logo Logscape

How it Works

[     Single Indexer     |     Multiple Indexers     |     Multiple Data Centers     |     How Much Data?     ]


Logscape has four main components that turn your existing infrastructure into a distributed data fabric:



Logscape Manager

Orchestrates the logging infrastructure. Distributes, consolidates and visualizes analytics and search results



Forwarder

Monitors logs and operational data as it's generated and streams deltas to a bank of Index Stores



Local Indexer

Indexes and searches logs and operational data locally in-place on the machines where it is generated



Central Index Store

Stores, indexes and searches log files and operational data collected by the Forwarders

Add...

When a new data source is added, Logscape will dynamically discover the data on-the-fly. Live-streaming data will be monitored, and historical data will be imported.





Index...

Local Indexers and Central Index Stores will automatically index the data and build a profile of search-related information.





Search...

When a search is executed, it's distributed across all Local Indexers and Central Index Stores and the analytics are rolled-up via a multistage map-reduce.

Centralized log management and operational analytics

Get started with a single indexer...

Deploy the Logscape Manager to a single server to begin analyzing unlimited data volumes. Use Forwarders to stream data from any location and collect, index and search data from:

  • Local, shared and network-mounted file systems
  • Syslog and Windows Event Logs
  • Cron-based script outputs, e.g. groovy, .vbs, .sh, .rb, .bat, etc.
  • Any network input, e.g. sockets, JMX, netcat, snare, nxlog etc.

As a general guideline, a single-indexer setup will allow you to index volumes of around 30 GB/day on well-endowed hardware (CPU: 16 Cores | MEM: 32G), depending upon your usage profile. There are no explicit volume limits, when using the fully licensed version of Logscape.

Localized and centralized log management and operational analytics

...add Central and Local Indexers to scale

Once you’re up and running with a Logscape Manager, you can dynamically add Forwarders, Local Indexers and Central Index Stores as needed to accommodate your growing volumes of data.

Scale to monitor and analyze your entire enterprise

Map to your existing data center topology

Securely span multiple data centers and cloud environments to create an enterprise-wide distributed data fabric for all your log files and operational data.

What kind of data?

Local Indexers and Central Index Stores can index, search and analyze structured or unstructured data from a variety of sources, including:

  • Local, shared and network-mounted file systems
  • Syslog and Windows Event Logs
  • Cron-based script outputs, e.g. groovy, .vbs, .sh, .rb, .bat, etc.
  • Any network input, e.g. sockets, JMX, netcat, snare, nxlog etc.

How much data?

There are no explicit limits on the data volumes that Local Indexers and Central Index Stores can handle. In practice, overall performance of your data fabric will depend upon:

  1. Your data volumes
  2. Your usage profiles, i.e. number of concurrent searches, etc.
  3. Your hardware specification

As a general guideline, Local Indexers and Central Index Stores can index volumes of around 100 GB/day on well-endowed hardware (CPU: 16 Cores | MEM: 48G) You need fast disks!

44 Featherstone Street
London EC1Y 8RN, United Kingdom
Telephone: +44 (0) 20 7336 9640
Contact Us