spacer block

Frequently Asked Questions

spacer block

Humio FAQ

Humio is the creator of the Humio live observability platform that enables data aggregation, exploration, reporting, and analysis from a range of sources. It was built as an alternative to existing logging solutions that are slow, hardware-intensive, and expensive.

Humio was designed to get users back to feeling the hum of their systems by exploring, iterating, and understanding all logs. Our mission is to shift the way our customers think about log management, to see the value of having all of your system’s data at your fingertips. It’s as simple as that.

Humio is a Danish-based company, with headquarters in London. Humio has offices in London, Aarhus, Denmark, Seattle, and San Francisco, and has employees working in locations around the world.

Humio is a real-time observability solution for DevOps, ITOps, and security professionals. The solution makes it possible for teams to send and receive all relevant log data to create instant visibility in one solution. Humio is available in both On Prem and Cloud options. Humio enables organizations to understand large amounts of computer-generated data and instantly pinpoint availability concerns and identify security threats in any complex computing environment.

Humio is a purpose-built, modern log aggregation, storage, and analysis tool. It ingests and aggregates log data or records of every activity that occurs in a company’s applications, desktops, servers, and devices. This uniquely powerful tool for enterprises handles multi-TB/day data loads with ease. Humio is built using the capabilities of modern hardware and advanced systems, so users can aggregate, correlate, interact, and gain visibility with live log data in sub-seconds, with costs (compute, storage and license) that are a fraction of traditional solutions.

Humio helps developers, security analysts, and IT professionals understand massive amounts of computer-generated data to pinpoint availability problems and identify security threats in any complex computing environment. Our proprietary technology can pinpoint exactly what is going wrong, or alert users when they may be vulnerable to a security attack.

Humio is a transformative and proprietary solution for log management. At the heart of Humio’s solution is a time-series database engine that is optimized for data ingest, so it aggregates massive log data volumes instantly. Humio doesn’t require heavy indexing at ingest, and instead uses advanced hardware capabilities — like gigabytes of memory — at query time, when it is required the most.

Humio addresses questions like “why is our performance down?”, ''Where is this suspicious network activity coming from?”, “What patterns have we had over the last 30 days?”, or “What is happening right now?” — all in real-time.

Humio does heavy compression of data as it enters its system, which makes it extremely efficient to store raw log data. With an easy-to-use query language, users can quickly create live streaming queries, instantly-updated dashboards, and alerts. If something looks unusual, it’s easy to ask ad hoc questions to get to the root cause of an issue.

We built Humio using the latest technologies. The backend is built in Scala, and the frontend is built in Elm. We use Kafka to stream the logs. Humio supports open-source frameworks such as Logstash, Beats, and FluentD. We have an API-first policy with documentation and support, making it easy to send any log type to Humio.

Humio is purpose-built for the scale of today’s data volumes. Traditional logging solutions manage logging like a general-purpose database, using computationally- and hardware-expensive indexing. Because of their outdated architecture and overpriced licenses, they limit access to data, and force users to filter what type of logs has the highest value to monitor. Humio changes how organizations use log data by making it easy and affordable to log everything and answer anything, all in real time.

Humio’s transformative site license is removing constraints and shifting organizational culture to greatly improve business resilience. This gives users autonomy, enabling them to determine their logging practices without concerns for restrictive technological, hardware, or financial resources.

Humio VS Traditional log management solutions
Index-free Heavy Indexes for search
Live, streaming queries and results No access to logs until indexed and stored
Familiar, powerful, and simple Can be unfamiliar and complicated
On Prem or Cloud Many are not available On Prem
Unlimited ingest at affordable fixed prices GB Volume/Day Plans or expensive infrastructure-based pricing using metrics based on compute power

There are several ways to approach log management so there are many logging platforms on the market, but most legacy solutions can’t handle the complexity and resource demands of how companies are running their systems today. Instantly capturing and processing all of your data is imperative for live search, visualization and observability of disparate systems.

Common frustrations we hear are that traditional tools are too slow — on ingestion, searches, and visualizations — with complex and costly licensing models. Organizations in financial, healthcare, and other regulated industries have strict security requirements for sensitive log data, which restricts their ability to use a run-of-the-mill SaaS solution. Open source-based or homegrown solutions often turn into a resource drain requiring operations team’s ownership.

Organizations want to focus on operations — not building, running and maintaining their log management platform. Humio makes it simple, fast and affordable to centralize logging, both on premise and in the cloud.

Humio makes it possible for teams to send and receive instant visibility to all of their relevant log data in one solution — available in both On Prem and Cloud options. We like to refer to this as democratizing logging. With an intuitive interface and easy-to-use query language, users can observe and interact with their entire system.

