Search and Analyze 2017-04-03T18:48:03+00:00

Logtrust treats all information like a database, parsing all the logs, but without normalization. You don’t have to lose anything from the information you’re integrating. All data can be parsed in our system to extract the most from it, from standard format to proprietary data, all with maximum expressiveness.

In our systems, all of your data columns are typed. This means that when one of the event values is a string, the operators you’ll be able to apply are strings, and, if it is a numeric value or an IP address, the operators will be about numbers or IP addresses. All automatically.

Not only simple filters and regular expressions for your data. You can make groups, statistical operations, filters, concatenations, create new columns, etc. In a graphical manner and all at your fingertips, not only for your technicians.

You can filter your data interactively, moving forward or backward through the steps and operations you’re performing on your data and through time.

With our system, you have all your data in real-time, from the information that is just arriving, to data which arrived months or years ago. All accessible with a single mouse click.

All our operations generate a search tree; this contains a representation of all the actions you performed in a search. It’s an interactive tree: you can browse between its nodes to restore each and every one of the steps you took during your query. The graphs are automatically updated in real-time and are saved automatically so that all the intelligence for a query or data type is never lost and you can retrieve it at any time. Not only can you recover your query but also each and every one of the steps you took to get there.

Unstructured information

Not just structured information may be integrated and analysed in our systems; unformatted information may also be integrated, analysed and valuable data extracted from this in a simple, efficient manner.

You can integrate unstructured events and define filter operations, regular expressions, etc. to extract the information that is relevant for your company. That allows you to generate virtual views for tables containing unstructured information with new columns generated in real-time, containing valuable data for your company.

Storing knowledge

All of the operations and searches that you perform, and each individual step followed within these, are automatically saved in the platform. These operations form an interactive search graph where you can navigate through the different nodes, modify them or use them to create new operations.

You can recover each of these searches with a single click, thus allowing you to easily repeat complex operations that you carried out in the past on new data.

Thus, when you carry out an investigation on any of your data, and need to repeat this process at a later date, it will take only a second to repeat the process and retrieve the results. You will no longer depend on someone having to remember what was done, limiting the problems of knowledge transfer and allowing to share complex operations across many users and teams.

High Performance

We provide cutting edge performance in all the key indicators:

  • Collection: 40,000 eps/core
  • Query: 1.000,000 eps/core
  • Correlation 65,000 eps/core

And as many instances as needed at any given moment to meet your needs in record time!

Use case:

One of Logtrust’s customers sends more than 1000 million events per day – that’s more than a terabyte of information per day. They needs to run queries, perform graphical visualizations and process alerts. Before switching to Logtrust, they were using other BigData technologies which took more than 22 hours to integrate the information and run certain queries.

Logtrust processes all the data in less than 12s, allowing them to multiply the number of queries on their data 100 fold, create new services and discover valuable insights about their information.

Search Tree

One of the most interesting features of our platform is the way in which information is consulted. Each time you perform a query, you are able to perform successive filters, operations, groups, etc. At any point, you may go backward, resume a query in its previous state and generate new filters and operations or change the parameters of those you performed before.

The tree is interactive and you can navigate through it, move through its nodes and create new branches, so that the intelligence deployed in the query is always saved by our systems.

You can recover a query you performed in the past at any time. However, you won’t just recover it in the state that you left it – you’ll also receive all of the history data and the operations you performed on the query, with a complete, newly-interactive operations graph, allowing you to apply and regenerate all of the steps of your query and allowing you to apply the query to the same data that you applied it to in the past or to new information arriving in real-time.