What’s New in Logz.io – April 2019

what's new

Spring has finally sprung! I realize that was a groaner, but new features are no joke – using them will simplify your troubleshooting process and open up time for all the cool tasks you want to do. Besides parsing logs, of course. 

New Features in Security Analytics

Hold onto your seats because we made some sleek adjustments to our security analytics suite. A major update was revamping our Summary page, which is your entrypoint to the Security Analytics app:

Security Analytics

Similar to how you would use any other Kibana dashboard, you can investigate issues the same way you normally would:

Security Dashboard

Using Drilldown, you can also hop between dashboards as you search for the root cause of an issue:

drilldown

To help you jump right in rather than build everything from scratch, we’ve added new rules and dashboards for several common security needs including: GDPR compliance (based on a Wazuh integration), AWS GuardDuty, Microsoft Azure Active Directory, and Windows Firewall.

Alice “2.0”

By request, this past month we added the ability to use sub-accounts with Alice, the Logz.io Slack bot! When you add a new Logz.io account to Alice you can provide it an alias (by default the alias is the actual account name). You can use this alias to differentiate sub-accounts as well as to set the default account for each channel using @Alice set channel account <alias.

Alice

If you need to review syntax and usage for any commands, just use @Alice help. For a refresher of all of Alice’s features, please take a look at her docs page. As a quick reminder: sub-accounts are a way for you to logically separate and control access to your data. A common use case is separating production and development data, or application and infrastructure data, which have different access and retention requirements. If you’re interested in exploring subaccounts more, please take a look at our accounts docs page.

Now on Kibana 6.3

You may have noticed around the new year that your accounts were upgraded to Kibana 6. To round off that update, autocomplete and kuery are now available! To enable, select “Options” and “turn on query features”:

keury

And then run a quick kuery (couldn’t stop myself). Autocomplete picks up both field names and values, so when you start to type an invalid field name or value, you’ll know right away:

kuery autocomplete

As an important note: we’re still working hard to support kuery with our alerts and optimizers, so while you can filter results in our UI using the latest kuery syntax you cannot create alerts or optimizers from those queries. For these, please keep using standard lucene.

Tags

On a closing note, just in time for spring cleaning we’ve released our new tags feature. This allows you to tag any alert or security rule to help you stay organized. Tags can be added by using the tag line:

alert

Once you have your alerts and/or security rules tagged, in each case you can filter to view only the alerts / rules that you wish to see based on their tags. Neat, eh?

Where We’ll Be This Quarter

Want to come see us? We’re sponsoring and / or sending speakers to the following events this quarter.

EMEA

North America

Logz.io is constantly building new features to make monitoring, troubleshooting, and securing your environment easier than ever.
Artboard Created with Sketch.

Leave a Reply

Your email address will not be published. Required fields are marked *

×

Turn machine data into actionable insights with ELK as a Service

By submitting this form, you are accepting our Terms of Use and our Privacy Policy

×

DevOps News and Tips to your inbox

We write about DevOps. Log Analytics, Elasticsearch and much more!

By submitting this form, you are accepting our Terms of Use and our Privacy Policy