Other logging solutions on the market prohibit system observability in a number of ways:

  • Limit ingest volumes - Users need to budget their log volumes due to price or hardware resource parameters. Humio’s limitless logging pricing model provides flexible pricing so companies can send all the data they would like to one solution. For Cloud customers, this means higher data limits vs. competition, and for On Prem customers, there are attractive site license options for large log volumes.
  • Indexing = delayed access to data - Competitive products do indexing on ingest, which slows down how quickly data enters the system. In Humio, users have instant access to ask questions and monitor their logs — we do very little indexing on ingest, which allows instant access to logs once they enter the system.
  • Interface and query simplicity - It can be difficult to query and create dashboards in competitive logging solutions. In Humio, there is a simple Unix pipe-like query language that makes it easy for all users to become quite advanced within a few minutes.

It's clear there is a growing need for log management solutions, and we are thrilled to offer customers a truly transformative option. Understanding all relevant data — and the relationships between them — is critical in managing systems and preventing incidents.

The amount of data customers need to consider is growing exponentially which makes it increasingly important for them to have complete visibility to all of that data. Humio has industry-leading technology and extremely attractive pricing.

While other solutions continue to limit access to customers' data through pre-determined views or limits set to just samples of data, Humio enables users to log everything and answer anything, in real time.

Humio unlocks the ability to log limitlessly without adding complexity. Our transformative site license removes constraints, and shifts the organization’s culture to improve cybersecurity, privacy, and business resilience.

With the movement towards DevOps, microservices, and containers, it’s hard to observe and interact with modern complex systems. Developers and operations teams are responsible for the services they run, so they need to have a solution that gives them instant access to the state of their applications, services, servers, and devices, all in real time.

More and more, sophisticated security threats aren’t easily detected, and hackers are becoming more advanced in their tactics. Existing SIEM solutions fall short when identifying threats and anomalies.

Companies don’t have full visibility from their log data, because they aggregate the data they should because of licensing, hardware, infrastructure, or support costs.

Humio is unlimited log management for development and operations teams that unlocks the power of having all of your system’s data at your fingertips. Humio empowers users to explore any system or answer any question confidently Humio can be deployed wherever your data lives — on premise or in the cloud. With Humio, users can aggregate, correlate, query, and visualize any type of logs, and quickly get to the data that they need to do their job.

Humio enables organizations to understand large amounts of computer-generated data, instantly pinpoint availability concerns, and identify security threats in any complex computing environment. It is a uniquely powerful tool for enterprises that ingests multiple terabytes of data per day with ease. It can be thought of as a powerhouse for logs.

New requirements and responsive support requests have created a new development velocity. Businesses require higher-speed development and continuous deployment of applications and solutions. Full observability of all relevant data is critical for enabling successful deployments with fewer user interruptions and no system vulnerabilities.

Digital Transformation has changed the way applications are developed and deployed. Today’s applications and systems are highly dynamic, leveraging new container and cloud technologies that enable high-speed development and continuous delivery of new services. Humio makes it possible for DevOps, SecOps, and operations teams to send and receive instant visibility to all relevant log data in one solution — available in both On Prem and Cloud options. By democratizing logging with an intuitive interface and easy-to-use query language, users can observe and interact with their entire system.

The need for instant access to real-time insights from large volumes of log data has never been greater. Humio’s unique solution to this problem is a time-series database engine that is optimized to instantly ingest and aggregate a large range of log data volumes. To understand an organization’s systems, it takes real-time ingestion of terabytes of data for further analysis, visualization, and retention. With the power that Humio provides, unlimited logging becomes a valuable solution for incident management, troubleshooting, and audit scenarios.

Pricing FAQ

In general, Humio can manage about 1 TB of ingest log volume/day on a large single node. To estimate the requirements for your setup, please see Instance Sizing Docs.

Estimating daily ingest can be difficult. If you are considering Humio as an alternative to a traditional log management tool, you shouldn’t directly compare the ingest number. This is because Humio does not generate large indexes and metadata that increase the input’s size.

The best way to estimate your daily ingest is to start a trial and see how much log and metric data you generate.

Yes, we can provide additional retention policies. You can add 30 day increments to your plan at an additional cost of $100 USD/TB per 30-day additional retention. Storage is accounted in increments of 1 TB and is on top of the data amount in the monthly ingest rate.

For example, an additional 90 day retention for an ingest rate of 1 TB would be an additional $300 USD/month. This would get you a total retention of 120 days and allow you to keep 4 TB in total.

