Humio Product Update: September 2017

It’s been a while since we let everyone know about our progress, so here is a little message on what is happening in Humio.

September 19th, 2017

Here come Alerts!

Probably our most requested feature is now here. With alerts you can be notified immediately whenever something goes wrong in your system. Alerts currently support being sent with Slack, Email, and generic Web Hook notifiers. Alerts is a premium feature not available on free accounts.

Humio Product Update: Alerts

In order to create an alert, you just write a humio query. Whenever that query provides a result, the query triggers. To enable alerts based on a threshold level such as free disk space or memory usage, you simply embed the threshold in the query. Alerts can be throttled, so they will only trigger once every so often; and they can be used to send periodic reports.

Dashboards are Better Now

Dashboards have been improved in a number of ways. Most importantly, they’re faster and consume less CPU in the browser. A dashboard on a hidden browser tab will only update minimally to keep the live queries from timing out on the server.

If it has been a while since you worked with dashboards, you will also notice that we now support a free-form layout of dashboards letting you drag to move and resize widgets.

Humio Product Update

Humio Product Update: Dashboards

We also added a nifty pulsing ‘alive’ indicator to dashboards that tells you that the browser’s connection to the server is doing well, and makes sure to reload dashboards upon changes or server upgrades.

On premium and on-premise accounts, users can share a read-only link to dashboards which makes it accessible without a humio login.

Better Search Experience

On the search tab, we’ve improved the way auto-suggest works (it activates on ⎇+space) and it is less in-your-face when you don’t need it. Use arrow keys up/down to access available tags, functions and saved queries.

We also added a feature for use with aggregate queries (such as count, groupby or timechart) to see the events that make up the aggregation. Clicking the Events list button takes you to a view that provides the events that come out of the filter part of the query that makes up the shown result.

Humio Product Update: Event List Aggregation

We’ve also improved the graphing options for time charts with various display modes, log scale graphs, step-line or connected graphs, labels, and more. Click the little gear icon in the corner of the chart to access these options.

Humio Product Update

New On-Premise Features

For our on-premise customers, there is a long list of new features that might be interesting.

Distributed Version

We now support running Humio clustered, providing a solution that lets you scale up both ingest capacity and query speed with the number of nodes. Our own stress tests indicate that ingest capacity is 1TB/day per node, and query performance is 6GB/sec per node. Your milage may vary, we run on stock 4-core i7 nodes with 64GB of RAM. You can read more about how to set it up in the online documentation.

TCP/UDP ingest

We’ve added raw TCP and UDP based ingest, which makes it easy to integrate directly with e.g. syslog or other custom logging providers. At present this feature is only available for on-premise customers. Use the HTTP API to activate this feature as described here.

Improved LDAP authentication

Finally we have improved the authentication options for integrating with an ldap server, so that you’re not limited to anonymous bind. You still need to manage role assignment in the humio settings tab for each dataspace.