts/notifiers/email.md
  4. 0 content/{features → }/alerts/notifiers/opsgenie.md
  5. 0 content/{features → }/alerts/notifiers/pagerduty.md
  6. 0 content/{features → }/alerts/notifiers/slack.md
  7. 0 content/{features → }/alerts/notifiers/templates.md
  8. 0 content/{features → }/alerts/notifiers/victorops.md
  9. 0 content/{features → }/alerts/notifiers/webhook.md
  10. +5 −0 content/api/_index.md
  11. +4 −0 content/api/api_tokens.md
  12. +2 −1 content/{operation → api}/cluster-management-api.md
  13. +4 −0 content/api/ingestion-api.md
  14. +3 −0 content/appendix/_index.md
  15. +6 −3 content/{faq/_index.md → appendix/faq.md}
  16. +12 −10 content/{glossary/_index.md → appendix/glossary.md}
  17. +1 −1 content/{third_party_licenses/_index.md → appendix/third-party-licenses.md}
  18. +3 −4 content/{operation → configuration}/_index.md
  19. +1 −1 content/{operation/installation/audit_logs.md → configuration/audit-logging.md}
  20. +290 −0 content/configuration/authentication/_index.md
  21. 0 content/{operation/installation → configuration}/cluster_setup.md
  22. +30 −14 content/{operation/installation → configuration}/configuration_options.md
  23. 0 content/{operation/installation → configuration}/kafka_configuration.md
  24. +40 −0 content/configuration/root-access.md
  25. +0 −4 content/features/_index.md
  26. +0 −7 content/functions/_index.md
  27. +2 −3 content/{getting_started → getting-started}/_index.md
  28. +80 −0 content/getting-started/convincing-your-boss.md
  29. +4 −4 content/{getting_started → getting-started}/hello-world.md
  30. 0 content/{getting_started → getting-started}/intro_to_log_management.md
  31. +2 −2 content/{getting_started → getting-started}/moving_from_elastic_stack.md
  32. 0 content/{getting_started → getting-started}/repositories.md
  33. 0 content/{getting_started → getting-started}/the_sandbox.md
  34. 0 content/{getting_started → getting-started}/tutorial.md
  35. +16 −16 content/{getting_started → getting-started}/views.md
  36. +0 −49 content/getting_started/convincing_your_boss.md
  37. +3 −3 content/{walkthroughs → guides}/_index.md
  38. +15 −7 content/{walkthroughs → guides}/bro.md
  39. +6 −6 content/{walkthroughs → guides}/custom-application-logs.md
  40. 0 content/{walkthroughs → guides}/linux.md
  41. 0 content/{walkthroughs → guides}/netflow.md
  42. 0 content/{walkthroughs → guides}/nginx.md
  43. 0 content/{walkthroughs → guides}/others.md
  44. +27 −14 content/{operation → }/installation/_index.md
  45. +45 −0 content/installation/backup.md
  46. +3 −2 content/{operation → }/installation/instance_sizing.md
  47. +1 −1 content/{operation → }/installation/license_management.md
  48. +15 −13 content/{operation/installation/authentication.md → installation/login.md}
  49. +6 −66 content/{operation/installation/system_administration.md → installation/retention.md}
  50. +16 −0 content/installation/upgrading.md
  51. +27 −0 content/query-functions/_index.md
  52. +2 −2 content/release_notes/_index.md
  53. +123 −97 content/{searching_logs → searching}/_index.md
  54. 0 content/{searching_logs → searching}/advanced_topics/_index.md
  55. +77 −0 content/searching/advanced_topics/rate_unit_conversion_timechart.md
  56. +8 −4 content/{searching_logs → searching}/advanced_topics/relative_time_syntax.md
  57. +0 −73 content/searching_logs/advanced_topics/rate_unit_conversion_timechart.md
  58. +0 −18 content/searching_logs/query_functions.md
  59. +1 −1 content/sending-data/_index.md
  60. +1 −1 content/sending-data/integrations/heroku.md
  61. +35 −17 content/sending-data/integrations/kubernetes.md
  62. +13 −8 content/sending-data/parsers/_index.md
  63. +1 −1 content/sending-data/parsers/built_in_parsers.md
  64. +1 −1 content/sending-data/parsers/parsing.md
  65. +1 −1 content/sending-data/transport/http_api.md
  66. +1 −1 layouts/shortcodes/function.html
  67. +1 −0 layouts/shortcodes/query.html
  68. +5 −5 layouts/shortcodes/queryfunctions.html
  69. +4 −3 legacy/first-time-use.md
  70. +1 −1 themes/hugo-theme-humio/layouts/partials/footer.html
  71. +10 −3 themes/hugo-theme-humio/static/css/theme.css
@@ -1,5 +1,6 @@
---
title: "Alerts"
title: "Alerting"
weight: 600
---

Humio has the ability to reach out on various channels under some user configured circumstances.
@@ -0,0 +1,5 @@
---
title: "API"
category_title: Overview
weight: 900
---
@@ -0,0 +1,4 @@
---
title: "Authentication"
weight: 200
---
@@ -1,12 +1,13 @@
---
title: "Cluster Management API"
weight: 500
---

This page provides information about the HTTP API for managing
on-premises installations of Humio. The general aspect of this API is
the same a the regular [HTTP API]({{< relref "http_api.md" >}})

All requests require **root-level access**. See [API token for local root access]({{< relref "authentication.md#root-token" >}}).
All requests require **root-level access**. See [API token for local root access]({{< relref "login.md#root-token" >}}).

Note, this API is still very much _work-in-progress_.