If you ingest 2 TB of data each month and keep all of it for 6 months, this is 5 months of additional storage for a total of up to 12 TB per month. The cost for this scenario would be $1000/month on top of the ingest price.

We know that log volumes can be unpredictable, and we’d like to make sure that in times of sudden log volume bursts Humio continues to work for you.

Humio allows for log volume bursts in all versions. Before charging you for surpassing your data limit, we'll contact you if your volumes have significantly increased, and discuss the need to upgrade to a higher level plan.

The standard Humio plans allow for five named users for On Premise and Humio Cloud. Users can be added at an additional rate of $120 USD/user per year.

The quoted prices listed above are for direct sales within the United States, before taxes.

Final prices may depend on several factors, such as, but not limited to: Country of the purchaser, local sales tax and VAT, added service such as increased SLA levels or additional users licenses, or value added by third-parties.

Technical Product FAQ

Yes. In general, Humio can manage about 1 TB of ingest log volume/day on a single node. If you're over this volume, we can provide dedicated engineering support to assist in the install, test, and production setup of a clustered version. Contact us to set up a trial.

You can download a 30-day trial of Humio for On Premise at Getting started.

We begin the trial as soon as you have installed Humio. Once the 30-day trial period is over, you'll only able to query your most recent data. All your data will still be available if you decide to continue using Humio. We’ll contact you before the end of your trial period to discuss options and put together a plan that fits best with your organization needs.

Humio is a flexible log management solution. We have customers that use our Cloud solution, On Prem solution, and hybrids of both options. Consider what works best for your application and organization and we are happy to help you find the setup to best suit your needs.

Yes. Moving to Humio is easy! We have several common integrations to bring your logs into Humio, and we even have a guide on moving from Elastic Stack to Humio - it’s as easy as following a few steps to getting your logs flowing.

For more information, see Looking for an Alternative to Splunk, Elasticsearch, Sumo Logic, or Datadog?

Yes. Humio was built with containerization in mind. With integrations and existing setup for Kubernetes, Humio is a solution-focused on modern deployment solutions.

While this list is not exhaustive, Humio recommends Beats, Logstash, or Rsyslog for shipping your logs. We can take advantage of other solutions, but these are the most common we’ve experienced.

No. Syslog data is sent to Humio using ingest listeners, which are not supported by Humio Cloud. The On Premise version of Humio will ingest syslog data.

Yes. Humio integrates with several common notification methods including email, Slack, and external services like OpsGenie. If you need Humio to work with your particular notification system, please contact our support team.

There are multiple benefits to using compression in Humio.

  • Data takes up less disk space.
  • Reading data faster from disk. Keeping data compressed while reading it from disk into RAM. For example, a disk having a read speed of 1 gigabyte per second, will allow Humio to read 10 gigabytes per second into RAM with a compression factor of 10. This is also why we see that Humio searches faster than what is possible looking at the read speed of the available disks.
  • Read data faster from RAM into the CPU. By keeping data compressed we better utilize the bandwidth between RAM and CPU. Humio strives to keep data compressed as close to the CPU as possible. Then decompress the data in the CPU caches and search the data.

The tradeoff is that the CPU needs to spend work decompressing data. Humio uses a compression algorithm that is very fast at decompressing data (LZ4). That is why there are many benefits to using compressing.

Humio can even be configured to use a compression algorithm that will compress data even better (ZFS compression). Which compression to use is then a choice, as more CPU resources are needed to decompress. This should be chosen according to the available data size in the cluster, and the ratio between disks and CPU resources in the cluster. With better compression, you can read data from disks faster, but you need to spend more CPU time decompressing.

For more technical FAQ, please visit our Product FAQ page.

DevOps FAQ

Easily understanding machine data and quickly investigating with deeper insights is critical in managing systems and preventing interruptions. The increase of interconnected data across complex, distributed systems has driven developers to rethink cloud and global IT strategies and also reset traditional development and DevOps workflows. Humio enables organizations to understand large amounts of data, instantly pinpoint availability concerns, and identify vulnerabilities in any complex computing environment. Humio ingests and aggregates log data or records of activities that occur in applications, both web and desktop, servers, and devices.

Viewing the health and stability of entire systems is more imperative than ever. DevOps teams need live observability of all data — both structured and unstructured — from all sources to understand, visualize and analyze the systems they run.

Humio allows teams to monitor for health checks run against internal and external applications and systems.

Log data helps provide contextual information about events, and allows users to explore and identify vulnerabilities and issues in the code.

