Adding Data

Log files can be loaded into the XpoLog servers from the following types of data sources:

  • Any Textual files in any format
  • Windows Event Logs
  • Syslog
  • JSON
  • Cisco NetFlow
  • Kafka
  • AWS / Azure
  • K8s / OpenShift
  • Database tables

The XpoLog server can read log files into XpoLog from the following types of servers:

  • Local(Linux)/Local Network(Windows) - XpoLog can access a local log file, i.e. a log file that resides on the same server as XpoLog, and read it into XpoLog. XpoLog can also access a log file on a remote server to which it has been provided direct access (i.e. the server has a service account that enables remote access to these servers), if XpoLog is provided with the UNC path (\\hostname\dirname) to the log files on the remote server or on UNIX based machines direct access to mounted directories.
    • Windows Network - XpoLog can access a server in a Windows Network, provided that XpoLog has an account with a username and password for connecting to the Windows server on which the log files reside and XpoLog is installed on a server that runs on Windows (only in windows based installation).
  • SSH (Secured shell) - XpoLog can access a log file on remote servers over SSH agent-less, provided that XpoLog has an account with a username and password or private/public key for connecting to the SSH server on which the log files reside. Usually used for connecting to Unix servers (Linux systems).
  • Windows Events - XpoLog support Windows Event logs (evt, evtx) which can be added from remote servers in the Windows environment (only in windows based installation)
  • Hadoop HDFS - XpoLog contains an integration to Hadoop HDFS and can access logs which reside on the Hadoop environment
  • AWS (Amazon Web Services) S3 Bucket - XpoLog contains integration to Amazon Web Services (AWS) and can access machines which are hosted on the Amazon cloud
  • Database - XpoLog can connect to any Database which supports JDBC connectivity to add database tables as logs in XpoLog
  • Remote XpoLog - XpoLog can communicate over HTTP/S with other XpoLog instances in the environment to collect data from multiple XpoLog instances into a centralized viewer
  • Local XpoLog - In case there is a need to filter specific data from existing Log, XpoLog can collect logs from its local data repository
  • Listeners - XpoLog listens to data - send data to XpoLog via Syslog UPD or TCP / HTTP/S JSON, Cisco NetFlow and more to receive events from sources/devices
  • AWS Cloud Trail - get data from AWS
  • Microsoft Azure 365 Active Directory data - get data from Azure Active Directory

Note: XpoLog requires Read permission for any log that it reads, regardless of the source of the log file.

While the logs are being copied into the XpoLog server's repository, XpoLog indexes the log files and performs on them Analytics. It saves the data, index and analysis of the log files in XpoLog make them available for searching, analysis and visualization. It is possible to define a storage policy on each log to determine the time XpoLog should keep its data available.

See Adding Data to XPLG for detailed instructions on how to add a single log file to XpoLog, or Adding a Logs Directory to XpoLog for detailed instructions on how to to add a directory of log files to XpoLog or Add System to use XpoLog out of the box wizards to add data.