Understanding Logsign Column Architecture

Logsign has brought a significant arrangement to the column names that are even a trouble for the most vendors.

So when you have a look at these column results in Logsign, you can have a meaningful view for them.

For example, most of the vendors send the source informations as src or client. This value can sometimes be the IP, MAC or username of the client. In this case, the reporting users must bear in mind these results, and mostly they can't do this.

Logsign uses a column architecture which is just like our daily spoken language, and consists of 2 layers. For example, we don't call source IP as src or client. We call it as Source.IP, as it's parallel with our colloquial speech. 

So how we obtain these values?

In the figure below, there stays an example of 2 layered Logsign column architecture.

 

The column names consist of 2 parts according to this architecture. The first part symbolizes the column's main characteristic property, and the second one symbolizes the details of it.

For example if we're talking about an application, the first part will be named as Application. And the second one will show the wanted detail of the application. If we're talking about the name of the application, the column name will be as Application.Name.

Here we must be careful about some rules. For both parts of the columns, the first letter must be upper case and the others must be lower case. If there's a detail field that is shorter than 3 letters (IP, MAC, ID etc.) we should type them as upper case. 

Have more questions? Submit a request

Comments