Security FAQ

The movements towards DevOps, microservices, and containers makes it harder for teams to observe and interact easily with modern complex systems. Risks are hard to detect, and security threats are becoming more advanced. Existing SIEM solutions often fall short when identifying threats and anomalies. Developers, security teams, and operations managers are responsible for the services they run. They require a solution that gives them a simple way to have instant access to the state of their applications, services, servers, devices, and more, all in real-time.

Understanding all data and the relationships between them is critical in managing systems and preventing security incidents. The amount of data customers need to consider is growing exponentially, which makes it increasingly important for them to have complete visibility to all of that data.

While other solutions continue to limit access to customer’s data through pre-determined views or limits set to just samples of data, Humio enables users to log everything and answer anything, in real time. Humio unlocks the ability to log limitlessly without adding complexity. Humio’s transformative site license removes logging constraints and shifts the organizational culture to improve cybersecurity, privacy, and business resilience. By removing obstacles to give customers autonomy, Humio enables users to determine their logging practices without concerns for restrictive technological, hardware, or financial resources.

Humio enables users to visualize systems and devices in real time. This means security teams can instantly observe if network-edge devices are healthy and operating well, running at the right level of capacity, and behaving as expected. Humio enables users to visualize activity to ensure parameters are in an acceptable range, and devices are within capacity and limits.

Through Humio’s instant visibility, security teams can investigate any concerns or compromises. Users are able to analyze and explore the events being logged every second on network boundary devices.

As systems become more complex, more surfaces reveal themselves to hackers looking to steal data or inject malware into environments that may ultimately bring organizations down. Humio enables enterprises to achieve an aggregated view of all relevant network security data sources to explore and manage ever-increasing threats and vulnerabilities.

Security teams want a full view across their system, in real-time, beyond just samples of data or a predefined view when exploring and investigating risks and anomalies.

Humio is a transformative and proprietary solution for log management ideal for security professionals. At the heart of Humio’s solution is a time-series database engine that is optimized to ingest and aggregate large log data volumes instantly. Humio does not require heavy indexing at ingest and instead utilizes HW resources at search - when it is required the most.

Addressing questions such as “why is our performance down?”, “where is this suspicious network activity coming from?”, “what patterns have we had over the last 30 days?” and “what is happening right now?” is what Humio is built to do - in real-time. Humio also does heavy compression of data as it enters the system, allowing for efficient storage of raw log data.

With an easy to use search language, security teams can quickly create live streaming searches, dashboards, alerts, and ask ad-hoc questions as threats arise.

Humio is significantly advancing threat hunting capabilities with a comprehensive border security platform that encompasses all of the system data, structured and unstructured. The platform is purpose-built to ingest and aggregate large log data volumes instantly, analyze and correlate across all of that data within all types of infrastructure.

Humio’s proprietary time-series database engine is optimized to ingest and aggregate large log data volumes instantly, analyze and correlate across all data within all types of infrastructure significantly advancing threat hunting capabilities.

Through Humio’s live, proactive monitoring, security teams can investigate any threats or compromises and are able to analyze and explore the events being logged every second on network boundary devices.

Risks are not easily detected, and security threats are becoming more advanced where existing SIEM solutions fall short when identifying attacks and anomalies. Most SIEM tools only look at pre-selected logs, limiting users to a portion or predefined view or their data and overall state of their system. Humio delivers complete observability of data, both structured and unstructured, in one console to provide insights of applications and infrastructure including networks, servers, and firewalls – all in real time.

Correlation across all of a customer’s infrastructure in one console enables limitless exploration of an entire system, the flexibility to include more sources of data than a traditional SIEM method and an approachable way to obtain aggregate and instant access to the state of their applications, services, servers, devices, and more, all in real-time.

Security teams want a full view across their system, in real-time, beyond just samples of data or a predefined view when exploring and investigating risks and anomalies. Humio’s efficient data compression enables 75% less hardware, increasing retention capability and allowing teams to be prepared for any issues that may arise in the future.

Humio enables users to rediscover their infrastructure by gaining real insights and security intelligence about their systems with easily accessible tools. The more the user understands their complete data rather than samples of data, the better they are able to navigate vulnerabilities, challenges and threats.

Humio is purpose-built for the scale of today’s data volumes. While other solutions continue to limit access to customer’s data through pre-determined views or limits set to just samples of data, Humio enables users to log everything and answer anything, in real time. Humio unlocks the ability to log limitlessly without adding complexity.

Humio’s transformative site license is removing logging constraints and shifting organizational culture to improve cybersecurity, privacy and business resilience. By removing obstacles to give customers autonomy, Humio enables users to determine their logging practices without concerns for restrictive resources, technological, hardware or financial constraints.