@@ -0,0 +1,4 @@
---
title: "Ingestion API"
weight: 200
---
@@ -0,0 +1,3 @@
---
title: "Appendix"
---
@@ -5,7 +5,10 @@ weight: 7

### What happened to "Dataspaces"

"Repository" is the new term. What used to be a "dataspace" in Humio is now a [Repository]({{< relref "getting_started/repositories.md" >}}).
"Repository" is the new term. What used to be a "dataspace" in Humio is
now a [Repository]({{< relref "getting-started/repositories.md" >}}).

The HTTP API includes the path `/api/v1/dataspaces/$REPOSITORY_NAME/` to be compatible with existing clients.
In this context, the `$REPOSITORY_NAME` variable is the name of the repository. (It used to be the name of the dataspace).
The HTTP API includes the path `/api/v1/dataspaces/$REPOSITORY_NAME/` to be
compatible with existing clients.
In this context, the `$REPOSITORY_NAME` variable is the name of the repository.
(It used to be the name of the dataspace).
@@ -9,7 +9,7 @@ This section introduces the core concepts of Humio. It also describes how Humio
### Data Sources

A Data Source is a set of Events that have the same [Tags](#tags).
Humio divides each [Respository](#repos) into more than one Data Source.
Humio divides each [Repository](#repos) into more than one Data Source.

Humio creates Data Sources automatically when it encounters a new combination of Tags. Users cannot create Data Sources directly.

@@ -26,16 +26,16 @@ If you need more combinations, then we recommend that you use attributes on indi

### Repositories {#repos}

Humio organizes data into [Repositories]({{< relref "getting_started/repositories.md" >}}).
Humio organizes data into [Repositories]({{< relref "repositories.md" >}}).
Each Repository has its own set of users, and a single directory on disk.

When you set up data quotas and retention policies, you configure them for each Repository.

{{% notice note %}}
Queries cannot span more than one Repository. But you can create
[Views]({{< relref "getting_started/views.md" >}})
[Views]({{< relref "views.md" >}})
that do span multiple Repositories to achieve a cross-repostitory search.
See [Repositories]({{< relref "getting_started/repositories.md" >}}).
See [Repositories]({{< relref "repositories.md" >}}).
{{% /notice %}}

### Events {#events}
@@ -51,7 +51,7 @@ For JSON data, you can specify what the `@rawstring` represents. By default, thi
The timestamp of an Event is represented in the `@timestamp` attribute

Events also have a special `@repo` meta-field that denotes the repository the event comes from.
This is useful in cross-repository searches when using [Views]({{< relref "getting_started/views.md" >}}).
This is useful in cross-repository searches when using [Views]({{< relref "getting-started/views.md" >}}).

Events can also have [Tags](#tags) associated with them.
The Data Source manages and stores Tags related to Events. This means that Tags do not add to the storage requirements of individual Events.
@@ -100,11 +100,11 @@ can also check usernames and password using your local LDAP service.

There are three levels of users: 'normal', 'administrator', and 'root':

* Normal users can only access and query data, including managing dashboards an dsaved queries
* Normal users can only access and query data, including managing dashboards and saved queries
* Administrators can also add and remove other users to a Repository and make them administrators of the Repository.
* 'Root' users can add Repositories and create new root users.

You can create your initial users with 'Root' acces through the HTTP API. See [how to gain root access using root access token](/operation/installation/authentication/#root-token)
You can create your initial users with 'Root' access through the HTTP API. See [how to gain root access using root access token](/operation/installation/authentication/#root-token)

You can manage Users and their rights using the 'Repository' web page in Humio. Root users (apart from the initial one) can get added through the 'Administration' page when you are logged in as a root user.

@@ -118,22 +118,24 @@ You can add the same user ID to more than one Repository.
### Aggregate Queries
_Aggregate queries_ are queries that join the Events into a new structure of Events with attributes.

A query becomes an _aggregate query_ if it uses an aggregate function like `sum()`, `count()` or `avg()`. See [functions](/searching_logs/query_functions/) for more information.
A query becomes an _aggregate query_ if it uses an aggregate function
like {{% function "sum" %}}, {{% function "count" %}} or {{% function "avg" %}}. See [functions]({{< relref "query-functions/_index.md" >}}) for more information.

For example, the query `count()` takes a stream of Events as its input, and produces one Event containing a `count` attribute.

<!--
The final result af an _aggregate query_ is not ready until the query has completed, although it is still possible to get a partial result.
The final result of an _aggregate query_ is not ready until the query has completed, although it is still possible to get a partial result.
In contrast _filter queries_ can start streaming the response as soon as Events pass through the 'filter'
-->


### Filter Queries

_Filter queries_, or _non-aggregate queries_, are queries that only filter
Events, or add or remove attributes on each Event.

These queries can only contain filters and transformation functions
(see [functions](/searching_logs/query_functions/))
(see [functions]({{< relref "query-functions/_index.md" >}}))


### Live Queries
@@ -1,5 +1,5 @@
---
title: "Third party licenses"
title: "Third Party Licenses"
weight: 8
---

@@ -1,9 +1,8 @@
---
title: "Operation"
weight: 5
title: "Configuration"
category_title: Overview
weight: 700
---
# Operation

{{% notice note %}}
This section is solely intended for self-hosted installations. Are you a Cloud user you might just want to completely
skip this section.
@@ -1,5 +1,5 @@
---
title: "Audit Log"
title: "Audit Logging"
---

{{% notice warning %}}
Oops, something went wrong.

0 comments on commit 7e860ce

Please sign in to comment.