Detect more threats faster and investigate with greater intelligence. Humio delivers real-time performance for system monitoring and investigation allowing users to ingest huge amounts of data for ad-hoc queries and search.

Monitoring/visibility

With Humio’s instant visibility, security teams have continuous insights that enable immediate responses and actions to strengthen the performance across systems, prevent infrastructure breakdowns and protect against attacks.

Developers, security teams, and operations managers require visibility across the state of their applications, services, servers, devices, and more, all in real time. Humio enables teams to understand all of their data to optimize the performance of their applications, prevent infrastructure breakdowns, and protect against malware.

Humio’s pay-as-you-scale and unlimited ingest licenses allow customers to adopt Humio without worrying about measuring and tracking data volumes. This flexible pricing model enables network operation management teams to achieve deep and complete visibility previously limited by high log management costs provided by other solutions.

As systems become more complex, more surfaces reveal themselves to hackers looking to steal data or inject malware into environments to ultimately bring organizations down. Humio enables enterprises to achieve an aggregated view of all relevant network security data sources to explore and manage ever increasing threats and vulnerabilities within one cost effective platform in an easy and intuitive search language.

Humio’s data-driven observability platform enables organizations to understand large amounts of computer-generated data, structured and unstructured, correlate it and instantly identify security vulnerabilities and threats in any complex computing environment.

Investigate and Respond

The Humio data-driven security solution provides incident responders and threat hunters the ability to instantly visualize, search and explore their network data through the industry best Humio UI.

Humio provides network security teams data-driven exploration in a cost effective solution to enable comprehensive log data analysis vs log management processing costs.

Humio is significantly advancing threat hunting capabilities with a comprehensive border security platform that encompasses all of the system data, structured and unstructured. The platform is purpose-built to ingest and aggregate large log data volumes instantly, analyze and correlate across all of that data within all types of infrastructure.

Humio’s platform delivers data-driven exploration enabling customers to see across all of their infrastructure, applications, logs and events from a single console - all in real time. It’s proprietary time-series database engine is optimized to ingest and aggregate large log data volumes instantly, analyze and correlate across all data within all types of infrastructure significantly advancing threat hunting capabilities.

Humio’s data-driven observability platform provides customers the live visibility needed to detect and investigate threats and risks. This means security teams can instantly observe if network-edge devices are healthy and operating well, running at the right level of capacity, and behaving as expected.

Through Humio’s live, proactive monitoring, security teams can investigate any threats or compromises and are able to analyze and explore the events being logged every second on network boundary devices.

Imperative in security incident response, Humio users have instant access to explore and monitor their logs through centralized logging to make audits quick, easy and secure by enabling the transmission of data from any source.

Humio’s instant observability is a critical asset for security event monitoring organizations tasked with thwarting attacks and minimizing dwell time and other time-critical scenarios.

Disrupting SIEM

Risks are not easily detected, and security threats are becoming more advanced where existing SIEM solutions fall short when identifying threats and anomalies. Security teams require a data-driven security solution that gives them the flexibility to include more sources of data and instant access to the state of their applications, services, servers, devices, and more, all in real time. Most SIEM tools only look at pre-selected logs or have hardcoded visualizations and analytics, limiting users to a portion or predefined view or their data and overall state of their system. Humio delivers complete observability of data, both structured and unstructured, in one console to provide insights of applications and infrastructure including networks, servers and firewalls – all in real time.

Correlation across all of a customer’s infrastructure in one console enables limitless exploration of an entire system, the flexibility to include more sources of data than a traditional SIEM method and an approachable way to obtain aggregate and instant access to the state of their applications, services, servers, devices, and more, all in real time.

Security teams want a full view across their system, in real time, beyond just samples of data or a predefined view when exploring and investigating risks and anomalies. Humio’s efficient data compression enables 75% less hardware, increasing retention capability and allowing teams to be prepared for any issues that may arise in the future.

Humio enables users to rediscover their infrastructure by gaining real insights and security intelligence about their systems with easily accessible tools. The more the user understands their complete data rather than samples of data, the better they are able to navigate vulnerabilities, challenges, and threats. If you can’t understand what you’re looking for, you can’t protect it.

The proliferation of network boundary devices designed to produce log data such as firewall logs from Cisco, Fortinet, Palo Alto Networks, Sophos, Checkpoint has exponentially increased the number of logs and events occuring every second from varying sources. Many SIEMs rely on log management platforms to search log and machine data for specific events but those solutions have slow ingest and are cost restrictive in providing a full view of all logs.

Ready to try Humio?

Start your free trial now, available On Premise and Humio Cloud, or request a demo on how Humio can solve your logging needs.